sec

package
v0.0.0-...-9c63132 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 4, 2020 License: LGPL-3.0 Imports: 15 Imported by: 0

Documentation

Overview

Package sec provides security primitives for the SporeDB mycelium.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrKeyRingLocked    = errors.New("keyring is locked")
	ErrInvalidIdentity  = errors.New("invalid identity")
	ErrInvalidPublicKey = errors.New("invalid public key")
	ErrInvalidSignature = errors.New("invalid signature")
)

Error messages.

View Source 
var TrustThreshold = TrustHIGH

TrustThreshold is the default required TrustLevel for a verification operation.

Functions

func Fingerprint 

func Fingerprint(data []byte) string

Fingerprint is a helper function to get a human-friendly representation of one's key.

Types

type ByIdentity 

type ByIdentity []ListedKey

ByIdentity is a helper to sort ListeKey by their identity.

func (ByIdentity) Len 

func (a ByIdentity) Len() int

func (ByIdentity) Less 

func (a ByIdentity) Less(i, j int) bool

func (ByIdentity) Swap 

func (a ByIdentity) Swap(i, j int)

type ErrInsufficientTrust 

type ErrInsufficientTrust struct {
	I string
	L int
}

ErrInsufficientTrust is returned when a verification cannot be performed due to a lack of trust in one's public key.

func (ErrInsufficientTrust) Error 

func (e ErrInsufficientTrust) Error() string

Error returns error's string value.

type ErrUnknownIdentity 

type ErrUnknownIdentity struct {
	I string
}

ErrUnknownIdentity is returned when an operation is asked for an unknown identity.

func (ErrUnknownIdentity) Error 

func (e ErrUnknownIdentity) Error() string

Error returns error's string value.

type Exporter 

type Exporter interface {
	encoding.BinaryMarshaler
	Export(identity string) ([]byte, error)
}

Exporter shall export a particular credential or a whole set.

type Importer 

type Importer interface {
	encoding.BinaryUnmarshaler
	Import(data []byte, identity string, trust TrustLevel) error
}

Importer shall import a particular credential or a whole set.

type KeyEd25519 

type KeyEd25519 struct {
	Public     ed25519.PublicKey
	Signatures map[string]*Signature
	// contains filtered or unexported fields
}

KeyEd25519 is the representation of a Key for the KeyRingEd25519.

func (*KeyEd25519) Info 

func (k *KeyEd25519) Info() (identity string, data []byte, trust TrustLevel)

Info shall be used to get basic informations about this key.

type KeyRing 

type KeyRing interface {
	PrivateKeyHolder
	PublicKeysHolder
	Exporter
	Importer
}

KeyRing shall store private and public keys while providing cryptographic functions.

type KeyRingEd25519 

type KeyRingEd25519 struct {
	// contains filtered or unexported fields
}

KeyRingEd25519 is a KeyRing saving data as PEM, and using the Ed25519 high-speed high-security signatures algorithm.

This KeyRing also provides a lazy web of trust computation feature, similar to PGP's web of trust.

func NewKeyRingEd25519 

func NewKeyRingEd25519() *KeyRingEd25519

NewKeyRingEd25519 instanciates a new KeyRingEd25519. It MUST be called to create a new KeyRing.

func (*KeyRingEd25519) AddPublic 

func (k *KeyRingEd25519) AddPublic(identity string, trust TrustLevel, data []byte) (err error)

AddPublic adds or overwrite a new public key in the keyring. It resets the related signatures if the key is modified.

This function is thread-safe.

func (*KeyRingEd25519) AddSignature 

func (k *KeyRingEd25519) AddSignature(identity, from string, signature *Signature) error

AddSignature adds a signature to the identity, from signer "from". If "from" equals the empty string, the KeyRing adds a new signature to the identity using its own private key.

It may returns ErrKeyRingLocked or ErrUnknownIdentity.

This function is thread-safe.

func (*KeyRingEd25519) CreatePrivate 

func (k *KeyRingEd25519) CreatePrivate(password *memguard.LockedBuffer) (err error)

CreatePrivate generates a new Ed25519 private key and its associated PEM-armored block.

func (*KeyRingEd25519) Export 

func (k *KeyRingEd25519) Export(identity string) ([]byte, error)

Export exports a public key to a PEM block.

func (*KeyRingEd25519) GetPublic 

func (k *KeyRingEd25519) GetPublic(identity string) (data []byte, trust TrustLevel, err error)

GetPublic returns the stored public key for the provided identity. Providing the empty identity will return self public key.

It may returns ErrKeyRingLocked or ErrUnknownIdentity.

This function is thread-safe.

func (*KeyRingEd25519) GetSignatures 

func (k *KeyRingEd25519) GetSignatures(identity string) map[string]*Signature

GetSignatures returns a map of (signer, signatures) where the provided identity is the signee. This function is thread-safe.

func (*KeyRingEd25519) Import 

func (k *KeyRingEd25519) Import(data []byte, identity string, trust TrustLevel) error

Import imports a public PEM block to the keyring. Identity must be defined, and third-party signatures are verified afterwards.

This function accepts following results of function Export: - Local exports (without any headears) - Third-party exports (with "identity" header set)

  • If the provided identity is different that the "identity" header, an error is returned

This function is thread-safe.

func (*KeyRingEd25519) ListPublic 

func (k *KeyRingEd25519) ListPublic() []ListedKey

ListPublic returns every stored public key. The self public key is also included.

func (*KeyRingEd25519) LockPrivate 

func (k *KeyRingEd25519) LockPrivate() (err error)

LockPrivate locks the KeyRing by removing any remaining clear private key data in memory.

func (*KeyRingEd25519) Locked 

func (k *KeyRingEd25519) Locked() bool

Locked returns wether the KeyRing is currently locked or not (private key in cleartext in memory).

func (*KeyRingEd25519) MarshalBinary 

func (k *KeyRingEd25519) MarshalBinary() ([]byte, error)

MarshalBinary returns a PEM-armored version of this KeyRing.

func (*KeyRingEd25519) RemovePublic 

func (k *KeyRingEd25519) RemovePublic(identity string)

RemovePublic removes a key from the KeyRing. This function is thread-safe.

func (*KeyRingEd25519) Sign 

func (k *KeyRingEd25519) Sign(cleartext []byte) (signature []byte, err error)

Sign signs the message with the unlocked private key. This function is thread-safe.

func (*KeyRingEd25519) Trusted 

func (k *KeyRingEd25519) Trusted(identity string) error

Trusted shall return nil if an identity is currently trusted by the keyring.

It may returns ErrUnknownIdentity or ErrInsufficientTrust.

This function is thread-safe.

func (*KeyRingEd25519) UnlockPrivate 

func (k *KeyRingEd25519) UnlockPrivate(password *memguard.LockedBuffer) (err error)

UnlockPrivate tries to decypher the private key block in memory.

func (*KeyRingEd25519) UnmarshalBinary 

func (k *KeyRingEd25519) UnmarshalBinary(data []byte) error

UnmarshalBinary rebuilds a KeyRing from its PEM-armored version. - It may not return an error if a parse error is encountered ; - NewKeyRingEd25519 must be called before to instantiate the KeyRing.

func (*KeyRingEd25519) Verify 

func (k *KeyRingEd25519) Verify(from string, cleartext, signature []byte) error

Verify checks the message signed by "from". The addition of local trust and third-party trust levels must be greater or equals than TrustThreshold.

It may returns ErrUnknownIdentity, ErrInsufficientTrust or ErrInvalidSignature.

This function is thread-safe.

type ListedKey 

type ListedKey interface {
	Info() (identity string, data []byte, trust TrustLevel)
}

ListedKey shall contain one function returning basic informations about one's key.

type PrivateKeyHolder 

type PrivateKeyHolder interface {
	Locked() bool
	LockPrivate() error
	UnlockPrivate(password *memguard.LockedBuffer) error
	CreatePrivate(password *memguard.LockedBuffer) error
	Sign(cleartext []byte) (signature []byte, err error)
}

PrivateKeyHolder shall be designed to safely keep one private key.

type PublicKeysHolder 

type PublicKeysHolder interface {
	AddPublic(identity string, trust TrustLevel, data []byte) error
	ListPublic() []ListedKey
	GetPublic(identity string) (data []byte, trust TrustLevel, err error)
	RemovePublic(identity string)
	GetSignatures(identity string) map[string]*Signature
	AddSignature(identity, from string, signature *Signature) error
	Verify(from string, cleartext, signature []byte) (err error)
	Trusted(identity string) error
}

PublicKeysHolder shall be designed to keep several public keys and associated signatures.

type Signature 

type Signature struct {
	Data  []byte
	Trust TrustLevel
}

Signature represents a local or third-party public key's signature.

type TrustLevel 

type TrustLevel byte

TrustLevel is a representation of a public key's trust. 

const (
	TrustNONE     TrustLevel = 0x00
	TrustLOW      TrustLevel = 0x01
	TrustHIGH     TrustLevel = 0x03
	TrustULTIMATE TrustLevel = 0xff
)

TrustLevel available values.

func ParseTrust 

func ParseTrust(trust string) (TrustLevel, error)

ParseTrust returns a TrustLevel from its string representation.

func (TrustLevel) Add 

func (t TrustLevel) Add(t2 TrustLevel) TrustLevel

Add returns a safe addition between two TrustLevels.

func (TrustLevel) Min 

func (t TrustLevel) Min(t2 TrustLevel) TrustLevel

Min returns the minimum value between two TrustLevels.

func (TrustLevel) String 

func (t TrustLevel) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.