hmac

package
v0.0.0-...-8843776 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 17, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package hmac contain logic for calculating hmac for AcraStructs

Index

Constants

This section is empty.

Variables

View Source 
var ErrHMACNotMatch = errors.New("HMAC not match to data in AcraStruct")

ErrHMACNotMatch hmac not equal to data in AcraStruct

Functions

func DecryptRotatedSearchableAcraBlock 

func DecryptRotatedSearchableAcraBlock(acraBlock []byte, hmacKey []byte, symKeys [][]byte, context []byte) ([]byte, error)

DecryptRotatedSearchableAcraBlock decrypt AcraBlock with hash and verify that hash correct Note: function expects that AcraBlock was encrypted with key related to this context and hmacKey passed according to this context context should be ClientID or AdditionalContext

func DecryptRotatedSearchableAcraStruct 

func DecryptRotatedSearchableAcraStruct(acrastruct []byte, hmacKey []byte, privateKeys []*keys.PrivateKey, context []byte) ([]byte, error)

DecryptRotatedSearchableAcraStruct decrypt acrastruct with hash and verify that hash correct Note: function expects that AcraStruct was encrypted with key related to this context and hmacKey passed according to this context context should be ClientID or AdditionalContext

func GenerateHMAC 

func GenerateHMAC(key, data []byte) []byte

GenerateHMAC return hmac with default hash function

func GetDefaultHashSize 

func GetDefaultHashSize() int

GetDefaultHashSize return size of hash signature with hash func number prefix

func NewHashProcessor 

func NewHashProcessor(processor base.DataProcessor, hmacStore keystore.HmacKeyStore) base.DataProcessor

NewHashProcessor extract hmac value data passed to DataProcessor.Process func and check hmac of data returned from processor by comparing with extracted hmac

Types

type Hash 

type Hash interface {
	IsEqual(data []byte, keyID []byte, keystore keystore.HmacKeyStore) bool
	Marshal() []byte
	Length() int
}

Hash provide methods to work with known hash signature

func ExtractHash 

func ExtractHash(data []byte) Hash

ExtractHash return Hash if matched otherwise nil

func ExtractHashAndData 

func ExtractHashAndData(container []byte) (Hash, []byte)

ExtractHashAndData return hash and data with extracted hash if matched. Otherwise both are nil

type HashData 

type HashData struct {
	// contains filtered or unexported fields
}

HashData implementation of Hash interface

func NewDefaultHash 

func NewDefaultHash(rawHashData []byte) *HashData

NewDefaultHash return hash wrapper from raw hash data

func (*HashData) IsEqual 

func (d *HashData) IsEqual(data []byte, keyID []byte, store keystore.HmacKeyStore) bool

IsEqual if hmac equal to calculated hmac for data

func (*HashData) Length 

func (d *HashData) Length() int

Length of hash data

func (*HashData) Marshal 

func (d *HashData) Marshal() []byte

Marshal hash digest

type Processor 

type Processor struct {
	// contains filtered or unexported fields
}

Processor HMAC DataProcessor implementation

func NewHMACProcessor 

func NewHMACProcessor(store keystore.HmacKeyStore) *Processor

NewHMACProcessor return initialized HMACProcessor by provided keystore.HmacKeyStore)

func (*Processor) ID 

func (p *Processor) ID() string

ID return hardcoded HMAC ID

func (*Processor) OnColumn 

func (p *Processor) OnColumn(ctx context.Context, data []byte) (context.Context, []byte, error)

OnColumn return data itself if hash matched, otherwise column data hash will be returned

func (*Processor) Process 

func (p *Processor) Process(data []byte, ctx *base.DataProcessorContext) ([]byte, error)

Process HMAC DataProcessor implementation

func (*Processor) WrapProcessor 

func (p *Processor) WrapProcessor(processor base.DataProcessor) base.DataProcessor

WrapProcessor wrap HMACProcessor with provided DataProcessor

type SearchableDataEncryptor 

type SearchableDataEncryptor struct {
	// contains filtered or unexported fields
}

SearchableDataEncryptor adds hash prefix to AcraStruct generated with encryptor.AcrawriterDataEncryptor

func NewSearchableEncryptor 

func NewSearchableEncryptor(keystore SearchableEncryptorKeystore, dataEncryptor encryptor.DataEncryptor, dataProcessor base.ExtendedDataProcessor) (*SearchableDataEncryptor, error)

NewSearchableEncryptor return new SearchableDataEncryptor

func (*SearchableDataEncryptor) EncryptWithClientID 

func (e *SearchableDataEncryptor) EncryptWithClientID(clientID, data []byte, settingCE config.ColumnEncryptionSetting) ([]byte, error)

EncryptWithClientID add prefix with hmac to encrypted result from AcrawriterEncryptor

type SearchableEncryptorKeystore 

type SearchableEncryptorKeystore interface {
	estore.HmacKeyStore
	keystore.PrivateKeyStore
	keystore.PublicKeyStore
}

SearchableEncryptorKeystore keystore interface used by SearchableAcrastructEncryptor

type SimpleHmacKeyStore 

type SimpleHmacKeyStore []byte

SimpleHmacKeyStore wrap byte slice and implement HmacKeyStore interface

func (SimpleHmacKeyStore) GetHMACSecretKey 

func (key SimpleHmacKeyStore) GetHMACSecretKey(id []byte) ([]byte, error)

GetHMACSecretKey return itself as key on any passed id

Source Files

View all Source files

Directories

Path Synopsis
decryptor
mysql
postgresql

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.