Documentation ¶
Overview ¶
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Index ¶
- func NewIssuerPublicKey(pk IssuerPublicKey) *issuerPublicKey
- func NewIssuerSecretKey(sk IssuerSecretKey, exportable bool) *issuerSecretKey
- func NewNymPublicKey(pk Ecp) *nymPublicKey
- func NewNymSecretKey(sk Big, pk Ecp, exportable bool) (*nymSecretKey, error)
- func NewRevocationPublicKey(pubKey *sm2.PublicKey) *revocationPublicKey
- func NewRevocationSecretKey(sk *sm2.PrivateKey, exportable bool) *revocationSecretKey
- func NewUserSecretKey(sk Big, exportable bool) *userSecretKey
- type Big
- type CredRequest
- type Credential
- type CredentialRequestSigner
- type CredentialRequestVerifier
- type CredentialSigner
- type CredentialVerifier
- type CriSigner
- type CriVerifier
- type Ecp
- type Issuer
- type IssuerKeyGen
- type IssuerPublicKey
- type IssuerPublicKeyImporter
- type IssuerSecretKey
- type NymKeyDerivation
- type NymPublicKeyImporter
- type NymSignatureScheme
- type NymSigner
- type NymVerifier
- type Revocation
- type RevocationKeyGen
- type RevocationPublicKeyImporter
- type SignatureScheme
- type Signer
- type User
- type UserKeyGen
- type UserKeyImporter
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewIssuerPublicKey ¶
func NewIssuerPublicKey(pk IssuerPublicKey) *issuerPublicKey
func NewIssuerSecretKey ¶
func NewIssuerSecretKey(sk IssuerSecretKey, exportable bool) *issuerSecretKey
func NewNymPublicKey ¶
func NewNymPublicKey(pk Ecp) *nymPublicKey
func NewRevocationPublicKey ¶
func NewRevocationSecretKey ¶
func NewRevocationSecretKey(sk *sm2.PrivateKey, exportable bool) *revocationSecretKey
func NewUserSecretKey ¶
Types ¶
type CredRequest ¶
type CredRequest interface { // Sign creates a new Credential Request, the first message of the interactive credential issuance protocol // (from user to issuer) Sign(sk Big, ipk IssuerPublicKey, nonce []byte) ([]byte, error) // Verify verifies the credential request Verify(credRequest []byte, ipk IssuerPublicKey, nonce []byte) error }
CredRequest is a local interface to decouple from the idemix implementation of the issuance of credential requests.
type Credential ¶
type Credential interface { // Sign issues a new credential, which is the last step of the interactive issuance protocol // All attribute values are added by the issuer at this step and then signed together with a commitment to // the user's secret key from a credential request Sign(key IssuerSecretKey, credentialRequest []byte, attributes []bccsp.IdemixAttribute) ([]byte, error) // Verify cryptographically verifies the credential by verifying the signature // on the attribute values and user's secret key Verify(sk Big, ipk IssuerPublicKey, credential []byte, attributes []bccsp.IdemixAttribute) error }
CredRequest is a local interface to decouple from the idemix implementation of the issuance of credentials.
type CredentialRequestSigner ¶
type CredentialRequestSigner struct { // CredRequest implements the underlying cryptographic algorithms CredRequest CredRequest }
CredentialRequestSigner produces credential requests
func (*CredentialRequestSigner) Sign ¶
func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)
type CredentialRequestVerifier ¶
type CredentialRequestVerifier struct { // CredRequest implements the underlying cryptographic algorithms CredRequest CredRequest }
CredentialRequestVerifier verifies credential requests
func (*CredentialRequestVerifier) Verify ¶
func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
type CredentialSigner ¶
type CredentialSigner struct {
Credential Credential
}
func (*CredentialSigner) Sign ¶
func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
type CredentialVerifier ¶
type CredentialVerifier struct {
Credential Credential
}
func (*CredentialVerifier) Verify ¶
func (v *CredentialVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
type CriSigner ¶
type CriSigner struct {
Revocation Revocation
}
type CriVerifier ¶
type CriVerifier struct {
Revocation Revocation
}
func (*CriVerifier) Verify ¶
func (v *CriVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
type Issuer ¶
type Issuer interface { // NewKey generates a new idemix issuer key w.r.t the passed attribute names. NewKey(AttributeNames []string) (IssuerSecretKey, error) // NewPublicKeyFromBytes converts the passed bytes to an Issuer public key // It makes sure that the so obtained public key has the passed attributes, if specified NewPublicKeyFromBytes(raw []byte, attributes []string) (IssuerPublicKey, error) }
Issuer is a local interface to decouple from the idemix implementation
type IssuerKeyGen ¶
type IssuerKeyGen struct { // exportable is a flag to allow an issuer secret key to be marked as exportable. // If a secret key is marked as exportable, its Bytes method will return the key's byte representation. Exportable bool // Issuer implements the underlying cryptographic algorithms Issuer Issuer }
IssuerKeyGen generates issuer secret keys.
func (*IssuerKeyGen) KeyGen ¶
func (g *IssuerKeyGen) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
type IssuerPublicKey ¶
type IssuerPublicKey interface { // Bytes returns the byte representation of this key Bytes() ([]byte, error) // Hash returns the hash representation of this key. // The output is supposed to be collision-resistant Hash() []byte }
IssuerPublicKey is the issuer public key
type IssuerPublicKeyImporter ¶
type IssuerPublicKeyImporter struct { // Issuer implements the underlying cryptographic algorithms Issuer Issuer }
IssuerPublicKeyImporter imports issuer public keys
func (*IssuerPublicKeyImporter) KeyImport ¶
func (i *IssuerPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
type IssuerSecretKey ¶
type IssuerSecretKey interface { // Bytes returns the byte representation of this key Bytes() ([]byte, error) // Public returns the corresponding public key Public() IssuerPublicKey }
IssuerPublicKey is the issuer secret key
type NymKeyDerivation ¶
type NymKeyDerivation struct { // Exportable is a flag to allow an issuer secret key to be marked as Exportable. // If a secret key is marked as Exportable, its Bytes method will return the key's byte representation. Exportable bool // User implements the underlying cryptographic algorithms User User }
NymKeyDerivation derives nyms
func (*NymKeyDerivation) KeyDeriv ¶
func (kd *NymKeyDerivation) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
type NymPublicKeyImporter ¶
type NymPublicKeyImporter struct { // User implements the underlying cryptographic algorithms User User }
NymPublicKeyImporter imports nym public keys
func (*NymPublicKeyImporter) KeyImport ¶
func (i *NymPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
type NymSignatureScheme ¶
type NymSignatureScheme interface { // Sign creates a new idemix pseudonym signature Sign(sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, digest []byte) ([]byte, error) // Verify verifies an idemix NymSignature Verify(pk IssuerPublicKey, Nym Ecp, signature, digest []byte) error }
NymSignatureScheme is a local interface to decouple from the idemix implementation the nym sign-related operations
type NymSigner ¶
type NymSigner struct {
NymSignatureScheme NymSignatureScheme
}
type NymVerifier ¶
type NymVerifier struct {
NymSignatureScheme NymSignatureScheme
}
func (*NymVerifier) Verify ¶
func (v *NymVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
type Revocation ¶
type Revocation interface { // NewKey generates a long term signing key that will be used for revocation NewKey() (*sm2.PrivateKey, error) // Sign creates the Credential Revocation Information for a certain time period (epoch). // Users can use the CRI to prove that they are not revoked. // Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used, // and the resulting CRI can be used by any signer. Sign(key *sm2.PrivateKey, unrevokedHandles [][]byte, epoch int, alg bccsp.RevocationAlgorithm) ([]byte, error) // Verify verifies that the revocation PK for a certain epoch is valid, // by checking that it was signed with the long term revocation key. // Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need // to verify the signature to make sure the issuer indeed signed that no revocation // is used in this epoch. Verify(pk *sm2.PublicKey, cri []byte, epoch int, alg bccsp.RevocationAlgorithm) error }
Revocation is a local interface to decouple from the idemix implementation the revocation-related operations
type RevocationKeyGen ¶
type RevocationKeyGen struct { // exportable is a flag to allow an revocation secret key to be marked as exportable. // If a secret key is marked as exportable, its Bytes method will return the key's byte representation. Exportable bool // Revocation implements the underlying cryptographic algorithms Revocation Revocation }
RevocationKeyGen generates revocation secret keys.
func (*RevocationKeyGen) KeyGen ¶
func (g *RevocationKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)
type RevocationPublicKeyImporter ¶
type RevocationPublicKeyImporter struct { }
RevocationPublicKeyImporter imports revocation public keys
func (*RevocationPublicKeyImporter) KeyImport ¶
func (i *RevocationPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
type SignatureScheme ¶
type SignatureScheme interface { // Sign creates a new idemix signature (Schnorr-type signature). // The attributes slice steers which attributes are disclosed: // If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise it is disclosed. // We require the revocation handle to remain undisclosed (i.e., attributes[rhIndex] == bccsp.IdemixHiddenAttribute). // Parameters are to be understood as follow: // cred: the serialized version of an idemix credential; // sk: the user secret key; // (Nym, RNym): Nym key-pair; // ipk: issuer public key; // attributes: as described above; // msg: the message to be signed; // rhIndex: revocation handle index relative to attributes; // cri: the serialized version of the Credential Revocation Information (it contains the epoch this signature // is created in reference to). Sign(cred []byte, sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, attributes []bccsp.IdemixAttribute, msg []byte, rhIndex int, cri []byte) ([]byte, error) // Verify verifies an idemix signature. // The attribute slice steers which attributes it expects to be disclosed // If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise // attributes[i].Value is expected to contain the disclosed attribute value. // In other words, this function will check that if attribute i is disclosed, the i-th attribute equals attributes[i].Value. // Parameters are to be understood as follow: // ipk: issuer public key; // signature: signature to verify; // msg: message signed; // attributes: as described above; // rhIndex: revocation handle index relative to attributes; // revocationPublicKey: revocation public key; // epoch: revocation epoch. Verify(ipk IssuerPublicKey, signature, msg []byte, attributes []bccsp.IdemixAttribute, rhIndex int, revocationPublicKey *sm2.PublicKey, epoch int) error }
SignatureScheme is a local interface to decouple from the idemix implementation the sign-related operations
type Signer ¶
type Signer struct {
SignatureScheme SignatureScheme
}
type User ¶
type User interface { // NewKey generates a new User secret key NewKey() (Big, error) // NewKeyFromBytes converts the passed bytes to a User secret key NewKeyFromBytes(raw []byte) (Big, error) // MakeNym creates a new unlinkable pseudonym MakeNym(sk Big, key IssuerPublicKey) (Ecp, Big, error) // NewPublicNymFromBytes converts the passed bytes to a public nym NewPublicNymFromBytes(raw []byte) (Ecp, error) }
User is a local interface to decouple from the idemix implementation
type UserKeyGen ¶
type UserKeyGen struct { // Exportable is a flag to allow an issuer secret key to be marked as Exportable. // If a secret key is marked as Exportable, its Bytes method will return the key's byte representation. Exportable bool // User implements the underlying cryptographic algorithms User User }
func (*UserKeyGen) KeyGen ¶
func (g *UserKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)
type UserKeyImporter ¶
type UserKeyImporter struct { // Exportable is a flag to allow a secret key to be marked as Exportable. // If a secret key is marked as Exportable, its Bytes method will return the key's byte representation. Exportable bool // User implements the underlying cryptographic algorithms User User }
UserKeyImporter import user keys
func (*UserKeyImporter) KeyImport ¶
func (i *UserKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)