Documentation
¶
Overview ¶
demosec gives a proof-of-concept demo of how security will be implemented in NTSchema
Generated by the generator, DO NOT modify manually
Index ¶
- Variables
- func CreateContentKeyNode(node *schema.Node) schema.NodeImpl
- func NewKeyStoragePolicy() schema.Policy
- func NewSignedByPolicy() schema.Policy
- type ContentKey
- type ContentKeyNode
- func (n *ContentKeyNode) CastTo(ptr any) any
- func (n *ContentKeyNode) Decrypt(mNode schema.MatchedNode, encryptedContent enc.Wire) enc.Wire
- func (n *ContentKeyNode) Encrypt(mNode schema.MatchedNode, ck ContentKey, content enc.Wire) enc.Wire
- func (n *ContentKeyNode) GenKey(mNode schema.MatchedNode) ContentKey
- func (n *ContentKeyNode) NodeImplTrait() schema.NodeImpl
- type DemoHmacKey
- type DemoHmacKeyStore
- func (store *DemoHmacKeyStore) AddTrustAnchor(cert enc.Buffer) error
- func (store *DemoHmacKeyStore) EnrollKey(keyName enc.Name, keyBits enc.Buffer, signKeyName enc.Name) error
- func (store *DemoHmacKeyStore) GetKey(keyName enc.Name) *DemoHmacKey
- func (store *DemoHmacKeyStore) SaveKey(name enc.Name, keyBits enc.Buffer, cert enc.Buffer) error
- type EncryptedContent
- type EncryptedContentEncoder
- type EncryptedContentParsingContext
- type KeyStoragePolicy
- type SignedByPolicy
Constants ¶
This section is empty.
Variables ¶
View Source
var (
ContentKeyNodeDesc *schema.NodeImplDesc
)
Functions ¶
func NewKeyStoragePolicy ¶
func NewSignedByPolicy ¶
Types ¶
type ContentKey ¶
type ContentKey struct {
// contains filtered or unexported fields
}
type ContentKeyNode ¶
type ContentKeyNode struct {
schema.BaseNodeImpl
}
ContentKeyNode handles the generation and fetching of content key, as a proof of concept demo
func (*ContentKeyNode) CastTo ¶
func (n *ContentKeyNode) CastTo(ptr any) any
func (*ContentKeyNode) Decrypt ¶
func (n *ContentKeyNode) Decrypt(mNode schema.MatchedNode, encryptedContent enc.Wire) enc.Wire
func (*ContentKeyNode) Encrypt ¶
func (n *ContentKeyNode) Encrypt(mNode schema.MatchedNode, ck ContentKey, content enc.Wire) enc.Wire
func (*ContentKeyNode) GenKey ¶
func (n *ContentKeyNode) GenKey(mNode schema.MatchedNode) ContentKey
func (*ContentKeyNode) NodeImplTrait ¶
func (n *ContentKeyNode) NodeImplTrait() schema.NodeImpl
type DemoHmacKey ¶
type DemoHmacKeyStore ¶
type DemoHmacKeyStore struct {
Keys []DemoHmacKey
}
func NewDemoHmacKeyStore ¶
func NewDemoHmacKeyStore() *DemoHmacKeyStore
func (*DemoHmacKeyStore) AddTrustAnchor ¶
func (store *DemoHmacKeyStore) AddTrustAnchor(cert enc.Buffer) error
AddTrustAnchor simulates the addition of a trust anchor (self-signed certificate)
func (*DemoHmacKeyStore) EnrollKey ¶
func (store *DemoHmacKeyStore) EnrollKey(keyName enc.Name, keyBits enc.Buffer, signKeyName enc.Name) error
EnrollKey simulates the creation of a certificate
func (*DemoHmacKeyStore) GetKey ¶
func (store *DemoHmacKeyStore) GetKey(keyName enc.Name) *DemoHmacKey
GetKey returns the key & cert of a specific key name
type EncryptedContent ¶
type EncryptedContent struct {
//+field:binary
KeyId []byte `tlv:"0x82"`
//+field:binary
Iv []byte `tlv:"0x84"`
//+field:natural
ContentLength uint64 `tlv:"0x86"`
//+field:wire
CipherText enc.Wire `tlv:"0x88"`
}
+tlv-model:nocopy
func ParseEncryptedContent ¶
func ParseEncryptedContent(reader enc.ParseReader, ignoreCritical bool) (*EncryptedContent, error)
func (*EncryptedContent) Bytes ¶
func (value *EncryptedContent) Bytes() []byte
func (*EncryptedContent) Encode ¶
func (value *EncryptedContent) Encode() enc.Wire
type EncryptedContentEncoder ¶
type EncryptedContentEncoder struct {
CipherText_length uint
// contains filtered or unexported fields
}
func (*EncryptedContentEncoder) Encode ¶
func (encoder *EncryptedContentEncoder) Encode(value *EncryptedContent) enc.Wire
func (*EncryptedContentEncoder) EncodeInto ¶
func (encoder *EncryptedContentEncoder) EncodeInto(value *EncryptedContent, wire enc.Wire)
func (*EncryptedContentEncoder) Init ¶
func (encoder *EncryptedContentEncoder) Init(value *EncryptedContent)
type EncryptedContentParsingContext ¶
type EncryptedContentParsingContext struct {
}
func (*EncryptedContentParsingContext) Init ¶
func (context *EncryptedContentParsingContext) Init()
func (*EncryptedContentParsingContext) Parse ¶
func (context *EncryptedContentParsingContext) Parse(reader enc.ParseReader, ignoreCritical bool) (*EncryptedContent, error)
type KeyStoragePolicy ¶
type KeyStoragePolicy struct {
KeyStore *DemoHmacKeyStore
// contains filtered or unexported fields
}
KeyStoragePolicy is a policy that stored HMAC keys in a memory storage.
func (*KeyStoragePolicy) Apply ¶
func (p *KeyStoragePolicy) Apply(node *schema.Node)
func (*KeyStoragePolicy) PolicyTrait ¶
func (p *KeyStoragePolicy) PolicyTrait() schema.Policy
type SignedByPolicy ¶
type SignedByPolicy struct {
Mapping map[string]any
KeyStore *DemoHmacKeyStore
KeyNodePath string
// contains filtered or unexported fields
}
SignedByPolicy is a demo policy that specifies the trust schema.
func (*SignedByPolicy) Apply ¶
func (p *SignedByPolicy) Apply(node *schema.Node)
func (*SignedByPolicy) ConvertName ¶
func (p *SignedByPolicy) ConvertName(mNode *schema.MatchedNode) *schema.MatchedNode
ConvertName converts a Data name to the name of the key to sign it. In real-world scenario, there should be two functions: - one suggests the key for the data produced by the current node - one checks if the signing key for a fetched data is correct In this simple demo I merge them into one for simplicity
func (*SignedByPolicy) PolicyTrait ¶
func (p *SignedByPolicy) PolicyTrait() schema.Policy
Source Files
Click to show internal directories.
Click to hide internal directories.