crypto

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2020 License: MIT Imports: 15 Imported by: 15

Documentation

Index

Constants

View Source
const (
	// EntropySize defines the amount of entropy necessary to do secure
	// cryptographic operations, in bytes.
	EntropySize = 32

	// PublicKeySize defines the size of public keys in bytes.
	PublicKeySize = ed25519.PublicKeySize

	// SecretKeySize defines the size of secret keys in bytes.
	SecretKeySize = ed25519.PrivateKeySize

	// SignatureSize defines the size of signatures in bytes.
	SignatureSize = ed25519.SignatureSize
)
View Source
const (
	// HashSize is the length of a Hash in bytes.
	HashSize = 32
)
View Source
const (
	// SegmentSize is the chunk size that is used when taking the Merkle root
	// of a file. 64 is chosen because bandwidth is scarce and it optimizes for
	// the smallest possible storage proofs. Using a larger base, even 256
	// bytes, would result in substantially faster hashing, but the bandwidth
	// tradeoff was deemed to be more important, as blockchain space is scarce.
	SegmentSize = 64
)
View Source
const (
	// TwofishOverhead is the number of bytes added by EncryptBytes
	TwofishOverhead = 28
)

Variables

View Source
var (
	// ErrInvalidSignature is returned if a signature is provided that does not
	// match the data and public key.
	ErrInvalidSignature = errors.New("invalid signature")

	// ErrSecretNilKey is returned if a secret key, which is used, is nil
	ErrSecretNilKey = errors.New("secret key is nil")

	// ErrPublicNilKey is returned if a public key, which is used, is nil
	ErrPublicNilKey = errors.New("public key is nil")
)
View Source
var (
	// ErrHashWrongLen is the error when encoded value has the wrong
	// length to be a hash.
	ErrHashWrongLen = errors.New("encoded value has the wrong length to be a hash")
)
View Source
var (
	// ErrInsufficientLen is an error when supplied ciphertext is not
	// long enough to contain a nonce.
	ErrInsufficientLen = errors.New("supplied ciphertext is not long enough to contain a nonce")
)

Functions

func CalculateLeaves

func CalculateLeaves(dataSize uint64) uint64

CalculateLeaves calculates the number of leaves that would be pushed from data of size 'dataSize'.

func GenerateKeyPair

func GenerateKeyPair() (sk SecretKey, pk PublicKey)

GenerateKeyPair creates a public-secret keypair that can be used to sign and verify messages.

func GenerateKeyPairDeterministic

func GenerateKeyPairDeterministic(entropy [EntropySize]byte) (sk SecretKey, pk PublicKey)

GenerateKeyPairDeterministic generates keys deterministically using the input entropy. The input entropy must be 32 bytes in length.

func NewHash

func NewHash() hash.Hash

NewHash returns a blake2b 256bit hasher.

func Perm

func Perm(n int) ([]int, error)

Perm returns, as a slice of n ints, a random permutation of the integers [0,n).

func RandBytes

func RandBytes(n int) ([]byte, error)

RandBytes returns n bytes of random data.

func RandIntn

func RandIntn(n int) (int, error)

RandIntn returns a non-negative random integer in the range [0,n). It panics if n <= 0.

func ReadSignedObject

func ReadSignedObject(r io.Reader, obj interface{}, maxLen uint64, pk PublicKey) error

ReadSignedObject reads a length-prefixed object prefixed by its signature, and verifies the signature.

func SecureWipe

func SecureWipe(data []byte)

SecureWipe destroys the data contained within a byte slice. There are no strong guarantees that all copies of the memory have been eliminated. If the OS was doing context switching or using swap space the keys may still be elsewhere in memory.

func VerifyHash

func VerifyHash(data Hash, pk PublicKey, sig Signature) error

VerifyHash uses a public key and input data to verify a signature.

func VerifySegment

func VerifySegment(base []byte, hashSet []Hash, numSegments, proofIndex uint64, root Hash) bool

VerifySegment will verify that a segment, given the proof, is a part of a Merkle root.

func WriteSignedObject

func WriteSignedObject(w io.Writer, obj interface{}, sk SecretKey) error

WriteSignedObject writes a length-prefixed object prefixed by its signature.

Types

type CachedMerkleTree

type CachedMerkleTree struct {
	merkletree.CachedTree
}

CachedMerkleTree wraps merkletree.CachedTree, changing some of the function definitions to assume sia-specific constants and return sia-specific types.

func NewCachedTree

func NewCachedTree(height uint64) *CachedMerkleTree

NewCachedTree returns a CachedMerkleTree, which can be used for getting Merkle roots and proofs from data that has cached subroots. See merkletree.CachedTree for more details.

func (*CachedMerkleTree) Prove

func (ct *CachedMerkleTree) Prove(base []byte, cachedHashSet []Hash) []Hash

Prove is a redefinition of merkletree.CachedTree.Prove, so that Sia-specific types are used instead of the generic types used by the parent package. The base is not a return value because the base is used as input.

func (*CachedMerkleTree) Push

func (ct *CachedMerkleTree) Push(h Hash)

Push is a redefinition of merkletree.CachedTree.Push, with the added type safety of only accepting a hash.

func (*CachedMerkleTree) Root

func (ct *CachedMerkleTree) Root() (h Hash)

Root is a redefinition of merkletree.CachedTree.Root, returning a Hash instead of a []byte.

type Ciphertext

type Ciphertext []byte

Ciphertext is an encrypted []byte.

func (Ciphertext) MarshalJSON

func (c Ciphertext) MarshalJSON() ([]byte, error)

MarshalJSON returns the JSON encoding of a CipherText

func (*Ciphertext) UnmarshalJSON

func (c *Ciphertext) UnmarshalJSON(b []byte) error

UnmarshalJSON parses the JSON-encoded b and returns an instance of CipherText.

type Hash

type Hash [HashSize]byte

Hash is a BLAKE2b 256-bit digest.

func HashAll

func HashAll(objs ...interface{}) (hash Hash, err error)

HashAll takes a set of objects as input, encodes them all using the encoding package, and then hashes the result.

func HashBytes

func HashBytes(data []byte) Hash

HashBytes takes a byte slice and returns the result.

func HashObject

func HashObject(obj interface{}) (hash Hash, err error)

HashObject takes an object as input, encodes it using the encoding package, and then hashes the result.

func MerkleProof

func MerkleProof(b []byte, proofIndex uint64) (base []byte, hashSet []Hash)

MerkleProof builds a Merkle proof that the data at segment 'proofIndex' is a part of the Merkle root formed by 'b'.

func MerkleRoot

func MerkleRoot(b []byte) Hash

MerkleRoot returns the Merkle root of the input data.

func (*Hash) LoadString

func (h *Hash) LoadString(s string) error

LoadString takes a string, parses the hash value of the string, and sets the value of the hash equal to the hash value of the string.

func (Hash) MarshalJSON

func (h Hash) MarshalJSON() ([]byte, error)

MarshalJSON marshales a hash as a hex string.

func (Hash) String

func (h Hash) String() string

String prints the hash in hex.

func (*Hash) UnmarshalJSON

func (h *Hash) UnmarshalJSON(b []byte) error

UnmarshalJSON decodes the json hex string of the hash.

type HashSlice

type HashSlice []Hash

HashSlice is used for sorting

func (HashSlice) Len

func (hs HashSlice) Len() int

These functions implement sort.Interface, allowing hashes to be sorted.

func (HashSlice) Less

func (hs HashSlice) Less(i, j int) bool

func (HashSlice) Swap

func (hs HashSlice) Swap(i, j int)

type MerkleTree

type MerkleTree struct {
	merkletree.Tree
}

MerkleTree wraps merkletree.Tree, changing some of the function definitions to assume sia-specific constants and return sia-specific types.

func NewTree

func NewTree() *MerkleTree

NewTree returns a MerkleTree, which can be used for getting Merkle roots and Merkle proofs on data. See merkletree.Tree for more details.

func (*MerkleTree) PushObject

func (t *MerkleTree) PushObject(obj interface{}) error

PushObject encodes and adds the hash of the encoded object to the tree as a leaf.

func (*MerkleTree) Root

func (t *MerkleTree) Root() (h Hash)

Root is a redefinition of merkletree.Tree.Root, returning a Hash instead of a []byte.

type PublicKey

type PublicKey [PublicKeySize]byte

PublicKey is an object that can be used to verify signatures.

func (PublicKey) IsNil added in v1.0.7

func (pk PublicKey) IsNil() bool

IsNil returns true if this public key equals to a pure zero array.

type SecretKey

type SecretKey [SecretKeySize]byte

SecretKey can be used to sign data for the corresponding public key.

func (SecretKey) IsNil added in v1.0.7

func (sk SecretKey) IsNil() bool

IsNil returns true if this secret key equals to a pure zero array.

func (SecretKey) PublicKey

func (sk SecretKey) PublicKey() (pk PublicKey)

PublicKey returns the public key that corresponds to a secret key.

type Signature

type Signature [SignatureSize]byte

Signature proves that data was signed by the owner of a particular public key's corresponding secret key.

func SignHash

func SignHash(data Hash, sk SecretKey) (sig Signature)

SignHash signs a message using a secret key.

type TwofishKey

type TwofishKey [EntropySize]byte

TwofishKey is a key used for encrypting and decrypting data.

func GenerateTwofishKey

func GenerateTwofishKey() (key TwofishKey)

GenerateTwofishKey produces a key that can be used for encrypting and decrypting files.

func (TwofishKey) DecryptBytes

func (key TwofishKey) DecryptBytes(ct Ciphertext) ([]byte, error)

DecryptBytes decrypts the ciphertext created by EncryptBytes. The nonce is expected to be the first 12 bytes of the ciphertext.

func (TwofishKey) EncryptBytes

func (key TwofishKey) EncryptBytes(plaintext []byte) Ciphertext

EncryptBytes encrypts a []byte using the key. EncryptBytes uses GCM and prepends the nonce (12 bytes) to the ciphertext.

func (TwofishKey) NewCipher

func (key TwofishKey) NewCipher() cipher.Block

NewCipher creates a new Twofish cipher from the key.

func (TwofishKey) NewReader

func (key TwofishKey) NewReader(r io.Reader) io.Reader

NewReader returns a reader that encrypts or decrypts its input stream.

func (TwofishKey) NewWriter

func (key TwofishKey) NewWriter(w io.Writer) io.Writer

NewWriter returns a writer that encrypts or decrypts its input stream.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL