blockcipher

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AESCTRLayerBlockCipher

type AESCTRLayerBlockCipher struct {
	// contains filtered or unexported fields
}

AESCTRLayerBlockCipher implements the AES CTR stream cipher

func (*AESCTRLayerBlockCipher) Decrypt

Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions

func (*AESCTRLayerBlockCipher) Encrypt

func (bc *AESCTRLayerBlockCipher) Encrypt(plainDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, Finalizer, error)

Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions

func (*AESCTRLayerBlockCipher) GenerateKey

func (bc *AESCTRLayerBlockCipher) GenerateKey() ([]byte, error)

GenerateKey creates a synmmetric key

type Finalizer

type Finalizer func() (LayerBlockCipherOptions, error)

Finalizer is called after data blobs are written, and returns the LayerBlockCipherOptions for the encrypted blob

type LayerBlockCipher

type LayerBlockCipher interface {
	// GenerateKey creates a symmetric key
	GenerateKey() ([]byte, error)
	// Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions
	Encrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, Finalizer, error)
	// Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions
	Decrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
}

LayerBlockCipher returns a provider for encrypt/decrypt functionality for handling the layer data for a specific algorithm

func NewAESCTRLayerBlockCipher

func NewAESCTRLayerBlockCipher(bits int) (LayerBlockCipher, error)

NewAESCTRLayerBlockCipher returns a new AES SIV block cipher of 256 or 512 bits

type LayerBlockCipherHandler

type LayerBlockCipherHandler struct {
	// contains filtered or unexported fields
}

LayerBlockCipherHandler is the handler for encrypt/decrypt for layers

func NewLayerBlockCipherHandler

func NewLayerBlockCipherHandler() (*LayerBlockCipherHandler, error)

NewLayerBlockCipherHandler returns a new default handler

func (*LayerBlockCipherHandler) Decrypt

Decrypt is the handler for the layer decryption routine

func (*LayerBlockCipherHandler) Encrypt

func (h *LayerBlockCipherHandler) Encrypt(plainDataReader io.Reader, typ LayerCipherType) (io.Reader, Finalizer, error)

Encrypt is the handler for the layer decryption routine

type LayerBlockCipherOptions

type LayerBlockCipherOptions struct {
	Public  PublicLayerBlockCipherOptions
	Private PrivateLayerBlockCipherOptions
}

LayerBlockCipherOptions contains the public and private LayerBlockCipherOptions required to encrypt/decrypt an image

func (LayerBlockCipherOptions) GetOpt

func (lbco LayerBlockCipherOptions) GetOpt(key string) (value []byte, ok bool)

GetOpt returns the value of the cipher option and if the option exists

type LayerCipherType

type LayerCipherType string

LayerCipherType is the ciphertype as specified in the layer metadata

const (
	AES256CTR LayerCipherType = "AES_256_CTR_HMAC_SHA256"
)

TODO: Should be obtained from OCI spec once included

type PrivateLayerBlockCipherOptions

type PrivateLayerBlockCipherOptions struct {
	// SymmetricKey represents the symmetric key used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	SymmetricKey []byte `json:"symkey"`

	// Digest is the digest of the original data for verification.
	// This is NOT populated by Encrypt/Decrypt calls
	Digest digest.Digest `json:"digest"`

	// CipherOptions contains the cipher metadata used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	CipherOptions map[string][]byte `json:"cipheroptions"`
}

PrivateLayerBlockCipherOptions includes the information required to encrypt/decrypt an image which are sensitive and should not be in plaintext

type PublicLayerBlockCipherOptions

type PublicLayerBlockCipherOptions struct {
	// CipherType denotes the cipher type according to the list of OCI suppported
	// cipher types.
	CipherType LayerCipherType `json:"cipher"`

	// Hmac contains the hmac string to help verify encryption
	Hmac []byte `json:"hmac"`

	// CipherOptions contains the cipher metadata used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	CipherOptions map[string][]byte `json:"cipheroptions"`
}

PublicLayerBlockCipherOptions includes the information required to encrypt/decrypt an image which are public and can be deduplicated in plaintext across multiple recipients

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL