Documentation ¶
Index ¶
- Variables
- func TestWrapper(t testing.TB) wrapping.Wrapper
- type KeyUnwrapCallbackFunc
- type Keys
- func (k *Keys) SignWithPrivKey(ctx context.Context, msg []byte) (*wrapping.SigInfo, error)
- func (k *Keys) UnwrapBsrKey(ctx context.Context, bsrWrapper wrapping.Wrapper, opt ...Option) (*aead.Wrapper, error)
- func (k *Keys) UnwrapPrivKey(ctx context.Context, bsrWrapper wrapping.Wrapper) (ed25519.PrivateKey, error)
- func (k *Keys) VerifyPubKeyBsrSignature(ctx context.Context, opt ...Option) (bool, error)
- func (k *Keys) VerifyPubKeySelfSignature(ctx context.Context) (bool, error)
- func (k *Keys) VerifySignatureWithBsrKey(ctx context.Context, sig *wrapping.SigInfo, msg []byte, opt ...Option) (bool, error)
- func (k *Keys) VerifySignatureWithPubKey(ctx context.Context, sig *wrapping.SigInfo, msg []byte) (bool, error)
- type MockReader
- type MockWrapper
- func (w *MockWrapper) Decrypt(ctx context.Context, ciphertext *wrapping.BlobInfo, options ...wrapping.Option) ([]byte, error)
- func (w *MockWrapper) Encrypt(ctx context.Context, plaintext []byte, options ...wrapping.Option) (*wrapping.BlobInfo, error)
- func (w *MockWrapper) KeyId(ctx context.Context) (string, error)
- func (w *MockWrapper) SetConfig(ctx context.Context, options ...wrapping.Option) (*wrapping.WrapperConfig, error)
- func (w *MockWrapper) Type(ctx context.Context) (wrapping.WrapperType, error)
- type Option
- type UnwrappedKeys
- type WrappedKeys
Constants ¶
This section is empty.
Variables ¶
var ErrDecode = errors.New("error occurred during decode")
ErrDecode represents a decoding error
var ErrDecrypt = errors.New("error occurred during decrypt")
ErrDecrypt represents a decryption error
var ErrEncode = errors.New("error occurred during encode")
ErrEncode represents an encoding error
var ErrEncrypt = errors.New("error occurred during encrypt")
ErrEncrypt represents an encryption error
var ErrGenKey = errors.New("error occurred during key generation")
ErrGenKey represents a key gen error
var ErrInvalidParameter = errors.New("invalid parameter")
ErrInvalidParameter represents an invalid parameter error
var ErrSign = errors.New("error occurred during signing")
ErrSign represents a signing error
var ErrUnknown = errors.New("unknown error")
ErrUnknown represents an unknown error
Functions ¶
Types ¶
type KeyUnwrapCallbackFunc ¶
type KeyUnwrapCallbackFunc func(WrappedKeys) (UnwrappedKeys, error)
KeyUnwrapCallbackFunc is used by OpenSession to unwrap BSR and private keys
type Keys ¶
type Keys struct { // WrappedBsrKey is the "bsr key" which is a wrapped AES-GCM key WrappedBsrKey *wrapping.KeyInfo // WrappedPrivKey is the BSR's wrapped ed25519.PrivateKey WrappedPrivKey *wrapping.KeyInfo // BsrKey is the plaintext "bsr key" which is an AES-GCM key BsrKey *wrapping.KeyInfo // PrivKey is the BSR's plaintext ed25519.PrivateKey PrivKey *wrapping.KeyInfo // PubKey is the BSR's plaintext ed25519.PublicKey PubKey *wrapping.KeyInfo // PubKeySelfSignature is a self-signature of the BSR's plaintext // ed25519.PublicKey created with its ed25519.PrivateKey PubKeySelfSignature *wrapping.SigInfo // PubKeyBsrSignature is a signature of the BSR's plaintext ed25519.Public // key created with the BsrKey (AES-GCM) PubKeyBsrSignature *wrapping.SigInfo // contains filtered or unexported fields }
Keys are the keys required/associated with a BSR for crypto operations.
Operations on this type are concurrently safe.
func CreateKeys ¶
func CreateKeys(ctx context.Context, bsrWrapper wrapping.Wrapper, sessionId string, opt ...Option) (*Keys, error)
CreateKeys creates new bsr keys, wrapping and signing keys as required using the provided bsrWrapper. Supported options: WithRandomReader
func (*Keys) SignWithPrivKey ¶
SignWithPrivKey will sign the msg with the BsrKeys.PrivKey (aka the BSR's ed25519.PrivateKey). Typical usage is to sign the BSR's checksums file.
This is a concurrently safe operation.
func (*Keys) UnwrapBsrKey ¶
func (k *Keys) UnwrapBsrKey(ctx context.Context, bsrWrapper wrapping.Wrapper, opt ...Option) (*aead.Wrapper, error)
UnwrapBsrKey will unwrap the bsr key (k.WrappedBsrKey which is an AES-GCM) using the provide bsr kms. The k.BsrKey will be set to the unwrapped key key and returned in the form of an aead.Wrapper
This is a concurrently safe operation.
func (*Keys) UnwrapPrivKey ¶
func (k *Keys) UnwrapPrivKey(ctx context.Context, bsrWrapper wrapping.Wrapper) (ed25519.PrivateKey, error)
UnwrapPrivKey will unwrap the priv key (k.WrappedPrivKey which is an ed25519.PrivateKey) using the provide bsr kms. The k.PrivKey will be set to the unwrapped key and returned in the form of an ed25519.PrivateKey
This is a concurrently safe operation.
func (*Keys) VerifyPubKeyBsrSignature ¶
VerifyPubKeyBsrSignature will verify the pub key signature created with the bsr key. It will first try to use k.BsrKey, if that's not available it will attempt to unwrap k.WrappedBsrKey and use it for verification. Supported options: WithBsrWrapper which is required if using k.WrappedBsrKey to verify the signature.
This is a concurrently safe operation.
func (*Keys) VerifyPubKeySelfSignature ¶
VerifyPubKeySelfSignature will verify the self-signed pub key signature using k.PubKey. Note: this will tell you the signature is correct, but not if the public key is the right key; you want to use VerifyPubKeyBsrSignature(...) for that.
This is a concurrently safe operation.
func (*Keys) VerifySignatureWithBsrKey ¶
type MockReader ¶
type MockReader struct { // WithMockReadOn determines which read attempt the mock read results should // be returned on. WithMockReadOn int // WithError specifies a mock read result of the specified error WithError error // WithBytesRead specifies a mock read result of the specified bytes read WithBytesRead int // Reader is the underlying reader Reader io.Reader // contains filtered or unexported fields }
MockReader provides a mock reader for testing
type MockWrapper ¶
type MockWrapper struct { // Wrapper is the underlying wrapping.Wrapper which is used to provide the // mock's default behavior Wrapper wrapping.Wrapper // WithEncryptErrorOn determines which encrypt attempt the mock encrypt // error should be returned on. WithEncryptErrorOn int // EncryptErr is a mock value to return for the Encrypt(...) operation EncryptErr error // DecryptErr is a mock value to return for the Decrypt(...) operation DecryptErr error // KeyIdErr is a mock value to return for the KeyId(...) operation KeyIdErr error // KeyIdReturned is a mock value to return for the KeyId(...) operation KeyIdReturned string // WithKeyBytesErrorOn determines which key bytes attempt the mock key bytes // error should be returned on. WithKeyBytesErrorOn int // contains filtered or unexported fields }
func (*MockWrapper) Decrypt ¶
func (w *MockWrapper) Decrypt(ctx context.Context, ciphertext *wrapping.BlobInfo, options ...wrapping.Option) ([]byte, error)
Decrypt decrypts the given byte slice and stores the resulting information in the returned byte slice. Mock values supported: DecryptErr
func (*MockWrapper) Encrypt ¶
func (w *MockWrapper) Encrypt(ctx context.Context, plaintext []byte, options ...wrapping.Option) (*wrapping.BlobInfo, error)
Encrypt encrypts the given byte slice. Mock values supported: EncryptErr and WithEncryptErrorOn
func (*MockWrapper) KeyId ¶
func (w *MockWrapper) KeyId(ctx context.Context) (string, error)
KeyId is the id of the key currently used for encryption operations. Mock values supported: KeyIdErr, KeyIdReturned
func (*MockWrapper) SetConfig ¶
func (w *MockWrapper) SetConfig(ctx context.Context, options ...wrapping.Option) (*wrapping.WrapperConfig, error)
SetConfig applies the given options to a wrapper and returns configuration information. No mock values supported.
func (*MockWrapper) Type ¶
func (w *MockWrapper) Type(ctx context.Context) (wrapping.WrapperType, error)
Type of the wrapper. No mock values supported
type Option ¶
type Option func(*options)
Option - how Options are passed as arguments
func WithBsrWrapper ¶
WithBsrWrapper sets the external Bsr wrapper for a KMS
func WithRandomReader ¶
WithRandomReader(...) option allows an optional random reader to be provided. By default the reader from crypto/rand will be used.
type UnwrappedKeys ¶
Unwrapped keys contains the unwrapped BSR and priv keys