Documentation
¶
Index ¶
- func CheckChainLink(previousUPP UPP, subsequentUPP UPP) (bool, error)
- func Encode(upp UPP) ([]byte, error)
- type ChainedUPP
- type Crypto
- type CryptoContext
- func (c *CryptoContext) GenerateKey(name string, id uuid.UUID) error
- func (c *CryptoContext) GetCSR(name string, subjectCountry string, subjectOrganization string) ([]byte, error)
- func (c *CryptoContext) GetPublicKey(name string) ([]byte, error)
- func (c *CryptoContext) GetUUID(name string) (uuid.UUID, error)
- func (c *CryptoContext) PrivateKeyExists(name string) bool
- func (c *CryptoContext) SetKey(name string, id uuid.UUID, privKeyBytes []byte) error
- func (c *CryptoContext) SetPublicKey(name string, id uuid.UUID, pubKeyBytes []byte) error
- func (c *CryptoContext) Sign(id uuid.UUID, data []byte) ([]byte, error)
- func (c *CryptoContext) Verify(id uuid.UUID, data []byte, signature []byte) (bool, error)
- type EncryptedKeystore
- type Keystorer
- type Protocol
- func (p *Protocol) Sign(name string, hash []byte, protocol ProtocolVersion) ([]byte, error)
- func (p *Protocol) SignData(name string, userData []byte, protocol ProtocolVersion) ([]byte, error)
- func (p *Protocol) SignHash(name string, hash []byte, protocol ProtocolVersion) ([]byte, error)
- func (p *Protocol) Verify(name string, upp []byte) (bool, error)
- type ProtocolVersion
- type SignedUPP
- type UPP
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckChainLink ¶ added in v2.2.4
CheckChainLink compares the signature bytes of a previous ubirch protocol package with the previous signature bytes of a subsequent chained ubirch protocol package and returns true if they match. Returns an error if one of the UPPs is invalid.
Types ¶
type ChainedUPP ¶
type ChainedUPP struct {
Version ProtocolVersion
Uuid uuid.UUID
PrevSignature []byte
Hint uint8
Payload []byte
Signature []byte
}
ChainedUPP is the Chained Ubirch Protocol Package
func DecodeChained ¶ added in v2.1.3
func DecodeChained(upp []byte) (*ChainedUPP, error)
func (ChainedUPP) GetHint ¶ added in v2.1.5
func (upp ChainedUPP) GetHint() uint8
func (ChainedUPP) GetPayload ¶ added in v2.1.5
func (upp ChainedUPP) GetPayload() []byte
func (ChainedUPP) GetPrevSignature ¶ added in v2.1.5
func (upp ChainedUPP) GetPrevSignature() []byte
func (ChainedUPP) GetSignature ¶ added in v2.1.5
func (upp ChainedUPP) GetSignature() []byte
func (ChainedUPP) GetUuid ¶ added in v2.1.5
func (upp ChainedUPP) GetUuid() uuid.UUID
func (ChainedUPP) GetVersion ¶ added in v2.1.5
func (upp ChainedUPP) GetVersion() ProtocolVersion
type Crypto ¶
type Crypto interface {
GetUUID(name string) (uuid.UUID, error)
GenerateKey(name string, id uuid.UUID) error
GetCSR(name string, subjectCountry string, subjectOrganization string) ([]byte, error)
GetPublicKey(name string) ([]byte, error)
PrivateKeyExists(name string) bool
SetPublicKey(name string, id uuid.UUID, pubKeyBytes []byte) error
SetKey(name string, id uuid.UUID, privKeyBytes []byte) error
Sign(id uuid.UUID, value []byte) ([]byte, error)
Verify(id uuid.UUID, value []byte, signature []byte) (bool, error)
}
Crypto Interface for exported functionality
type CryptoContext ¶
CryptoContext contains the key store, a mapping for names -> UUIDs and the last generated signature per UUID.
func (*CryptoContext) GenerateKey ¶
func (c *CryptoContext) GenerateKey(name string, id uuid.UUID) error
GenerateKey generates a new key pair and stores it, using the given name and associated UUID.
func (*CryptoContext) GetCSR ¶
func (c *CryptoContext) GetCSR(name string, subjectCountry string, subjectOrganization string) ([]byte, error)
GetCSR gets a certificate signing request.
func (*CryptoContext) GetPublicKey ¶
func (c *CryptoContext) GetPublicKey(name string) ([]byte, error)
GetPublicKey gets the public key bytes for the given name.
func (*CryptoContext) GetUUID ¶
func (c *CryptoContext) GetUUID(name string) (uuid.UUID, error)
GetUUID gets the uuid that is related the given name.
func (*CryptoContext) PrivateKeyExists ¶ added in v2.1.2
func (c *CryptoContext) PrivateKeyExists(name string) bool
PrivateKeyExists Checks if a private key entry for the given name exists in the keystore.
func (*CryptoContext) SetKey ¶
SetKey takes a private key (32 bytes), calculates the public key and sets both private and public key
func (*CryptoContext) SetPublicKey ¶
SetPublicKey sets the public key (64 bytes)
func (*CryptoContext) Sign ¶
Sign returns the signature for 'data' using the private key of a specific UUID. Need to get the UUID via CryptoContext#GetUUID().
type EncryptedKeystore ¶
EncryptedKeystore is the reference implementation for a simple keystore. The secret has to be 16 Bytes long
func NewEncryptedKeystore ¶
func NewEncryptedKeystore(secret []byte) *EncryptedKeystore
NewEncryptedKeystore returns a new freshly initialized Keystore
func (*EncryptedKeystore) GetKey ¶
func (enc *EncryptedKeystore) GetKey(keyname string) ([]byte, error)
GetKey returns a Key from the Keystore
func (*EncryptedKeystore) MarshalJSON ¶
func (enc *EncryptedKeystore) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. The Password will not be marshaled.
func (*EncryptedKeystore) SetKey ¶
func (enc *EncryptedKeystore) SetKey(keyname string, keyvalue []byte) error
SetKey sets a key in the Keystore
func (*EncryptedKeystore) UnmarshalJSON ¶
func (enc *EncryptedKeystore) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The struct must not be null, and the password will not be read from the json, and needs to be set seperately.
type Keystorer ¶
type Keystorer interface {
GetKey(keyname string) ([]byte, error)
SetKey(keyname string, keyvalue []byte) error
// Required for saving and restoring
MarshalJSON() ([]byte, error)
UnmarshalJSON(b []byte) error
}
Keystorer contains the methods that must be implemented by the keystore implementation.
type Protocol ¶
type Protocol struct {
Crypto
Signatures map[uuid.UUID][]byte
// contains filtered or unexported fields
}
Protocol structure
func (*Protocol) Sign ¶
Sign is a wrapper for backwards compatibility with Sign() calls, will be removed in the future
func (*Protocol) SignData ¶ added in v2.1.3
SignData creates and signs a ubirch-protocol message using the given user data and the protocol type. The method expects the user data as input data. Data will be hashed and a UPP using the hash as payload will be created by calling SignHash(). The UUID is automatically retrieved from the context using the given device name. FIXME this method name might be confusing. If the user explicitly wants to sign original data,
(e.g. for msgpack key registration messages) the method name sounds like it would do that.
type ProtocolVersion ¶ added in v2.2.0
type ProtocolVersion uint8
ProtocolVersion definition
const ( Signed ProtocolVersion = 0x22 // Signed protocol, the Ubirch Protocol Package is signed Chained ProtocolVersion = 0x23 // Chained protocol, the Ubirch Protocol Package contains the previous signature and is signed )
type SignedUPP ¶
type SignedUPP struct {
Version ProtocolVersion
Uuid uuid.UUID
Hint uint8
Payload []byte
Signature []byte
}
SignedUPP is the Signed Ubirch Protocol Package
func DecodeSigned ¶ added in v2.1.3
func (SignedUPP) GetPayload ¶ added in v2.1.5
func (SignedUPP) GetPrevSignature ¶ added in v2.1.5
func (SignedUPP) GetSignature ¶ added in v2.1.5
func (SignedUPP) GetVersion ¶ added in v2.1.5
func (upp SignedUPP) GetVersion() ProtocolVersion
Source Files