phe

package
v6.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2020 License: BSD-3-Clause Imports: 5 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	/*
	 * PHE elliptic curve point binary length
	 */
	PheCommonPhePointLength uint = 65
	/*
	 * PHE max password length
	 */
	PheCommonPheMaxPasswordLength uint = 128
	/*
	 * PHE server identifier length
	 */
	PheCommonPheServerIdentifierLength uint = 32
	/*
	 * PHE client identifier length
	 */
	PheCommonPheClientIdentifierLength uint = 32
	/*
	 * PHE account key length
	 */
	PheCommonPheAccountKeyLength uint = 32
	/*
	 * PHE private key length
	 */
	PheCommonPhePrivateKeyLength uint = 32
	/*
	 * PHE public key length
	 */
	PheCommonPhePublicKeyLength uint = 65
	/*
	 * PHE hash length
	 */
	PheCommonPheHashLen uint = 32
	/*
	 * Maximum data size to encrypt
	 */
	PheCommonPheMaxEncryptLen uint = 1024*1024 - 64
	/*
	 * Maximum data size to decrypt
	 */
	PheCommonPheMaxDecryptLen uint = 1024 * 1024
	/*
	 * Maximum data to authenticate
	 */
	PheCommonPheMaxAuthLen uint = 1024
)
View Source 
const (
	/*
	 * Success proof check failed.
	 */
	PheErrorErrorInvalidSuccessProof int = -1
	/*
	 * Failure proof check failed.
	 */
	PheErrorErrorInvalidFailProof int = -2
	/*
	 * RNG returned error.
	 */
	PheErrorErrorRNGFailed int = -3
	/*
	 * Protobuf decode failed.
	 */
	PheErrorErrorProtobufDecodeFailed int = -4
	/*
	 * Invalid public key.
	 */
	PheErrorErrorInvalidPublicKey int = -5
	/*
	 * Invalid private key.
	 */
	PheErrorErrorInvalidPrivateKey int = -6
	/*
	 * AES error occurred.
	 */
	PheErrorErrorAESFailed int = -7
)

Variables

This section is empty.

Functions

func PheErrorHandleStatus 

func PheErrorHandleStatus(status C.vsce_status_t) error

Check given C status, and if it's not "success" then raise correspond error.

Types

type PheCipher 

type PheCipher struct {
	// contains filtered or unexported fields
}

* Class for encryption using PHE account key * This class is thread-safe.

func NewPheCipher 

func NewPheCipher() *PheCipher

func (*PheCipher) AuthDecrypt 

func (obj *PheCipher) AuthDecrypt(cipherText []byte, additionalData []byte, accountKey []byte) ([]byte, error)

* Decrypts data (and verifies additional data) using account key

func (*PheCipher) AuthEncrypt 

func (obj *PheCipher) AuthEncrypt(plainText []byte, additionalData []byte, accountKey []byte) ([]byte, error)

* Encrypts data (and authenticates additional data) using account key

func (*PheCipher) Ctx 

func (obj *PheCipher) Ctx() uintptr

Handle underlying C context.

func (*PheCipher) Decrypt 

func (obj *PheCipher) Decrypt(cipherText []byte, accountKey []byte) ([]byte, error)

* Decrypts data using account key

func (*PheCipher) DecryptLen 

func (obj *PheCipher) DecryptLen(cipherTextLen uint) uint

* Returns buffer capacity needed to fit plain text

func (*PheCipher) Delete 

func (obj *PheCipher) Delete()

* Release underlying C context.

func (*PheCipher) Encrypt 

func (obj *PheCipher) Encrypt(plainText []byte, accountKey []byte) ([]byte, error)

* Encrypts data using account key

func (*PheCipher) EncryptLen 

func (obj *PheCipher) EncryptLen(plainTextLen uint) uint

* Returns buffer capacity needed to fit cipher text

func (*PheCipher) SetRandom 

func (obj *PheCipher) SetRandom(random foundation.Random)

* Random used for salt generation

func (*PheCipher) SetupDefaults 

func (obj *PheCipher) SetupDefaults() error

* Setups dependencies with default values.

type PheClient 

type PheClient struct {
	// contains filtered or unexported fields
}

* Class for client-side PHE crypto operations. * This class is thread-safe in case if VSCE_MULTI_THREADING defined.

func NewPheClient 

func NewPheClient() *PheClient

func (*PheClient) CheckResponseAndDecrypt 

func (obj *PheClient) CheckResponseAndDecrypt(password []byte, enrollmentRecord []byte, verifyPasswordResponse []byte) ([]byte, error)

* Verifies PHE server's answer * If login succeeded, extracts account key * If login failed account key will be empty

func (*PheClient) CreateVerifyPasswordRequest 

func (obj *PheClient) CreateVerifyPasswordRequest(password []byte, enrollmentRecord []byte) ([]byte, error)

* Creates a request for further password verification at the PHE server side.

func (*PheClient) Ctx 

func (obj *PheClient) Ctx() uintptr

Handle underlying C context.

func (*PheClient) Delete 

func (obj *PheClient) Delete()

* Release underlying C context.

func (*PheClient) EnrollAccount 

func (obj *PheClient) EnrollAccount(enrollmentResponse []byte, password []byte) ([]byte, []byte, error)

* Uses fresh EnrollmentResponse from PHE server (see get enrollment func) and user's password (or its hash) to create * a new EnrollmentRecord which is then supposed to be stored in a database for further authentication * Also generates a random seed which then can be used to generate symmetric or private key to protect user's data

func (*PheClient) EnrollmentRecordLen 

func (obj *PheClient) EnrollmentRecordLen() uint

* Buffer size needed to fit EnrollmentRecord

func (*PheClient) GenerateClientPrivateKey 

func (obj *PheClient) GenerateClientPrivateKey() ([]byte, error)

* Generates client private key

func (*PheClient) RotateKeys 

func (obj *PheClient) RotateKeys(updateToken []byte) ([]byte, []byte, error)

* Updates client's private key and server's public key using server's update token * Use output values to instantiate new client instance with new keys

func (*PheClient) SetKeys 

func (obj *PheClient) SetKeys(clientPrivateKey []byte, serverPublicKey []byte) error

* Sets client private and server public key * Call this method before any other methods except `update enrollment record` and `generate client private key` * This function should be called only once

func (*PheClient) SetOperationRandom 

func (obj *PheClient) SetOperationRandom(operationRandom foundation.Random)

* Random used for crypto operations to make them const-time

func (*PheClient) SetRandom 

func (obj *PheClient) SetRandom(random foundation.Random)

* Random used for key generation, proofs, etc.

func (*PheClient) SetupDefaults 

func (obj *PheClient) SetupDefaults() error

* Setups dependencies with default values.

func (*PheClient) UpdateEnrollmentRecord 

func (obj *PheClient) UpdateEnrollmentRecord(enrollmentRecord []byte, updateToken []byte) ([]byte, error)

* Updates EnrollmentRecord using server's update token

func (*PheClient) VerifyPasswordRequestLen 

func (obj *PheClient) VerifyPasswordRequestLen() uint

* Buffer size needed to fit VerifyPasswordRequest

type PheCommon 

type PheCommon struct {
}

type PheError 

type PheError struct {
	Code    int
	Message string
}

* Defines the library status codes.

func (*PheError) Error 

func (obj *PheError) Error() string

type PheImplementation 

type PheImplementation struct {
}

type PheServer 

type PheServer struct {
	// contains filtered or unexported fields
}

* Class for server-side PHE crypto operations. * This class is thread-safe in case if VSCE_MULTI_THREADING defined.

func NewPheServer 

func NewPheServer() *PheServer

func (*PheServer) Ctx 

func (obj *PheServer) Ctx() uintptr

Handle underlying C context.

func (*PheServer) Delete 

func (obj *PheServer) Delete()

* Release underlying C context.

func (*PheServer) EnrollmentResponseLen 

func (obj *PheServer) EnrollmentResponseLen() uint

* Buffer size needed to fit EnrollmentResponse

func (*PheServer) GenerateServerKeyPair 

func (obj *PheServer) GenerateServerKeyPair() ([]byte, []byte, error)

* Generates new NIST P-256 server key pair for some client

func (*PheServer) GetEnrollment 

func (obj *PheServer) GetEnrollment(serverPrivateKey []byte, serverPublicKey []byte) ([]byte, error)

* Generates a new random enrollment and proof for a new user

func (*PheServer) RotateKeys 

func (obj *PheServer) RotateKeys(serverPrivateKey []byte) ([]byte, []byte, []byte, error)

* Updates server's private and public keys and issues an update token for use on client's side

func (*PheServer) SetOperationRandom 

func (obj *PheServer) SetOperationRandom(operationRandom foundation.Random)

* Random used for crypto operations to make them const-time

func (*PheServer) SetRandom 

func (obj *PheServer) SetRandom(random foundation.Random)

* Random used for key generation, proofs, etc.

func (*PheServer) SetupDefaults 

func (obj *PheServer) SetupDefaults() error

* Setups dependencies with default values.

func (*PheServer) UpdateTokenLen 

func (obj *PheServer) UpdateTokenLen() uint

* Buffer size needed to fit UpdateToken

func (*PheServer) VerifyPassword 

func (obj *PheServer) VerifyPassword(serverPrivateKey []byte, serverPublicKey []byte, verifyPasswordRequest []byte) ([]byte, error)

* Verifies existing user's password and generates response with proof

func (*PheServer) VerifyPasswordResponseLen 

func (obj *PheServer) VerifyPasswordResponseLen() uint

* Buffer size needed to fit VerifyPasswordResponse

type UokmsClient 

type UokmsClient struct {
	// contains filtered or unexported fields
}

* Class implements UOKMS for client-side.

func NewUokmsClient 

func NewUokmsClient() *UokmsClient

func (*UokmsClient) Ctx 

func (obj *UokmsClient) Ctx() uintptr

Handle underlying C context.

func (*UokmsClient) Delete 

func (obj *UokmsClient) Delete()

* Release underlying C context.

func (*UokmsClient) GenerateClientPrivateKey 

func (obj *UokmsClient) GenerateClientPrivateKey() ([]byte, error)

* Generates client private key

func (*UokmsClient) GenerateDecryptRequest 

func (obj *UokmsClient) GenerateDecryptRequest(wrap []byte) ([]byte, []byte, error)

* Generates request to decrypt data, this request should be sent to the server. * Server response is then passed to "process decrypt response" where encryption key can be decapsulated

func (*UokmsClient) GenerateEncryptWrap 

func (obj *UokmsClient) GenerateEncryptWrap(encryptionKeyLen uint) ([]byte, []byte, error)

* Generates new encrypt wrap (which should be stored and then used for decryption) + encryption key * of "encryption key len" that can be used for symmetric encryption

func (*UokmsClient) ProcessDecryptResponse 

func (obj *UokmsClient) ProcessDecryptResponse(wrap []byte, decryptRequest []byte, decryptResponse []byte, deblindFactor []byte, encryptionKeyLen uint) ([]byte, error)

* Processed server response, checks server proof and decapsulates encryption key

func (*UokmsClient) RotateKeys 

func (obj *UokmsClient) RotateKeys(updateToken []byte) ([]byte, []byte, error)

* Rotates client and server keys using given update token obtained from server

func (*UokmsClient) SetKeys 

func (obj *UokmsClient) SetKeys(clientPrivateKey []byte, serverPublicKey []byte) error

* Sets client private and server public key * Call this method before any other methods * This function should be called only once

func (*UokmsClient) SetOperationRandom 

func (obj *UokmsClient) SetOperationRandom(operationRandom foundation.Random)

* Random used for crypto operations to make them const-time

func (*UokmsClient) SetRandom 

func (obj *UokmsClient) SetRandom(random foundation.Random)

* Random used for key generation, proofs, etc.

func (*UokmsClient) SetupDefaults 

func (obj *UokmsClient) SetupDefaults() error

* Setups dependencies with default values.

type UokmsServer 

type UokmsServer struct {
	// contains filtered or unexported fields
}

* Class implements UOKMS for server-side.

func NewUokmsServer 

func NewUokmsServer() *UokmsServer

func (*UokmsServer) Ctx 

func (obj *UokmsServer) Ctx() uintptr

Handle underlying C context.

func (*UokmsServer) DecryptResponseLen 

func (obj *UokmsServer) DecryptResponseLen() uint

* Buffer size needed to fit DecryptResponse

func (*UokmsServer) Delete 

func (obj *UokmsServer) Delete()

* Release underlying C context.

func (*UokmsServer) GenerateServerKeyPair 

func (obj *UokmsServer) GenerateServerKeyPair() ([]byte, []byte, error)

* Generates new NIST P-256 server key pair for some client

func (*UokmsServer) ProcessDecryptRequest 

func (obj *UokmsServer) ProcessDecryptRequest(serverPrivateKey []byte, decryptRequest []byte) ([]byte, error)

* Processed client's decrypt request

func (*UokmsServer) RotateKeys 

func (obj *UokmsServer) RotateKeys(serverPrivateKey []byte) ([]byte, []byte, []byte, error)

* Updates server's private and public keys and issues an update token for use on client's side

func (*UokmsServer) SetOperationRandom 

func (obj *UokmsServer) SetOperationRandom(operationRandom foundation.Random)

* Random used for crypto operations to make them const-time

func (*UokmsServer) SetRandom 

func (obj *UokmsServer) SetRandom(random foundation.Random)

* Random used for key generation, proofs, etc.

func (*UokmsServer) SetupDefaults 

func (obj *UokmsServer) SetupDefaults() error

* Setups dependencies with default values.

type UokmsWrapRotation 

type UokmsWrapRotation struct {
	// contains filtered or unexported fields
}

* Implements wrap rotation.

func NewUokmsWrapRotation 

func NewUokmsWrapRotation() *UokmsWrapRotation

func (*UokmsWrapRotation) Ctx 

func (obj *UokmsWrapRotation) Ctx() uintptr

Handle underlying C context.

func (*UokmsWrapRotation) Delete 

func (obj *UokmsWrapRotation) Delete()

* Release underlying C context.

func (*UokmsWrapRotation) SetOperationRandom 

func (obj *UokmsWrapRotation) SetOperationRandom(operationRandom foundation.Random)

* Random used for crypto operations to make them const-time

func (*UokmsWrapRotation) SetUpdateToken 

func (obj *UokmsWrapRotation) SetUpdateToken(updateToken []byte) error

* Sets update token. Should be called only once and before any other function

func (*UokmsWrapRotation) SetupDefaults 

func (obj *UokmsWrapRotation) SetupDefaults() error

* Setups dependencies with default values.

func (*UokmsWrapRotation) UpdateWrap 

func (obj *UokmsWrapRotation) UpdateWrap(wrap []byte) ([]byte, error)

* Updates EnrollmentRecord using server's update token

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.