gcpkmscrypto

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2023 License: Apache-2.0 Imports: 21 Imported by: 2

Documentation

Index

Constants

View Source
const ProviderName = "GCPKMS"

ProviderName specifies a provider name

Variables

View Source
var KmsClientFactory = func() (KmsClient, error) {
	ctx := context.Background()
	client, err := kms.NewKeyManagementClient(ctx)
	if err != nil {
		return nil, errors.WithMessagef(err, "failed to create kms client")
	}

	return client, nil
}

KmsClientFactory override for unittest

Functions

func Crc32c

func Crc32c(data []byte) uint32

Crc32c computes digest's CRC32C.

func KeyLabelAndID

func KeyLabelAndID(val string) (label string, id string)

KeyLabelAndID adds a date suffix to ID of a key

func KmsLoader

KmsLoader provides loader for KMS provider

func NewSigner

func NewSigner(keyID string, label string, publicKey crypto.PublicKey, prov *Provider) crypto.Signer

NewSigner creates new signer

Types

type KmsClient

type KmsClient interface {
	ListCryptoKeys(context.Context, *kmspb.ListCryptoKeysRequest, ...gax.CallOption) *kms.CryptoKeyIterator
	GetCryptoKey(context.Context, *kmspb.GetCryptoKeyRequest, ...gax.CallOption) (*kmspb.CryptoKey, error)
	GetPublicKey(context.Context, *kmspb.GetPublicKeyRequest, ...gax.CallOption) (*kmspb.PublicKey, error)
	GetCryptoKeyVersion(context.Context, *kmspb.GetCryptoKeyVersionRequest, ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
	DestroyCryptoKeyVersion(context.Context, *kmspb.DestroyCryptoKeyVersionRequest, ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
	AsymmetricSign(context.Context, *kmspb.AsymmetricSignRequest, ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)
	CreateCryptoKey(context.Context, *kmspb.CreateCryptoKeyRequest, ...gax.CallOption) (*kmspb.CryptoKey, error)
	Close() error
}

KmsClient interface

type Provider

type Provider struct {
	KmsClient
	// contains filtered or unexported fields
}

Provider implements Provider interface for KMS

func Init

func Init(tc cryptoprov.TokenConfig) (*Provider, error)

Init configures Kms based hsm impl

func (*Provider) Close

func (p *Provider) Close() error

Close allocated resources and file reloader

func (*Provider) CurrentSlotID

func (p *Provider) CurrentSlotID() uint

CurrentSlotID returns current slot id. For KMS only one slot is assumed to be available.

func (*Provider) DestroyKeyPairOnSlot

func (p *Provider) DestroyKeyPairOnSlot(slotID uint, keyID string) error

DestroyKeyPairOnSlot destroys key pair on slot. For KMS slotID is ignored and KMS retire API is used to destroy the key.

func (*Provider) EnumKeys

func (p *Provider) EnumKeys(slotID uint, prefix string) ([]cryptoprov.KeyInfo, error)

EnumKeys returns list of keys on the slot. For KMS slotID is ignored.

func (*Provider) EnumTokens

func (p *Provider) EnumTokens(currentSlotOnly bool) ([]cryptoprov.TokenInfo, error)

EnumTokens lists tokens. For KMS currentSlotOnly is ignored and only one slot is assumed to be available.

func (*Provider) ExportKey

func (p *Provider) ExportKey(keyID string) (string, []byte, error)

ExportKey returns PKCS#11 URI for specified key ID. It does not return key bytes

func (*Provider) FindKeyPairOnSlot

func (p *Provider) FindKeyPairOnSlot(slotID uint, keyID, label string) (crypto.PrivateKey, error)

FindKeyPairOnSlot retrieves a previously created asymmetric key, using a specified slot.

func (*Provider) GenerateECDSAKey

func (p *Provider) GenerateECDSAKey(label string, curve elliptic.Curve) (crypto.PrivateKey, error)

GenerateECDSAKey creates signer using randomly generated ECDSA key

func (*Provider) GenerateRSAKey

func (p *Provider) GenerateRSAKey(label string, bits int, purpose int) (crypto.PrivateKey, error)

GenerateRSAKey creates signer using randomly generated RSA key

func (*Provider) GetKey

func (p *Provider) GetKey(keyID string) (crypto.PrivateKey, error)

GetKey returns PrivateKey

func (*Provider) IdentifyKey

func (p *Provider) IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)

IdentifyKey returns key id and label for the given private key

func (*Provider) KeyInfo

func (p *Provider) KeyInfo(slotID uint, keyID string, includePublic bool) (*cryptoprov.KeyInfo, error)

KeyInfo retrieves info about key with the specified id

func (*Provider) Manufacturer

func (p *Provider) Manufacturer() string

Manufacturer returns manufacturer for the provider

func (*Provider) Model

func (p *Provider) Model() string

Model returns model for the provider

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements crypto.Signer interface

func (*Signer) KeyID

func (s *Signer) KeyID() string

KeyID returns key id of the signer

func (*Signer) Label

func (s *Signer) Label() string

Label returns key label of the signer

func (*Signer) Public

func (s *Signer) Public() crypto.PublicKey

Public returns public key for the signer

func (*Signer) Sign

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign implements signing operation

func (*Signer) String

func (s *Signer) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL