Documentation
¶
Overview ¶
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Index ¶
- func NewIssuerPublicKey(pk IssuerPublicKey) *issuerPublicKey
- func NewIssuerSecretKey(sk IssuerSecretKey, exportable bool) *issuerSecretKey
- func NewNymPublicKey(pk Ecp) *nymPublicKey
- func NewNymSecretKey(sk Big, pk Ecp, exportable bool) (*nymSecretKey, error)
- func NewRevocationPublicKey(pubKey *ecdsa.PublicKey) *revocationPublicKey
- func NewRevocationSecretKey(sk *ecdsa.PrivateKey, exportable bool) *revocationSecretKey
- func NewUserSecretKey(sk Big, exportable bool) *userSecretKey
- type Big
- type CredRequest
- type Credential
- type CredentialRequestSigner
- type CredentialRequestVerifier
- type CredentialSigner
- type CredentialVerifier
- type CriSigner
- type CriVerifier
- type Ecp
- type Issuer
- type IssuerKeyGen
- type IssuerPublicKey
- type IssuerPublicKeyImporter
- type IssuerSecretKey
- type NymKeyDerivation
- type NymPublicKeyImporter
- type NymSignatureScheme
- type NymSigner
- type NymVerifier
- type Revocation
- type RevocationKeyGen
- type RevocationPublicKeyImporter
- type SignatureScheme
- type Signer
- type User
- type UserKeyGen
- type UserKeyImporter
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewIssuerPublicKey ¶
func NewIssuerPublicKey(pk IssuerPublicKey) *issuerPublicKey
func NewIssuerSecretKey ¶
func NewIssuerSecretKey(sk IssuerSecretKey, exportable bool) *issuerSecretKey
func NewNymPublicKey ¶
func NewNymPublicKey(pk Ecp) *nymPublicKey
func NewRevocationPublicKey ¶
func NewRevocationSecretKey ¶
func NewRevocationSecretKey(sk *ecdsa.PrivateKey, exportable bool) *revocationSecretKey
func NewUserSecretKey ¶
Types ¶
type CredRequest ¶
type CredRequest interface {
// Sign creates a new Credential Request, the first message of the interactive credential issuance protocol
// (from user to issuer)
Sign(sk Big, ipk IssuerPublicKey, nonce []byte) ([]byte, error)
// Verify verifies the credential request
Verify(credRequest []byte, ipk IssuerPublicKey, nonce []byte) error
}
CredRequest is a local interface to decouple from the idemix implementation of the issuance of credential requests.
type Credential ¶
type Credential interface {
// Sign issues a new credential, which is the last step of the interactive issuance protocol
// All attribute values are added by the issuer at this step and then signed together with a commitment to
// the user's secret key from a credential request
Sign(key IssuerSecretKey, credentialRequest []byte, attributes []bccsp.IdemixAttribute) ([]byte, error)
// Verify cryptographically verifies the credential by verifying the signature
// on the attribute values and user's secret key
Verify(sk Big, ipk IssuerPublicKey, credential []byte, attributes []bccsp.IdemixAttribute) error
}
CredRequest is a local interface to decouple from the idemix implementation of the issuance of credentials.
type CredentialRequestSigner ¶
type CredentialRequestSigner struct {
// CredRequest implements the underlying cryptographic algorithms
CredRequest CredRequest
}
CredentialRequestSigner produces credential requests
func (*CredentialRequestSigner) Sign ¶
func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)
type CredentialRequestVerifier ¶
type CredentialRequestVerifier struct {
// CredRequest implements the underlying cryptographic algorithms
CredRequest CredRequest
}
CredentialRequestVerifier verifies credential requests
func (*CredentialRequestVerifier) Verify ¶
func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
type CredentialSigner ¶
type CredentialSigner struct {
Credential Credential
}
func (*CredentialSigner) Sign ¶
func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
type CredentialVerifier ¶
type CredentialVerifier struct {
Credential Credential
}
func (*CredentialVerifier) Verify ¶
func (v *CredentialVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
type CriSigner ¶
type CriSigner struct {
Revocation Revocation
}
type CriVerifier ¶
type CriVerifier struct {
Revocation Revocation
}
func (*CriVerifier) Verify ¶
func (v *CriVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
type Issuer ¶
type Issuer interface {
// NewKey generates a new idemix issuer key w.r.t the passed attribute names.
NewKey(AttributeNames []string) (IssuerSecretKey, error)
// NewPublicKeyFromBytes converts the passed bytes to an Issuer public key
// It makes sure that the so obtained public key has the passed attributes, if specified
NewPublicKeyFromBytes(raw []byte, attributes []string) (IssuerPublicKey, error)
}
Issuer is a local interface to decouple from the idemix implementation
type IssuerKeyGen ¶
type IssuerKeyGen struct {
// exportable is a flag to allow an issuer secret key to be marked as exportable.
// If a secret key is marked as exportable, its Bytes method will return the key's byte representation.
Exportable bool
// Issuer implements the underlying cryptographic algorithms
Issuer Issuer
}
IssuerKeyGen generates issuer secret keys.
func (*IssuerKeyGen) KeyGen ¶
func (g *IssuerKeyGen) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
type IssuerPublicKey ¶
type IssuerPublicKey interface {
// Bytes returns the byte representation of this key
Bytes() ([]byte, error)
// Hash returns the hash representation of this key.
// The output is supposed to be collision-resistant
Hash() []byte
}
IssuerPublicKey is the issuer public key
type IssuerPublicKeyImporter ¶
type IssuerPublicKeyImporter struct {
// Issuer implements the underlying cryptographic algorithms
Issuer Issuer
}
IssuerPublicKeyImporter imports issuer public keys
func (*IssuerPublicKeyImporter) KeyImport ¶
func (i *IssuerPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
type IssuerSecretKey ¶
type IssuerSecretKey interface {
// Bytes returns the byte representation of this key
Bytes() ([]byte, error)
// Public returns the corresponding public key
Public() IssuerPublicKey
}
IssuerPublicKey is the issuer secret key
type NymKeyDerivation ¶
type NymKeyDerivation struct {
// Exportable is a flag to allow an issuer secret key to be marked as Exportable.
// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
Exportable bool
// User implements the underlying cryptographic algorithms
User User
}
NymKeyDerivation derives nyms
func (*NymKeyDerivation) KeyDeriv ¶
func (kd *NymKeyDerivation) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
type NymPublicKeyImporter ¶
type NymPublicKeyImporter struct {
// User implements the underlying cryptographic algorithms
User User
}
NymPublicKeyImporter imports nym public keys
func (*NymPublicKeyImporter) KeyImport ¶
func (i *NymPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
type NymSignatureScheme ¶
type NymSignatureScheme interface {
// Sign creates a new idemix pseudonym signature
Sign(sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, digest []byte) ([]byte, error)
// Verify verifies an idemix NymSignature
Verify(pk IssuerPublicKey, Nym Ecp, signature, digest []byte) error
}
NymSignatureScheme is a local interface to decouple from the idemix implementation the nym sign-related operations
type NymSigner ¶
type NymSigner struct {
NymSignatureScheme NymSignatureScheme
}
type NymVerifier ¶
type NymVerifier struct {
NymSignatureScheme NymSignatureScheme
}
func (*NymVerifier) Verify ¶
func (v *NymVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
type Revocation ¶
type Revocation interface {
// NewKey generates a long term signing key that will be used for revocation
NewKey() (*ecdsa.PrivateKey, error)
// Sign creates the Credential Revocation Information for a certain time period (epoch).
// Users can use the CRI to prove that they are not revoked.
// Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used,
// and the resulting CRI can be used by any signer.
Sign(key *ecdsa.PrivateKey, unrevokedHandles [][]byte, epoch int, alg bccsp.RevocationAlgorithm) ([]byte, error)
// Verify verifies that the revocation PK for a certain epoch is valid,
// by checking that it was signed with the long term revocation key.
// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need
// to verify the signature to make sure the issuer indeed signed that no revocation
// is used in this epoch.
Verify(pk *ecdsa.PublicKey, cri []byte, epoch int, alg bccsp.RevocationAlgorithm) error
}
Revocation is a local interface to decouple from the idemix implementation the revocation-related operations
type RevocationKeyGen ¶
type RevocationKeyGen struct {
// exportable is a flag to allow an revocation secret key to be marked as exportable.
// If a secret key is marked as exportable, its Bytes method will return the key's byte representation.
Exportable bool
// Revocation implements the underlying cryptographic algorithms
Revocation Revocation
}
RevocationKeyGen generates revocation secret keys.
func (*RevocationKeyGen) KeyGen ¶
func (g *RevocationKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)
type RevocationPublicKeyImporter ¶
type RevocationPublicKeyImporter struct {
}
RevocationPublicKeyImporter imports revocation public keys
func (*RevocationPublicKeyImporter) KeyImport ¶
func (i *RevocationPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
type SignatureScheme ¶
type SignatureScheme interface {
// Sign creates a new idemix signature (Schnorr-type signature).
// The attributes slice steers which attributes are disclosed:
// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise it is disclosed.
// We require the revocation handle to remain undisclosed (i.e., attributes[rhIndex] == bccsp.IdemixHiddenAttribute).
// Parameters are to be understood as follow:
// cred: the serialized version of an idemix credential;
// sk: the user secret key;
// (Nym, RNym): Nym key-pair;
// ipk: issuer public key;
// attributes: as described above;
// msg: the message to be signed;
// rhIndex: revocation handle index relative to attributes;
// cri: the serialized version of the Credential Revocation Information (it contains the epoch this signature
// is created in reference to).
Sign(cred []byte, sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, attributes []bccsp.IdemixAttribute,
msg []byte, rhIndex int, cri []byte) ([]byte, error)
// Verify verifies an idemix signature.
// The attribute slice steers which attributes it expects to be disclosed
// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise
// attributes[i].Value is expected to contain the disclosed attribute value.
// In other words, this function will check that if attribute i is disclosed, the i-th attribute equals attributes[i].Value.
// Parameters are to be understood as follow:
// ipk: issuer public key;
// signature: signature to verify;
// msg: message signed;
// attributes: as described above;
// rhIndex: revocation handle index relative to attributes;
// revocationPublicKey: revocation public key;
// epoch: revocation epoch.
Verify(ipk IssuerPublicKey, signature, msg []byte, attributes []bccsp.IdemixAttribute, rhIndex int, revocationPublicKey *ecdsa.PublicKey, epoch int) error
}
SignatureScheme is a local interface to decouple from the idemix implementation the sign-related operations
type Signer ¶
type Signer struct {
SignatureScheme SignatureScheme
}
type User ¶
type User interface {
// NewKey generates a new User secret key
NewKey() (Big, error)
// NewKeyFromBytes converts the passed bytes to a User secret key
NewKeyFromBytes(raw []byte) (Big, error)
// MakeNym creates a new unlinkable pseudonym
MakeNym(sk Big, key IssuerPublicKey) (Ecp, Big, error)
// NewPublicNymFromBytes converts the passed bytes to a public nym
NewPublicNymFromBytes(raw []byte) (Ecp, error)
}
User is a local interface to decouple from the idemix implementation
type UserKeyGen ¶
type UserKeyGen struct {
// Exportable is a flag to allow an issuer secret key to be marked as Exportable.
// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
Exportable bool
// User implements the underlying cryptographic algorithms
User User
}
func (*UserKeyGen) KeyGen ¶
func (g *UserKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)
type UserKeyImporter ¶
type UserKeyImporter struct {
// Exportable is a flag to allow a secret key to be marked as Exportable.
// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
Exportable bool
// User implements the underlying cryptographic algorithms
User User
}
UserKeyImporter import user keys
func (*UserKeyImporter) KeyImport ¶
func (i *UserKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.