github.com/onflow/flow-go/crypto@v0.24.8/common.go (about)

     1  package crypto
     2  
     3  import (
     4  	"crypto/rand"
     5  	"errors"
     6  	"fmt"
     7  )
     8  
     9  //revive:disable:var-naming
    10  
    11  // the `go generate` command requires bash scripting, `cmake` and `git`.
    12  //go:generate bash ./build_dependency.sh
    13  
    14  const (
    15  	// Minimum targeted bits of security.
    16  	// This is used as a reference but it doesn't mean all implemented primitives provide this minimum.
    17  	securityBits = 128
    18  
    19  	// keygen seed length conditions
    20  	// enforce seed to be at least double the security bits and have enough entropy.
    21  	// it is still recommened that seed is generated using a secure RNG.
    22  	KeyGenSeedMinLen = 2 * (securityBits / 8)
    23  	KeyGenSeedMaxLen = 256
    24  
    25  	// max relic PRG seed length in bytes
    26  	maxRelicPrgSeed = 1 << 32
    27  )
    28  
    29  // TODO: update this code to make sure
    30  // the function isn't removed by the compiler
    31  // https://github.com/golang/go/issues/21865
    32  func overwrite(data []byte) {
    33  	_, err := rand.Read(data) // checking err is enough
    34  	if err != nil {
    35  		// zero the buffer if randomizing failed
    36  		for i := 0; i < len(data); i++ {
    37  			data[i] = 0
    38  		}
    39  	}
    40  }
    41  
    42  // invalidInputsError is an error returned when a crypto API receives invalid inputs.
    43  // It allows a function caller differentiate unexpected program errors from errors caused by
    44  // invalid inputs.
    45  type invalidInputsError struct {
    46  	error
    47  }
    48  
    49  func (e invalidInputsError) Unwrap() error {
    50  	return e.error
    51  }
    52  
    53  // invalidInputsErrorf constructs a new invalidInputsError
    54  func invalidInputsErrorf(msg string, args ...interface{}) error {
    55  	return &invalidInputsError{
    56  		error: fmt.Errorf(msg, args...),
    57  	}
    58  }
    59  
    60  // IsInvalidInputsError checks if the input error is of an invalidInputsError type
    61  // invalidInputsError is returned when the API is provided invalid inputs.
    62  // Some specific errors are assigned specific sentinel errors for a simpler error check
    63  // while the remaining input errors trigger an invalidInputsError.
    64  func IsInvalidInputsError(err error) bool {
    65  	var target *invalidInputsError
    66  	return errors.As(err, &target)
    67  }
    68  
    69  var nilHasherError = errors.New("hasher cannot be nil")
    70  
    71  // IsNilHasherError checks if the input error wraps a nilHasherError.
    72  // nilHasherError is returned when a nil hasher is used.
    73  func IsNilHasherError(err error) bool {
    74  	return errors.Is(err, nilHasherError)
    75  }
    76  
    77  // invalidHasherSizeError is an error returned when a crypto API is called with a hasher
    78  // with an output size not suited with the cryptographic operation.
    79  type invalidHasherSizeError struct {
    80  	error
    81  }
    82  
    83  func (e invalidHasherSizeError) Unwrap() error {
    84  	return e.error
    85  }
    86  
    87  // invalidHasherSizeErrorf constructs a new invalidHasherSizeError
    88  func invalidHasherSizeErrorf(msg string, args ...interface{}) error {
    89  	return &invalidHasherSizeError{
    90  		error: fmt.Errorf(msg, args...),
    91  	}
    92  }
    93  
    94  // IsInvalidHasherSizeError checks if the input error is of an invalidHasherSizeError type.
    95  // invalidHasherSizeError is an error returned when a crypto API is called with a hasher
    96  // with an output size not suited with the cryptographic operation.
    97  func IsInvalidHasherSizeError(err error) bool {
    98  	var target *invalidHasherSizeError
    99  	return errors.As(err, &target)
   100  }