crypto

package
v0.0.66 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package crypto provides cryptographic functions

Index

Constants

View Source
const (
	// DefaultAlgorithm defines the default algorithm to use for encryption.
	DefaultAlgorithm = algorithms.Aes256Gcm
	// FallbackAlgorithm defines an older algorithm we use for old data.
	FallbackAlgorithm = algorithms.Aes256Cfb
)

Variables

View Source
var (
	// ErrDecrypt is returned when we cannot decrypt a secret.
	ErrDecrypt = errors.New("unable to decrypt")
	// ErrEncrypt is returned when we cannot encrypt a secret.
	ErrEncrypt = errors.New("unable to encrypt")
)

Functions

func GenerateNonce

func GenerateNonce() (string, error)

GenerateNonce generates a nonce for the OAuth2 flow. The nonce is a base64 encoded

func IsNonceValid

func IsNonceValid(nonce string, noncePeriod int64) (bool, error)

IsNonceValid checks if a nonce is valid. A nonce is valid if it is a base64 encoded string

Types

type EncryptedData

type EncryptedData struct {
	// The type of encryption used.
	Algorithm algorithms.Type
	// The encrypted data represented as a base64 encoded string.
	EncodedData string
	// An identifier which specifies the key used.
	// Used to handle multiple keys during key rotation.
	KeyVersion string
}

EncryptedData represents the structure we use to store encrypted data in the database.

func DeserializeEncryptedData

func DeserializeEncryptedData(contents json.RawMessage) (EncryptedData, error)

DeserializeEncryptedData deserialized the data generated by EncryptedData.Serialize()

func NewBackwardsCompatibleEncryptedData

func NewBackwardsCompatibleEncryptedData(encryptedData string) EncryptedData

NewBackwardsCompatibleEncryptedData creates an instance of EncryptedData with appropriate defaults plugged in. This is used for existing secrets and should be removed once we migrate to the new encryption model.

func (*EncryptedData) Serialize

func (e *EncryptedData) Serialize() (json.RawMessage, error)

Serialize converts the contents to JSON. This is intended for storage in the database.

type Engine

type Engine interface {
	// EncryptOAuthToken takes an OAuth2 token, serializes to JSON and encrypts it.
	EncryptOAuthToken(token *oauth2.Token) (EncryptedData, error)
	// DecryptOAuthToken takes an OAuth2 token encrypted using EncryptOAuthToken and decrypts it.
	DecryptOAuthToken(encryptedToken EncryptedData) (oauth2.Token, error)
	// EncryptString encrypts a string.
	EncryptString(data string) (EncryptedData, error)
	// DecryptString decrypts a string encrypted with EncryptString.
	DecryptString(encryptedString EncryptedData) (string, error)
}

Engine provides all functions to encrypt and decrypt data

func NewEngineFromConfig

func NewEngineFromConfig(config *serverconfig.Config) (Engine, error)

NewEngineFromConfig creates a new crypto engine from the service config TODO: modify to support multiple keys/algorithms

Directories

Path Synopsis
Package algorithms contains implementations of various crypto algorithms for the crypto engine.
Package algorithms contains implementations of various crypto algorithms for the crypto engine.
Package keystores contains logic for loading encryption keys from a keystores
Package keystores contains logic for loading encryption keys from a keystores
mock
Package mock_keystores is a generated GoMock package.
Package mock_keystores is a generated GoMock package.
Package mock_crypto is a generated GoMock package.
Package mock_crypto is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL