edg

package

v1.0.1 Latest Latest Go to latest Published: Jun 10, 2024 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/ego-kvstore

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DecryptOptions(ciphertext []byte, fileNum base.FileNum, keyManager *KeyManager) ([]byte, error)
func EncryptOptions(serializedOpts []byte, fileNum base.DiskFileNum, keyManager *KeyManager) ([]byte, error)
func GetCipher(key []byte) (cipher.AEAD, error)
func TestEnableRandomKey()
type ApprovedWriter
- func (w *ApprovedWriter) Write(p []byte) (int, error)
type KeyManager
- func NewKeyManager(fs vfs.FS, dirname string, masterKey []byte) (*KeyManager, error)
type Writer

Constants ¶

View Source

const GCMTagSize = 16

GCMTagSize is the AES-GCM tag size.

View Source

const (
	// SaltChainFilename is the name of the salt chain file.
	SaltChainFilename = "SALTCHAIN"
)

Variables ¶

This section is empty.

Functions ¶

func DecryptOptions ¶

func DecryptOptions(
	ciphertext []byte, fileNum base.FileNum, keyManager *KeyManager,
) ([]byte, error)

DecryptOptions decrypts the contents of an OPTIONS file.

func EncryptOptions ¶

func EncryptOptions(
	serializedOpts []byte, fileNum base.DiskFileNum, keyManager *KeyManager,
) ([]byte, error)

EncryptOptions encrypts the contents of an OPTIONS file.

func GetCipher ¶

func GetCipher(key []byte) (cipher.AEAD, error)

GetCipher returns an AES-GCM cipher for key.

func TestEnableRandomKey ¶

func TestEnableRandomKey()

TestEnableRandomKey enables the use of a random key in case no key has been set. This reduces required changes to existing tests.

Types ¶

type ApprovedWriter ¶

type ApprovedWriter struct {
	Writer interface {
		WriteApproved([]byte) (int, error)
	}
}

ApprovedWriter wraps an edg.Writer and provides an io.Writer interface. Use this to pass an edg.Writer to functions that expect an io.Writer.

func (*ApprovedWriter) Write ¶

func (w *ApprovedWriter) Write(p []byte) (int, error)

type KeyManager ¶

type KeyManager struct {
	// contains filtered or unexported fields
}

KeyManager manages the encryption keys for database files.

Call Create(fileNum) to create a new key when writing a file. Call Get(fileNum) to get the key when reading a file.

Internally, KeyManager maps file numbers to unique salts. File keys are derived with hkdf(masterKey, salt). The salts are stored integrity-protected in the SALTCHAIN file. The file is an append-only chain of saltBlocks, linked by HMACs.

As the encrypted files are file-level integrity-protected, together with key management via the salt chain we achieve "snapshot integrity" for the entire database.

func NewKeyManager ¶

func NewKeyManager(fs vfs.FS, dirname string, masterKey []byte) (*KeyManager, error)

NewKeyManager creates a new KeyManager.

func (*KeyManager) Close ¶

func (m *KeyManager) Close() error

Close closes the KeyManager.

func (*KeyManager) Create ¶

func (m *KeyManager) Create(fileNum base.FileNum) ([]byte, error)

Create creates a new key for writing a file.

func (*KeyManager) Get ¶

func (m *KeyManager) Get(fileNum base.FileNum) ([]byte, error)

Get gets the key for reading a file.

type Writer ¶

type Writer interface {
	Write([]byte) (int, error)
	WriteApproved([]byte) (int, error)
}

Writer is an interface for Write and WriteApproved.

var Discard Writer = discard{}

Discard is a Writer on which all Write calls succeed without doing anything.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL