# README
kbfscrypto
Crypto-related types and functions for KBFS. The package is named
kbfscrypto rather than crypto for two reasons:
- To avoid conflicting with the
cryptopackage. - Some variables are named
cryptoalready.
All errors returned by this package are wrapped with pkg/errors, and so need errors.Cause() to unwrap them.
# Functions
DecryptBlock decrypts a block, but does not unpad or decode it.
DecryptMerkleLeaf decrypts an EncryptedMerkleLeaf using the given private TLF key and ephemeral public key.
DecryptPrivateMetadata decrypts a PrivateMetadata object, but does not decode it.
DecryptTLFCryptKeyClientHalf decrypts a TLFCryptKeyClientHalf using the given device private key and the TLF's ephemeral public key.
DecryptTLFCryptKeys decrypts a TLFCryptKey array, but does not decode it.
DepadBlock extracts the actual block data from a padded block.
EncryptEncodedPrivateMetadata encrypts an encoded PrivateMetadata object.
EncryptPaddedEncodedBlock encrypts a padded, encoded block.
EncryptTLFCryptKeyClientHalf encrypts a TLFCryptKeyClientHalf using both a TLF's ephemeral private key and a device pubkey.
EncryptTLFCryptKeys encrypts a TLFCryptKey array.
GetRootCerts returns a byte array with the appropriate root certs for the given host:port string.
MakeBlockCryptKey returns a BlockCryptKey containing the given data.
MakeBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given data.
MakeBlockHashKey makes a key used for encryption and decryption for the v2 block encryption scheme.
MakeCryptPublicKey returns a CryptPublicKey containing the given KID.
MakeEncryptedMerkleLeaf constructs an EncryptedMerkleLeaf.
MakeEncryptedTLFCryptKeyClientHalfForTest returns an EncryptedTLFCryptKeyClientHalf with copies of the given data.
MakeFakeCryptPrivateKeyOrBust makes a new crypt private key from fake randomness made from the given seed.
MakeFakeCryptPublicKeyOrBust makes the public key corresponding to the crypt private key made with the same seed.
MakeFakeSigningKeyOrBust makes a new signing key from fake randomness made from the given seed.
MakeFakeTLFCryptKeyOrBust makes a TLF crypt key from the given seed.
MakeFakeVerifyingKeyOrBust makes a new key suitable for verifying signatures made from the fake signing key made with the same seed.
MakeRandomBlockCryptKeyServerHalf generates the server-side of a block crypt key.
MakeRandomTLFCryptKey returns a random top-level folder crypt key.
MakeRandomTLFCryptKeyServerHalf generates the server-side of a top-level folder crypt key.
MakeRandomTLFEphemeralKeys generates ephemeral keys using a CSPRNG for a TLF.
MakeTLFCryptKey returns a TLFCryptKey containing the given data.
MakeTLFCryptKeyClientHalf returns a TLFCryptKeyClientHalf containing the given data.
MakeTLFCryptKeyServerHalf returns a TLFCryptKeyServerHalf containing the given data.
MakeTLFCryptKeyServerHalfID creates a unique ID for this particular TLFCryptKeyServerHalf.
MakeTLFEphemeralPrivateKey returns a TLFEphemeralPrivateKey containing the given data.
MakeTLFEphemeralPublicKey returns a TLFEphemeralPublicKey containing the given data.
MakeTLFPrivateKey returns a TLFPrivateKey containing the given data.
MakeTLFPublicKey returns a TLFPublicKey containing the given data.
MakeVerifyingKey returns a VerifyingKey containing the given KID.
MaskTLFCryptKey returns the client side of a top-level folder crypt key.
NewAuthToken creates a new authentication token.
NewCryptPrivateKey returns a CryptPrivateKey using the given key pair.
NewSigningKey returns a SigningKey using the given key pair.
PadBlock adds zero padding to an encoded block.
ParseBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given hex-encoded data, or an error.
PrepareMerkleLeaf verifies the correctness of the given leaf, and returns its nonce.
RandRead is a belt-and-suspenders wrapper around crypto.rand.Read().
UnmaskBlockCryptKey returns the block crypt key.
UnmaskTLFCryptKey returns the top-level folder crypt key.
Verify verifies the given message against the given SignatureInfo, and returns nil if it verifies successfully, or an error otherwise.
VerifyTLFCryptKeyServerHalfID verifies the ID is the proper HMAC result.
# Constants
AuthTokenMinRefreshSeconds is the minimum number of seconds between refreshes.
EncryptionSecretbox is the encryption version that uses nacl/secretbox or nacl/box.
EncryptionSecretboxWithKeyNonce is the encryption version that uses nacl/secretbox or nacl/box, with a nonce derived from a secret key.
EnvTestRootCertPEM is the environment variable name for the CA cert PEM the client uses to verify the KBFS servers when testing.
SigED25519 is the signature type for ED25519.
SigED25519ForKBFS is the signature type for ED25519 with a KBFS prefix.
TestRootCert is a CA cert which can be used for testing TLS support.
TestRootKey can be used with the above cert+public key to test TLS support.
# Variables
PublicTLFCryptKey is the TLFCryptKey used for all public TLFs.
# Structs
AuthToken encapsulates a timed authentication token.
BlockCryptKey is used to encrypt/decrypt block data.
BlockCryptKeyServerHalf is a masked version of a BlockCryptKey, which can be recovered only with the TLFCryptKey used to mask the server half.
BlockHashKey is used as input to encrypt/decrypt block data (v2).
CryptPrivateKey is a private key for encryption/decryption.
CryptPublicKey (M_u^i) is used (with a TLFEphemeralPrivateKey) to encrypt TLFCryptKeyClientHalf objects (See §§ 4.1.1, 6.1.1, 6.3.) These are also sometimes known as subkeys.
EncryptedBlock is an encrypted Block object.
EncryptedMerkleLeaf is an encrypted MerkleLeaf object.
EncryptedPrivateMetadata is an encrypted PrivateMetadata object.
EncryptedTLFCryptKeyClientHalf is an encrypted TLFCryptKeyClientHalf object.
EncryptedTLFCryptKeys is an encrypted TLFCryptKey array.
InvalidByte32DataError is returned whenever invalid data for a 32-byte type is detected.
InvalidEncryptionVer indicates that we can't decrypt an encryptedData object because this data type doesn't support that encryption version.
InvalidKIDError is returned whenever an invalid KID is detected.
InvalidNonceError indicates that an invalid cryptographic nonce was detected.
PaddedBlockReadError occurs if the number of bytes read do not equal the number of bytes specified.
SignatureInfo contains all the info needed to verify a signature for a message.
SigningKey is a key pair for signing.
SigningKeySigner is a Signer wrapper around a SigningKey.
TLFCryptKey (s^{f,0}) is used to encrypt/decrypt the private portion of TLF metadata.
TLFCryptKeyClientHalf (t_u^{f,k,i} for a user u, a folder f, a key generation k, and a device i) is the masked, client-side half of a TLFCryptKey, which can be recovered only with both halves.
TLFCryptKeyServerHalf (s_u^{f,0,i}) is the masked, server-side half of a TLFCryptKey, which can be recovered only with both halves.
TLFCryptKeyServerHalfID is the identifier type for a server-side key half.
TLFEphemeralPrivateKey (m_e) is used (with a CryptPublicKey) to encrypt TLFCryptKeyClientHalf objects for non-public directories.
TLFEphemeralPublicKey (M_e) is used along with a crypt private key to decrypt TLFCryptKeyClientHalf objects for non-public directories.
A TLFPrivateKey (m_f) is the private half of the permanent keypair associated with a TLF.
A TLFPublicKey (M_f) is the public half of the permanent keypair associated with a TLF.
UnexpectedShortCryptoRandRead indicates that fewer bytes were read from crypto.rand.Read() than expected.
UnknownEncryptionVer indicates that we can't decrypt an encryptedData object because it has an unknown version.
UnknownSigVer indicates that we can't process a signature because it has an unknown version.
A VerifyingKey is a public key that can be used to verify a signature created by the corresponding private signing key.
# Interfaces
AuthTokenRefreshHandler defines a callback to be called when an auth token refresh is needed.
A Signer is something that can sign using an internal private key.
# Type aliases
EncryptionVer denotes a version for the encryption method.
SigVer denotes a signature version.
TLFEphemeralPublicKeys stores a list of TLFEphemeralPublicKey.