Documentation
¶
Index ¶
- Variables
- func UnwrapAES128Key(ctx context.Context, wrapped ttnpb.KeyEnvelope, v crypto.KeyVault) (key types.AES128Key, err error)
- func UnwrapSelectedSessionKeys(ctx context.Context, keyVault crypto.KeyVault, sk ttnpb.SessionKeys, ...) (ttnpb.SessionKeys, error)
- func WrapAES128Key(ctx context.Context, key types.AES128Key, kekLabel string, v crypto.KeyVault) (ttnpb.KeyEnvelope, error)
- type ComponentPrefixKEKLabeler
- type MemKeyVault
- func (v MemKeyVault) ExportCertificate(ctx context.Context, id string) (*tls.Certificate, error)
- func (v MemKeyVault) GetCertificate(ctx context.Context, id string) (*x509.Certificate, error)
- func (v MemKeyVault) Unwrap(ctx context.Context, ciphertext []byte, kekLabel string) ([]byte, error)
- func (v MemKeyVault) Wrap(ctx context.Context, plaintext []byte, kekLabel string) ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
var EmptyKeyVault crypto.KeyVault = emptyKeyVault{}
EmptyKeyVault is an empty key vault.
Functions ¶
func UnwrapAES128Key ¶
func UnwrapAES128Key(ctx context.Context, wrapped ttnpb.KeyEnvelope, v crypto.KeyVault) (key types.AES128Key, err error)
UnwrapAES128Key performs the RFC 3394 Unwrap algorithm on the given key envelope using the given key vault. If the KEK label is empty, the key is assumed to be stored in the clear.
func WrapAES128Key ¶
func WrapAES128Key(ctx context.Context, key types.AES128Key, kekLabel string, v crypto.KeyVault) (ttnpb.KeyEnvelope, error)
WrapAES128Key performs the RFC 3394 Wrap algorithm on the given key using the given key vault and KEK label. If the KEK label is empty, the key will be returned in the clear.
Types ¶
type ComponentPrefixKEKLabeler ¶
type ComponentPrefixKEKLabeler struct {
// Separator is the string to join parts.
Separator string
// ReplaceOldNew is a set of old and new string pairs to replace in parts.
ReplaceOldNew []string
}
ComponentPrefixKEKLabeler is a ComponentKEKLabeler that joins the component prefix, separators and host.
func (ComponentPrefixKEKLabeler) AsKEKLabel ¶
func (c ComponentPrefixKEKLabeler) AsKEKLabel(ctx context.Context, addr string) string
AsKEKLabel returns a KEK label in the form `as:host` from the given address, where `:` is the default separator. Empty parts are omitted.
func (ComponentPrefixKEKLabeler) NsKEKLabel ¶
func (c ComponentPrefixKEKLabeler) NsKEKLabel(ctx context.Context, netID *types.NetID, addr string) string
NsKEKLabel returns a KEK label in the form `ns:netID:host` from the given NetID and address, where `:` is the default separator. Empty parts are omitted.
type MemKeyVault ¶
type MemKeyVault struct {
ComponentPrefixKEKLabeler
// contains filtered or unexported fields
}
MemKeyVault is a KeyVault that uses secrets from memory. This implementation does not provide any security as secrets are stored in the clear.
func NewMemKeyVault ¶
func NewMemKeyVault(m map[string][]byte) *MemKeyVault
NewMemKeyVault returns a MemKeyVault. Certificates keys can be appended as PEM block.
func (MemKeyVault) ExportCertificate ¶
func (v MemKeyVault) ExportCertificate(ctx context.Context, id string) (*tls.Certificate, error)
ExportCertificate implements KeyVault.
func (MemKeyVault) GetCertificate ¶
func (v MemKeyVault) GetCertificate(ctx context.Context, id string) (*x509.Certificate, error)
GetCertificate implements KeyVault.
Source Files