Documentation ¶
Overview ¶
Package sphinxmixcrypto provides cryptographic encoding/decoding using the Sphinx mix network packet format as described in the paper
"Sphinx: A Compact and Provably Secure Mix Format" written by Ian Goldberg and George Danezis
If you're looking to dive right into code, see the unit tests for examples.
Index ¶
- Constants
- Variables
- func AddPadding(src []byte, blockSize int) ([]byte, error)
- func ComposeReplyBlock(messageID [16]byte, params *SphinxParams, route [][16]byte, pki SphinxPKI, ...) (*ReplyBlockDecryptionToken, *ReplyBlock, error)
- func EncodeDestination(destination []byte) []byte
- func PrefixFreeDecode(s []byte) (int, []byte, []byte)
- func RemovePadding(src []byte) ([]byte, error)
- type Blake2bDigest
- func (b *Blake2bDigest) DeriveHMACKey(secret [32]byte) ([16]byte, error)
- func (b *Blake2bDigest) DeriveStreamCipherKey(secret [32]byte) [32]byte
- func (b *Blake2bDigest) HMAC(key [securityParameter]byte, data []byte) ([securityParameter]byte, error)
- func (b *Blake2bDigest) Hash(data []byte) [32]byte
- func (b *Blake2bDigest) HashBlindingFactor(alpha [32]byte, secret [32]byte) [32]byte
- func (b *Blake2bDigest) HashReplay(secret [32]byte) [32]byte
- type BlockCipher
- type Chacha20Stream
- type Digest
- type GroupCurve25519
- type LionessBlockCipher
- type MixHeader
- type MixHeaderFactory
- type PrivateKey
- type ReplayCache
- type ReplyBlock
- type ReplyBlockDecryptionToken
- type SphinxPKI
- type SphinxPacket
- type SphinxPacketFactory
- type SphinxParams
- type StreamCipher
- type UnwrappedMessage
Constants ¶
const ( // ExitNode indicates an exit hop ExitNode = 0 // MoreHops indicates another mix hop MoreHops = 255 // ClientHop indicates a client hop ClientHop = 128 // Failure indicates a prefix-free decoding failure Failure )
Variables ¶
var ( // ErrInvalidBlockSize indicates block size <= 0 ErrInvalidBlockSize = errors.New("invalid block size") // ErrInvalidData indicates zero size data ErrInvalidData = errors.New("invalid data, empty") // ErrInvalidPadding indicates an invalid padded input ErrInvalidPadding = errors.New("invalid padding on input") // ErrInvalidPadOffset indicates a bad padding offset ErrInvalidPadOffset = errors.New("invalid padding offset") // ErrInputTooBig indicates the input data is too big ErrInputTooBig = errors.New("input too big") )
var ( // ErrReplayedPacket indicates a replay attack ErrReplayedPacket = fmt.Errorf("sphinx packet replay error") )
var ( // ErrorPKIKeyNotFound indicates an identity was not found ErrorPKIKeyNotFound = fmt.Errorf("Sphinx PKI identity not found") )
Functions ¶
func AddPadding ¶
AddPadding returns src with padding appended
func ComposeReplyBlock ¶
func ComposeReplyBlock(messageID [16]byte, params *SphinxParams, route [][16]byte, pki SphinxPKI, destination [16]byte, randReader io.Reader) (*ReplyBlockDecryptionToken, *ReplyBlock, error)
ComposeReplyBlock produces a reply block and the corresponding decryption token
func EncodeDestination ¶
EncodeDestination encodes a destination using our prefix-free encoding
func PrefixFreeDecode ¶
PrefixFreeDecode decodes the prefix-free encoding. Return the type, value, and the remainder of the input string
func RemovePadding ¶
RemovePadding returns src with padding removed
Types ¶
type Blake2bDigest ¶
type Blake2bDigest struct {
// contains filtered or unexported fields
}
Blake2bDigest implements our Digest interface
func NewBlake2bDigest ¶
func NewBlake2bDigest() *Blake2bDigest
NewBlake2bDigest returns a blake2b digest
func (*Blake2bDigest) DeriveHMACKey ¶
func (b *Blake2bDigest) DeriveHMACKey(secret [32]byte) ([16]byte, error)
DeriveHMACKey derives a key to be used with an HMAC
func (*Blake2bDigest) DeriveStreamCipherKey ¶
func (b *Blake2bDigest) DeriveStreamCipherKey(secret [32]byte) [32]byte
DeriveStreamCipherKey derives a key to be used with a stream cipher
func (*Blake2bDigest) HMAC ¶
func (b *Blake2bDigest) HMAC(key [securityParameter]byte, data []byte) ([securityParameter]byte, error)
HMAC computes a HMAC
func (*Blake2bDigest) Hash ¶
func (b *Blake2bDigest) Hash(data []byte) [32]byte
Hash returns a 32 byte hash of the data
func (*Blake2bDigest) HashBlindingFactor ¶
func (b *Blake2bDigest) HashBlindingFactor(alpha [32]byte, secret [32]byte) [32]byte
HashBlindingFactor is used to hash the blinding factory
func (*Blake2bDigest) HashReplay ¶
func (b *Blake2bDigest) HashReplay(secret [32]byte) [32]byte
HashReplay produces a hash of the hop key for catching replay attacks
type BlockCipher ¶
type BlockCipher interface { Decrypt(key [lioness.KeyLen]byte, block []byte) ([]byte, error) Encrypt(key [lioness.KeyLen]byte, block []byte) ([]byte, error) CreateBlockCipherKey(secret [32]byte) ([lioness.KeyLen]byte, error) }
BlockCipher is an interface for our Lioness block cipher
type Chacha20Stream ¶
type Chacha20Stream struct{}
Chacha20Stream the StreamCipher interface
func (*Chacha20Stream) GenerateStream ¶
func (s *Chacha20Stream) GenerateStream(key [chachaKeyLen]byte, n uint) ([]byte, error)
GenerateStream generates a stream of n bytes given a key
type Digest ¶
type Digest interface { HMAC(key [securityParameter]byte, data []byte) ([securityParameter]byte, error) Hash(data []byte) [32]byte DeriveHMACKey(secret [32]byte) ([16]byte, error) DeriveStreamCipherKey(secret [32]byte) [32]byte HashReplay(secret [32]byte) [32]byte HashBlindingFactor(alpha [32]byte, secret [32]byte) [32]byte }
Digest is an interface for our use of Blake2b as a hash and hmac
type GroupCurve25519 ¶
type GroupCurve25519 struct {
// contains filtered or unexported fields
}
GroupCurve25519 performs group operations on the curve
func NewGroupCurve25519 ¶
func NewGroupCurve25519() *GroupCurve25519
NewGroupCurve25519 creates a new GroupCurve25519
func (*GroupCurve25519) ExpOn ¶
func (g *GroupCurve25519) ExpOn(base, exp [32]byte) [32]byte
ExpOn does scalar multiplication on the curve
func (*GroupCurve25519) GenerateSecret ¶
func (g *GroupCurve25519) GenerateSecret(rand io.Reader) ([32]byte, error)
GenerateSecret generats a new key
func (*GroupCurve25519) MakeExp ¶
func (g *GroupCurve25519) MakeExp(data [32]byte) [32]byte
MakeExp flips some bits
func (*GroupCurve25519) MultiExpOn ¶
func (g *GroupCurve25519) MultiExpOn(base [32]byte, exps [][32]byte) [32]byte
MultiExpOn does multiple scalar multiplication operations and returns the accumulator
type LionessBlockCipher ¶
type LionessBlockCipher struct {
// contains filtered or unexported fields
}
LionessBlockCipher implements the BlockCipher interface.
func NewLionessBlockCipher ¶
func NewLionessBlockCipher() *LionessBlockCipher
NewLionessBlockCipher creates a lioness block cipher
func (*LionessBlockCipher) CreateBlockCipherKey ¶
func (l *LionessBlockCipher) CreateBlockCipherKey(secret [32]byte) ([lioness.KeyLen]byte, error)
CreateBlockCipherKey returns the Lioness block cipher key
type MixHeader ¶
type MixHeader struct { Version byte EphemeralKey [32]byte // alpha RoutingInfo []byte // beta HeaderMAC [securityParameter]byte // gamma }
MixHeader contains the sphinx header but not the payload. A version number is also included; TODO: make the version number do something useful.
type MixHeaderFactory ¶
type MixHeaderFactory struct {
// contains filtered or unexported fields
}
MixHeaderFactory builds mix headers
func NewMixHeaderFactory ¶
func NewMixHeaderFactory(params *SphinxParams, pki SphinxPKI, randReader io.Reader) *MixHeaderFactory
NewMixHeaderFactory creates a new mix header factory
func (*MixHeaderFactory) BuildHeader ¶
func (f *MixHeaderFactory) BuildHeader(route [][16]byte, destination []byte, messageID [16]byte) (*MixHeader, [][32]byte, error)
BuildHeader generates a mix header containing the neccessary onion routing information required to propagate the message through the mixnet. If the computation is successful then a *MixHeader is returned along with a slice of 32byte shared secrets for each mix hop.
type PrivateKey ¶
type PrivateKey interface { // GetPrivateKey returns the private key GetPrivateKey() [32]byte }
PrivateKey interface is used to access the private key so the mix can unwrap packets
type ReplayCache ¶
type ReplayCache interface { // Get returns true if the hash value is present in the map Get([32]byte) bool // Set sets a hash value in the map Set([32]byte) // Flush flushes the map Flush() }
ReplayCache is an interface for detecting packet replays
type ReplyBlock ¶
type ReplyBlock struct { // Header is a mix header Header *MixHeader // Key is the symmetric encryption key Key [32]byte // FirstHop represent the first hop FirstHop [16]byte }
ReplyBlock is a struct that represents a single use reply block
func (*ReplyBlock) ComposeForwardMessage ¶
func (r *ReplyBlock) ComposeForwardMessage(params *SphinxParams, message []byte) ([]byte, *SphinxPacket, error)
ComposeForwardMessage produces a sphinx packet from the reply block and a message
type ReplyBlockDecryptionToken ¶
type ReplyBlockDecryptionToken struct {
// contains filtered or unexported fields
}
ReplyBlockDecryptionToken represents a decryption token that can be used to decrypt a ciphertext blob produce and delivered by a ReplyBlock
type SphinxPacket ¶
SphinxPacket represents a forwarding message containing onion wrapped hop-to-hop routing information along with an onion encrypted payload message addressed to the final destination.
func NewOnionReply ¶
func NewOnionReply(header *MixHeader, payload []byte) *SphinxPacket
NewOnionReply is used to create an SphinxPacket with a specified header and payload. This is used by the WrapReply to create Single Use Reply Blocks
type SphinxPacketFactory ¶
type SphinxPacketFactory struct {
// contains filtered or unexported fields
}
SphinxPacketFactory builds onion packets
func NewSphinxPacketFactory ¶
func NewSphinxPacketFactory(params *SphinxParams, pki SphinxPKI, randReader io.Reader) *SphinxPacketFactory
NewSphinxPacketFactory creates a new onion packet factory
func (*SphinxPacketFactory) BuildForwardSphinxPacket ¶
func (f *SphinxPacketFactory) BuildForwardSphinxPacket(route [][16]byte, destination [16]byte, payload []byte) (*SphinxPacket, error)
BuildForwardSphinxPacket builds a forward oniion packet
type SphinxParams ¶
type SphinxParams struct { // PayloadSize is the packet payload size PayloadSize int // NumMaxHops is the maximum path length. MaxHops int }
SphinxParams are the mixnet parameters
type StreamCipher ¶
StreamCipher is an interface for our chacha20 stream generator
type UnwrappedMessage ¶
type UnwrappedMessage struct { ProcessAction int Alpha []byte // ephemeral key Beta []byte // routing information Gamma []byte // MAC Delta []byte // message body NextHop []byte ClientID []byte MessageID []byte }
UnwrappedMessage is produced by SphinxNode's Unwrap method
func SphinxPacketUnwrap ¶
func SphinxPacketUnwrap(params *SphinxParams, replayCache ReplayCache, privateKey PrivateKey, packet *SphinxPacket) (*UnwrappedMessage, error)
SphinxPacketUnwrap performs the decryption operation that a mix would perform An error is returned if the MAC doesn't match or if a packet is replayed.