secure

package
v0.0.0-...-e93e28f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2019 License: Apache-2.0 Imports: 9 Imported by: 0

README

secure

Package secure encrypting/decrypting the message body.

Usage

import "github.com/henrylee2cn/teleport/plugin/secure"

Ciphertext struct:

package secure_test

import (
	"testing"
	"time"

	tp "github.com/henrylee2cn/teleport"
	"github.com/henrylee2cn/teleport/plugin/secure"
)

type Arg struct {
	A int
	B int
}

type Result struct {
	C int
}

type math struct{ tp.CallCtx }

func (m *math) Add(arg *Arg) (*Result, *tp.Rerror) {
	// enforces the body of the encrypted reply message.
	// secure.EnforceSecure(m.Output())

	return &Result{C: arg.A + arg.B}, nil
}

func newSession(t *testing.T) tp.Session {
	p := secure.NewSecurePlugin(100001, "cipherkey1234567")
	srv := tp.NewPeer(tp.PeerConfig{
		ListenPort:  9090,
		PrintDetail: true,
	})
	srv.RouteCall(new(math), p)
	go srv.ListenAndServe()
	time.Sleep(time.Second)

	cli := tp.NewPeer(tp.PeerConfig{
		PrintDetail: true,
	}, p)
	sess, err := cli.Dial(":9090")
	if err != nil {
		t.Fatal(err)
	}
	return sess
}

func TestSecurePlugin(t *testing.T) {
	sess := newSession(t)
	// test secure
	var result Result
	rerr := sess.Call(
		"/math/add",
		&Arg{A: 10, B: 2},
		&result,
		secure.WithSecureMeta(),
		// secure.WithAcceptSecureMeta(false),
	).Rerror()
	if rerr != nil {
		t.Fatal(rerr)
	}
	if result.C != 12 {
		t.Fatalf("expect 12, but get %d", result.C)
	}
	t.Logf("test secure10+2=%d", result.C)
}

func TestAcceptSecurePlugin(t *testing.T) {
	sess := newSession(t)
	// test accept secure
	var result Result
	rerr := sess.Call(
		"/math/add",
		&Arg{A: 20, B: 4},
		&result,
		secure.WithAcceptSecureMeta(true),
	).Rerror()
	if rerr != nil {
		t.Fatal(rerr)
	}
	if result.C != 24 {
		t.Fatalf("expect 24, but get %d", result.C)
	}
	t.Logf("test accept secure: 20+4=%d", result.C)
}

test command:

go test -v -run=TestSecurePlugin
go test -v -run=TestAcceptSecurePlugin

Documentation

Overview

Package secure encrypting/decrypting the message body.

Copyright 2018 HenryLee. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package secure is a generated protocol buffer package.

It is generated from these files:
	secure.proto

It has these top-level messages:
	Encrypt

Index

Constants

View Source
const (
	// SECURE_META_KEY if the metadata is true, perform encryption operation to the body.
	SECURE_META_KEY = "X-Secure" // value: true/false
	// ACCEPT_SECURE_META_KEY if the metadata is true, perform encryption operation to the body.
	ACCEPT_SECURE_META_KEY = "X-Accept-Secure" // value: true/false
)
View Source
const (
	// CIPHERVERSION_KEY cipherkey version
	CIPHERVERSION_KEY = "cipherversion"
	// CIPHERTEXT_KEY ciphertext content
	CIPHERTEXT_KEY = "ciphertext"
)

Variables

View Source
var (
	ErrInvalidLengthSecure = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowSecure   = fmt.Errorf("proto: integer overflow")
)

Functions

func EnforceSecure

func EnforceSecure(output *tp.Message)

EnforceSecure enforces the body of the encrypted reply message. NOTE: requires that the secure plugin has been registered!

func NewSecurePlugin

func NewSecurePlugin(rerrCode int32, cipherkey string) tp.Plugin

NewSecurePlugin creates a AES encryption/decryption plugin. The cipherkey argument should be the AES key, either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.

func WithAcceptSecureMeta

func WithAcceptSecureMeta(accept bool) tp.MessageSetting

WithAcceptSecureMeta requires the peer to encrypt the replying body. NOTE: requires that the secure plugin has been registered!

func WithSecureMeta

func WithSecureMeta() tp.MessageSetting

WithSecureMeta encrypts the body of the current message. NOTE: requires that the secure plugin has been registered!

Types

type Encrypt

type Encrypt struct {
	Cipherversion string `protobuf:"bytes,1,opt,name=cipherversion,proto3" json:"cipherversion,omitempty"`
	Ciphertext    string `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
}

func (*Encrypt) Descriptor

func (*Encrypt) Descriptor() ([]byte, []int)

func (*Encrypt) GetCiphertext

func (m *Encrypt) GetCiphertext() string

func (*Encrypt) GetCipherversion

func (m *Encrypt) GetCipherversion() string

func (*Encrypt) Marshal

func (m *Encrypt) Marshal() (dAtA []byte, err error)

func (*Encrypt) MarshalTo

func (m *Encrypt) MarshalTo(dAtA []byte) (int, error)

func (*Encrypt) ProtoMessage

func (*Encrypt) ProtoMessage()

func (*Encrypt) Reset

func (m *Encrypt) Reset()

func (*Encrypt) Size

func (m *Encrypt) Size() (n int)

func (*Encrypt) String

func (m *Encrypt) String() string

func (*Encrypt) Unmarshal

func (m *Encrypt) Unmarshal(dAtA []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL