encryption

package
v1.1.0-beta.0...-2a72e7f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 25, 2024 License: Apache-2.0, Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MetadataKeyMethod           string = "method"
	MetadataKeyIv               string = "iv"
	MetadataKeyAesGcmTag        string = "aes_gcm_tag"
	MetadataKeyKmsVendor        string = "kms_vendor"
	MetadataKeyKmsCiphertextKey string = "kms_ciphertext_key"
	MetadataMethodAes256Gcm     string = "aes256-gcm"
)

must keep it same with the constants in TiKV implementation

View Source
const (
	GcmIv12 = 12
	CtrIv16 = 16
)
View Source
const (
	StorageVendorNameAWS   = "aws"
	StorageVendorNameAzure = "azure"
	StorageVendorNameGCP   = "gcp"
)
View Source
const AesGcmKeyLen = 32 // AES-256 key length

Variables

This section is empty.

Functions

This section is empty.

Types

type Backend

type Backend interface {
	// Decrypt takes an EncryptedContent and returns the decrypted plaintext as a byte slice or an error.
	Decrypt(ctx context.Context, ciphertext *encryptionpb.EncryptedContent) ([]byte, error)
	Close()
}

Backend is an interface that defines the methods required for an encryption backend.

func CreateBackend

func CreateBackend(config *encryptionpb.MasterKey) (Backend, error)

type CachedKeys

type CachedKeys struct {
	// contains filtered or unexported fields
}

type FileBackend

type FileBackend struct {
	// contains filtered or unexported fields
}

FileBackend is ported from TiKV FileBackend

func (*FileBackend) Close

func (f *FileBackend) Close()

func (*FileBackend) Decrypt

func (f *FileBackend) Decrypt(ctx context.Context, content *encryptionpb.EncryptedContent) ([]byte, error)

func (*FileBackend) Encrypt

func (f *FileBackend) Encrypt(ctx context.Context, plaintext []byte) (*encryptionpb.EncryptedContent, error)

type IV

type IV struct {
	Type IvType
	Data []byte
}

func NewIVFromSlice

func NewIVFromSlice(src []byte) (IV, error)

func NewIVGcm

func NewIVGcm() (IV, error)

func (IV) AsSlice

func (iv IV) AsSlice() []byte

type IvType

type IvType int
const (
	IvTypeGcm IvType = iota
	IvTypeCtr
)

type KmsBackend

type KmsBackend struct {
	// contains filtered or unexported fields
}

func NewKmsBackend

func NewKmsBackend(kmsProvider kms.Provider) (*KmsBackend, error)

func (*KmsBackend) Close

func (k *KmsBackend) Close()

func (*KmsBackend) Decrypt

func (k *KmsBackend) Decrypt(ctx context.Context, content *encryptionpb.EncryptedContent) ([]byte, error)

type MemAesGcmBackend

type MemAesGcmBackend struct {
	// contains filtered or unexported fields
}

func NewMemAesGcmBackend

func NewMemAesGcmBackend(key []byte) (*MemAesGcmBackend, error)

func (*MemAesGcmBackend) DecryptContent

func (m *MemAesGcmBackend) DecryptContent(_ctx context.Context, content *encryptionpb.EncryptedContent) (
	[]byte, error)

func (*MemAesGcmBackend) EncryptContent

func (m *MemAesGcmBackend) EncryptContent(_ctx context.Context, plaintext []byte, iv IV) (
	*encryptionpb.EncryptedContent, error)

type MultiMasterKeyBackend

type MultiMasterKeyBackend struct {
	// contains filtered or unexported fields
}

MultiMasterKeyBackend can contain multiple master shard backends. If any one of those backends successfully decrypts the data, the data will be returned. The main purpose of this backend is to provide a high availability for master key in the future. Right now only one master key backend is used to encrypt/decrypt data.

func NewMultiMasterKeyBackend

func NewMultiMasterKeyBackend(masterKeysProto []*encryptionpb.MasterKey) (*MultiMasterKeyBackend, error)

func (*MultiMasterKeyBackend) Close

func (m *MultiMasterKeyBackend) Close()

func (*MultiMasterKeyBackend) Decrypt

func (m *MultiMasterKeyBackend) Decrypt(ctx context.Context, encryptedContent *encryptionpb.EncryptedContent) (
	[]byte, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL