Documentation ¶
Index ¶
- Constants
- Variables
- type AESKey
- type Configuration
- type Core
- func (c *Core) ChangePin(secrets UserSecrets, oldpinRaw, newpinRaw string) (UserSecrets, error)
- func (c *Core) DangerousAddDecryptionKey(keyID uint32, key AESKey)
- func (c *Core) DangerousAddTrustedPublicKey(keyID irma.PublicKeyIdentifier, key *gabikeys.PublicKey)
- func (c *Core) GenerateCommitments(secrets UserSecrets, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error)
- func (c *Core) GenerateResponse(secrets UserSecrets, accessToken string, commitID uint64, challenge *big.Int, ...) (string, error)
- func (c *Core) NewUserSecrets(pinRaw string) (UserSecrets, error)
- func (c *Core) ValidateJWT(secrets UserSecrets, jwt string) error
- func (c *Core) ValidatePin(secrets UserSecrets, pin string) (string, error)
- type UserSecrets
Constants ¶
const ( JWTIssuerDefault = "keyshare_server" JWTPinExpiryDefault = 5 * 60 // seconds )
Variables ¶
var ( ErrInvalidPin = errors.New("invalid pin") ErrPinTooLong = errors.New("pin too long") ErrInvalidChallenge = errors.New("challenge out of bounds") ErrInvalidJWT = errors.New("invalid jwt token") ErrKeyNotFound = errors.New("public key not found") ErrUnknownCommit = errors.New("unknown commit id") )
var ( ErrNoSuchKey = errors.New("Key identifier unknown") )
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Core ¶
type Core struct {
// contains filtered or unexported fields
}
func NewKeyshareCore ¶
func NewKeyshareCore(conf *Configuration) *Core
func (*Core) ChangePin ¶
func (c *Core) ChangePin(secrets UserSecrets, oldpinRaw, newpinRaw string) (UserSecrets, error)
ChangePin changes the pin in an encrypted keyshare user secret to a new value, after validating that the old value is known by the caller.
func (*Core) DangerousAddDecryptionKey ¶
DangerousAddDecryptionKey adds an AES key for decryption, with identifier keyID. Calling this will cause all keyshare secrets generated with the key to be trusted.
func (*Core) DangerousAddTrustedPublicKey ¶
func (c *Core) DangerousAddTrustedPublicKey(keyID irma.PublicKeyIdentifier, key *gabikeys.PublicKey)
DangerousAddTrustedPublicKey adds a public key as trusted by keysharecore. Calling this on incorrectly generated key material WILL compromise keyshare secrets!
func (*Core) GenerateCommitments ¶
func (c *Core) GenerateCommitments(secrets UserSecrets, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error)
GenerateCommitments generates keyshare commitments using the specified Idemix public key(s).
func (*Core) GenerateResponse ¶
func (c *Core) GenerateResponse(secrets UserSecrets, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error)
GenerateResponse generates the response of a zero-knowledge proof of the keyshare secret, for a given previous commit and challenge.
func (*Core) NewUserSecrets ¶
func (c *Core) NewUserSecrets(pinRaw string) (UserSecrets, error)
NewUserSecrets generates a new keyshare secret, secured with the given pin.
func (*Core) ValidateJWT ¶
func (c *Core) ValidateJWT(secrets UserSecrets, jwt string) error
ValidateJWT checks whether the given JWT is currently valid as an access token for operations on the provided encrypted keyshare user secrets.
func (*Core) ValidatePin ¶
func (c *Core) ValidatePin(secrets UserSecrets, pin string) (string, error)
ValidatePin checks pin for validity and generates JWT for future access.
type UserSecrets ¶
type UserSecrets [64 + 64 + 32 + 12 + 16 + 4]byte
UserSecrets contains the encrypted data of a keyshare user. The size is that of unencryptedUserSecrets + 12 bytes for nonce + 16 bytes for tag + 4 bytes for key ID.