Documentation
¶
Overview ¶
Package monitoring defines the structs and interfaces for monitoring primitives with Tink. This package isn't yet production ready and might go through various changes.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
Client represents an interface to hold monitoring client context to create a `Logger`. A Client is registered with Tink's registry and used by primitives to obtain a `Logger`.
type Context ¶
type Context struct {
Primitive string
APIFunction string
KeysetInfo *KeysetInfo
}
Context defines a context for monitoring events, wich includes the primitive and API used, and information on the keyset.
func NewContext ¶
func NewContext(primitive string, apiFunction string, keysetInfo *KeysetInfo) *Context
NewContext creates a new monitoring context.
type KeyStatus ¶
type KeyStatus int
KeyStatus represents KeyStatusType in tink/proto/tink.proto.
const ( // Enabled keys can be used for cryptographic operations. Enabled KeyStatus = iota // Disabled keys can't be used, but can be re-enabled. Disabled // Destroyed keys don't exist in the keyset anymore. Destroyed // DoNotUse is intended to guard from failures that may be caused by future expansions. DoNotUse KeyStatus = 20 )
type KeysetInfo ¶
KeysetInfo represents a keyset in a certain point in time for the purpose of monitoring operations involving cryptographic keys.
func NewKeysetInfo ¶
func NewKeysetInfo(annotations map[string]string, primaryKeyID uint32, entries []*Entry) *KeysetInfo
NewKeysetInfo creates a new KeysetInfo.
type Logger ¶
type Logger interface {
// Logs a successful use of `keyID` on an input of `numBytes`. Tink primitive
// wrappers call this method when they successfully use a key to carry out a
// primitive method, e.g. aead.Encrypt(). As a consequence, implementations of
// MonitoringClient should be mindful on the amount of work performed by this
// method, as this will be called on each cryptographic operation. Implementations
// of MonitoringClient are responsible to add context to identify, e.g., the
// primitive and the API function.
Log(keyID uint32, numBytes int)
// Logs a failure. Tink calls this method when a cryptographic operation
// failed, e.g. no key could be found to decrypt a ciphertext. In this
// case the failure is not associated with a specific key, therefore this
// method has no arguments. The MonitoringClient implementation is responsible
// to add context to identify where the failure comes from.
LogFailure()
}
Logger is an interface for logging which can be created through a `Client`. monitoring clients are invoked by Tink during cryptographic operations to emit certain events.
Source Files