iqrcrypto

package module
v0.0.0-...-e66b43d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 26, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

README

Golang Quantum-Safe Crypto

Introduction

Quantum-safe crypto golang library. Includes Golang wrapper for the ISARA Radiate™ Quantum-Resistant Library 2.0 and implementation of ISARA Catalyst™ Agile Digital Certificate Technology.

This is a limited-functionality wrapper intended for use with ISARA's Quantum-safe extension to Venafi's VCert.

For more information about ISARA and our quantum-safe solutions, visit www.isara.com.

Building

This wrapper requires the ISARA toolkit. Please contact quantumsafe@isara.com for more information.

  1. Extract the toolkit. In the rest of these instructions we'll assume it has been extracted to ~/iqr_toolkit.
  2. Set the environment variable so the wrapper can find the toolkit.
export IQR_TOOLKIT_PATH=~/iqr_toolkit # Use your actual iqr toolkit path
  1. Build and run tests
cd golang-iqrcrypto
make

If IQR_TOOLKIT_PATH is not set, the wrapper will still build but any functions that rely on the ISARA toolkit will return an error.

OpenSSL Connector Compatibility Tests

To run the OpenSSL Connector compatibility tests you need ISARA Catalyst OpenSSL Connector 2.0. Please contact quantumsafe@isara.com for more information.

  1. Using the OpenSSL Connector guide, build and install OpenSSL Connector. In the rest of the instructions we'll assume it has been installed to /usr/local/isara_ssl.
  2. Set the environment so the tests can find the toolkit and OpenSSL Connector
export IQR_TOOLKIT_PATH=~/iqr_toolkit # Use your actual iqr toolkit path
export OPENSSL=/usr/local/isara_ssl/bin/openssl
export ENGINE=/usr/local/isara_ssl/lib/engines/libiqre_engine.so
  1. Run tests
cd golang-iqrcrypto/compatibility_test/certificate
./test.sh
cd ../dilithium
./test.sh
cd ../hss
./test.sh

License

See the LICENSE file for details:

Copyright © 2020, ISARA Corporation

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Trademarks

ISARA Radiate™ and ISARA Catalyst™ are trademarks of ISARA Corporation.

Patent Information

Portions of this software are covered by US Patent 10,425,401

Documentation

Overview

Copyright (C) 2020, ISARA Corporation

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

<a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a>

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package iqrcrypto privides Quantum-Safe algorithms and certificates using ISARA's Quantum Resistant Toolkit.

Index

Constants

View Source 
const IQR_OK = C.IQR_OK

IQR_OK function completed successfully.

Variables

View Source 
var (
	OidDilithium_III_SHAKE_r2 = asn1.RawValue{
		Class:      0,
		Tag:        6,
		IsCompound: false,
		Bytes:      []byte{4, 0, 127, 0, 15, 6, 9, 1},
		FullBytes:  []byte{6, 8, 4, 0, 127, 0, 15, 6, 9, 1},
	}

	OidDilithium_IV_SHAKE_r2 = asn1.RawValue{
		Class:      0,
		Tag:        6,
		IsCompound: false,
		Bytes:      []byte{4, 0, 127, 0, 15, 6, 9, 2},
		FullBytes:  []byte{6, 8, 4, 0, 127, 0, 15, 6, 9, 2},
	}
)
View Source 
var IQR_HASHALGO_SHA2_256 = 2

IQR_HASHALGO_SHA2_256 SHA2-256 algorithm type identifier.

View Source 
var IQR_HASHALGO_SHA2_384 = 3

IQR_HASHALGO_SHA2_384 SHA2-384 algorithm type identifier.

View Source 
var IQR_HASHALGO_SHA2_512 = 4

IQR_HASHALGO_SHA2_512 SHA2-512 algorithm type identifier.

View Source 
var IQR_HASHALGO_SHA3_256 = 5

IQR_HASHALGO_SHA3_256 SHA3-256 algorithm type identifier.

View Source 
var IQR_HASHALGO_SHA3_512 = 6

IQR_HASHALGO_SHA3_512 SHA3-512 algorithm type identifier.

View Source 
var IQR_HASH_DEFAULT_SHA2_256 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA2_256

IQR_HASH_DEFAULT_SHA2_256 Internal SHA2-256 implementation.

View Source 
var IQR_HASH_DEFAULT_SHA2_384 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA2_384

IQR_HASH_DEFAULT_SHA2_384 Internal SHA2-384 implementation.

View Source 
var IQR_HASH_DEFAULT_SHA2_512 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA2_512

IQR_HASH_DEFAULT_SHA2_512 Internal SHA2-512 implementation.

View Source 
var IQR_HASH_DEFAULT_SHA3_256 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA3_256

IQR_HASH_DEFAULT_SHA3_256 Internal SHA3-256 implementation.

View Source 
var IQR_HASH_DEFAULT_SHA3_512 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA3_512

IQR_HASH_DEFAULT_SHA3_512 Internal SHA3-512 implementation.

View Source 
var IqrDILITHIUM128 = &C.IQR_DILITHIUM_128

IqrDILITHIUM128 128 bit quantum security (138 bit classical security) variant.

View Source 
var IqrDILITHIUM160 = &C.IQR_DILITHIUM_160

IqrDILITHIUM160 160 bit quantum security (176 bit classical security) variant.

View Source 
var (
	// OidDilithiumSignatureScheme Dilithium-Signature-Scheme
	OidDilithiumSignatureScheme = asn1.ObjectIdentifier{0, 4, 0, 127, 0, 15, 1, 1, 9, 0}
)
View Source 
var (
	// OidHSSSignatureScheme Hierarchical-Signature-Scheme
	OidHSSSignatureScheme = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 3, 17}
)

Functions

func CheckAltReqSignature 

func CheckAltReqSignature(c *x509.CertificateRequest) error

CheckAltReqSignature check that hybrid CSR has a valid alternative signature. Currently only support Dilithium key

func CheckAltSignature 

func CheckAltSignature(c *x509.Certificate, signed, signature []byte) error

CheckAltSignature verifies that the alternative signature is a valid signature over signed from c's alternative public key. It is assumed that the certificate has been verified by x509.Certificate.CheckSignature.

func CheckAltSignatureFrom 

func CheckAltSignatureFrom(c *x509.Certificate, parent *x509.Certificate) error

CheckAltSignatureFrom verifies that the alternative signature of the given certificate is valid from parent. It is assumed that the certificate has been verified by the conventional signature.

func CheckQSSignatureFrom 

func CheckQSSignatureFrom(c *x509.Certificate, parent *x509.Certificate) error

CheckQSSignatureFrom verifies that the Quantum-Safe (Dilithium or HSS) signature of the given certificate is valid from parent.

func CreateHybridCertificateRequest 

func CreateHybridCertificateRequest(rand io.Reader, template *x509.CertificateRequest, priv interface{},
	qspriv QSPrivateKey) (csr []byte, err error)

CreateHybridCertificateRequest creates a new hybrid certificate request based on a classic one.

The returned slice is a hybrid certificate request in ASN.1 encoding.

func CreateQSCertificateRequest 

func CreateQSCertificateRequest(rand io.Reader, template *x509.CertificateRequest, priv interface{}) (csr []byte, err error)

CreateQSCertificateRequest creates a new certificate request based on a template. It is similar to x509.CreateCertificateRequest except it also support Dilithium key. It does not create classic and quantum-safe hybird certificate request. To do that, use the CreateHybridCertificateRequest function.

The returned slice is the certificate request in ASN.1 encoding.

func ExtendCertificateReqAlt 

func ExtendCertificateReqAlt(csrDER []byte, classicPriv interface{}, qsPriv QSPrivateKey) (csrqs []byte, err error)

ExtendCertificateReqAlt Extend a CSR to add a Quantum-Safe algorithm to the Alt extensions.

func IqrCreateContext 

func IqrCreateContext(ctx **IqrContext) error

IqrCreateContext creates and initializes a Context object.

func IqrDestroyContext 

func IqrDestroyContext(ctx **IqrContext) error

IqrDestroyContext destroys a context object.

func IqrDilithiumCreateKeyPair 

func IqrDilithiumCreateKeyPair(params *IqrDilithiumParams, rng *IqrRNG, pub **IqrDilithiumPublicKey, priv **IqrDilithiumPrivateKey) error

IqrDilithiumCreateKeyPair Golang wrapper for iqr_DilithiumCreateKeyPair

func IqrDilithiumCreateParams 

func IqrDilithiumCreateParams(ctx *IqrContext, variant *IqrDilithiumVariant, params **IqrDilithiumParams) error

IqrDilithiumCreateParams creates Dilithium's domain parameters.

func IqrDilithiumDestroyParams 

func IqrDilithiumDestroyParams(params **IqrDilithiumParams) error

IqrDilithiumDestroyParams destroys Dilithium's domain parameters.

func IqrDilithiumDestroyPrivateKey 

func IqrDilithiumDestroyPrivateKey(privateKey **IqrDilithiumPrivateKey) error

IqrDilithiumDestroyPrivateKey destroys a Dilithium private key.

func IqrDilithiumDestroyPublicKey 

func IqrDilithiumDestroyPublicKey(publicKey **IqrDilithiumPublicKey) error

IqrDilithiumDestroyPublicKey destroys a Dilithium public key.

func IqrDilithiumExportPrivateKey 

func IqrDilithiumExportPrivateKey(privKey *IqrDilithiumPrivateKey, buf []byte, size int64) error

IqrDilithiumExportPrivateKey exports a Dilithium private key.

func IqrDilithiumExportPrivateKeyPKCS8 

func IqrDilithiumExportPrivateKeyPKCS8(key *DilithiumPrivateKey) (der []byte, err error)

IqrDilithiumExportPrivateKeyPKCS8 exports a Dilithium private key into PKCS8 format.

func IqrDilithiumExportPublicKey 

func IqrDilithiumExportPublicKey(pubKey *IqrDilithiumPublicKey, buf []byte, size int64) error

IqrDilithiumExportPublicKey exports the Dilithium private key's data into a buffer.

func IqrDilithiumGetPrivateKeySize 

func IqrDilithiumGetPrivateKeySize(params *IqrDilithiumParams, privateKeySize *int64) error

IqrDilithiumGetPrivateKeySize Golang wrapper for iqr_DilithiumGetPrivateKeySize

func IqrDilithiumGetPublicKeySize 

func IqrDilithiumGetPublicKeySize(params *IqrDilithiumParams, publicKeySize *int64) error

IqrDilithiumGetPublicKeySize gets the Dilithium public key size.

func IqrDilithiumGetSignatureSize 

func IqrDilithiumGetSignatureSize(params *IqrDilithiumParams, sigSize *int64) error

IqrDilithiumGetSignatureSize gets the Dilithium signature size.

func IqrDilithiumImportPrivateKey 

func IqrDilithiumImportPrivateKey(params *IqrDilithiumParams, buf []byte, size int64, privateKey **IqrDilithiumPrivateKey) error

IqrDilithiumImportPrivateKey imports a Dilithium private key object from a buffer. This function only accepts data that has been generated by IqrDilithiumExportPrivateKey(). There is currently no standard for saving Dilithium private keys.

func IqrDilithiumImportPrivateKeyFromPKCS8 

func IqrDilithiumImportPrivateKeyFromPKCS8(ctx *IqrContext, der []byte, size int64, privateKey **IqrDilithiumPrivateKey,
	variant **IqrDilithiumVariant, params **IqrDilithiumParams) error

IqrDilithiumImportPrivateKeyFromPKCS8

func IqrDilithiumImportPublicKey 

func IqrDilithiumImportPublicKey(params *IqrDilithiumParams, buf []byte, size int64, publicKey **IqrDilithiumPublicKey) error

IqrDilithiumImportPublicKey imports a Dilithium private key object from a buffer. This function only accepts data that has been generated by iqr_DilithiumExportPrivateKey(). There is currently no standard for saving Dilithium private keys.

func IqrDilithiumImportPublicKeyFromASN1 

func IqrDilithiumImportPublicKeyFromASN1(ctx *IqrContext, der []byte, size int64, publicKey **IqrDilithiumPublicKey,
	variant **IqrDilithiumVariant, params **IqrDilithiumParams) error

IqrDilithiumImportPublicKeyFromASN1 imports public key from a asn.1 encoded public key buffer.

func IqrDilithiumSign 

func IqrDilithiumSign(privKey *IqrDilithiumPrivateKey, message []byte, messageSize int64, sig []byte, sigSize int64) error

IqrDilithiumSign signs a message using a Dilithium private key. sigSize must be exact the same value returned by iqrDilithiumGetSingatureSize

func IqrDilithiumVerify 

func IqrDilithiumVerify(pubKey *IqrDilithiumPublicKey, message []byte, messageSize int64, sig []byte, sigSize int64) error

IqrDilithiumVerify verifies the signature of a message using a Dilithium public key. sigSize must be exact the same value returned by iqrDilithiumGetSingatureSize

func IqrError 

func IqrError(ret IqrRetval) error

IqrError converts Iqr return value to Go error object.

func IqrHSSCreateParamsFromSignature 

func IqrHSSCreateParamsFromSignature(ctx *IqrContext, sig []byte, sigSize int64, params **IqrHSSParams) error

IqrHSSCreateParamsFromSignature Create an HSS Parameters object using a signature.

func IqrHSSDestroyParams 

func IqrHSSDestroyParams(params **IqrHSSParams) error

IqrHSSDestroyParams destroys HSS parameters and release it from memory.

func IqrHSSDestroyPublicKey 

func IqrHSSDestroyPublicKey(publicKey **IqrHSSPublicKey) error

IqrHSSDestroyPublicKey destroys the HSS public key and releases it from memory.

func IqrHSSExportPublicKey 

func IqrHSSExportPublicKey(pubKey *IqrHSSPublicKey, buf []byte, size int64) error

IqrHSSExportPublicKey exports HSS public key.

func IqrHSSGetPublicKeySize 

func IqrHSSGetPublicKeySize(params *IqrHSSParams, publicKeySize *int64) error

IqrHSSGetPublicKeySize gets HSS public key size.

func IqrHSSImportPublicKey 

func IqrHSSImportPublicKey(params *IqrHSSParams, buf []byte, size int64, publicKey **IqrHSSPublicKey) error

IqrHSSImportPublicKey imports HSS public key.

func IqrHSSImportPublicKeyFromASN1 

func IqrHSSImportPublicKeyFromASN1(ctx *IqrContext, der []byte, size int64, publicKey **IqrHSSPublicKey,
	params *IqrHSSParams) error

IqrHSSImportPublicKeyFromASN1 imports public key from asn.1 encode public key.

func IqrHSSVerify 

func IqrHSSVerify(pubKey *IqrHSSPublicKey, message []byte, messageSize int64, sig []byte, sigSize int64) error

IqrHSSVerify verifies HSS signature. sigSize must be exact the same value returned by IqrHSSGetSingatureSize

func IqrHashRegisterCallbacks 

func IqrHashRegisterCallbacks(ctx *IqrContext, hashAlgoType int, cb C.iqr_HashCallbacks) error

IqrHashRegisterCallbacks registers a hashing implementation.

func IqrInitRNG 

func IqrInitRNG(ctx **IqrContext, rng **IqrRNG, rand io.Reader) error

IqrInitRNG Convenient function to create a RNG. The returned RNG must be destroyed using the IqrRNGDestroy function.

func IqrRNGCreateHMACDRBG 

func IqrRNGCreateHMACDRBG(ctx *IqrContext, hashAlgoType int, rng **IqrRNG) error

IqrRNGCreateHMACDRBG creates an HMAC-DRBG Random Number Generator.

func IqrRNGDestroy 

func IqrRNGDestroy(rng **IqrRNG) error

IqrRNGDestroy destroys a Random Number Generator.

func IqrRNGInitialize 

func IqrRNGInitialize(rng **IqrRNG, seed []byte) error

IqrRNGInitialize creates and initializes a Random Number Generator.

func IqrStrError 

func IqrStrError(ret IqrRetval) string

IqrStrError converts Iqr return value to readable string.

func IqrToolkitLinked 

func IqrToolkitLinked() bool

Types

type DilithiumPrivateKey 

type DilithiumPrivateKey struct {
	Variant *IqrDilithiumVariant
	Params  *IqrDilithiumParams
	PubKey  *IqrDilithiumPublicKey
	PrivKey *IqrDilithiumPrivateKey
}

A DilithiumPrivateKey represents a Dilithium key It also implements the crypto.Signer interface.

func GenerateDilithiumPrivateKey 

func GenerateDilithiumPrivateKey(variant *IqrDilithiumVariant, rand io.Reader) (*DilithiumPrivateKey, error)

GenerateDilithiumPrivateKey generates a new dilithium private key using the vaiant specified Call IqrDilithiumDestroyPrivateKey if the returned private key no longer used. variant: one of IqrDILITHIUM128 and IqrDILITHIUM160

func (*DilithiumPrivateKey) Destroy 

func (priv *DilithiumPrivateKey) Destroy() error

Destroy destroy the private and its public key and release the memory

func (*DilithiumPrivateKey) Public 

func (priv *DilithiumPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*DilithiumPrivateKey) QSKeyType 

func (priv *DilithiumPrivateKey) QSKeyType() string

QSKeyType returns wether is the key is Quantum-Safe.

func (*DilithiumPrivateKey) Sign 

func (priv *DilithiumPrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with priv, reading randomness from rand.

type IqrContext 

type IqrContext = C.iqr_Context

IqrContext The Context object

type IqrDilithiumParams 

type IqrDilithiumParams = C.iqr_DilithiumParams

IqrDilithiumParams the Dilithium domain parameter.

type IqrDilithiumPrivateKey 

type IqrDilithiumPrivateKey = C.iqr_DilithiumPrivateKey

IqrDilithiumPrivateKey the Dilithium private key.

type IqrDilithiumPublicKey 

type IqrDilithiumPublicKey = C.iqr_DilithiumPublicKey

IqrDilithiumPublicKey the Dilithium public key.

type IqrDilithiumVariant 

type IqrDilithiumVariant = C.iqr_DilithiumVariant

IqrDilithiumVariant the Dilithium variant, one of IqrDILITHIUM128 and IqrDILITHIUM160

type IqrHSSParams 

type IqrHSSParams = C.iqr_HSSParams

IqrHSSParams the HSS algorithm's domain parameters.

type IqrHSSPublicKey 

type IqrHSSPublicKey = C.iqr_HSSPublicKey

IqrHSSPublicKey handle to HSS public key.

type IqrRNG 

type IqrRNG = C.iqr_RNG

IqrRNG Random Number Generator object.

type IqrRetval 

type IqrRetval = C.iqr_retval

IqrRetval return value of Iqr function.

type QSPrivateKey 

type QSPrivateKey interface {
	QSKeyType() string
	Destroy() error
}

QSPrivateKey is an interface for an opaque QS private key that can be used for signing operations.

type SignatureAlgorithmQS 

type SignatureAlgorithmQS int

SignatureAlgorithmQS Quantum-Safe algorithms. 

const (
	UnknownSignatureAlgorithm SignatureAlgorithmQS = iota
	DILITHIUM
	HSS
)

List of supported Quantum-Safe algorithms

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.