mls

package module
v0.0.0-...-dbf16a9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 16, 2023 License: BSD-2-Clause Imports: 22 Imported by: 0

README

MLS implementation with admins. README text from forked CISCO respository is below.

Message Layer Security

Coverage Status

This is a protocol to do group key establishment in an asynchronous, message-oriented setting. Its core ideas borrow a lot from Asynchronous Ratchet Trees.

Right now, this is just a Go library that implements the core protocol. It is missing key things like message sequencing, deconfliction, and retransmission. The interface should not be considered stable.

The most you can really do with it is run the tests:

> go test -v

The tests in state_test.go will illustrate the basic flows that are supported.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAdminStateFromWelcome

func NewAdminStateFromWelcome(suite CipherSuite, epochSecret []byte, welcome Welcome) (*AdminState, LeafIndex, []byte, error)

func NewStateFromWelcome

func NewStateFromWelcome(suite CipherSuite, epochSecret []byte, welcome Welcome) (*State, LeafIndex, []byte, error)

Types

type AddProposal

type AddProposal struct {
	KeyPackage KeyPackage
}

type AdminAddProposal

type AdminAddProposal struct {
	Added LeafIndex
}

type AdminGroupContext

type AdminGroupContext struct {
	GroupID                 []byte `tls:"head=1"`
	Epoch                   Epoch
	TreeHash                []byte `tls:"head=1"`
	ConfirmedTranscriptHash []byte `tls:"head=1"`
	Extensions              ExtensionList
}

type AdminGroupInfo

type AdminGroupInfo struct {
	GroupID                 []byte `tls:"head=1"`
	Epoch                   Epoch
	Tree                    TreeKEMPublicKey
	ConfirmedTranscriptHash []byte `tls:"head=1"`
	InterimTranscriptHash   []byte `tls:"head=1"`
	Extensions              ExtensionList
	Confirmation            []byte `tls:"head=1"`
	SignerIndex             LeafIndex
	Signature               []byte                 `tls:"head=2"`
	Admins                  map[LeafIndex]struct{} `tls:"head=4"`
	NumAdmins               uint32
}

type AdminRemoveProposal

type AdminRemoveProposal struct {
	Removed LeafIndex
}

type AdminState

type AdminState struct {
	// Shared confirmed state
	CipherSuite             CipherSuite
	GroupID                 []byte `tls:"head=1"`
	Epoch                   Epoch
	Tree                    TreeKEMPublicKey
	ConfirmedTranscriptHash []byte `tls:"head=1"`
	InterimTranscriptHash   []byte `tls:"head=1"`
	Extensions              ExtensionList

	// Per-participant non-secret state
	Index            LeafIndex           `tls:"omit"`
	IdentityPriv     SignaturePrivateKey `tls:"omit"`
	TreePriv         TreeKEMPrivateKey   `tls:"omit"`
	Scheme           SignatureScheme     `tls:"omit"`
	PendingProposals []MLSPlaintext      `tls:"omit"`

	// Secret state
	PendingUpdates map[ProposalRef]adminUpdateSecrets `tls:"omit"`
	Keys           keyScheduleEpoch                   `tls:"omit"`

	// Helpful information
	NewCredentials map[LeafIndex]bool

	// Admins
	Admins    map[LeafIndex]struct{} `tls:"head=4"`
	NumAdmins uint32
}

TODO: admin list variable

func NewAdminStateFromWelcomeAndSecrets

func NewAdminStateFromWelcomeAndSecrets(welcome Welcome, ss AdminStateSecrets) (*AdminState, error)

func NewEmptyAdminState

func NewEmptyAdminState(groupID []byte, leafSecret []byte, sigPriv SignaturePrivateKey, kp KeyPackage) (*AdminState, error)

func NewEmptyAdminStateWithExtensions

func NewEmptyAdminStateWithExtensions(groupID []byte, leafSecret []byte, sigPriv SignaturePrivateKey, kp KeyPackage, ext ExtensionList) (*AdminState, error)

func NewJoinedAdminState

func NewJoinedAdminState(initSecret []byte, sigPrivs []SignaturePrivateKey, kps []KeyPackage, welcome Welcome) (*AdminState, error)

func (AdminState) Add

func (s AdminState) Add(kp KeyPackage) (*MLSPlaintext, error)

func (AdminState) AdminAdd

func (s AdminState) AdminAdd(added LeafIndex) (*MLSPlaintext, error)

func (*AdminState) AdminRemove

func (s *AdminState) AdminRemove(removed LeafIndex) (*MLSPlaintext, error)

func (AdminState) AdminUpdate

func (s AdminState) AdminUpdate(sigPriv *SignaturePrivateKey, kp KeyPackage) (*MLSPlaintext, error)

func (AdminState) Clone

func (s AdminState) Clone() *AdminState

func (*AdminState) Commit

func (s *AdminState) Commit(leafSecret []byte) (*MLSPlaintext, *Welcome, *AdminState, error)

TODO: admin logic note that the 'normal' propCleaner is executed in proc because the committer speculatively processes the commit but we need propCleaner here because we might make new proposals!

func (AdminState) Equals

func (s AdminState) Equals(o AdminState) bool

Compare the public and shared private aspects of two nodes

func (AdminState) GetSecrets

func (s AdminState) GetSecrets() AdminStateSecrets

func (*AdminState) Handle

func (s *AdminState) Handle(pt *MLSPlaintext) (*AdminState, error)

func (*AdminState) Protect

func (s *AdminState) Protect(data []byte) (*MLSCiphertext, error)

func (*AdminState) Remove

func (s *AdminState) Remove(removed LeafIndex) (*MLSPlaintext, error)

func (*AdminState) SetSecrets

func (s *AdminState) SetSecrets(ss AdminStateSecrets)

func (*AdminState) Unprotect

func (s *AdminState) Unprotect(ct *MLSCiphertext) ([]byte, error)

func (AdminState) Update

func (s AdminState) Update(secret []byte, sigPriv *SignaturePrivateKey, kp KeyPackage) (*MLSPlaintext, error)

type AdminStateSecrets

type AdminStateSecrets struct {
	CipherSuite CipherSuite

	// Per-participant non-secret state
	Index            LeafIndex
	InitPriv         HPKEPrivateKey
	IdentityPriv     SignaturePrivateKey
	AdminPriv        SignaturePrivateKey
	OldAdminPriv     SignaturePrivateKey
	Scheme           SignatureScheme
	PendingProposals []MLSPlaintext `tls:"head=4"`

	// Secret state
	PendingUpdates map[ProposalRef]adminUpdateSecrets `tls:"head=4"`
	Keys           keyScheduleEpoch
	TreePriv       TreeKEMPrivateKey
}

Isolated getters and setters for public and secret state

Note that the get/set operations here are very shallow. We basically assume that the StateSecrets object is temporary, as a carrier for marshaling / unmarshaling.

type AdminUpdateProposal

type AdminUpdateProposal struct {
	KeyPackage  KeyPackage
	NewAdminKey SignaturePublicKey
}

type ApplicationData

type ApplicationData struct {
	Data []byte `tls:"head=4"`
}

type BasicCredential

type BasicCredential struct {
	Identity        []byte `tls:"head=2"`
	SignatureScheme SignatureScheme
	PublicKey       SignaturePublicKey
}
struct {
    opaque identity<0..2^16-1>;
    SignatureScheme algorithm;
    SignaturePublicKey public_key;
} BasicCredential;

type Bytes1

type Bytes1 []byte

func (Bytes1) MarshalTLS

func (b Bytes1) MarshalTLS() ([]byte, error)

func (*Bytes1) UnmarshalTLS

func (b *Bytes1) UnmarshalTLS(data []byte) (int, error)

type CipherSuite

type CipherSuite uint16
const (
	X25519_AES128GCM_SHA256_Ed25519        CipherSuite = 0x0001
	P256_AES128GCM_SHA256_P256             CipherSuite = 0x0002
	X25519_CHACHA20POLY1305_SHA256_Ed25519 CipherSuite = 0x0003
	X448_AES256GCM_SHA512_Ed448            CipherSuite = 0x0004 // UNSUPPORTED
	P521_AES256GCM_SHA512_P521             CipherSuite = 0x0005
	X448_CHACHA20POLY1305_SHA512_Ed448     CipherSuite = 0x0006 // UNSUPPORTED
)

func (CipherSuite) Constants

func (cs CipherSuite) Constants() cipherConstants

func (CipherSuite) Digest

func (cs CipherSuite) Digest(data []byte) []byte

func (CipherSuite) NewAEAD

func (cs CipherSuite) NewAEAD(key []byte) (cipher.AEAD, error)

func (CipherSuite) NewHMAC

func (cs CipherSuite) NewHMAC(key []byte) hash.Hash

func (CipherSuite) Scheme

func (cs CipherSuite) Scheme() SignatureScheme

func (CipherSuite) String

func (cs CipherSuite) String() string

type Commit

type Commit struct {
	Updates      []ProposalID `tls:"head=2"`
	Removes      []ProposalID `tls:"head=2"`
	Adds         []ProposalID `tls:"head=2"`
	AdminUpdates []ProposalID `tls:"head=2"`
	AdminRemoves []ProposalID `tls:"head=2"`
	AdminAdds    []ProposalID `tls:"head=2"`

	Path *DirectPath `tls:"optional"`
}

func (Commit) PathRequired

func (commit Commit) PathRequired() bool

TODO: modify this

func (Commit) ValidForTLS

func (commit Commit) ValidForTLS() bool

type CommitData

type CommitData struct {
	Commit       Commit
	Confirmation Confirmation
}

type Confirmation

type Confirmation struct {
	Data []byte `tls:"head=1"`
}

type ContentType

type ContentType uint8
const (
	ContentTypeInvalid     ContentType = 0
	ContentTypeApplication ContentType = 1
	ContentTypeProposal    ContentType = 2
	ContentTypeCommit      ContentType = 3
)

func (ContentType) ValidForTLS

func (ct ContentType) ValidForTLS() error

type Credential

type Credential struct {
	X509  *X509Credential
	Basic *BasicCredential
}
	struct {
		CredentialType credential_type;
		select (Credential.credential_type) {
			case basic:
				BasicCredential;
			case x509:
				opaque cert_data<1..2^24-1>;
		};
} Credential;

func NewBasicCredential

func NewBasicCredential(userId []byte, scheme SignatureScheme, pub SignaturePublicKey) *Credential

func NewX509Credential

func NewX509Credential(chain []*x509.Certificate) (*Credential, error)

func (Credential) Equals

func (c Credential) Equals(o Credential) bool

compare the public aspects

func (Credential) Identity

func (c Credential) Identity() []byte

func (Credential) MarshalTLS

func (c Credential) MarshalTLS() ([]byte, error)

func (Credential) PublicKey

func (c Credential) PublicKey() *SignaturePublicKey

func (Credential) Scheme

func (c Credential) Scheme() SignatureScheme

func (Credential) Type

func (c Credential) Type() CredentialType

func (*Credential) UnmarshalTLS

func (c *Credential) UnmarshalTLS(data []byte) (int, error)

type CredentialType

type CredentialType uint8
const (
	CredentialTypeInvalid CredentialType = 255
	CredentialTypeBasic   CredentialType = 0
	CredentialTypeX509    CredentialType = 1
)

func (CredentialType) ValidForTLS

func (ct CredentialType) ValidForTLS() error

type DirectPath

type DirectPath struct {
	LeafKeyPackage KeyPackage
	Steps          []DirectPathNode `tls:"head=4"`
}

func (DirectPath) ParentHashValid

func (path DirectPath) ParentHashValid(suite CipherSuite) error

func (DirectPath) ParentHashes

func (path DirectPath) ParentHashes(suite CipherSuite) ([][]byte, error)

This produces a list of parent hashes that are off by one with respect to the steps in the path. The path hash at position i goes with the public key at position i-1, and the path hash at position 0 goes in the leaf.

func (*DirectPath) Sign

func (path *DirectPath) Sign(suite CipherSuite, initPub HPKEPublicKey, sigPriv SignaturePrivateKey, opts *KeyPackageOpts) error

type DirectPathNode

type DirectPathNode struct {
	PublicKey            HPKEPublicKey
	EncryptedPathSecrets []HPKECiphertext `tls:"head=4"`
}

/ / DirectPath /

type EncryptedGroupSecrets

type EncryptedGroupSecrets struct {
	KeyPackageHash        []byte `tls:"head=1"`
	EncryptedGroupSecrets HPKECiphertext
}

/ / EncryptedGroupSecrets /

type Epoch

type Epoch uint64

/ / MLSPlaintext and MLSCiphertext /

type Extension

type Extension struct {
	ExtensionType ExtensionType
	ExtensionData []byte `tls:"head=2"`
}

type ExtensionBody

type ExtensionBody interface {
	Type() ExtensionType
}

type ExtensionList

type ExtensionList struct {
	Entries []Extension `tls:"head=2"`
}

func NewExtensionList

func NewExtensionList() ExtensionList

func (*ExtensionList) Add

func (el *ExtensionList) Add(src ExtensionBody) error

func (ExtensionList) Find

func (el ExtensionList) Find(dst ExtensionBody) (bool, error)

func (ExtensionList) Has

func (el ExtensionList) Has(extType ExtensionType) bool

type ExtensionType

type ExtensionType uint16
const (
	ExtensionTypeInvalid               ExtensionType = 0x0000
	ExtensionTypeSupportedVersions     ExtensionType = 0x0001
	ExtensionTypeSupportedCipherSuites ExtensionType = 0x0002
	ExtensionTypeLifetime              ExtensionType = 0x0003
	ExtensionTypeKeyID                 ExtensionType = 0x0004
	ExtensionTypeParentHash            ExtensionType = 0x0005
)

type GroupContext

type GroupContext struct {
	GroupID                 []byte `tls:"head=1"`
	Epoch                   Epoch
	TreeHash                []byte `tls:"head=1"`
	ConfirmedTranscriptHash []byte `tls:"head=1"`
	Extensions              ExtensionList
}

/ / GroupContext /

type GroupInfo

type GroupInfo struct {
	GroupID                 []byte `tls:"head=1"`
	Epoch                   Epoch
	Tree                    TreeKEMPublicKey
	ConfirmedTranscriptHash []byte `tls:"head=1"`
	InterimTranscriptHash   []byte `tls:"head=1"`
	Extensions              ExtensionList
	Confirmation            []byte `tls:"head=1"`
	SignerIndex             LeafIndex
	Signature               []byte `tls:"head=2"`
}

type GroupSecrets

type GroupSecrets struct {
	EpochSecret []byte      `tls:"head=1"`
	PathSecret  *PathSecret `tls:"optional"`
}

type HPKECiphertext

type HPKECiphertext struct {
	KEMOutput  []byte `tls:"head=2"`
	Ciphertext []byte `tls:"head=4"`
}

type HPKEInstance

type HPKEInstance struct {
	BaseSuite CipherSuite
	Suite     hpke.CipherSuite
}

func (HPKEInstance) Decrypt

func (h HPKEInstance) Decrypt(priv HPKEPrivateKey, aad []byte, ct HPKECiphertext) ([]byte, error)

func (HPKEInstance) Derive

func (h HPKEInstance) Derive(seed []byte) (HPKEPrivateKey, error)

func (HPKEInstance) Encrypt

func (h HPKEInstance) Encrypt(pub HPKEPublicKey, aad, pt []byte) (HPKECiphertext, error)

func (HPKEInstance) Generate

func (h HPKEInstance) Generate() (HPKEPrivateKey, error)

type HPKEPrivateKey

type HPKEPrivateKey struct {
	Data      []byte `tls:"head=2"`
	PublicKey HPKEPublicKey
}

type HPKEPublicKey

type HPKEPublicKey struct {
	Data []byte `tls:"head=2"`
}

func (HPKEPublicKey) Equals

func (k HPKEPublicKey) Equals(o HPKEPublicKey) bool

type KeyPackage

type KeyPackage struct {
	Version     ProtocolVersion
	CipherSuite CipherSuite
	InitKey     HPKEPublicKey
	Credential  Credential
	Extensions  ExtensionList
	Signature   Signature
}

func NewKeyPackageWithInitKey

func NewKeyPackageWithInitKey(suite CipherSuite, initKey HPKEPublicKey, cred *Credential, sigPriv SignaturePrivateKey) (*KeyPackage, error)

func NewKeyPackageWithSecret

func NewKeyPackageWithSecret(suite CipherSuite, initSecret []byte, cred *Credential, sigPriv SignaturePrivateKey) (*KeyPackage, error)

func (KeyPackage) Clone

func (kp KeyPackage) Clone() KeyPackage

func (KeyPackage) Equals

func (kp KeyPackage) Equals(other KeyPackage) bool

func (*KeyPackage) SetExtensions

func (kp *KeyPackage) SetExtensions(exts []ExtensionBody) error

func (*KeyPackage) Sign

func (kp *KeyPackage) Sign(priv SignaturePrivateKey) error

func (KeyPackage) Verify

func (kp KeyPackage) Verify() bool

type KeyPackageOpts

type KeyPackageOpts struct {
}

type LeafCount

type LeafCount uint32

type LeafIndex

type LeafIndex uint32

type LeafNodeHashInput

type LeafNodeHashInput struct {
	LeafIndex  LeafIndex
	KeyPackage *KeyPackage `tls:"optional"`
}

type LifetimeExtension

type LifetimeExtension struct {
	NotBefore uint64
	NotAfter  uint64
}

func (LifetimeExtension) Type

func (lte LifetimeExtension) Type() ExtensionType

type MLSCiphertext

type MLSCiphertext struct {
	GroupID             []byte `tls:"head=1"`
	Epoch               Epoch
	ContentType         ContentType
	SenderDataNonce     []byte `tls:"head=1"`
	EncryptedSenderData []byte `tls:"head=1"`
	AuthenticatedData   []byte `tls:"head=4"`
	Ciphertext          []byte `tls:"head=4"`
}

type MLSPlaintext

type MLSPlaintext struct {
	GroupID           []byte `tls:"head=1"`
	Epoch             Epoch
	Sender            Sender
	AuthenticatedData []byte `tls:"head=4"`
	Content           MLSPlaintextContent
	Signature         Signature
}

type MLSPlaintextContent

type MLSPlaintextContent struct {
	Application *ApplicationData
	Proposal    *Proposal
	Commit      *CommitData
}

func (MLSPlaintextContent) MarshalTLS

func (c MLSPlaintextContent) MarshalTLS() ([]byte, error)

func (MLSPlaintextContent) Type

func (*MLSPlaintextContent) UnmarshalTLS

func (c *MLSPlaintextContent) UnmarshalTLS(data []byte) (int, error)

type Node

type Node struct {
	Leaf   *KeyPackage
	Parent *ParentNode
}

/ / Node /

func (*Node) Clone

func (n *Node) Clone() *Node

func (*Node) Equals

func (n *Node) Equals(other *Node) bool

func (Node) MarshalTLS

func (n Node) MarshalTLS() ([]byte, error)

func (Node) PublicKey

func (n Node) PublicKey() HPKEPublicKey

func (Node) Type

func (n Node) Type() NodeType

func (*Node) UnmarshalTLS

func (n *Node) UnmarshalTLS(data []byte) (int, error)

type NodeIndex

type NodeIndex uint32

type NodeType

type NodeType uint8
const (
	NodeTypeLeaf   NodeType = 0x00
	NodeTypeParent NodeType = 0x01
)

type OptionalNode

type OptionalNode struct {
	Node *Node  `tls:"optional"`
	Hash []byte `tls:"omit"`
}

/ / OptionalNode /

func (OptionalNode) Blank

func (n OptionalNode) Blank() bool

func (OptionalNode) Clone

func (n OptionalNode) Clone() OptionalNode

func (*OptionalNode) SetLeafNodeHash

func (n *OptionalNode) SetLeafNodeHash(suite CipherSuite, index LeafIndex) error

func (*OptionalNode) SetParentNodeHash

func (n *OptionalNode) SetParentNodeHash(suite CipherSuite, index NodeIndex, left, right []byte) error

func (*OptionalNode) SetToBlank

func (n *OptionalNode) SetToBlank()

type ParentHashExtension

type ParentHashExtension struct {
	ParentHash []byte `tls:"head=1"`
}

func (ParentHashExtension) Type

type ParentNode

type ParentNode struct {
	PublicKey      HPKEPublicKey
	UnmergedLeaves []LeafIndex `tls:"head=4"`
	ParentHash     []byte      `tls:"head=2"`
}

func (*ParentNode) AddUnmerged

func (n *ParentNode) AddUnmerged(l LeafIndex)

func (ParentNode) Clone

func (n ParentNode) Clone() ParentNode

func (*ParentNode) Equals

func (n *ParentNode) Equals(other *ParentNode) bool

type ParentNodeHashInput

type ParentNodeHashInput struct {
	NodeIndex  NodeIndex
	ParentNode *ParentNode `tls:"optional"`
	LeftHash   []byte      `tls:"head=1"`
	RightHash  []byte      `tls:"head=1"`
}

type PathSecret

type PathSecret struct {
	Data []byte `tls:"head=1"`
}

/ / GroupSecrets /

type Proposal

type Proposal struct {
	Add         *AddProposal
	Update      *UpdateProposal
	Remove      *RemoveProposal
	AdminAdd    *AdminAddProposal
	AdminUpdate *AdminUpdateProposal
	AdminRemove *AdminRemoveProposal
}

func (Proposal) MarshalTLS

func (p Proposal) MarshalTLS() ([]byte, error)

func (Proposal) Type

func (p Proposal) Type() ProposalType

func (*Proposal) UnmarshalTLS

func (p *Proposal) UnmarshalTLS(data []byte) (int, error)

type ProposalID

type ProposalID struct {
	Hash []byte `tls:"head=1"`
}

/ / Commit /

func (ProposalID) String

func (pid ProposalID) String() string

type ProposalRef

type ProposalRef uint64

type ProposalType

type ProposalType uint8

/ / Proposal /

const (
	ProposalTypeInvalid     ProposalType = 0
	ProposalTypeAdd         ProposalType = 1
	ProposalTypeUpdate      ProposalType = 2
	ProposalTypeRemove      ProposalType = 3
	ProposalTypeAdminAdd    ProposalType = 4
	ProposalTypeAdminUpdate ProposalType = 5
	ProposalTypeAdminRemove ProposalType = 6
)

func (ProposalType) ValidForTLS

func (pt ProposalType) ValidForTLS() error

type ProtocolVersion

type ProtocolVersion uint8
const (
	ProtocolVersionMLS10 ProtocolVersion = 0x00
)

type RemoveProposal

type RemoveProposal struct {
	Removed LeafIndex
}

type Sender

type Sender struct {
	Type   SenderType
	Sender uint32
}

type SenderType

type SenderType uint8
const (
	SenderTypeInvalid       SenderType = 0
	SenderTypeMember        SenderType = 1
	SenderTypePreconfigured SenderType = 2
	SenderTypeNewMember     SenderType = 3
)

func (SenderType) ValidForTLS

func (st SenderType) ValidForTLS() error

type Signature

type Signature struct {
	Data []byte `tls:"head=2"`
}

/ / KeyPackage /

type SignaturePrivateKey

type SignaturePrivateKey struct {
	Data      []byte `tls:"head=2"`
	PublicKey SignaturePublicKey
}

type SignaturePublicKey

type SignaturePublicKey struct {
	Data []byte `tls:"head=2"`
}

func (SignaturePublicKey) Equals

func (pub SignaturePublicKey) Equals(other SignaturePublicKey) bool

type SignatureScheme

type SignatureScheme uint16
const (
	ECDSA_SECP256R1_SHA256 SignatureScheme = 0x0403
	ECDSA_SECP521R1_SHA512 SignatureScheme = 0x0603
	Ed25519                SignatureScheme = 0x0807
)

func (SignatureScheme) Derive

func (ss SignatureScheme) Derive(preSeed []byte) (SignaturePrivateKey, error)

func (SignatureScheme) Generate

func (ss SignatureScheme) Generate() (SignaturePrivateKey, error)

func (SignatureScheme) Sign

func (ss SignatureScheme) Sign(priv *SignaturePrivateKey, message []byte) ([]byte, error)

func (SignatureScheme) String

func (ss SignatureScheme) String() string

func (SignatureScheme) Verify

func (ss SignatureScheme) Verify(pub *SignaturePublicKey, message, signature []byte) bool

type State

type State struct {
	// Shared confirmed state
	CipherSuite             CipherSuite
	GroupID                 []byte `tls:"head=1"`
	Epoch                   Epoch
	Tree                    TreeKEMPublicKey
	ConfirmedTranscriptHash []byte `tls:"head=1"`
	InterimTranscriptHash   []byte `tls:"head=1"`
	Extensions              ExtensionList

	// Per-participant non-secret state
	Index            LeafIndex           `tls:"omit"`
	IdentityPriv     SignaturePrivateKey `tls:"omit"`
	TreePriv         TreeKEMPrivateKey   `tls:"omit"`
	Scheme           SignatureScheme     `tls:"omit"`
	PendingProposals []MLSPlaintext      `tls:"omit"`

	// Secret state
	PendingUpdates map[ProposalRef]updateSecrets `tls:"omit"`
	Keys           keyScheduleEpoch              `tls:"omit"`

	// Helpful information
	NewCredentials map[LeafIndex]bool
}

func NewEmptyState

func NewEmptyState(groupID []byte, leafSecret []byte, sigPriv SignaturePrivateKey, kp KeyPackage) (*State, error)

func NewEmptyStateWithExtensions

func NewEmptyStateWithExtensions(groupID []byte, leafSecret []byte, sigPriv SignaturePrivateKey, kp KeyPackage, ext ExtensionList) (*State, error)

func NewJoinedState

func NewJoinedState(initSecret []byte, sigPrivs []SignaturePrivateKey, kps []KeyPackage, welcome Welcome) (*State, error)

func NewStateFromWelcomeAndSecrets

func NewStateFromWelcomeAndSecrets(welcome Welcome, ss StateSecrets) (*State, error)

func (State) Add

func (s State) Add(kp KeyPackage) (*MLSPlaintext, error)

func (State) Clone

func (s State) Clone() *State

func (*State) Commit

func (s *State) Commit(leafSecret []byte) (*MLSPlaintext, *Welcome, *State, error)

func (State) Equals

func (s State) Equals(o State) bool

Compare the public and shared private aspects of two nodes

func (State) GetSecrets

func (s State) GetSecrets() StateSecrets

func (*State) Handle

func (s *State) Handle(pt *MLSPlaintext) (*State, error)

func (*State) Protect

func (s *State) Protect(data []byte) (*MLSCiphertext, error)

func (*State) Remove

func (s *State) Remove(removed LeafIndex) (*MLSPlaintext, error)

func (*State) SetSecrets

func (s *State) SetSecrets(ss StateSecrets)

func (*State) Unprotect

func (s *State) Unprotect(ct *MLSCiphertext) ([]byte, error)

func (State) Update

func (s State) Update(secret []byte, sigPriv *SignaturePrivateKey, kp KeyPackage) (*MLSPlaintext, error)

type StateSecrets

type StateSecrets struct {
	CipherSuite CipherSuite

	// Per-participant non-secret state
	Index            LeafIndex
	InitPriv         HPKEPrivateKey
	IdentityPriv     SignaturePrivateKey
	Scheme           SignatureScheme
	PendingProposals []MLSPlaintext `tls:"head=4"`

	// Secret state
	PendingUpdates map[ProposalRef]updateSecrets `tls:"head=4"`
	Keys           keyScheduleEpoch
	TreePriv       TreeKEMPrivateKey
}

Isolated getters and setters for public and secret state

Note that the get/set operations here are very shallow. We basically assume that the StateSecrets object is temporary, as a carrier for marshaling / unmarshaling.

type SupportedCipherSuitesExtension

type SupportedCipherSuitesExtension struct {
	SupportedCipherSuites []CipherSuite `tls:"head=1"`
}

func (SupportedCipherSuitesExtension) Type

type SupportedVersionsExtension

type SupportedVersionsExtension struct {
	SupportedVersions []ProtocolVersion `tls:"head=1"`
}

func (SupportedVersionsExtension) Type

type TreeKEMPrivateKey

type TreeKEMPrivateKey struct {
	Suite        CipherSuite
	Index        LeafIndex
	UpdateSecret []byte               `tls:"head=1"`
	PathSecrets  map[NodeIndex]Bytes1 `tls:"head=4"`
	// contains filtered or unexported fields
}

func NewTreeKEMPrivateKey

func NewTreeKEMPrivateKey(suite CipherSuite, size LeafCount, index LeafIndex, leafSecret []byte) *TreeKEMPrivateKey

func NewTreeKEMPrivateKeyForJoiner

func NewTreeKEMPrivateKeyForJoiner(suite CipherSuite, index LeafIndex, size LeafCount, leafSecret []byte, intersect NodeIndex, pathSecret []byte) *TreeKEMPrivateKey

func (TreeKEMPrivateKey) Clone

func (priv TreeKEMPrivateKey) Clone() TreeKEMPrivateKey

func (TreeKEMPrivateKey) Consistent

func (priv TreeKEMPrivateKey) Consistent(other TreeKEMPrivateKey) bool

func (TreeKEMPrivateKey) ConsistentPub

func (priv TreeKEMPrivateKey) ConsistentPub(pub TreeKEMPublicKey) bool

func (*TreeKEMPrivateKey) Decap

func (priv *TreeKEMPrivateKey) Decap(from LeafIndex, pub TreeKEMPublicKey, context []byte, path DirectPath) error

TODO(RLB) Onece the spec is updated to have EncryptedPathSecrets as a map, change the TreeKEMPublicKey argument to just be a size.

func (*TreeKEMPrivateKey) SetLeafSecret

func (priv *TreeKEMPrivateKey) SetLeafSecret(secret []byte)

func (TreeKEMPrivateKey) SharedPathSecret

func (priv TreeKEMPrivateKey) SharedPathSecret(to LeafIndex) (NodeIndex, []byte, bool)

type TreeKEMPublicKey

type TreeKEMPublicKey struct {
	Suite CipherSuite    `tls:"omit"`
	Nodes []OptionalNode `tls:"head=4"`
}

func NewTreeKEMPublicKey

func NewTreeKEMPublicKey(suite CipherSuite) *TreeKEMPublicKey

func (*TreeKEMPublicKey) AddLeaf

func (pub *TreeKEMPublicKey) AddLeaf(keyPkg KeyPackage) LeafIndex

func (*TreeKEMPublicKey) BlankPath

func (pub *TreeKEMPublicKey) BlankPath(index LeafIndex)

func (TreeKEMPublicKey) Clone

func (pub TreeKEMPublicKey) Clone() TreeKEMPublicKey

func (TreeKEMPublicKey) Encap

func (pub TreeKEMPublicKey) Encap(from LeafIndex, context, leafSecret []byte, leafSigPriv SignaturePrivateKey, opts *KeyPackageOpts) (*TreeKEMPrivateKey, *DirectPath, error)

func (TreeKEMPublicKey) Equals

func (pub TreeKEMPublicKey) Equals(o TreeKEMPublicKey) bool

func (TreeKEMPublicKey) Find

func (pub TreeKEMPublicKey) Find(kp KeyPackage) (LeafIndex, bool)

func (TreeKEMPublicKey) KeyPackage

func (pub TreeKEMPublicKey) KeyPackage(index LeafIndex) (KeyPackage, bool)

func (*TreeKEMPublicKey) Merge

func (pub *TreeKEMPublicKey) Merge(from LeafIndex, path DirectPath) error

func (TreeKEMPublicKey) RootHash

func (pub TreeKEMPublicKey) RootHash() []byte

func (*TreeKEMPublicKey) SetHashAll

func (pub *TreeKEMPublicKey) SetHashAll() error

func (TreeKEMPublicKey) Size

func (pub TreeKEMPublicKey) Size() LeafCount

func (*TreeKEMPublicKey) UpdateLeaf

func (pub *TreeKEMPublicKey) UpdateLeaf(index LeafIndex, keyPkg KeyPackage)

func (*TreeKEMPublicKey) UpdateLeafAdmin

func (pub *TreeKEMPublicKey) UpdateLeafAdmin(index LeafIndex, keyPkg KeyPackage)

type UpdateProposal

type UpdateProposal struct {
	KeyPackage KeyPackage
}

type Welcome

type Welcome struct {
	Version            ProtocolVersion
	CipherSuite        CipherSuite
	Secrets            []EncryptedGroupSecrets `tls:"head=4"`
	EncryptedGroupInfo []byte                  `tls:"head=4"`
	// contains filtered or unexported fields
}

func (Welcome) AdminDecrypt

func (w Welcome) AdminDecrypt(suite CipherSuite, epochSecret []byte) (*AdminGroupInfo, error)

func (Welcome) Decrypt

func (w Welcome) Decrypt(suite CipherSuite, epochSecret []byte) (*GroupInfo, error)

func (*Welcome) EncryptTo

func (w *Welcome) EncryptTo(kp KeyPackage, pathSecret []byte)

TODO(RLB): Return error instead of panicking

type X509Credential

type X509Credential struct {
	Chain []*x509.Certificate
}

case x509:

opaque cert_data<1..2^24-1>;

func (X509Credential) Equals

func (cred X509Credential) Equals(other *X509Credential) bool

func (X509Credential) MarshalTLS

func (cred X509Credential) MarshalTLS() ([]byte, error)

func (X509Credential) PublicKey

func (cred X509Credential) PublicKey() *SignaturePublicKey

func (X509Credential) Scheme

func (cred X509Credential) Scheme() SignatureScheme

func (*X509Credential) UnmarshalTLS

func (cred *X509Credential) UnmarshalTLS(data []byte) (int, error)

func (X509Credential) Verify

func (cred X509Credential) Verify(trusted []*x509.Certificate) error

XXX(RLB): This is a very simple chain validation, just looking at signatures and whatever basic hop-by-hop policy is applied by CheckSignatureFrom. More complex things like name constraints are not considered. They would be if we were using x509.Certificate.Verify, but that method (1) requires a DNS name as the authentication anchor, and (2) builds its own chain without strict ordering.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL