Commit 40ff4726 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: rename structs, interfaces, members, vars and more of the keyshare server

parent 66771bd7
......@@ -16,17 +16,20 @@ const (
)
type (
AesKey [32]byte
AESKey [32]byte
Core struct {
// Keys used for storage encryption/decryption
decryptionKeys map[uint32]AesKey
encryptionKey AesKey
encryptionKeyID uint32
decryptionKeys map[uint32]AESKey
decryptionKey AESKey
decryptionKeyID uint32
// Key used to sign keyshare protocol messages
signKey *rsa.PrivateKey
signKeyID uint32
jwtPrivateKey *rsa.PrivateKey
jwtPrivateKeyID uint32
jwtIssuer string
jwtPinExpiry int
// Commit values generated in first step of keyshare protocol
commitmentData map[uint64]*big.Int
......@@ -35,16 +38,17 @@ type (
// IRMA issuer keys that are allowed to be used in keyshare
// sessions
trustedKeys map[irma.PublicKeyIdentifier]*gabikeys.PublicKey
jwtIssuer string
jwtPinExpiry int
}
Configuration struct {
AESKeyID uint32
AESKey AesKey
SignKeyID uint32
SignKey *rsa.PrivateKey
// Keys used for storage encryption/decryption
DecryptionKey AESKey
DecryptionKeyID uint32
// Key used to sign keyshare protocol messages
JWTPrivateKey *rsa.PrivateKey
JWTPrivateKeyID uint32
JWTIssuer string
JWTPinExpiry int // in seconds
}
......@@ -52,13 +56,13 @@ type (
func NewKeyshareCore(conf *Configuration) *Core {
c := &Core{
decryptionKeys: map[uint32]AesKey{},
decryptionKeys: map[uint32]AESKey{},
commitmentData: map[uint64]*big.Int{},
trustedKeys: map[irma.PublicKeyIdentifier]*gabikeys.PublicKey{},
}
c.setAESEncryptionKey(conf.AESKeyID, conf.AESKey)
c.setSignKey(conf.SignKeyID, conf.SignKey)
c.setDecryptionKey(conf.DecryptionKeyID, conf.DecryptionKey)
c.setJWTPrivateKey(conf.JWTPrivateKeyID, conf.JWTPrivateKey)
c.jwtIssuer = conf.JWTIssuer
if c.jwtIssuer == "" {
......@@ -72,31 +76,31 @@ func NewKeyshareCore(conf *Configuration) *Core {
return c
}
func GenerateAESKey() (AesKey, error) {
var res AesKey
func GenerateDecryptionKey() (AESKey, error) {
var res AESKey
_, err := rand.Read(res[:])
return res, err
}
// Add an aes key for decryption, with identifier keyid
// Calling this will cause all keyshare packets generated with the key to be trusted
func (c *Core) DangerousAddAESKey(keyID uint32, key AesKey) {
func (c *Core) DangerousAddDecryptionKey(keyID uint32, key AESKey) {
c.decryptionKeys[keyID] = key
}
// Set the aes key for encrypting new/changed keyshare data
// with identifier keyid
// Calling this wil also cause all keyshare packets generated with the key to be trusted
func (c *Core) setAESEncryptionKey(keyID uint32, key AesKey) {
// Calling this will also cause all keyshare packets generated with the key to be trusted
func (c *Core) setDecryptionKey(keyID uint32, key AESKey) {
c.decryptionKeys[keyID] = key
c.encryptionKey = key
c.encryptionKeyID = keyID
c.decryptionKey = key
c.decryptionKeyID = keyID
}
// Set key used to sign keyshare protocol messages
func (c *Core) setSignKey(id uint32, key *rsa.PrivateKey) {
c.signKey = key
c.signKeyID = id
func (c *Core) setJWTPrivateKey(id uint32, key *rsa.PrivateKey) {
c.jwtPrivateKey = key
c.jwtPrivateKeyID = id
}
// Add public key as trusted by keyshareCore. Calling this on incorrectly generated key material WILL compromise keyshare secrets!
......
......@@ -26,43 +26,43 @@ var (
)
// Generate a new keyshare secret, secured with the given pin
func (c *Core) GenerateKeyshareSecret(pinRaw string) (EncryptedKeysharePacket, error) {
func (c *Core) NewUser(pinRaw string) (User, error) {
secret, err := gabi.NewKeyshareSecret()
if err != nil {
return EncryptedKeysharePacket{}, err
return User{}, err
}
return c.DangerousBuildKeyshareSecret(pinRaw, secret)
return c.newUserFromSecret(pinRaw, secret)
}
func (c *Core) DangerousBuildKeyshareSecret(pinRaw string, secret *big.Int) (EncryptedKeysharePacket, error) {
func (c *Core) newUserFromSecret(pinRaw string, secret *big.Int) (User, error) {
pin, err := padPin(pinRaw)
if err != nil {
return EncryptedKeysharePacket{}, err
return User{}, err
}
var id [32]byte
_, err = rand.Read(id[:])
if err != nil {
return EncryptedKeysharePacket{}, err
return User{}, err
}
// Build unencrypted packet
var p unencryptedKeysharePacket
var p unencryptedUser
p.setPin(pin)
err = p.setKeyshareSecret(secret)
if err != nil {
return EncryptedKeysharePacket{}, err
return User{}, err
}
p.setID(id)
// And encrypt
return c.encryptPacket(p)
return c.encryptUser(p)
}
// Check pin for validity, and generate jwt for future access
func (c *Core) ValidatePin(ep EncryptedKeysharePacket, pin string, userID string) (string, error) {
p, err := c.decryptPacketIfPinOK(ep, pin)
func (c *Core) ValidatePin(ep User, pin string, userID string) (string, error) {
p, err := c.decryptUserIfPinOK(ep, pin)
if err != nil {
return "", err
}
......@@ -76,88 +76,88 @@ func (c *Core) ValidatePin(ep EncryptedKeysharePacket, pin string, userID string
"exp": time.Now().Add(time.Duration(c.jwtPinExpiry) * time.Second).Unix(),
"token_id": base64.StdEncoding.EncodeToString(id[:]),
})
token.Header["kid"] = c.signKeyID
return token.SignedString(c.signKey)
token.Header["kid"] = c.jwtPrivateKeyID
return token.SignedString(c.jwtPrivateKey)
}
// Check whether the given JWT is currently valid as an access token for operations on the provided encrypted keyshare packet
func (c *Core) ValidateJWT(ep EncryptedKeysharePacket, jwt string) error {
func (c *Core) ValidateJWT(ep User, jwt string) error {
_, err := c.verifyAccess(ep, jwt)
return err
}
// Change pin in an encrypted keyshare packet to a new value, after validating that the old value is known by caller.
func (c *Core) ChangePin(ep EncryptedKeysharePacket, oldpinRaw, newpinRaw string) (EncryptedKeysharePacket, error) {
p, err := c.decryptPacketIfPinOK(ep, oldpinRaw)
func (c *Core) ChangePin(ep User, oldpinRaw, newpinRaw string) (User, error) {
p, err := c.decryptUserIfPinOK(ep, oldpinRaw)
if err != nil {
return EncryptedKeysharePacket{}, err
return User{}, err
}
newpin, err := padPin(newpinRaw)
if err != nil {
return EncryptedKeysharePacket{}, err
return User{}, err
}
// change and reencrypt
var id [32]byte
_, err = rand.Read(id[:])
if err != nil {
return EncryptedKeysharePacket{}, err
return User{}, err
}
p.setPin(newpin)
p.setID(id)
return c.encryptPacket(p)
return c.encryptUser(p)
}
// Verify that a given access jwt is valid, and if so, return decrypted keyshare packet
// Note: Although this is an internal function, it is tested directly
func (c *Core) verifyAccess(ep EncryptedKeysharePacket, jwtToken string) (unencryptedKeysharePacket, error) {
func (c *Core) verifyAccess(ep User, jwtToken string) (unencryptedUser, error) {
// Verify token validity
token, err := jwt.Parse(jwtToken, func(token *jwt.Token) (interface{}, error) {
if token.Method != jwt.SigningMethodRS256 {
return nil, ErrInvalidJWT
}
return &c.signKey.PublicKey, nil
return &c.jwtPrivateKey.PublicKey, nil
})
if err != nil {
return unencryptedKeysharePacket{}, ErrInvalidJWT
return unencryptedUser{}, ErrInvalidJWT
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok || claims.Valid() != nil {
return unencryptedKeysharePacket{}, ErrInvalidJWT
return unencryptedUser{}, ErrInvalidJWT
}
if !claims.VerifyExpiresAt(time.Now().Unix(), true) {
return unencryptedKeysharePacket{}, ErrInvalidJWT
return unencryptedUser{}, ErrInvalidJWT
}
if _, present := claims["token_id"]; !present {
return unencryptedKeysharePacket{}, ErrInvalidJWT
return unencryptedUser{}, ErrInvalidJWT
}
tokenIDB64, ok := claims["token_id"].(string)
if !ok {
return unencryptedKeysharePacket{}, ErrInvalidJWT
return unencryptedUser{}, ErrInvalidJWT
}
tokenID, err := base64.StdEncoding.DecodeString(tokenIDB64)
if err != nil {
return unencryptedKeysharePacket{}, ErrInvalidJWT
return unencryptedUser{}, ErrInvalidJWT
}
p, err := c.decryptPacket(ep)
p, err := c.decryptUser(ep)
if err != nil {
return unencryptedKeysharePacket{}, err
return unencryptedUser{}, err
}
refId := p.id()
if subtle.ConstantTimeCompare(refId[:], tokenID) != 1 {
return unencryptedKeysharePacket{}, ErrInvalidJWT
return unencryptedUser{}, ErrInvalidJWT
}
return p, nil
}
// Get keyshare commitment usign given idemix public key(s)
func (c *Core) GenerateCommitments(ep EncryptedKeysharePacket, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
func (c *Core) GenerateCommitments(ep User, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
// Validate input request and build key list
var keyList []*gabikeys.PublicKey
for _, keyID := range keyIDs {
......@@ -196,7 +196,7 @@ func (c *Core) GenerateCommitments(ep EncryptedKeysharePacket, accessToken strin
}
// Generate response for zero-knowledge proof of keyshare secret, for a given previous commit and challenge
func (c *Core) GenerateResponse(ep EncryptedKeysharePacket, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
func (c *Core) GenerateResponse(ep User, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
// Validate request
if uint(challenge.BitLen()) > gabikeys.DefaultSystemParameters[1024].Lh || challenge.Cmp(big.NewInt(0)) < 0 {
return "", ErrInvalidChallenge
......@@ -228,8 +228,8 @@ func (c *Core) GenerateResponse(ep EncryptedKeysharePacket, accessToken string,
"sub": "ProofP",
"iss": c.jwtIssuer,
})
token.Header["kid"] = c.signKeyID
return token.SignedString(c.signKey)
token.Header["kid"] = c.jwtPrivateKeyID
return token.SignedString(c.jwtPrivateKey)
}
// Pad pin string into 64 bytes, extending it with 0s if neccessary
......
......@@ -21,10 +21,10 @@ import (
func TestPinFunctionality(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
// generate test pin
var bpin [64]byte
......@@ -33,7 +33,7 @@ func TestPinFunctionality(t *testing.T) {
pin := string(bpin[:])
// Generate package
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
// Test with correct pin
......@@ -67,10 +67,10 @@ func TestPinFunctionality(t *testing.T) {
func TestVerifyAccess(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
// Generate test pins
var bpin [64]byte
......@@ -82,9 +82,9 @@ func TestVerifyAccess(t *testing.T) {
pin2 := string(bpin[:])
// and test keyshare secrets
ep1, err := c.GenerateKeyshareSecret(pin1)
ep1, err := c.NewUser(pin1)
require.NoError(t, err)
ep2, err := c.GenerateKeyshareSecret(pin2)
ep2, err := c.NewUser(pin2)
require.NoError(t, err)
// Test use jwt on wrong packet
......@@ -105,7 +105,7 @@ func TestVerifyAccess(t *testing.T) {
"exp": time.Now().Add(-3 * time.Minute).Unix(),
"token_id": tokenID,
})
jwtt, err = token.SignedString(c.signKey)
jwtt, err = token.SignedString(c.jwtPrivateKey)
require.NoError(t, err)
_, err = c.verifyAccess(ep1, jwtt)
assert.Error(t, err)
......@@ -115,7 +115,7 @@ func TestVerifyAccess(t *testing.T) {
"iat": time.Now().Unix(),
"token_id": tokenID,
})
jwtt, err = token.SignedString(c.signKey)
jwtt, err = token.SignedString(c.jwtPrivateKey)
require.NoError(t, err)
_, err = c.verifyAccess(ep1, jwtt)
assert.Error(t, err)
......@@ -126,7 +126,7 @@ func TestVerifyAccess(t *testing.T) {
"exp": "test",
"token_id": tokenID,
})
jwtt, err = token.SignedString(c.signKey)
jwtt, err = token.SignedString(c.jwtPrivateKey)
require.NoError(t, err)
_, err = c.verifyAccess(ep1, jwtt)
assert.Error(t, err)
......@@ -136,7 +136,7 @@ func TestVerifyAccess(t *testing.T) {
"iat": time.Now().Unix(),
"exp": time.Now().Add(3 * time.Minute).Unix(),
})
jwtt, err = token.SignedString(c.signKey)
jwtt, err = token.SignedString(c.jwtPrivateKey)
require.NoError(t, err)
_, err = c.verifyAccess(ep1, jwtt)
assert.Error(t, err)
......@@ -147,7 +147,7 @@ func TestVerifyAccess(t *testing.T) {
"exp": time.Now().Add(3 * time.Minute).Unix(),
"token_id": 7,
})
jwtt, err = token.SignedString(c.signKey)
jwtt, err = token.SignedString(c.jwtPrivateKey)
require.NoError(t, err)
_, err = c.verifyAccess(ep1, jwtt)
assert.Error(t, err)
......@@ -166,10 +166,10 @@ func TestVerifyAccess(t *testing.T) {
func TestProofFunctionality(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// generate test pin
......@@ -179,7 +179,7 @@ func TestProofFunctionality(t *testing.T) {
pin := string(bpin[:])
// generate keyshare secret
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
// Validate pin
......@@ -201,7 +201,7 @@ func TestProofFunctionality(t *testing.T) {
}{}
fmt.Println(Rjwt)
_, err = jwt.ParseWithClaims(Rjwt, claims, func(tok *jwt.Token) (interface{}, error) {
return &c.signKey.PublicKey, nil
return &c.jwtPrivateKey.PublicKey, nil
})
require.NoError(t, err)
......@@ -216,10 +216,10 @@ func TestProofFunctionality(t *testing.T) {
func TestCorruptedPacket(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -229,7 +229,7 @@ func TestCorruptedPacket(t *testing.T) {
pin := string(bpin[:])
// Generate packet
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
jwtt, err := c.ValidatePin(ep, pin, "testid")
......@@ -260,10 +260,10 @@ func TestCorruptedPacket(t *testing.T) {
func TestIncorrectPin(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -273,7 +273,7 @@ func TestIncorrectPin(t *testing.T) {
pin := string(bpin[:])
// Generate packet
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
// validate pin
......@@ -297,10 +297,10 @@ func TestIncorrectPin(t *testing.T) {
func TestMissingKey(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -310,7 +310,7 @@ func TestMissingKey(t *testing.T) {
pin := string(bpin[:])
// Generate packet
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
// Generate jwt
......@@ -330,10 +330,10 @@ func TestMissingKey(t *testing.T) {
func TestInvalidChallenge(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -343,7 +343,7 @@ func TestInvalidChallenge(t *testing.T) {
pin := string(bpin[:])
// Generate packet
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
// Validate pin
......@@ -371,10 +371,10 @@ func TestInvalidChallenge(t *testing.T) {
func TestDoubleCommitUse(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -384,7 +384,7 @@ func TestDoubleCommitUse(t *testing.T) {
pin := string(bpin[:])
// Generate packet
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
// validate pin
......@@ -402,10 +402,10 @@ func TestDoubleCommitUse(t *testing.T) {
func TestNonExistingCommit(t *testing.T) {
// Setup keys for test
var key AesKey
var key AESKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -415,7 +415,7 @@ func TestNonExistingCommit(t *testing.T) {
pin := string(bpin[:])
// Generate packet
ep, err := c.GenerateKeyshareSecret(pin)
ep, err := c.NewUser(pin)
require.NoError(t, err)
// Generate jwt
......
......@@ -18,10 +18,10 @@ type (
// encryption layer applied before storing it. As such, we keep it here more explicit than
// is standard in go. When modifying this structure, analyse whether such changes can have a
// security impact through error side channels.
unencryptedKeysharePacket [64 + 64 + 32]byte
unencryptedUser [64 + 64 + 32]byte
// Size is that of unencrypted packet + 12 bytes for nonce + 16 bytes for tag + 4 bytes for key ID
EncryptedKeysharePacket [64 + 64 + 32 + 12 + 16 + 4]byte
User [64 + 64 + 32 + 12 + 16 + 4]byte
)
var (
......@@ -30,22 +30,22 @@ var (
ErrNoSuchKey = errors.New("Key identifier unknown")
)
func (p *unencryptedKeysharePacket) pin() [64]byte {
func (p *unencryptedUser) pin() [64]byte {
var result [64]byte
copy(result[:], p[0:64])
return result
}
func (p *unencryptedKeysharePacket) setPin(pw [64]byte) {
func (p *unencryptedUser) setPin(pw [64]byte) {
copy(p[0:64], pw[:])
}
func (p *unencryptedKeysharePacket) keyshareSecret() *big.Int {
func (p *unencryptedUser) keyshareSecret() *big.Int {
result := new(big.Int)
return result.SetBytes(p[64:128])
}
func (p *unencryptedKeysharePacket) setKeyshareSecret(val *big.Int) error {
func (p *unencryptedUser) setKeyshareSecret(val *big.Int) error {
if val.Sign() == -1 {
return ErrKeyshareSecretNegative
}
......@@ -63,80 +63,80 @@ func (p *unencryptedKeysharePacket) setKeyshareSecret(val *big.Int) error {
return nil
}
func (p *unencryptedKeysharePacket) id() [32]byte {
func (p *unencryptedUser) id() [32]byte {
var result [32]byte
copy(result[:], p[128:160])
return result
}
func (p *unencryptedKeysharePacket) setID(id [32]byte) {
func (p *unencryptedUser) setID(id [32]byte) {
copy(p[128:160], id[