crypto

package
v1.12.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2023 License: Apache-2.0 Imports: 13 Imported by: 12

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrKeyNotFound = errors.New("key not found")

ErrKeyNotFound is returned when the key could not be found.

Functions

func KeyCanPerformAlgorithm 

func KeyCanPerformAlgorithm(key jwk.Key, alg string) bool

KeyCanPerformAlgorithm returns true if the key can be used with a specific algorithm.

func KeyCanPerformOperation 

func KeyCanPerformOperation(key jwk.Key, op jwk.KeyOperation) bool

KeyCanPerformOperation returns true if the key can be used to perform a specific operation.

Types

type Feature 

type Feature string

Feature names a feature that can be implemented by the crypto provider components.

func (Feature) IsPresent 

func (f Feature) IsPresent(features []Feature) bool

IsPresent checks if a given feature is present in the list.

type GetKeyFn 

type GetKeyFn = func(ctx context.Context, key string) func(resolve func(jwk.Key), reject func(error))

GetKeyFn is the type of the getKeyFn function used by the PubKeyCache.

type Key 

type Key struct {
	jwk.Key
	// contains filtered or unexported fields
}

Key extends jwk.Key adding optional properties for determining if the key is valid (time bounds) or can be used for certain purposes.

func NewKey 

func NewKey(key jwk.Key, kid string, exp, nbf *time.Time) *Key

NewKey returns a new Key object

func (Key) CanPerformOperation 

func (k Key) CanPerformOperation(op jwk.KeyOperation) bool

CanPerformOperation returns true if the key can be used to perform a specific operation.

func (Key) IsValid 

func (k Key) IsValid() bool

IsValid checks if the key is within the time bounds of validity.

func (Key) KeyID 

func (k Key) KeyID() string

KeyID returns the value of the kid (key ID) property if present.

func (Key) MarshalJSON added in v1.12.0 

func (k Key) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface

type LocalCryptoBaseComponent 

type LocalCryptoBaseComponent struct {
	// RetrieveKeyFn is the function used to retrieve a key, and must be passed by concrete implementations
	RetrieveKeyFn func(parentCtx context.Context, key string) (jwk.Key, error)
}

LocalCryptoBaseComponent is an "abstract" component that performs cryptographic operations locally in the Dapr runtime. Concrete implementations build on top of this component and just need to provide retrieveKeyFromSecret. Examples of components that build on top of this: crypto.kubernetes.secrets, crypto.jwks

func (LocalCryptoBaseComponent) Decrypt 

func (k LocalCryptoBaseComponent) Decrypt(parentCtx context.Context, ciphertext []byte, algorithm string, keyName string, nonce []byte, tag []byte, associatedData []byte) (plaintext []byte, err error)

func (LocalCryptoBaseComponent) Encrypt 

func (k LocalCryptoBaseComponent) Encrypt(parentCtx context.Context, plaintext []byte, algorithm string, keyName string, nonce []byte, associatedData []byte) (ciphertext []byte, tag []byte, err error)

func (LocalCryptoBaseComponent) GetKey 

func (k LocalCryptoBaseComponent) GetKey(parentCtx context.Context, key string) (pubKey jwk.Key, err error)

func (LocalCryptoBaseComponent) Sign 

func (k LocalCryptoBaseComponent) Sign(parentCtx context.Context, digest []byte, algorithm string, keyName string) (signature []byte, err error)

func (LocalCryptoBaseComponent) SupportedEncryptionAlgorithms 

func (k LocalCryptoBaseComponent) SupportedEncryptionAlgorithms() []string

func (LocalCryptoBaseComponent) SupportedSignatureAlgorithms 

func (k LocalCryptoBaseComponent) SupportedSignatureAlgorithms() []string

func (LocalCryptoBaseComponent) UnwrapKey 

func (k LocalCryptoBaseComponent) UnwrapKey(parentCtx context.Context, wrappedKey []byte, algorithm string, keyName string, nonce []byte, tag []byte, associatedData []byte) (plaintextKey jwk.Key, err error)

func (LocalCryptoBaseComponent) Verify 

func (k LocalCryptoBaseComponent) Verify(parentCtx context.Context, digest []byte, signature []byte, algorithm string, keyName string) (valid bool, err error)

func (LocalCryptoBaseComponent) WrapKey 

func (k LocalCryptoBaseComponent) WrapKey(parentCtx context.Context, plaintextKey jwk.Key, algorithm string, keyName string, nonce []byte, associatedData []byte) (wrappedKey []byte, tag []byte, err error)

type Metadata 

type Metadata struct {
	metadata.Base `json:",inline"`
}

Metadata contains a crypto specific set of metadata properties.

type PubKeyCache 

type PubKeyCache struct {
	// contains filtered or unexported fields
}

PubKeyCache implements GetKey with a local cache. We use promises for cache entries so that multiple callers getting the same key at the same time (where the key is not in the cache yet), will result in only a single key fetch. Each cache item uses a context pool so that a key fetch call will only be cancelled once all callers have cancelled their context.

func NewPubKeyCache 

func NewPubKeyCache(getKeyFn GetKeyFn) *PubKeyCache

NewPubKeyCache returns a new PubKeyCache object

func (*PubKeyCache) GetKey 

func (kc *PubKeyCache) GetKey(ctx context.Context, key string) (jwk.Key, error)

GetKey returns a public key from the cache, or uses getKeyFn to request it.

type SubtleCrypto 

type SubtleCrypto interface {
	metadata.ComponentWithMetadata

	SubtleCryptoAlgorithms

	// Init the component.
	Init(ctx context.Context, metadata Metadata) error

	// GetKey returns the public part of a key stored in the vault.
	// This method returns an error if the key is symmetric.
	GetKey(ctx context.Context,

		keyName string,
	) (

		pubKey jwk.Key,
		err error,
	)

	// Encrypt a small message and returns the ciphertext.
	Encrypt(ctx context.Context,

		plaintext []byte,

		algorithm string,

		keyName string,

		nonce []byte,

		associatedData []byte,
	) (

		ciphertext []byte,

		tag []byte,
		err error,
	)

	// Decrypt a small message and returns the plaintext.
	Decrypt(ctx context.Context,

		ciphertext []byte,

		algorithm string,

		keyName string,

		nonce []byte,

		tag []byte,

		associatedData []byte,
	) (

		plaintext []byte,
		err error,
	)

	// WrapKey wraps a key.
	WrapKey(ctx context.Context,

		plaintextKey jwk.Key,

		algorithm string,

		keyName string,

		nonce []byte,

		associatedData []byte,
	) (

		wrappedKey []byte,

		tag []byte,
		err error,
	)

	// UnwrapKey unwraps a key.
	// The consumer needs to unserialize the key in the correct format.
	UnwrapKey(ctx context.Context,

		wrappedKey []byte,

		algorithm string,

		keyName string,

		nonce []byte,

		tag []byte,

		associatedData []byte,
	) (

		plaintextKey jwk.Key,
		err error,
	)

	// Sign a digest.
	Sign(ctx context.Context,

		digest []byte,

		algorithm string,

		keyName string,
	) (

		signature []byte,
		err error,
	)

	// Verify a signature.
	Verify(ctx context.Context,

		digest []byte,

		signature []byte,

		algorithm string,

		keyName string,
	) (

		valid bool,
		err error,
	)
}

SubtleCrypto offers an interface to perform low-level ("subtle") cryptographic operations with keys stored in a vault.

type SubtleCryptoAlgorithms 

type SubtleCryptoAlgorithms interface {
	SupportedEncryptionAlgorithms() []string
	SupportedSignatureAlgorithms() []string
}

SubtleCryptoAlgorithms is an extension to SubtleCrypto that includes methods to return information on the supported algorithms.

Source Files

View all Source files

Directories

Path Synopsis
azure
keyvault
kubernetes
secrets

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.