secret_disclosure

package

v0.0.0-...-b5aa0b6 Latest Latest Go to latest Published: Aug 30, 2017 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jlmucb/cloudproxy

Links

Open Source Insights

README ¶

This library contains functions which create, interpret and verify key disclosure directives (typically signed by a policy key) of the form policy-key says ProgramName can read secretName, epoch.

Documentation ¶

Overview ¶

Package secret_disclosure is a generated protocol buffer package.

It is generated from these files:

directive.proto

It has these top-level messages:

DirectiveMessage

Index ¶

Constants
Variables
func ProcessDirectiveAndUpdateGuard(domain *tao.Domain, directive *DirectiveMessage) error
func VerifySecretDisclosureDirective(policyKey *tao.Keys, directive *DirectiveMessage) (*auth.Prin, *auth.Prin, *string, *po.ObjectIdMessage, error)
type DirectiveMessage
- func CreateSecretDisclosureDirective(key *tao.Keys, delegator, delegate *auth.Prin, predicate string, ...) (*DirectiveMessage, error)
type DirectiveMessageDirectiveType

Constants ¶

View Source

const (
	SigningContext  = "Policy Secret Disclosure Directive Signature"
	ReadPredicate   = "Read"
	WritePredicate  = "Write"
	CreatePredicate = "Create"
	DeletePredicate = "Delete"
	OwnPredicate    = "Own"
)

Variables ¶

View Source

var DirectiveMessageDirectiveType_name = map[int32]string{
	1: "SECRET_DISCLOSURE",
}

View Source

var DirectiveMessageDirectiveType_value = map[string]int32{
	"SECRET_DISCLOSURE": 1,
}

Functions ¶

func ProcessDirectiveAndUpdateGuard ¶

func ProcessDirectiveAndUpdateGuard(domain *tao.Domain, directive *DirectiveMessage) error

func VerifySecretDisclosureDirective ¶

func VerifySecretDisclosureDirective(policyKey *tao.Keys, directive *DirectiveMessage) (*auth.Prin,
	*auth.Prin, *string, *po.ObjectIdMessage, error)

This function performs the following checks on a secret disclosure directive. (1) the directive signature is valid with respect to signerKey of directive (2) Either

policyKey matches the signerKey of directive
directive cert is a valid program cert (signed by policyKey) certifying the signerKey of directive as belonging to 'delegator'

(3) the directive message is a statement of the form:

    'policyKey/'delegator' says delegate can read protectedObjectId'
where delegate is a Tao Principal and protectedObjectId is a (serialized) protected
object message id.

Types ¶

type DirectiveMessage ¶

type DirectiveMessage struct {
	Type *DirectiveMessageDirectiveType `protobuf:"varint,1,opt,name=type,enum=secret_disclosure.DirectiveMessageDirectiveType" json:"type,omitempty"`
	// A serialized statement. This is serialized using cloudproxy/tao/auth.Marshal().
	//
	// The statement corresponding to type "key_disclosure" must be of the form:
	// policy_key says program_name can read (secret_name, epoch).
	SerializedStatement []byte `protobuf:"bytes,2,opt,name=serialized_statement" json:"serialized_statement,omitempty"`
	// The signer's public key principal, encoded using clouddproxy/tao/auth.Marshal().
	Signer []byte `protobuf:"bytes,3,opt,name=signer" json:"signer,omitempty"`
	// Signature over the serialized statement.
	Signature []byte `protobuf:"bytes,4,opt,name=signature" json:"signature,omitempty"`
	// Program certificate, to be used in case signer is a program key.
	Cert             []byte `protobuf:"bytes,5,opt,name=cert" json:"cert,omitempty"`
	XXX_unrecognized []byte `json:"-"`
}

func CreateSecretDisclosureDirective ¶

func CreateSecretDisclosureDirective(key *tao.Keys, delegator, delegate *auth.Prin,
	predicate string, protectedObjId *po.ObjectIdMessage) (*DirectiveMessage, error)

This function returns a secret disclosure directive signed by key with the statement: 'delegator says delegate predicate protectedObjectId'.

func (*DirectiveMessage) Descriptor ¶

func (*DirectiveMessage) Descriptor() ([]byte, []int)

func (*DirectiveMessage) GetCert ¶

func (m *DirectiveMessage) GetCert() []byte

func (*DirectiveMessage) GetSerializedStatement ¶

func (m *DirectiveMessage) GetSerializedStatement() []byte

func (*DirectiveMessage) GetSignature ¶

func (m *DirectiveMessage) GetSignature() []byte

func (*DirectiveMessage) GetSigner ¶

func (m *DirectiveMessage) GetSigner() []byte

func (*DirectiveMessage) GetType ¶

func (m *DirectiveMessage) GetType() DirectiveMessageDirectiveType

func (*DirectiveMessage) ProtoMessage ¶

func (*DirectiveMessage) ProtoMessage()

func (*DirectiveMessage) Reset ¶

func (m *DirectiveMessage) Reset()

func (*DirectiveMessage) String ¶

func (m *DirectiveMessage) String() string

type DirectiveMessageDirectiveType ¶

type DirectiveMessageDirectiveType int32

As of now, the only type supported is "secret_disclosure".

const (
	DirectiveMessage_SECRET_DISCLOSURE DirectiveMessageDirectiveType = 1
)

func (DirectiveMessageDirectiveType) Enum ¶

func (x DirectiveMessageDirectiveType) Enum() *DirectiveMessageDirectiveType

func (DirectiveMessageDirectiveType) EnumDescriptor ¶

func (DirectiveMessageDirectiveType) EnumDescriptor() ([]byte, []int)

func (DirectiveMessageDirectiveType) String ¶

func (x DirectiveMessageDirectiveType) String() string

func (*DirectiveMessageDirectiveType) UnmarshalJSON ¶

func (x *DirectiveMessageDirectiveType) UnmarshalJSON(data []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL