crypto

package
v1.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 1, 2024 License: Apache-2.0 Imports: 14 Imported by: 18

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrKeyNotFound = errors.New("key not found")

ErrKeyNotFound is returned when the key could not be found.

Functions

func KeyCanPerformAlgorithm

func KeyCanPerformAlgorithm(key jwk.Key, alg string) bool

KeyCanPerformAlgorithm returns true if the key can be used with a specific algorithm.

func KeyCanPerformOperation

func KeyCanPerformOperation(key jwk.Key, op jwk.KeyOperation) bool

KeyCanPerformOperation returns true if the key can be used to perform a specific operation.

Types

type Feature

type Feature = features.Feature[SubtleCrypto]

Feature names a feature that can be implemented by the crypto provider components.

type GetKeyFn

type GetKeyFn = func(ctx context.Context, key string) func(resolve func(jwk.Key), reject func(error))

GetKeyFn is the type of the getKeyFn function used by the PubKeyCache.

type Key

type Key struct {
	jwk.Key
	// contains filtered or unexported fields
}

Key extends jwk.Key adding optional properties for determining if the key is valid (time bounds) or can be used for certain purposes.

func NewKey

func NewKey(key jwk.Key, kid string, exp, nbf *time.Time) *Key

NewKey returns a new Key object

func (Key) CanPerformOperation

func (k Key) CanPerformOperation(op jwk.KeyOperation) bool

CanPerformOperation returns true if the key can be used to perform a specific operation.

func (Key) IsValid

func (k Key) IsValid() bool

IsValid checks if the key is within the time bounds of validity.

func (Key) KeyID

func (k Key) KeyID() string

KeyID returns the value of the kid (key ID) property if present.

func (Key) MarshalJSON added in v1.12.0

func (k Key) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface

type LocalCryptoBaseComponent

type LocalCryptoBaseComponent struct {
	// RetrieveKeyFn is the function used to retrieve a key, and must be passed by concrete implementations
	RetrieveKeyFn func(parentCtx context.Context, key string) (jwk.Key, error)
}

LocalCryptoBaseComponent is an "abstract" component that performs cryptographic operations locally in the Dapr runtime. Concrete implementations build on top of this component and just need to provide retrieveKeyFromSecret. Examples of components that build on top of this: crypto.kubernetes.secrets, crypto.jwks

func (LocalCryptoBaseComponent) Decrypt

func (k LocalCryptoBaseComponent) Decrypt(parentCtx context.Context, ciphertext []byte, algorithm string, keyName string, nonce []byte, tag []byte, associatedData []byte) (plaintext []byte, err error)

func (LocalCryptoBaseComponent) Encrypt

func (k LocalCryptoBaseComponent) Encrypt(parentCtx context.Context, plaintext []byte, algorithm string, keyName string, nonce []byte, associatedData []byte) (ciphertext []byte, tag []byte, err error)

func (LocalCryptoBaseComponent) GetKey

func (k LocalCryptoBaseComponent) GetKey(parentCtx context.Context, key string) (pubKey jwk.Key, err error)

func (LocalCryptoBaseComponent) Sign

func (k LocalCryptoBaseComponent) Sign(parentCtx context.Context, digest []byte, algorithm string, keyName string) (signature []byte, err error)

func (LocalCryptoBaseComponent) SupportedEncryptionAlgorithms

func (k LocalCryptoBaseComponent) SupportedEncryptionAlgorithms() []string

func (LocalCryptoBaseComponent) SupportedSignatureAlgorithms

func (k LocalCryptoBaseComponent) SupportedSignatureAlgorithms() []string

func (LocalCryptoBaseComponent) UnwrapKey

func (k LocalCryptoBaseComponent) UnwrapKey(parentCtx context.Context, wrappedKey []byte, algorithm string, keyName string, nonce []byte, tag []byte, associatedData []byte) (plaintextKey jwk.Key, err error)

func (LocalCryptoBaseComponent) Verify

func (k LocalCryptoBaseComponent) Verify(parentCtx context.Context, digest []byte, signature []byte, algorithm string, keyName string) (valid bool, err error)

func (LocalCryptoBaseComponent) WrapKey

func (k LocalCryptoBaseComponent) WrapKey(parentCtx context.Context, plaintextKey jwk.Key, algorithm string, keyName string, nonce []byte, associatedData []byte) (wrappedKey []byte, tag []byte, err error)

type Metadata

type Metadata struct {
	metadata.Base `json:",inline"`
}

Metadata contains a crypto specific set of metadata properties.

type PubKeyCache

type PubKeyCache struct {
	// contains filtered or unexported fields
}

PubKeyCache implements GetKey with a local cache. We use promises for cache entries so that multiple callers getting the same key at the same time (where the key is not in the cache yet), will result in only a single key fetch. Each cache item uses a context pool so that a key fetch call will only be cancelled once all callers have cancelled their context.

func NewPubKeyCache

func NewPubKeyCache(getKeyFn GetKeyFn) *PubKeyCache

NewPubKeyCache returns a new PubKeyCache object

func (*PubKeyCache) GetKey

func (kc *PubKeyCache) GetKey(ctx context.Context, key string) (jwk.Key, error)

GetKey returns a public key from the cache, or uses getKeyFn to request it.

type SubtleCrypto

type SubtleCrypto interface {
	metadata.ComponentWithMetadata

	SubtleCryptoAlgorithms

	// Init the component.
	Init(ctx context.Context, metadata Metadata) error

	// GetKey returns the public part of a key stored in the vault.
	// This method returns an error if the key is symmetric.
	GetKey(ctx context.Context,

		keyName string,
	) (

		pubKey jwk.Key,
		err error,
	)

	// Encrypt a small message and returns the ciphertext.
	Encrypt(ctx context.Context,

		plaintext []byte,

		algorithm string,

		keyName string,

		nonce []byte,

		associatedData []byte,
	) (

		ciphertext []byte,

		tag []byte,
		err error,
	)

	// Decrypt a small message and returns the plaintext.
	Decrypt(ctx context.Context,

		ciphertext []byte,

		algorithm string,

		keyName string,

		nonce []byte,

		tag []byte,

		associatedData []byte,
	) (

		plaintext []byte,
		err error,
	)

	// WrapKey wraps a key.
	WrapKey(ctx context.Context,

		plaintextKey jwk.Key,

		algorithm string,

		keyName string,

		nonce []byte,

		associatedData []byte,
	) (

		wrappedKey []byte,

		tag []byte,
		err error,
	)

	// UnwrapKey unwraps a key.
	// The consumer needs to unserialize the key in the correct format.
	UnwrapKey(ctx context.Context,

		wrappedKey []byte,

		algorithm string,

		keyName string,

		nonce []byte,

		tag []byte,

		associatedData []byte,
	) (

		plaintextKey jwk.Key,
		err error,
	)

	// Sign a digest.
	Sign(ctx context.Context,

		digest []byte,

		algorithm string,

		keyName string,
	) (

		signature []byte,
		err error,
	)

	// Verify a signature.
	Verify(ctx context.Context,

		digest []byte,

		signature []byte,

		algorithm string,

		keyName string,
	) (

		valid bool,
		err error,
	)
}

SubtleCrypto offers an interface to perform low-level ("subtle") cryptographic operations with keys stored in a vault.

type SubtleCryptoAlgorithms

type SubtleCryptoAlgorithms interface {
	SupportedEncryptionAlgorithms() []string
	SupportedSignatureAlgorithms() []string
}

SubtleCryptoAlgorithms is an extension to SubtleCrypto that includes methods to return information on the supported algorithms.

Directories

Path Synopsis
azure
kubernetes

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL