security

package

v0.0.0-...-ab689eb Latest Latest Go to latest Published: Mar 28, 2024 License: BSD-3-Clause-Clear Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opentdf/platform

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type ECKeyPair
type Error
- func (e Error) Error() string
type HSMConfig
type HSMSession
- func New(c *HSMConfig) (*HSMSession, error)
type KeyInfo
type PrivateKeyEC
type PrivateKeyRSA
type RSAKeyPair

Constants ¶

View Source

const (
	ErrHSMUnexpected = Error("hsm unexpected")
	ErrHSMDecrypt    = Error("hsm decrypt error")
	ErrHSMNotFound   = Error("hsm unavailable")
	ErrKeyConfig     = Error("key configuration error")
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ECKeyPair ¶

type ECKeyPair struct {
	PrivateKey PrivateKeyEC
	*ecdsa.PublicKey
	*x509.Certificate
}

type Error ¶

type Error string

func (Error) Error ¶

func (e Error) Error() string

type HSMConfig ¶

type HSMConfig struct {
	Enabled    bool               `yaml:"enabled"`
	ModulePath string             `yaml:"modulePath,omitempty"`
	PIN        string             `yaml:"pin,omitempty"`
	SlotID     uint               `yaml:"slotId,omitempty"`
	SlotLabel  string             `yaml:"slotLabel,omitempty"`
	Keys       map[string]KeyInfo `yaml:"keys,omitempty"`
}

func (*HSMConfig) WithLabel ¶

func (c *HSMConfig) WithLabel(label string) *HSMConfig

func (*HSMConfig) WithPIN ¶

func (c *HSMConfig) WithPIN(pin string) *HSMConfig

func (*HSMConfig) WithSlot ¶

func (c *HSMConfig) WithSlot(slot uint) *HSMConfig

type HSMSession ¶

type HSMSession struct {
	RSA *RSAKeyPair
	EC  *ECKeyPair
	// contains filtered or unexported fields
}

A session with a security module; useful for abstracting basic cryptographic operations.

HSM Session HAS-A PKCS11 Context HSM Session HAS-A login for a given USER TYPE to a single SLOT When you start this application, you assign a slot and user to the associated security module.

func New ¶

func New(c *HSMConfig) (*HSMSession, error)

func (*HSMSession) DecryptOAEP ¶

func (session *HSMSession) DecryptOAEP(key *PrivateKeyRSA, ciphertext []byte, hashFunction crypto.Hash, label []byte) ([]byte, error)

func (*HSMSession) Destroy ¶

func (s *HSMSession) Destroy()

func (*HSMSession) GenerateEphemeralKasKeys ¶

func (h *HSMSession) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)

func (*HSMSession) GenerateNanoTDFSessionKey ¶

func (h *HSMSession) GenerateNanoTDFSessionKey(
	privateKeyHandle PrivateKeyEC,
	ephemeralPublicKey []byte,
) ([]byte, error)

func (*HSMSession) GenerateNanoTDFSymmetricKey ¶

func (h *HSMSession) GenerateNanoTDFSymmetricKey(ephemeralPublicKeyBytes []byte, key PrivateKeyEC) ([]byte, error)

func (*HSMSession) LoadECKey ¶

func (h *HSMSession) LoadECKey(info KeyInfo) (*ECKeyPair, error)

func (*HSMSession) LoadRSAKey ¶

func (h *HSMSession) LoadRSAKey(info KeyInfo) (*RSAKeyPair, error)

type KeyInfo ¶

type KeyInfo struct {
	Name  string `yaml:"name,omitempty"`
	Label string `yaml:"label,omitempty"`
}

type PrivateKeyEC ¶

type PrivateKeyEC pkcs11.ObjectHandle

type PrivateKeyRSA ¶

type PrivateKeyRSA pkcs11.ObjectHandle

type RSAKeyPair ¶

type RSAKeyPair struct {
	PrivateKey PrivateKeyRSA
	*rsa.PublicKey
	*x509.Certificate
}

Source Files ¶

View all Source files

hsm.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL