seal

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 16, 2024 License: MPL-2.0 Imports: 6 Imported by: 3

Documentation

Overview

Package seal implements sealing operations for the Coordinator.

Index

Constants

This section is empty.

Variables

View Source 
var ErrMissingEncryptionKey = errors.New("encryption key not set")

ErrMissingEncryptionKey occurs if the encryption key is not set.

Functions

func GenerateEncryptionKey added in v1.2.0 

func GenerateEncryptionKey() ([]byte, error)

GenerateEncryptionKey generates a new random 16 byte encryption key.

Types

type AESGCMSealer 

type AESGCMSealer struct {
	// contains filtered or unexported fields
}

AESGCMSealer implements the Sealer interface using AES-GCM for confidentiality and authentication.

func NewAESGCMSealer 

func NewAESGCMSealer() *AESGCMSealer

NewAESGCMSealer creates and initializes a new AESGCMSealer object.

func (*AESGCMSealer) Seal 

func (s *AESGCMSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) ([]byte, error)

Seal encrypts and stores information to the fs.

func (*AESGCMSealer) SealEncryptionKey added in v1.2.0 

func (s *AESGCMSealer) SealEncryptionKey(encryptionKey []byte, mode Mode) ([]byte, error)

SealEncryptionKey seals an encryption key with the selected enclave key.

func (*AESGCMSealer) SetEncryptionKey 

func (s *AESGCMSealer) SetEncryptionKey(encryptionKey []byte)

SetEncryptionKey sets the encryption key of the Sealer.

func (*AESGCMSealer) Unseal 

func (s *AESGCMSealer) Unseal(sealedData []byte) ([]byte, []byte, error)

Unseal decrypts sealedData and returns the decrypted data, as well as the prefixed unencrypted metadata of the cipher text.

func (*AESGCMSealer) UnsealEncryptionKey added in v1.2.0 

func (s *AESGCMSealer) UnsealEncryptionKey(encryptedKey []byte) ([]byte, error)

UnsealEncryptionKey unseals the encryption key.

type EncryptionKeyError added in v1.2.0 

type EncryptionKeyError struct {
	Err error
}

EncryptionKeyError occurs if the encryption key cannot be unsealed.

func (*EncryptionKeyError) Error added in v1.2.0 

func (e *EncryptionKeyError) Error() string

func (*EncryptionKeyError) Unwrap added in v1.2.0 

func (e *EncryptionKeyError) Unwrap() error

type MockSealer 

type MockSealer struct {

	// mock unseal error
	UnsealError error
	// contains filtered or unexported fields
}

MockSealer is a mockup sealer.

func (*MockSealer) Seal 

func (s *MockSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) ([]byte, error)

Seal implements the Sealer interface.

func (*MockSealer) SealEncryptionKey added in v1.2.0 

func (s *MockSealer) SealEncryptionKey(key []byte, mode Mode) ([]byte, error)

SealEncryptionKey implements the Sealer interface. Since the MockSealer does not support sealing with an enclave key, it returns the key as is.

func (*MockSealer) SetEncryptionKey 

func (s *MockSealer) SetEncryptionKey(_ []byte)

SetEncryptionKey implements the Sealer interface.

func (*MockSealer) Unseal 

func (s *MockSealer) Unseal(_ []byte) ([]byte, []byte, error)

Unseal implements the Sealer interface.

func (*MockSealer) UnsealEncryptionKey added in v1.2.0 

func (s *MockSealer) UnsealEncryptionKey(key []byte) ([]byte, error)

UnsealEncryptionKey implements the Sealer interface.

type Mode added in v1.5.0 

type Mode uint

Mode specifies how the data should be sealed. 

const (
	// ModeDisabled disables sealing and holds data in memory only.
	ModeDisabled Mode = iota
	// ModeProductKey enables sealing with the product key.
	ModeProductKey
	// ModeUniqueKey enables sealing with the unique key.
	ModeUniqueKey
)

func ModeFromString added in v1.5.0 

func ModeFromString(mode string) Mode

ModeFromString returns the Mode value for the given string.

type NoEnclaveSealer 

type NoEnclaveSealer struct {
	// contains filtered or unexported fields
}

NoEnclaveSealer is a sealer for a -noenclave instance and performs encryption with a fixed key.

func NewNoEnclaveSealer 

func NewNoEnclaveSealer() *NoEnclaveSealer

NewNoEnclaveSealer creates and initializes a new NoEnclaveSealer object.

func (*NoEnclaveSealer) Seal 

func (s *NoEnclaveSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) ([]byte, error)

Seal encrypts the given data using the sealer's key.

func (*NoEnclaveSealer) SealEncryptionKey added in v1.2.0 

func (s *NoEnclaveSealer) SealEncryptionKey(key []byte, _ Mode) ([]byte, error)

SealEncryptionKey implements the Sealer interface. Since the NoEnclaveSealer does not support sealing with an enclave key, it returns the key as is.

func (*NoEnclaveSealer) SetEncryptionKey 

func (s *NoEnclaveSealer) SetEncryptionKey(key []byte)

SetEncryptionKey implements the Sealer interface.

func (*NoEnclaveSealer) Unseal 

func (s *NoEnclaveSealer) Unseal(sealedData []byte) ([]byte, []byte, error)

Unseal decrypts sealedData and returns the decrypted data, as well as the prefixed unencrypted metadata of the cipher text.

func (*NoEnclaveSealer) UnsealEncryptionKey added in v1.2.0 

func (s *NoEnclaveSealer) UnsealEncryptionKey(key []byte) ([]byte, error)

UnsealEncryptionKey implements the Sealer interface.

type Sealer 

type Sealer interface {
	// Seal encrypts data using the encryption key of the Sealer.
	Seal(unencryptedData []byte, toBeEncrypted []byte) (encryptedData []byte, err error)
	// Unseal decrypts the given data and returns the plain text, as well as the unencrypted metadata.
	Unseal(encryptedData []byte) (unencryptedData []byte, decryptedData []byte, err error)
	// SealEncryptionKey seals an encryption key using the sealer.
	SealEncryptionKey(key []byte, mode Mode) (encryptedKey []byte, err error)
	// SetEncryptionKey sets the encryption key of the sealer.
	SetEncryptionKey(key []byte)
	// UnsealEncryptionKey decrypts an encrypted key.
	UnsealEncryptionKey(encryptedKey []byte) ([]byte, error)
}

Sealer handles encryption and decryption of data.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.