security

package
v0.0.0-...-1ac4089 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2024 License: BSD-3-Clause-Clear Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ErrCertNotFound        = Error("not found")
	ErrCertificateEncode   = Error("certificate encode error")
	ErrPublicKeyMarshal    = Error("public key marshal error")
	ErrHSMUnexpected       = Error("hsm unexpected")
	ErrHSMDecrypt          = Error("hsm decrypt error")
	ErrHSMNotFound         = Error("hsm unavailable")
	ErrKeyConfig           = Error("key configuration error")
	ErrUnknownHashFunction = Error("unknown hash function")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	Type string `yaml:"type" default:"standard"`
	// HSMConfig is the configuration for the HSM
	HSMConfig HSMConfig `yaml:"hsm,omitempty" mapstructure:"hsm"`
	// StandardConfig is the configuration for the standard key provider
	StandardConfig StandardConfig `yaml:"standard,omitempty" mapstructure:"standard"`
}

type CryptoProvider 

type CryptoProvider interface {
	RSAPublicKey(keyID string) (string, error)
	RSAPublicKeyAsJSON(keyID string) (string, error)
	RSADecrypt(hash crypto.Hash, keyID string, keyLabel string, ciphertext []byte) ([]byte, error)

	ECPublicKey(keyID string) (string, error)
	GenerateNanoTDFSymmetricKey(ephemeralPublicKeyBytes []byte) ([]byte, error)
	GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)
	GenerateNanoTDFSessionKey(privateKeyHandle PrivateKeyEC, ephemeralPublicKey []byte) ([]byte, error)
	Close()
}

func NewCryptoProvider 

func NewCryptoProvider(cfg Config) (CryptoProvider, error)

type ECKeyPair 

type ECKeyPair struct {
	PrivateKey PrivateKeyEC
	*ecdsa.PublicKey
	*x509.Certificate
}

type Error 

type Error string

func (Error) Error 

func (e Error) Error() string

type HSMConfig 

type HSMConfig struct {
	Enabled    bool               `yaml:"enabled"`
	ModulePath string             `yaml:"modulePath,omitempty"`
	PIN        string             `yaml:"pin,omitempty"`
	SlotID     uint               `yaml:"slotId,omitempty"`
	SlotLabel  string             `yaml:"slotLabel,omitempty"`
	Keys       map[string]KeyInfo `yaml:"keys,omitempty"`
}

func (*HSMConfig) WithLabel 

func (c *HSMConfig) WithLabel(label string) *HSMConfig

func (*HSMConfig) WithPIN 

func (c *HSMConfig) WithPIN(pin string) *HSMConfig

func (*HSMConfig) WithSlot 

func (c *HSMConfig) WithSlot(slot uint) *HSMConfig

type HSMSession 

type HSMSession struct {
	RSA *RSAKeyPair
	EC  *ECKeyPair
	// contains filtered or unexported fields
}

A session with a security module; useful for abstracting basic cryptographic operations.

HSM Session HAS-A PKCS11 Context HSM Session HAS-A login for a given USER TYPE to a single SLOT When you start this application, you assign a slot and user to the associated security module.

func New 

func New(c *HSMConfig) (*HSMSession, error)

func (*HSMSession) Close 

func (h *HSMSession) Close()

func (*HSMSession) ECPublicKey 

func (h *HSMSession) ECPublicKey(string) (string, error)

func (*HSMSession) GenerateEphemeralKasKeys 

func (h *HSMSession) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)

func (*HSMSession) GenerateNanoTDFSessionKey 

func (h *HSMSession) GenerateNanoTDFSessionKey(
	privateKeyHandle PrivateKeyEC,
	ephemeralPublicKey []byte,
) ([]byte, error)

func (*HSMSession) GenerateNanoTDFSymmetricKey 

func (h *HSMSession) GenerateNanoTDFSymmetricKey(ephemeralPublicKeyBytes []byte) ([]byte, error)

func (*HSMSession) LoadECKey 

func (h *HSMSession) LoadECKey(info KeyInfo) (*ECKeyPair, error)

func (*HSMSession) LoadRSAKey 

func (h *HSMSession) LoadRSAKey(info KeyInfo) (*RSAKeyPair, error)

func (*HSMSession) RSADecrypt 

func (h *HSMSession) RSADecrypt(hash crypto.Hash, keyID string, keyLabel string, ciphertext []byte) ([]byte, error)

func (*HSMSession) RSAPublicKey 

func (h *HSMSession) RSAPublicKey(keyID string) (string, error)

func (*HSMSession) RSAPublicKeyAsJSON 

func (h *HSMSession) RSAPublicKeyAsJSON(keyID string) (string, error)

type KeyInfo 

type KeyInfo struct {
	Name  string `yaml:"name,omitempty"`
	Label string `yaml:"label,omitempty"`
}

type PrivateKeyEC 

type PrivateKeyEC pkcs11.ObjectHandle

type PrivateKeyRSA 

type PrivateKeyRSA pkcs11.ObjectHandle

type RSAKeyPair 

type RSAKeyPair struct {
	PrivateKey PrivateKeyRSA
	*rsa.PublicKey
	*x509.Certificate
}

type StandardConfig 

type StandardConfig struct {
	RSAKeys map[string]StandardKeyInfo `yaml:"rsa,omitempty" mapstructure:"rsa"`
	ECKeys  map[string]StandardKeyInfo `yaml:"ec,omitempty" mapstructure:"ec"`
}

type StandardCrypto 

type StandardCrypto struct {
	// contains filtered or unexported fields
}

func NewStandardCrypto 

func NewStandardCrypto(cfg StandardConfig) (*StandardCrypto, error)

NewStandardCrypto Create a new instance of standard crypto

func (StandardCrypto) Close 

func (s StandardCrypto) Close()

func (StandardCrypto) ECPublicKey 

func (s StandardCrypto) ECPublicKey(string) (string, error)

func (StandardCrypto) GenerateEphemeralKasKeys 

func (s StandardCrypto) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)

func (StandardCrypto) GenerateNanoTDFSessionKey 

func (s StandardCrypto) GenerateNanoTDFSessionKey(PrivateKeyEC, []byte) ([]byte, error)

func (StandardCrypto) GenerateNanoTDFSymmetricKey 

func (s StandardCrypto) GenerateNanoTDFSymmetricKey([]byte) ([]byte, error)

func (StandardCrypto) RSADecrypt 

func (s StandardCrypto) RSADecrypt(_ crypto.Hash, keyID string, _ string, ciphertext []byte) ([]byte, error)

func (StandardCrypto) RSAPublicKey 

func (s StandardCrypto) RSAPublicKey(keyID string) (string, error)

func (StandardCrypto) RSAPublicKeyAsJSON 

func (s StandardCrypto) RSAPublicKeyAsJSON(keyID string) (string, error)

type StandardECCrypto 

type StandardECCrypto struct {
	Identifier string
}

type StandardKeyInfo 

type StandardKeyInfo struct {
	PrivateKeyPath string `yaml:"privateKeyPath" mapstructure:"privateKeyPath"`
	PublicKeyPath  string `yaml:"publicKeyPath" mapstructure:"publicKeyPath"`
}

type StandardRSACrypto 

type StandardRSACrypto struct {
	Identifier string
	// contains filtered or unexported fields
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.