Documentation ¶
Index ¶
- type AESCTRLayerBlockCipher
- func (bc *AESCTRLayerBlockCipher) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
- func (bc *AESCTRLayerBlockCipher) Encrypt(plainDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, Finalizer, error)
- func (bc *AESCTRLayerBlockCipher) GenerateKey() ([]byte, error)
- type Finalizer
- type LayerBlockCipher
- type LayerBlockCipherHandler
- type LayerBlockCipherOptions
- type LayerCipherType
- type PrivateLayerBlockCipherOptions
- type PublicLayerBlockCipherOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AESCTRLayerBlockCipher ¶
type AESCTRLayerBlockCipher struct {
// contains filtered or unexported fields
}
AESCTRLayerBlockCipher implements the AES CTR stream cipher
func (*AESCTRLayerBlockCipher) Decrypt ¶
func (bc *AESCTRLayerBlockCipher) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions
func (*AESCTRLayerBlockCipher) Encrypt ¶
func (bc *AESCTRLayerBlockCipher) Encrypt(plainDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, Finalizer, error)
Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions
func (*AESCTRLayerBlockCipher) GenerateKey ¶
func (bc *AESCTRLayerBlockCipher) GenerateKey() ([]byte, error)
GenerateKey creates a synmmetric key
type Finalizer ¶
type Finalizer func() (LayerBlockCipherOptions, error)
Finalizer is called after data blobs are written, and returns the LayerBlockCipherOptions for the encrypted blob
type LayerBlockCipher ¶
type LayerBlockCipher interface { // GenerateKey creates a symmetric key GenerateKey() ([]byte, error) // Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions Encrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, Finalizer, error) // Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions Decrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error) }
LayerBlockCipher returns a provider for encrypt/decrypt functionality for handling the layer data for a specific algorithm
func NewAESCTRLayerBlockCipher ¶
func NewAESCTRLayerBlockCipher(bits int) (LayerBlockCipher, error)
NewAESCTRLayerBlockCipher returns a new AES SIV block cipher of 256 or 512 bits
type LayerBlockCipherHandler ¶
type LayerBlockCipherHandler struct {
// contains filtered or unexported fields
}
LayerBlockCipherHandler is the handler for encrypt/decrypt for layers
func NewLayerBlockCipherHandler ¶
func NewLayerBlockCipherHandler() (*LayerBlockCipherHandler, error)
NewLayerBlockCipherHandler returns a new default handler
func (*LayerBlockCipherHandler) Decrypt ¶
func (h *LayerBlockCipherHandler) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
Decrypt is the handler for the layer decryption routine
func (*LayerBlockCipherHandler) Encrypt ¶
func (h *LayerBlockCipherHandler) Encrypt(plainDataReader io.Reader, typ LayerCipherType) (io.Reader, Finalizer, error)
Encrypt is the handler for the layer decryption routine
type LayerBlockCipherOptions ¶
type LayerBlockCipherOptions struct { Public PublicLayerBlockCipherOptions Private PrivateLayerBlockCipherOptions }
LayerBlockCipherOptions contains the public and private LayerBlockCipherOptions required to encrypt/decrypt an image
type LayerCipherType ¶
type LayerCipherType string
LayerCipherType is the ciphertype as specified in the layer metadata
const (
AES256CTR LayerCipherType = "AES_256_CTR_HMAC_SHA256"
)
TODO: Should be obtained from OCI spec once included
type PrivateLayerBlockCipherOptions ¶
type PrivateLayerBlockCipherOptions struct { // SymmetricKey represents the symmetric key used for encryption/decryption // This field should be populated by Encrypt/Decrypt calls SymmetricKey []byte `json:"symkey"` // Digest is the digest of the original data for verification. // This is NOT populated by Encrypt/Decrypt calls Digest digest.Digest `json:"digest"` // CipherOptions contains the cipher metadata used for encryption/decryption // This field should be populated by Encrypt/Decrypt calls CipherOptions map[string][]byte `json:"cipheroptions"` }
PrivateLayerBlockCipherOptions includes the information required to encrypt/decrypt an image which are sensitive and should not be in plaintext
type PublicLayerBlockCipherOptions ¶
type PublicLayerBlockCipherOptions struct { // CipherType denotes the cipher type according to the list of OCI suppported // cipher types. CipherType LayerCipherType `json:"cipher"` // Hmac contains the hmac string to help verify encryption Hmac []byte `json:"hmac"` // CipherOptions contains the cipher metadata used for encryption/decryption // This field should be populated by Encrypt/Decrypt calls CipherOptions map[string][]byte `json:"cipheroptions"` }
PublicLayerBlockCipherOptions includes the information required to encrypt/decrypt an image which are public and can be deduplicated in plaintext across multiple recipients