Documentation ¶
Overview ¶
Package secret_disclosure is a generated protocol buffer package.
It is generated from these files:
directive.proto
It has these top-level messages:
DirectiveMessage
Index ¶
- Constants
- Variables
- func ProcessDirectiveAndUpdateGuard(domain *tao.Domain, directive *DirectiveMessage) error
- func VerifySecretDisclosureDirective(policyKey *tao.Keys, directive *DirectiveMessage) (*auth.Prin, *auth.Prin, *string, *po.ObjectIdMessage, error)
- type DirectiveMessage
- func (*DirectiveMessage) Descriptor() ([]byte, []int)
- func (m *DirectiveMessage) GetCert() []byte
- func (m *DirectiveMessage) GetSerializedStatement() []byte
- func (m *DirectiveMessage) GetSignature() []byte
- func (m *DirectiveMessage) GetSigner() []byte
- func (m *DirectiveMessage) GetType() DirectiveMessageDirectiveType
- func (*DirectiveMessage) ProtoMessage()
- func (m *DirectiveMessage) Reset()
- func (m *DirectiveMessage) String() string
- type DirectiveMessageDirectiveType
Constants ¶
View Source
const ( SigningContext = "Policy Secret Disclosure Directive Signature" ReadPredicate = "Read" WritePredicate = "Write" CreatePredicate = "Create" DeletePredicate = "Delete" OwnPredicate = "Own" )
Variables ¶
View Source
var DirectiveMessageDirectiveType_name = map[int32]string{
1: "SECRET_DISCLOSURE",
}
View Source
var DirectiveMessageDirectiveType_value = map[string]int32{
"SECRET_DISCLOSURE": 1,
}
Functions ¶
func ProcessDirectiveAndUpdateGuard ¶
func ProcessDirectiveAndUpdateGuard(domain *tao.Domain, directive *DirectiveMessage) error
func VerifySecretDisclosureDirective ¶
func VerifySecretDisclosureDirective(policyKey *tao.Keys, directive *DirectiveMessage) (*auth.Prin, *auth.Prin, *string, *po.ObjectIdMessage, error)
This function performs the following checks on a secret disclosure directive. (1) the directive signature is valid with respect to signerKey of directive (2) Either
- policyKey matches the signerKey of directive
- directive cert is a valid program cert (signed by policyKey) certifying the signerKey of directive as belonging to 'delegator'
(3) the directive message is a statement of the form:
'policyKey/'delegator' says delegate can read protectedObjectId' where delegate is a Tao Principal and protectedObjectId is a (serialized) protected object message id.
Types ¶
type DirectiveMessage ¶
type DirectiveMessage struct { Type *DirectiveMessageDirectiveType `protobuf:"varint,1,opt,name=type,enum=secret_disclosure.DirectiveMessageDirectiveType" json:"type,omitempty"` // A serialized statement. This is serialized using cloudproxy/tao/auth.Marshal(). // // The statement corresponding to type "key_disclosure" must be of the form: // policy_key says program_name can read (secret_name, epoch). SerializedStatement []byte `protobuf:"bytes,2,opt,name=serialized_statement" json:"serialized_statement,omitempty"` // The signer's public key principal, encoded using clouddproxy/tao/auth.Marshal(). Signer []byte `protobuf:"bytes,3,opt,name=signer" json:"signer,omitempty"` // Signature over the serialized statement. Signature []byte `protobuf:"bytes,4,opt,name=signature" json:"signature,omitempty"` // Program certificate, to be used in case signer is a program key. Cert []byte `protobuf:"bytes,5,opt,name=cert" json:"cert,omitempty"` XXX_unrecognized []byte `json:"-"` }
func CreateSecretDisclosureDirective ¶
func CreateSecretDisclosureDirective(key *tao.Keys, delegator, delegate *auth.Prin, predicate string, protectedObjId *po.ObjectIdMessage) (*DirectiveMessage, error)
This function returns a secret disclosure directive signed by key with the statement: 'delegator says delegate predicate protectedObjectId'.
func (*DirectiveMessage) Descriptor ¶
func (*DirectiveMessage) Descriptor() ([]byte, []int)
func (*DirectiveMessage) GetCert ¶
func (m *DirectiveMessage) GetCert() []byte
func (*DirectiveMessage) GetSerializedStatement ¶
func (m *DirectiveMessage) GetSerializedStatement() []byte
func (*DirectiveMessage) GetSignature ¶
func (m *DirectiveMessage) GetSignature() []byte
func (*DirectiveMessage) GetSigner ¶
func (m *DirectiveMessage) GetSigner() []byte
func (*DirectiveMessage) GetType ¶
func (m *DirectiveMessage) GetType() DirectiveMessageDirectiveType
func (*DirectiveMessage) ProtoMessage ¶
func (*DirectiveMessage) ProtoMessage()
func (*DirectiveMessage) Reset ¶
func (m *DirectiveMessage) Reset()
func (*DirectiveMessage) String ¶
func (m *DirectiveMessage) String() string
type DirectiveMessageDirectiveType ¶
type DirectiveMessageDirectiveType int32
As of now, the only type supported is "secret_disclosure".
const (
DirectiveMessage_SECRET_DISCLOSURE DirectiveMessageDirectiveType = 1
)
func (DirectiveMessageDirectiveType) Enum ¶
func (x DirectiveMessageDirectiveType) Enum() *DirectiveMessageDirectiveType
func (DirectiveMessageDirectiveType) EnumDescriptor ¶
func (DirectiveMessageDirectiveType) EnumDescriptor() ([]byte, []int)
func (DirectiveMessageDirectiveType) String ¶
func (x DirectiveMessageDirectiveType) String() string
func (*DirectiveMessageDirectiveType) UnmarshalJSON ¶
func (x *DirectiveMessageDirectiveType) UnmarshalJSON(data []byte) error
Click to show internal directories.
Click to hide internal directories.