platform

package
v0.0.1-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 4, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidKeyChainCN       = errors.New("keychain: invalid configuration, missing CN")
	ErrInvalidPlatformKeyStore = errors.New("keychain: invalid platform key store")
)

Functions

This section is empty.

Types

type KeyChain

type KeyChain struct {
	keystore.KeyStorer
	// contains filtered or unexported fields
}

The KeyChain provides access to all of the underlying Key Store Modules through a common API that abstracts away the implementation details of the underlying store. The KeyChain also implements the key store interface itself, using the StoreType property in the KeyAttributes to route the operation to the correct Key Store Module.

func NewKeyChain

func NewKeyChain(
	logger *logging.Logger,
	debugSecrets bool,
	rootDir string,
	random io.Reader,
	config *KeyChainConfig,
	keyBackend keystore.KeyBackend,
	blobStore blob.BlobStorer,
	signerStore keystore.SignerStorer,
	tpm tpm2.TrustedPlatformModule,
	platformKS tpm2ks.PlatformKeyStorer,
	soPIN keystore.Password,
	userPIN keystore.Password) (keychain *KeyChain, err error)

Generates a new keychain using the provided configuration to instantiate the underlying key store modules.

func (*KeyChain) Close

func (keychain *KeyChain) Close()

Calls close on each of the key stores and deletes the store from the internal store map.

func (*KeyChain) Decrypter

func (keychain *KeyChain) Decrypter(
	attrs *keystore.KeyAttributes) (crypto.Decrypter, error)

Returns a crypto.Decrypter for the provided key attributes

func (*KeyChain) Delete

func (keychain *KeyChain) Delete(attrs *keystore.KeyAttributes) error

Deletes the key pair associated with the provided key attributes

func (*KeyChain) GenerateECDSA

func (keychain *KeyChain) GenerateECDSA(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns an ECDSA OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.

func (*KeyChain) GenerateEd25519

func (keychain *KeyChain) GenerateEd25519(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns an Ed25519 OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.

func (*KeyChain) GenerateKey

func (keychain *KeyChain) GenerateKey(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Generates a new key pair using the provided key attributes and returns an OpaqueKey implementing crypto.Signer and crypto.Decrypter backed by the underlying Key Store Module.

func (*KeyChain) GenerateRSA

func (keychain *KeyChain) GenerateRSA(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns a RSA OpaqueKey for the provided key attributes. The underlying Key Store Module must support the algorithm.

func (*KeyChain) Key

func (keychain *KeyChain) Key(
	attrs *keystore.KeyAttributes) (keystore.OpaqueKey, error)

Returns an OpaqueKey for the provided key attributes

func (*KeyChain) PKCS11

func (keychain *KeyChain) PKCS11() keystore.KeyStorer

Returns the PKCS #11 key store

func (*KeyChain) PKCS8

func (keychain *KeyChain) PKCS8() keystore.KeyStorer

Returns the PKCS #8 key store

func (*KeyChain) Password

func (keychain *KeyChain) Password(
	attrs *keystore.KeyAttributes) (keystore.Password, error)

Returns a sealed key password from the TPM using the platform PCR authorization policy. The returned secret object performs just-in-time retrieval using a PCR session policy instead of caching it on the heap. If the key doesn't have any data sealed, ErrPasswordRequired is returned so the password may be provided by the user.

func (*KeyChain) Signer

func (keychain *KeyChain) Signer(
	attrs *keystore.KeyAttributes) (crypto.Signer, error)

Returns a crypto.Signer for the provided key attributes

func (*KeyChain) Stores

func (keychain *KeyChain) Stores() []keystore.KeyStorer

Returns the configured key stores in the key chain

func (*KeyChain) TPM2

func (keychain *KeyChain) TPM2() keystore.KeyStorer

Returns the TPM 2.0 key store

func (*KeyChain) Verifier

func (keychain *KeyChain) Verifier(
	attrs *keystore.KeyAttributes,
	opts *keystore.VerifyOpts) keystore.Verifier

Returns a software runtime verifier to perform signature verifications. The verifier supports RSA PKCS1v15, RSA-PSS, ECDSA, and Ed25519.

type KeyChainConfig

type KeyChainConfig struct {
	CN           string               `yaml:"cn" json:"cn" mapstructure:"cn"`
	PKCS8Config  *pkcs8.Config        `yaml:"pkcs8" json:"pkcs8" mapstructure:"pkcs8"`
	PKCS11Config *pkcs11.Config       `yaml:"pkcs11" json:"pkcs11" mapstructure:"pkcs11"`
	TPMConfig    *tpm2.KeyStoreConfig `yaml:"tpm2" json:"tpm2" mapstructure:"tpm2"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL