kms

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2023 License: MPL-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrDecode = errors.New("error occurred during decode")

ErrDecode represents a decoding error

View Source
var ErrDecrypt = errors.New("error occurred during decrypt")

ErrDecrypt represents a decryption error

View Source
var ErrEncode = errors.New("error occurred during encode")

ErrEncode represents an encoding error

View Source
var ErrEncrypt = errors.New("error occurred during encrypt")

ErrEncrypt represents an encryption error

View Source
var ErrGenKey = errors.New("error occurred during key generation")

ErrGenKey represents a key gen error

View Source
var ErrInvalidParameter = errors.New("invalid parameter")

ErrInvalidParameter represents an invalid parameter error

View Source
var ErrSign = errors.New("error occurred during signing")

ErrSign represents a signing error

View Source
var ErrUnknown = errors.New("unknown error")

ErrUnknown represents an unknown error

Functions

func TestWrapper

func TestWrapper(t testing.TB) wrapping.Wrapper

TestWrapper initializes an AEAD wrapping.Wrapper for testing

Types

type KeyUnwrapCallbackFunc

type KeyUnwrapCallbackFunc func(WrappedKeys) (UnwrappedKeys, error)

KeyUnwrapCallbackFunc is used by OpenSession to unwrap BSR and private keys

type Keys

type Keys struct {
	// WrappedBsrKey is the "bsr key" which is a wrapped AES-GCM key
	WrappedBsrKey *wrapping.KeyInfo

	// WrappedPrivKey is the BSR's wrapped ed25519.PrivateKey
	WrappedPrivKey *wrapping.KeyInfo

	// BsrKey is the plaintext "bsr key" which is an AES-GCM key
	BsrKey *wrapping.KeyInfo

	// PrivKey is the BSR's plaintext ed25519.PrivateKey
	PrivKey *wrapping.KeyInfo

	// PubKey is the BSR's plaintext ed25519.PublicKey
	PubKey *wrapping.KeyInfo

	// PubKeySelfSignature is a self-signature of the BSR's plaintext
	// ed25519.PublicKey created with its ed25519.PrivateKey
	PubKeySelfSignature *wrapping.SigInfo

	// PubKeyBsrSignature is a signature of the BSR's plaintext ed25519.Public
	// key created with the BsrKey (AES-GCM)
	PubKeyBsrSignature *wrapping.SigInfo
	// contains filtered or unexported fields
}

Keys are the keys required/associated with a BSR for crypto operations.

Operations on this type are concurrently safe.

func CreateKeys

func CreateKeys(ctx context.Context, bsrWrapper wrapping.Wrapper, sessionId string, opt ...Option) (*Keys, error)

CreateKeys creates new bsr keys, wrapping and signing keys as required using the provided bsrWrapper. Supported options: WithRandomReader

func (*Keys) SignWithPrivKey

func (k *Keys) SignWithPrivKey(ctx context.Context, msg []byte) (*wrapping.SigInfo, error)

SignWithPrivKey will sign the msg with the BsrKeys.PrivKey (aka the BSR's ed25519.PrivateKey). Typical usage is to sign the BSR's checksums file.

This is a concurrently safe operation.

func (*Keys) UnwrapBsrKey

func (k *Keys) UnwrapBsrKey(ctx context.Context, bsrWrapper wrapping.Wrapper, opt ...Option) (*aead.Wrapper, error)

UnwrapBsrKey will unwrap the bsr key (k.WrappedBsrKey which is an AES-GCM) using the provide bsr kms. The k.BsrKey will be set to the unwrapped key key and returned in the form of an aead.Wrapper

This is a concurrently safe operation.

func (*Keys) UnwrapPrivKey

func (k *Keys) UnwrapPrivKey(ctx context.Context, bsrWrapper wrapping.Wrapper) (ed25519.PrivateKey, error)

UnwrapPrivKey will unwrap the priv key (k.WrappedPrivKey which is an ed25519.PrivateKey) using the provide bsr kms. The k.PrivKey will be set to the unwrapped key and returned in the form of an ed25519.PrivateKey

This is a concurrently safe operation.

func (*Keys) VerifyPubKeyBsrSignature

func (k *Keys) VerifyPubKeyBsrSignature(ctx context.Context, opt ...Option) (bool, error)

VerifyPubKeyBsrSignature will verify the pub key signature created with the bsr key. It will first try to use k.BsrKey, if that's not available it will attempt to unwrap k.WrappedBsrKey and use it for verification. Supported options: WithBsrWrapper which is required if using k.WrappedBsrKey to verify the signature.

This is a concurrently safe operation.

func (*Keys) VerifyPubKeySelfSignature

func (k *Keys) VerifyPubKeySelfSignature(ctx context.Context) (bool, error)

VerifyPubKeySelfSignature will verify the self-signed pub key signature using k.PubKey. Note: this will tell you the signature is correct, but not if the public key is the right key; you want to use VerifyPubKeyBsrSignature(...) for that.

This is a concurrently safe operation.

func (*Keys) VerifySignatureWithBsrKey

func (k *Keys) VerifySignatureWithBsrKey(ctx context.Context, sig *wrapping.SigInfo, msg []byte, opt ...Option) (bool, error)

func (*Keys) VerifySignatureWithPubKey

func (k *Keys) VerifySignatureWithPubKey(ctx context.Context, sig *wrapping.SigInfo, msg []byte) (bool, error)

VerifySignatureWithPubKey will verify a signature using the k.PubKey.

This is a concurrently safe operation.

type MockReader

type MockReader struct {

	// WithMockReadOn determines which read attempt the mock read results should
	// be returned on.
	WithMockReadOn int

	// WithError specifies a mock read result of the specified error
	WithError error

	// WithBytesRead specifies a mock read result of the specified bytes read
	WithBytesRead int

	// Reader is the underlying reader
	Reader io.Reader
	// contains filtered or unexported fields
}

MockReader provides a mock reader for testing

func (*MockReader) Read

func (m *MockReader) Read(p []byte) (n int, err error)

Read implements the mock read operation. Mock values supported: WithBytesRead, WithMockReadOn

type MockWrapper

type MockWrapper struct {
	// Wrapper is the underlying wrapping.Wrapper which is used to provide the
	// mock's default behavior
	Wrapper wrapping.Wrapper

	// WithEncryptErrorOn determines which encrypt attempt the mock encrypt
	// error should be returned on.
	WithEncryptErrorOn int
	// EncryptErr is a mock value to return for the Encrypt(...) operation
	EncryptErr error

	// DecryptErr is a mock value to return for the Decrypt(...) operation
	DecryptErr error

	// KeyIdErr is a mock value to return for the KeyId(...) operation
	KeyIdErr error

	// KeyIdReturned is a mock value to return for the KeyId(...) operation
	KeyIdReturned string

	// WithKeyBytesErrorOn determines which key bytes attempt the mock key bytes
	// error should be returned on.
	WithKeyBytesErrorOn int
	// contains filtered or unexported fields
}

func (*MockWrapper) Decrypt

func (w *MockWrapper) Decrypt(ctx context.Context, ciphertext *wrapping.BlobInfo, options ...wrapping.Option) ([]byte, error)

Decrypt decrypts the given byte slice and stores the resulting information in the returned byte slice. Mock values supported: DecryptErr

func (*MockWrapper) Encrypt

func (w *MockWrapper) Encrypt(ctx context.Context, plaintext []byte, options ...wrapping.Option) (*wrapping.BlobInfo, error)

Encrypt encrypts the given byte slice. Mock values supported: EncryptErr and WithEncryptErrorOn

func (*MockWrapper) KeyId

func (w *MockWrapper) KeyId(ctx context.Context) (string, error)

KeyId is the id of the key currently used for encryption operations. Mock values supported: KeyIdErr, KeyIdReturned

func (*MockWrapper) SetConfig

func (w *MockWrapper) SetConfig(ctx context.Context, options ...wrapping.Option) (*wrapping.WrapperConfig, error)

SetConfig applies the given options to a wrapper and returns configuration information. No mock values supported.

func (*MockWrapper) Type

Type of the wrapper. No mock values supported

type Option

type Option func(*options)

Option - how Options are passed as arguments

func WithBsrWrapper

func WithBsrWrapper(w wrapping.Wrapper) Option

WithBsrWrapper sets the external Bsr wrapper for a KMS

func WithRandomReader

func WithRandomReader(randomReader io.Reader) Option

WithRandomReader(...) option allows an optional random reader to be provided. By default the reader from crypto/rand will be used.

type UnwrappedKeys

type UnwrappedKeys struct {
	BsrKey  *wrapping.KeyInfo
	PrivKey *wrapping.KeyInfo
}

Unwrapped keys contains the unwrapped BSR and priv keys

type WrappedKeys

type WrappedKeys struct {
	WrappedBsrKey  *wrapping.KeyInfo
	WrappedPrivKey *wrapping.KeyInfo
}

WrappedKeys contains the wrapped BSR and priv keys

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL