security

package
v0.4.29 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 18, 2024 License: BSD-3-Clause-Clear Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Key agreement along P-256
	AlgorithmECP256R1 = "ec:secp256r1"
	// Used for encryption with RSA of the KAO
	AlgorithmRSA2048 = "rsa:2048"
)
View Source
const (
	ErrCertNotFound         = Error("not found")
	ErrNoKeys               = Error("keys not found")
	ErrKeyPairInfoNotFound  = Error("key pair info not found")
	ErrKeyPairInfoMalformed = Error("key pair info malformed")
	ErrCertificateEncode    = Error("certificate encode error")
	ErrPublicKeyMarshal     = Error("public key marshal error")
	ErrHSMUnexpected        = Error("hsm unexpected")
	ErrHSMDecrypt           = Error("hsm decrypt error")
	ErrHSMNotFound          = Error("hsm unavailable")
	ErrKeyConfig            = Error("key configuration error")
	ErrUnknownHashFunction  = Error("unknown hash function")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	Type string `mapstructure:"type" json:"type" default:"standard"`
	// StandardConfig is the configuration for the standard key provider
	StandardConfig StandardConfig `mapstructure:"standard" json:"standard"`
}

type CryptoProvider

type CryptoProvider interface {
	// Gets some KID associated with a given algorithm.
	// Returns empty string if none are found.
	FindKID(alg string) string
	RSAPublicKey(keyID string) (string, error)
	RSAPublicKeyAsJSON(keyID string) (string, error)
	RSADecrypt(hash crypto.Hash, keyID string, keyLabel string, ciphertext []byte) ([]byte, error)

	ECPublicKey(keyID string) (string, error)
	ECCertificate(keyID string) (string, error)
	GenerateNanoTDFSymmetricKey(kasKID string, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) ([]byte, error)
	GenerateEphemeralKasKeys() (any, []byte, error)
	GenerateNanoTDFSessionKey(privateKeyHandle any, ephemeralPublicKey []byte) ([]byte, error)
	Close()
}

func NewCryptoProvider

func NewCryptoProvider(cfg Config) (CryptoProvider, error)

type Error

type Error string

func (Error) Error

func (e Error) Error() string

type KeyPairInfo added in v0.4.7

type KeyPairInfo struct {
	// Valid algorithm. May be able to be derived from Private but it is better to just say it.
	Algorithm string `mapstructure:"alg" json:"alg"`
	// Key identifier. Should be short
	KID string `mapstructure:"kid" json:"kid"`
	// Implementation specific locator for private key;
	// for 'standard' crypto service this is the path to a PEM file
	Private string `mapstructure:"private" json:"private"`
	// Optional locator for the corresponding certificate.
	// If not found, only public key (derivable from Private) is available.
	Certificate string `mapstructure:"cert" json:"cert"`
	// Optional enumeration of intended usages of keypair
	Usage string `mapstructure:"usage" json:"usage"`
	// Optional long form description of key pair including purpose and life cycle information
	Purpose string `mapstructure:"purpose" json:"purpose"`
}

type StandardConfig

type StandardConfig struct {
	Keys []KeyPairInfo `mapstructure:"keys" json:"keys"`
	// Deprecated
	RSAKeys map[string]StandardKeyInfo `mapstructure:"rsa,omitempty" json:"rsa,omitempty"`
	// Deprecated
	ECKeys map[string]StandardKeyInfo `mapstructure:"ec,omitempty" json:"ec,omitempty"`
}

type StandardCrypto

type StandardCrypto struct {
	// contains filtered or unexported fields
}

func NewStandardCrypto

func NewStandardCrypto(cfg StandardConfig) (*StandardCrypto, error)

NewStandardCrypto Create a new instance of standard crypto

func (StandardCrypto) Close

func (s StandardCrypto) Close()

func (StandardCrypto) ECCertificate added in v0.4.4

func (s StandardCrypto) ECCertificate(kid string) (string, error)

func (StandardCrypto) ECPublicKey

func (s StandardCrypto) ECPublicKey(kid string) (string, error)

func (StandardCrypto) FindKID added in v0.4.7

func (s StandardCrypto) FindKID(alg string) string

func (StandardCrypto) GenerateEphemeralKasKeys

func (s StandardCrypto) GenerateEphemeralKasKeys() (any, []byte, error)

func (StandardCrypto) GenerateNanoTDFSessionKey

func (s StandardCrypto) GenerateNanoTDFSessionKey(privateKey any, ephemeralPublicKeyPEM []byte) ([]byte, error)

func (StandardCrypto) GenerateNanoTDFSymmetricKey

func (s StandardCrypto) GenerateNanoTDFSymmetricKey(kasKID string, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) ([]byte, error)

func (StandardCrypto) RSADecrypt

func (s StandardCrypto) RSADecrypt(_ crypto.Hash, kid string, _ string, ciphertext []byte) ([]byte, error)

func (StandardCrypto) RSAPublicKey

func (s StandardCrypto) RSAPublicKey(kid string) (string, error)

func (StandardCrypto) RSAPublicKeyAsJSON

func (s StandardCrypto) RSAPublicKeyAsJSON(kid string) (string, error)

type StandardECCrypto

type StandardECCrypto struct {
	KeyPairInfo
	// contains filtered or unexported fields
}

type StandardKeyInfo

type StandardKeyInfo struct {
	PrivateKeyPath string `mapstructure:"private_key_path" json:"private_key_path"`
	PublicKeyPath  string `mapstructure:"public_key_path" json:"public_key_path"`
}

type StandardRSACrypto

type StandardRSACrypto struct {
	KeyPairInfo
	// contains filtered or unexported fields
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL