keycache

package
v0.0.0-...-ce2ad37 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2024 License: BSD-2-Clause Imports: 14 Imported by: 29

Documentation

Overview

Package keycache provides the ability to hold active keys in memory for the Red October server.

Copyright (c) 2013 CloudFlare, Inc.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ActiveUser

type ActiveUser struct {
	Usage
	AltNames map[string]string
	Admin    bool
	Type     string
	Key      []byte
	// contains filtered or unexported fields
}

ActiveUser holds the information about an actively delegated key.

type Cache

type Cache struct {
	UserKeys map[DelegateIndex]ActiveUser
	// contains filtered or unexported fields
}

Cache represents the current list of delegated keys in memory

func NewCache

func NewCache() Cache

NewCache initalizes a new cache.

func NewFrom

func NewFrom(summary map[string]ActiveUser) *Cache

NewFrom takes the output of GetSummary and returns a new keycache.

func (*Cache) AddKeyFromRecord

func (cache *Cache) AddKeyFromRecord(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) (err error)

AddKeyFromRecord decrypts a key for a given record and adds it to the cache.

func (*Cache) DecryptKey

func (cache *Cache) DecryptKey(in []byte, name, user string, labels []string, pubEncryptedKey []byte) (out []byte, err error)

DecryptKey decrypts a 16 byte key using the key corresponding to the name parameter For RSA and EC keys, the cached RSA/EC key is used to decrypt the pubEncryptedKey which is then used to decrypt the input buffer.

func (*Cache) DecryptShares

func (cache *Cache) DecryptShares(in [][]byte, name, user string, labels []string, pubEncryptedKey []byte) (out [][]byte, err error)

DecryptShares decrypts an array of 16 byte shares using the key corresponding to the name parameter.

func (*Cache) DelegateStatus

func (cache *Cache) DelegateStatus(name string, labels, admins []string) (adminsDelegated []string, hasDelegated int)

DelegateStatus will return a list of admins who have delegated to a particular user, for a particular label. This is useful information to have when determining the status of an order and conveying order progress.

func (*Cache) Flush

func (cache *Cache) Flush() bool

Flush removes all delegated keys. It returns true if the cache wasn't empty (i.e. there were active users removed), and false if the cache was empty.

func (*Cache) GetSummary

func (cache *Cache) GetSummary() map[string]ActiveUser

GetSummary returns the list of active user keys.

func (*Cache) MatchUser

func (cache *Cache) MatchUser(name, user string, labels []string) (ActiveUser, string, bool)

MatchUser returns the matching active user if present and a boolean to indicate its presence.

func (*Cache) Refresh

func (cache *Cache) Refresh() int

Refresh purges all expired keys. It returns the number of delegations that were removed.

func (*Cache) Restore

func (cache *Cache) Restore() (err error)

Restore unmarshals the private key stored in the delegator to the appropriate private structure.

func (*Cache) Valid

func (cache *Cache) Valid(name, user string, labels []string) (present bool)

Valid returns true if matching active user is present.

type DelegateIndex

type DelegateIndex struct {
	Name string
	Slot string
}

DelegateIndex is used to index the map of currently delegated keys. This is necessary to provide a way for a delegator to provide multiple delegations. It is also used to avoid the complexity of string parsing and enforcement of username and slot character requirements.

type Usage

type Usage struct {
	Uses   int       // Number of uses delegated
	Labels []string  // File labels allowed to decrypt
	Users  []string  // Set of users allows to decrypt
	Expiry time.Time // Expiration of usage
}

Usage holds the permissions of a delegated permission

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL