seal

package

v1.4.1 Latest Latest Go to latest Published: Feb 27, 2024 License: MPL-2.0 Imports: 5 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/marblerun

Links

Open Source Insights

Documentation ¶

Overview ¶

Package seal implements sealing operations for the Coordinator.

Index ¶

Variables
func GenerateEncryptionKey() ([]byte, error)
type AESGCMSealer
- func NewAESGCMSealer() *AESGCMSealer
type EncryptionKeyError
- func (e *EncryptionKeyError) Error() string
- func (e *EncryptionKeyError) Unwrap() error
type MockSealer
type NoEnclaveSealer
- func NewNoEnclaveSealer() *NoEnclaveSealer
type Sealer

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrMissingEncryptionKey = errors.New("encryption key not set")

ErrMissingEncryptionKey occurs if the encryption key is not set.

Functions ¶

func GenerateEncryptionKey ¶ added in v1.2.0

func GenerateEncryptionKey() ([]byte, error)

GenerateEncryptionKey generates a new random 16 byte encryption key.

Types ¶

type AESGCMSealer ¶

type AESGCMSealer struct {
	// contains filtered or unexported fields
}

AESGCMSealer implements the Sealer interface using AES-GCM for confidentiality and authentication.

func NewAESGCMSealer ¶

func NewAESGCMSealer() *AESGCMSealer

NewAESGCMSealer creates and initializes a new AESGCMSealer object.

func (*AESGCMSealer) Seal ¶

func (s *AESGCMSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) ([]byte, error)

Seal encrypts and stores information to the fs.

func (*AESGCMSealer) SealEncryptionKey ¶ added in v1.2.0

func (s *AESGCMSealer) SealEncryptionKey(encryptionKey []byte) ([]byte, error)

SealEncryptionKey seals an encryption key with the enclave's product key.

func (*AESGCMSealer) SetEncryptionKey ¶

func (s *AESGCMSealer) SetEncryptionKey(encryptionKey []byte)

SetEncryptionKey sets the encryption key of the Sealer.

func (*AESGCMSealer) Unseal ¶

func (s *AESGCMSealer) Unseal(sealedData []byte) ([]byte, []byte, error)

Unseal decrypts sealedData and returns the decrypted data, as well as the prefixed unencrypted metadata of the cipher text.

func (*AESGCMSealer) UnsealEncryptionKey ¶ added in v1.2.0

func (s *AESGCMSealer) UnsealEncryptionKey(encryptedKey []byte) ([]byte, error)

UnsealEncryptionKey unseals the encryption key using the enclave's product key.

type EncryptionKeyError ¶ added in v1.2.0

type EncryptionKeyError struct {
	Err error
}

EncryptionKeyError occurs if the encryption key cannot be unsealed.

func (*EncryptionKeyError) Error ¶ added in v1.2.0

func (e *EncryptionKeyError) Error() string

func (*EncryptionKeyError) Unwrap ¶ added in v1.2.0

func (e *EncryptionKeyError) Unwrap() error

type MockSealer ¶

type MockSealer struct {

	// mock unseal error
	UnsealError error
	// contains filtered or unexported fields
}

MockSealer is a mockup sealer.

func (*MockSealer) Seal ¶

func (s *MockSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) ([]byte, error)

Seal implements the Sealer interface.

func (*MockSealer) SealEncryptionKey ¶ added in v1.2.0

func (s *MockSealer) SealEncryptionKey(key []byte) ([]byte, error)

SealEncryptionKey implements the Sealer interface. Since the MockSealer does not support sealing with an enclave key, it returns the key as is.

func (*MockSealer) SetEncryptionKey ¶

func (s *MockSealer) SetEncryptionKey(_ []byte)

SetEncryptionKey implements the Sealer interface.

func (*MockSealer) Unseal ¶

func (s *MockSealer) Unseal(_ []byte) ([]byte, []byte, error)

Unseal implements the Sealer interface.

func (*MockSealer) UnsealEncryptionKey ¶ added in v1.2.0

func (s *MockSealer) UnsealEncryptionKey(key []byte) ([]byte, error)

UnsealEncryptionKey implements the Sealer interface.

type NoEnclaveSealer ¶

type NoEnclaveSealer struct {
	// contains filtered or unexported fields
}

NoEnclaveSealer is a sealer for a -noenclave instance and performs encryption with a fixed key.

func NewNoEnclaveSealer ¶

func NewNoEnclaveSealer() *NoEnclaveSealer

NewNoEnclaveSealer creates and initializes a new NoEnclaveSealer object.

func (*NoEnclaveSealer) Seal ¶

func (s *NoEnclaveSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) ([]byte, error)

Seal encrypts the given data using the sealer's key.

func (*NoEnclaveSealer) SealEncryptionKey ¶ added in v1.2.0

func (s *NoEnclaveSealer) SealEncryptionKey(key []byte) ([]byte, error)

SealEncryptionKey implements the Sealer interface. Since the NoEnclaveSealer does not support sealing with an enclave key, it returns the key as is.

func (*NoEnclaveSealer) SetEncryptionKey ¶

func (s *NoEnclaveSealer) SetEncryptionKey(key []byte)

SetEncryptionKey implements the Sealer interface.

func (*NoEnclaveSealer) Unseal ¶

func (s *NoEnclaveSealer) Unseal(sealedData []byte) ([]byte, []byte, error)

Unseal decrypts sealedData and returns the decrypted data, as well as the prefixed unencrypted metadata of the cipher text.

func (*NoEnclaveSealer) UnsealEncryptionKey ¶ added in v1.2.0

func (s *NoEnclaveSealer) UnsealEncryptionKey(key []byte) ([]byte, error)

UnsealEncryptionKey implements the Sealer interface.

type Sealer ¶

type Sealer interface {
	// Seal encrypts data using the encryption key of the Sealer.
	Seal(unencryptedData []byte, toBeEncrypted []byte) (encryptedData []byte, err error)
	// Unseal decrypts the given data and returns the plain text, as well as the unencrypted metadata.
	Unseal(encryptedData []byte) (unencryptedData []byte, decryptedData []byte, err error)
	// SealEncryptionKey seals an encryption key using the sealer.
	SealEncryptionKey(key []byte) (encryptedKey []byte, err error)
	// SetEncryptionKey sets the encryption key of the sealer.
	SetEncryptionKey(key []byte)
	// UnsealEncryptionKey decrypts an encrypted key.
	UnsealEncryptionKey(encryptedKey []byte) ([]byte, error)
}

Sealer handles encryption and decryption of data.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL