edv

package module
v0.0.0-...-64dd8ac Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 17 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BatchCrypto 

type BatchCrypto struct {
	// contains filtered or unexported fields
}

BatchCrypto is used for computing all EDV cryptos.

func NewBatchCrypto 

func NewBatchCrypto(macKH, kwKH interface{}, performanceCrypto PerfCrypto) *BatchCrypto

NewBatchCrypto compute MACs and EDV encrypt payloads.

func (*BatchCrypto) ComputeCrypto 

func (e *BatchCrypto) ComputeCrypto(req *BatchCryptoPayload) (*BatchCryptoPayload, error)

ComputeCrypto computes all the MACs and EDV encryptions necessary by a KMS instance.

type BatchCryptoPayload 

type BatchCryptoPayload struct {
	Prefix     string    `json:"Prefix,omitempty"`
	DocID      string    `json:"DocID"`
	DocTags    []spi.Tag `json:"DocTags,omitempty"`
	DocPayload string    `json:"DocPayload"`
}

BatchCryptoPayload struct represents a type that contains tags and document payloads for MACs and EDV encryption.

type EncryptedFormatter 

type EncryptedFormatter struct {
	// contains filtered or unexported fields
}

EncryptedFormatter formats data for use with an Encrypted Data Vault.

func NewEncryptedFormatter 

func NewEncryptedFormatter(jweEncrypter jose.Encrypter, jweDecrypter jose.Decrypter, macCrypto *MACCrypto,
	options ...EncryptedFormatterOption) *EncryptedFormatter

NewEncryptedFormatter returns a new instance of an EncryptedFormatter.

func (*EncryptedFormatter) Deformat 

func (e *EncryptedFormatter) Deformat(_ string, formattedValue []byte, _ ...spi.Tag) (string, []byte,
	[]spi.Tag, error)

Deformat takes formattedValue (which is expected to be a marshalled encrypted document produced by the Format function above), and returns the unformatted key, value and tags which are all contained in formattedValue. The unformatted key and tags must come from the encrypted document (formatted value) since they cannot be cannot be derived from the formatted key and tags, respectively.

func (*EncryptedFormatter) Format 

func (e *EncryptedFormatter) Format(key string, value []byte, tags ...spi.Tag) (string, []byte, []spi.Tag, error)

Format returns formatted versions of key, value and tags in the following ways: For the formatted key (string): If this EncryptedFormatter was initialized with the WithDeterministicDocumentIDs option, then the formatted key (document ID) will be generated in a deterministic way that allows it to be derived from the unformatted key. Otherwise, the document ID is generated in a random manner. For the formatted value ([]byte): This will be a marshalled EDV encrypted document based on the unformatted key, value and tags. For the formatted tags ([]spi.Tag): The tag names and values are converted to the same format that EDV encrypted indexes use. and tags turns key into an EDV-compatible document ID, turns tag names and values into the format needed for EDV encrypted indexes, and turns key + value + tags into an encrypted document, which is then returned as the formatted value from this function.

func (*EncryptedFormatter) UsesDeterministicKeyFormatting 

func (e *EncryptedFormatter) UsesDeterministicKeyFormatting() bool

UsesDeterministicKeyFormatting indicates whether this encrypted formatter will produce deterministic or random document IDs. See the WithDeterministicDocumentIDs option near the top of this file for more information.

type EncryptedFormatterOption 

type EncryptedFormatterOption func(opts *EncryptedFormatter)

EncryptedFormatterOption allows for configuration of an EncryptedFormatter.

func WithDeterministicDocumentIDs 

func WithDeterministicDocumentIDs() EncryptedFormatterOption

WithDeterministicDocumentIDs indicates whether the document IDs produced by this formatter can be deterministically derived (using an HMAC function) from the unformatted keys. Having deterministic document IDs allows the EDV REST storage provider (and the more general formatted storage provider wrapper in the storageutil module) to operate faster. Per the Confidential Storage specification, document IDs are supposed to be randomly generated. Other than the randomness aspect, the document IDs produced by this formatter with this optimization enabled are still in the correct format: Base58-encoded 128-bit values. This means that they should still be valid in any EDV server, since it's impossible for any EDV server to determine whether our IDs are random anyway.

func WithEDVBatchCrypto 

func WithEDVBatchCrypto(batchCrypto *BatchCrypto) EncryptedFormatterOption

WithEDVBatchCrypto adds support for executing MAC/JWE encryption and KeyWrapping in 1 batch call on a remote KMS server. If set, then the default Encryption and MACCrypto calls during format() will not be executed locally. BatchCrypto handles these operations instead.

type MACCrypto 

type MACCrypto struct {
	// contains filtered or unexported fields
}

MACCrypto is used for computing MACs.

func NewMACCrypto 

func NewMACCrypto(kh interface{}, macDigester MACDigester) *MACCrypto

NewMACCrypto returns a new instance of a MACCrypto.

func (*MACCrypto) ComputeMAC 

func (m *MACCrypto) ComputeMAC(data []byte) ([]byte, error)

ComputeMAC computes a MAC for data using a matching MAC primitive in kh.

type MACDigester 

type MACDigester interface {
	ComputeMAC(data []byte, kh interface{}) ([]byte, error)
}

MACDigester represents a type that can compute MACs.

type PerfCrypto 

type PerfCrypto interface {
	BatchCrypto(req *BatchCryptoPayload, macKH, encKH interface{}) (*BatchCryptoPayload, error)
}

PerfCrypto is used for computing all MAC and JWE encryption+KW in one call for performance optimization.

type RESTProvider 

type RESTProvider struct {
	// contains filtered or unexported fields
}

RESTProvider is a spi.Provider that can be used to store data in a server supporting the data vault HTTP API as defined in https://identity.foundation/confidential-storage/#http-api.

func NewRESTProvider 

func NewRESTProvider(edvServerURL, vaultID string, formatter *EncryptedFormatter,
	options ...RESTProviderOption) *RESTProvider

NewRESTProvider returns a new RESTProvider. edvServerURL is the base URL for the EDV server. vaultID is the ID of the vault where this provider will store data. The vault must be created in advance, and since the EDV REST API does not provide a method to check if a vault with a given ID exists, any errors due to a non-existent vault will be deferred until calls are actually made to it in the store.

func (*RESTProvider) Close 

func (r *RESTProvider) Close() error

Close always returns a nil error since there's nothing to close for a RESTProvider.

func (*RESTProvider) GetOpenStores 

func (r *RESTProvider) GetOpenStores() []spi.Store

GetOpenStores returns all currently open stores.

func (*RESTProvider) GetStoreConfig 

func (r *RESTProvider) GetStoreConfig(name string) (spi.StoreConfiguration, error)

GetStoreConfig returns the store configuration currently stored in memory.

func (*RESTProvider) OpenStore 

func (r *RESTProvider) OpenStore(name string) (spi.Store, error)

OpenStore opens a new RESTStore, using name as the namespace.

func (*RESTProvider) SetStoreConfig 

func (r *RESTProvider) SetStoreConfig(name string, config spi.StoreConfiguration) error

SetStoreConfig isn't needed for EDV storage, since indexes are managed by the server automatically based on the tags used in values. This method simply stores the configuration in memory so that it can be retrieved later via the GetStoreConfig method, which allows it to be more consistent with how other store implementations work. TODO (#2492) Store store config in persistent EDV storage for true consistency with other store implementations.

type RESTProviderOption 

type RESTProviderOption func(opts *RESTProvider)

RESTProviderOption allows for configuration of a RESTProvider.

func WithBatchEndpointExtension 

func WithBatchEndpointExtension() RESTProviderOption

WithBatchEndpointExtension option is a performance optimization that allows for restStore.Batch to only require one REST call. The EDV server that this RESTProvider connects to must support the TrustBloc EDV server extension as defined here: https://github.com/trustbloc/edv/blob/main/docs/extensions.md#batch-endpoint.

func WithFullDocumentsReturnedFromQueries 

func WithFullDocumentsReturnedFromQueries() RESTProviderOption

WithFullDocumentsReturnedFromQueries option is a performance optimization that speeds up queries by getting full documents from the EDV server instead of only document locations - each of which would require a separate REST call to retrieve. The EDV server that this RESTProvider connects to must support the TrustBloc EDV server extension as defined here: https://github.com/trustbloc/edv/blob/main/docs/extensions.md#return-full-documents-on-query.

func WithHeaders 

func WithHeaders(addHeadersFunc addHeaders) RESTProviderOption

WithHeaders option is for setting additional http request headers (since it's a function, it can call a remote authorization server to fetch the necessary info needed in these headers).

func WithTLSConfig 

func WithTLSConfig(tlsConfig *tls.Config) RESTProviderOption

WithTLSConfig is an option that allows for the definition of a secured HTTP transport using a tls.Config instance.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.