github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/merkletree2/encoders.go (about)

     1  package merkletree2
     2  
     3  import (
     4  	"crypto/hmac"
     5  	cryptorand "crypto/rand"
     6  	"crypto/sha512"
     7  	"hash"
     8  
     9  	"github.com/keybase/go-codec/codec"
    10  )
    11  
    12  type EncodingType uint8
    13  
    14  const (
    15  	// For KeyValuePairs, the hash of the pair (k, v) is p(p(k, s), v )) where p
    16  	// = HMAC-SHA512-256 and s is a secret unique per Merkle seqno. Note that
    17  	// users learn k, v and p(k,s) but not s itself, so the hash is a commitment
    18  	// to the value only and not the key. However, the key is written and hashed
    19  	// as part of the merkle tree leaf node, so keybase cannot equivocate that.
    20  	// For generic data structures, this encoder uses SHA512-256 to hash the
    21  	// msgpack canonical encoding.
    22  	EncodingTypeBlindedSHA512_256v1 EncodingType = 1
    23  
    24  	// Generic testing encoding.
    25  	EncodingTypeForTesting EncodingType = 127
    26  )
    27  
    28  func (e EncodingType) GetEncoder() Encoder {
    29  	switch e {
    30  	case EncodingTypeBlindedSHA512_256v1:
    31  		return NewBlindedSHA512_256v1Encoder()
    32  	default:
    33  		panic("Invalid EncodingType")
    34  	}
    35  }
    36  
    37  // This function returns an encoder which is potentially unsafe for concurrent
    38  // use.
    39  func (e EncodingType) GetUnsafeEncoder() Encoder {
    40  	switch e {
    41  	case EncodingTypeBlindedSHA512_256v1:
    42  		return NewUnsafeBlindedSHA512_256v1Encoder()
    43  	default:
    44  		panic("Invalid EncodingType")
    45  	}
    46  }
    47  
    48  // UnsafeBlindedSHA512_256v1Encoder is analogous to BlindedSHA512_256v1Encoder,
    49  // but sometimes faster and not safe for concurrent use.
    50  type UnsafeBlindedSHA512_256v1Encoder struct {
    51  	BlindedSHA512_256v1Inner
    52  	enc    *codec.Encoder
    53  	dec    *codec.Decoder
    54  	sha    hash.Hash
    55  	encBuf []byte
    56  }
    57  
    58  var _ Encoder = (*UnsafeBlindedSHA512_256v1Encoder)(nil)
    59  
    60  func NewUnsafeBlindedSHA512_256v1Encoder() *UnsafeBlindedSHA512_256v1Encoder {
    61  	var mh codec.MsgpackHandle
    62  	mh.WriteExt = true
    63  	mh.Canonical = true
    64  
    65  	return &UnsafeBlindedSHA512_256v1Encoder{enc: codec.NewEncoderBytes(nil, &mh), dec: codec.NewDecoderBytes(nil, &mh), sha: sha512.New512_256()}
    66  }
    67  
    68  func (e *UnsafeBlindedSHA512_256v1Encoder) EncodeTo(o interface{}, out *[]byte) (err error) {
    69  	e.enc.ResetBytes(out)
    70  	return e.enc.Encode(o)
    71  }
    72  
    73  func (e *UnsafeBlindedSHA512_256v1Encoder) Encode(o interface{}) (out []byte, err error) {
    74  	return out, e.EncodeTo(o, &out)
    75  }
    76  
    77  func (e *UnsafeBlindedSHA512_256v1Encoder) Decode(dest interface{}, src []byte) error {
    78  	e.dec.ResetBytes(src)
    79  	return e.dec.Decode(dest)
    80  }
    81  
    82  func (e *UnsafeBlindedSHA512_256v1Encoder) HashGeneric(o interface{}, ret *Hash) error {
    83  	err := e.EncodeTo(o, &e.encBuf)
    84  	if err != nil {
    85  		return err
    86  	}
    87  	e.sha.Reset()
    88  	_, _ = e.sha.Write(e.encBuf)
    89  	*ret = e.sha.Sum((*ret)[:0])
    90  	return nil
    91  }
    92  
    93  func (e *UnsafeBlindedSHA512_256v1Encoder) EncodeAndHashGeneric(o interface{}) ([]byte, Hash, error) {
    94  	enc, err := e.Encode(o)
    95  	if err != nil {
    96  		return nil, nil, err
    97  	}
    98  	e.sha.Reset()
    99  	// sha.Write never errors.
   100  	_, _ = e.sha.Write(enc)
   101  	return enc, e.sha.Sum(nil), nil
   102  }
   103  
   104  func (e *UnsafeBlindedSHA512_256v1Encoder) HashKeyValuePairWithKeySpecificSecret(kvp KeyValuePair, kss KeySpecificSecret) (Hash, error) {
   105  	err := e.EncodeTo(kvp.Value, &e.encBuf)
   106  	if err != nil {
   107  		return nil, err
   108  	}
   109  	return e.HashKeyEncodedValuePairWithKeySpecificSecret(KeyEncodedValuePair{Key: kvp.Key, Value: e.encBuf}, kss)
   110  }
   111  
   112  type BlindedSHA512_256v1Encoder struct {
   113  	BlindedSHA512_256v1Inner
   114  	mh codec.MsgpackHandle
   115  }
   116  
   117  var _ Encoder = &BlindedSHA512_256v1Encoder{}
   118  
   119  func NewBlindedSHA512_256v1Encoder() *BlindedSHA512_256v1Encoder {
   120  	var mh codec.MsgpackHandle
   121  	mh.WriteExt = true
   122  	mh.Canonical = true
   123  
   124  	return &BlindedSHA512_256v1Encoder{mh: mh}
   125  }
   126  
   127  func (e *BlindedSHA512_256v1Encoder) EncodeTo(o interface{}, out *[]byte) (err error) {
   128  	return codec.NewEncoderBytes(out, &e.mh).Encode(o)
   129  }
   130  
   131  func (e *BlindedSHA512_256v1Encoder) Encode(o interface{}) (out []byte, err error) {
   132  	return out, e.EncodeTo(o, &out)
   133  }
   134  
   135  func (e *BlindedSHA512_256v1Encoder) Decode(dest interface{}, src []byte) error {
   136  	return codec.NewDecoderBytes(src, &e.mh).Decode(dest)
   137  }
   138  
   139  func (e *BlindedSHA512_256v1Encoder) EncodeAndHashGeneric(o interface{}) ([]byte, Hash, error) {
   140  	enc, err := e.Encode(o)
   141  	if err != nil {
   142  		return nil, nil, err
   143  	}
   144  	hasher := sha512.New512_256()
   145  	// hasher.Write never errors.
   146  	_, _ = hasher.Write(enc)
   147  	return enc, hasher.Sum(nil), nil
   148  }
   149  
   150  func (e *BlindedSHA512_256v1Encoder) HashGeneric(o interface{}, ret *Hash) error {
   151  	enc, err := e.Encode(o)
   152  	if err != nil {
   153  		return err
   154  	}
   155  	hasher := sha512.New512_256()
   156  	// hasher.Write never errors.
   157  	_, _ = hasher.Write(enc)
   158  	*ret = hasher.Sum((*ret)[:0])
   159  	return nil
   160  }
   161  
   162  func (e *BlindedSHA512_256v1Encoder) HashKeyValuePairWithKeySpecificSecret(kvp KeyValuePair, kss KeySpecificSecret) (Hash, error) {
   163  	encVal, err := e.Encode(kvp.Value)
   164  	if err != nil {
   165  		return nil, err
   166  	}
   167  	return e.HashKeyEncodedValuePairWithKeySpecificSecret(KeyEncodedValuePair{Key: kvp.Key, Value: encVal}, kss)
   168  }
   169  
   170  type BlindedSHA512_256v1Inner struct{}
   171  
   172  func (e BlindedSHA512_256v1Inner) HashKeyEncodedValuePairWithKeySpecificSecret(kevp KeyEncodedValuePair, kss KeySpecificSecret) (h Hash, err error) {
   173  	return h, e.HashKeyEncodedValuePairWithKeySpecificSecretTo(kevp, kss, &h)
   174  }
   175  
   176  func (e BlindedSHA512_256v1Inner) HashKeyEncodedValuePairWithKeySpecificSecretTo(kevp KeyEncodedValuePair, kss KeySpecificSecret, ret *Hash) error {
   177  	hasher := hmac.New(sha512.New512_256, kss)
   178  	// hasher.Write never errors.
   179  	_, _ = hasher.Write(kevp.Value)
   180  	*ret = hasher.Sum((*ret)[:0])
   181  	return nil
   182  }
   183  
   184  func (e BlindedSHA512_256v1Inner) GenerateMasterSecret(Seqno) (MasterSecret, error) {
   185  	secret := make([]byte, 32)
   186  	_, err := cryptorand.Read(secret)
   187  	return MasterSecret(secret), err
   188  }
   189  
   190  func (e BlindedSHA512_256v1Inner) ComputeKeySpecificSecret(ms MasterSecret, k Key) (kss KeySpecificSecret) {
   191  	e.ComputeKeySpecificSecretTo(ms, k, &kss)
   192  	return kss
   193  }
   194  
   195  func (e BlindedSHA512_256v1Inner) ComputeKeySpecificSecretTo(ms MasterSecret, k Key, ret *KeySpecificSecret) {
   196  	hasher := hmac.New(sha512.New512_256, ms)
   197  	// hasher.Write never errors.
   198  	_, _ = hasher.Write(k)
   199  	*ret = hasher.Sum((*ret)[:0])
   200  }
   201  
   202  func (e BlindedSHA512_256v1Inner) GetEncodingType() EncodingType {
   203  	return EncodingTypeBlindedSHA512_256v1
   204  }