account

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CurrentAccountVersion uint32 = 4

	Type = "Account"

	StateActive    = "active"
	StateSuspended = "suspended"
	StateDeleted   = "deleted"
	StateRecovery  = "recovery"
)
View Source 
const (
	IdentityTypeRoot        = "Root"
	IdentityTypeVerinym     = "Verinym"
	IdentityTypePersona     = "Persona"
	IdentityTypeDigitalTwin = "DigitalTwin"
	IdentityTypePairwise    = "PairwiseIdentity"
	IdentityTypeAnonymous   = "AnonymousIdentity"
)

Variables

View Source 
var (
	Version = CurrentAccountVersion

	ErrInvalidPassphrase = errors.New("invalid passphrase")
)

Functions

func DecryptLocker 

func DecryptLocker(envelope *DataEnvelope, key *model.AESKey) (*model.Locker, error)

func DecryptValue 

func DecryptValue(envelope *DataEnvelope, key *model.AESKey, id *string) (string, error)

func GenerateHostedKeyFromNode 

func GenerateHostedKeyFromNode(node slip10.Node) *model.AESKey

func GenerateIDHMACKey 

func GenerateIDHMACKey() []byte

func GenerateKeysFromRecoveryPhrase 

func GenerateKeysFromRecoveryPhrase(recoveryPhrase string) (*model.AESKey, ed25519.PublicKey, ed25519.PrivateKey, error)

func GenerateManagedFromHostedKey 

func GenerateManagedFromHostedKey(hostedKey *model.AESKey) *model.AESKey

func HashID 

func HashID(id string, secret []byte) string

func HashUserPassword 

func HashUserPassword(passphrase string) string

func IsCorrectIdentityType 

func IsCorrectIdentityType(val string) bool

func ReHashPassphrase 

func ReHashPassphrase(acct *Account, hashFunction PasswordHashFunction) error

Note: this call is expensive when invoked with the default hashing function (recommended).

Types

type Account 

type Account struct {
	ID                      string            `json:"id,omitempty"`
	Type                    string            `json:"type"`
	Version                 uint32            `json:"version,omitempty"`
	Email                   string            `json:"email"`
	EncryptedPassword       string            `json:"encryptedPassword"`
	MasterAccount           string            `json:"master,omitempty"`
	ParentAccount           string            `json:"parent,omitempty"`
	State                   string            `json:"state,omitempty"`
	RegisteredAt            *time.Time        `json:"registeredAt"`
	Name                    string            `json:"name"`
	GivenName               string            `json:"givenName,omitempty"`
	FamilyName              string            `json:"familyName,omitempty"`
	AccessLevel             model.AccessLevel `json:"level"`
	RecoveryPublicKey       string            `json:"recoveryPublicKey,omitempty"`
	EncryptedRecoverySecret string            `json:"encryptedRecoverySecret,omitempty"`
	DefaultVault            string            `json:"defaultVault,omitempty"`

	ManagedSecretStore *SecretStore `json:"managedSecretStore,omitempty"`
	HostedSecretStore  *SecretStore `json:"hostedSecretStore,omitempty"`

	DerivationIndex uint32 `json:"derivationIndex,omitempty"`
}

Account represents a MetaLocker account. Its JSON representation can be used to store accounts in the MetaLocker backend. Generally, it doesn't contain any secrets that may give access to the account's data, but some fields, such as EncryptedPassword, should be protected to avoid dictionary attacks. It's recommended to store account definition in an encrypted form.

func ChangePassphrase 

func ChangePassphrase(acct *Account, currentPassphrase, newPassphrase string, isHash bool) (*Account, error)

func Recover 

func Recover(acct *Account, cryptoKey *model.AESKey, newPassphrase string) (*Account, error)

func (*Account) Bytes 

func (a *Account) Bytes() []byte

func (*Account) Copy 

func (a *Account) Copy() *Account

func (*Account) ExtractManagedKey 

func (a *Account) ExtractManagedKey(hashedPassphrase string) (*model.AESKey, error)

func (*Account) RestrictedCopy 

func (a *Account) RestrictedCopy() *Account

func (*Account) Validate 

func (a *Account) Validate() error

type DataEnvelope 

type DataEnvelope struct {
	Hash          string            `json:"hash"`
	AccessLevel   model.AccessLevel `json:"lvl"`
	EncryptedID   string            `json:"id,omitempty"`
	EncryptedBody string            `json:"data"`
}

func EncryptIdentity 

func EncryptIdentity(idy *Identity, idSecret []byte, key *model.AESKey) (*DataEnvelope, error)

func EncryptLocker 

func EncryptLocker(locker *model.Locker, idSecret []byte, key *model.AESKey) (*DataEnvelope, error)

func EncryptValue 

func EncryptValue(key string, val string, lvl model.AccessLevel, idSecret []byte, aesKey *model.AESKey) (*DataEnvelope, error)

func (DataEnvelope) Bytes 

func (ie DataEnvelope) Bytes() []byte

func (DataEnvelope) Validate 

func (ie DataEnvelope) Validate() error

type EntropyFunction 

type EntropyFunction func() []byte

func DefaultEntropyFunction 

func DefaultEntropyFunction() EntropyFunction

type GenerationResponse 

type GenerationResponse struct {
	Account                 *Account
	RegistrationCode        string
	RecoveryPhrase          string
	SecondLevelRecoveryCode string
	RootIdentities          []*Identity
	EncryptedIdentities     []*DataEnvelope
	EncryptedLockers        []*DataEnvelope
}

func GenerateAccount 

func GenerateAccount(acctTemplate *Account, opts ...Option) (*GenerationResponse, error)

type Identity 

type Identity struct {
	// DID is the identity's full DID definition, including its keys.
	DID *model.DID `json:"did"`
	// Created is the time when the identity was created.
	Created *time.Time `json:"created"`
	// Name is the name of the identity (only accessible to the account owner
	// for navigation/documentation purposes).
	Name string `json:"name,omitempty"`
	// Type is the identity's type.
	Type string `json:"type"`
	// AccessLevel is the identity's access level. Data wallet needs to
	// be unlocked to a specific access level to gain access to identities
	// at this level or higher.
	AccessLevel model.AccessLevel `json:"level"`
	// Lockers field is only used for imports to consolidate
	// the data in one structure (Identity). This field is always
	// empty, when Data Wallet returns the identity.
	Lockers []*model.Locker `json:"lockers,omitempty"`
}

func DecryptIdentity 

func DecryptIdentity(envelope *DataEnvelope, key *model.AESKey) (*Identity, error)

func (*Identity) Bytes 

func (idy *Identity) Bytes() []byte

func (*Identity) Copy 

func (idy *Identity) Copy() *Identity

func (*Identity) ID 

func (idy *Identity) ID() string

type Option 

type Option func(opts *accountOptions) error

Option is for defining parameters when creating new accounts

func WithCustomEntropy 

func WithCustomEntropy(entropyFunc EntropyFunction) Option

func WithDIDMethod 

func WithDIDMethod(method string) Option

func WithFirstBlock 

func WithFirstBlock(firstBlock int64) Option

func WithHashedPassphraseAuth 

func WithHashedPassphraseAuth(hashedPassphrase string) Option

func WithLogger 

func WithLogger(logInstance *zerolog.Logger) Option

func WithMaster 

func WithMaster(parentAcct *Account, masterNode slip10.Node) Option

func WithPassphraseAuth 

func WithPassphraseAuth(passphrase string) Option

func WithRegistrationCode 

func WithRegistrationCode(regCode string) Option

func WithRootIdentity 

func WithRootIdentity(rootIdentity *model.DID) Option

func WithSLRK 

func WithSLRK(secondLevelRecoveryKey []byte) Option

type Options 

type Options struct {
	ScryptN int
	ScryptR int
	ScryptP int
}

Options is used to hold the optional parameters passed to Create or Load.

type PasswordHashFunction 

type PasswordHashFunction func(string) (string, error)

type RecoveryCode 

type RecoveryCode struct {
	Code      string     `json:"code"`
	UserID    string     `json:"userID"`
	ExpiresAt *time.Time `json:"expiresAt"`
}

func NewRecoveryCode 

func NewRecoveryCode(userID string, secondsTTL int64) (*RecoveryCode, error)

func (RecoveryCode) Bytes 

func (rc RecoveryCode) Bytes() []byte

type RecoveryRequest 

type RecoveryRequest struct {
	UserID                string `json:"userID"`
	RecoveryCode          string `json:"recoveryCode"`
	VerificationSignature string `json:"signature"`
	EncryptedPassword     string `json:"encryptedPassword"`
}

func BuildRecoveryRequest 

func BuildRecoveryRequest(userID, recoveryCode string, privKey ed25519.PrivateKey, newPassphrase string) *RecoveryRequest

func (*RecoveryRequest) Valid 

func (req *RecoveryRequest) Valid(recoveryPublicKey []byte) bool

type SecretStore 

type SecretStore struct {
	AccessLevel         model.AccessLevel `json:"level"`
	MasterKeyParams     string            `json:"masterKeyParams,omitempty"`
	EncryptedPayloadKey string            `json:"encryptedPayloadKey,omitempty"`
	EncryptedPayload    string            `json:"encryptedPayload,omitempty"`
}

func (*SecretStore) Copy 

func (ss *SecretStore) Copy() *SecretStore

func (*SecretStore) ExtractPayloadKey 

func (ss *SecretStore) ExtractPayloadKey(passphrase string) (*model.AESKey, error)

func (*SecretStore) GetPayload 

func (ss *SecretStore) GetPayload(key *model.AESKey) (*SecretStorePayload, error)

func (*SecretStore) UpdatePayload 

func (ss *SecretStore) UpdatePayload(payload *SecretStorePayload, key *model.AESKey) error

func (*SecretStore) Validate 

func (ss *SecretStore) Validate() error

type SecretStorePayload 

type SecretStorePayload struct {
	Identities           []*Identity `json:"ii,omitempty"`
	ManagedHMACKey       string      `json:"mhk,omitempty"`
	ManagedEncryptionKey string      `json:"mek,omitempty"`
	HostedHMACKey        string      `json:"hhk,omitempty"`
	HostedEncryptionKey  string      `json:"hek,omitempty"`
	AccountRootKey       string      `json:"ark,omitempty"`
	ManagedRootLocker    string      `json:"marl,omitempty"`
	HostedRootLocker     string      `json:"harl,omitempty"`
}

func (*SecretStorePayload) Zero 

func (ssp *SecretStorePayload) Zero()

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳