cryptoutil

package
v3.29.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package cryptoutil implements cryptography utilities.

Index

Constants

This section is empty.

Variables

View Source
var EmptyKeyVault crypto.KeyVault = emptyKeyVault{}

EmptyKeyVault is an empty key vault.

Functions

func NewCacheKeyService added in v3.24.0

func NewCacheKeyService(inner crypto.KeyService, ttl time.Duration, size int) crypto.KeyService

NewCacheKeyService returns a new crypto.KeyService that caches the results of Unwrap.

func NewCacheKeyVault added in v3.9.0

func NewCacheKeyVault(inner crypto.KeyVault, opts ...CacheKeyVaultOption) crypto.KeyVault

NewCacheKeyVault returns a new crypto.KeyVault that caches the keys in memory. Certificates are cached for the duration of their validity minus one hour, maximed by the given time-to-live.

func NewMemKeyVault

func NewMemKeyVault(m map[string][]byte) crypto.KeyVault

NewMemKeyVault returns a crypto.KeyVault that stores keys in memory. Certificates must be PEM encoded. The given map must not be modified after calling this function.

func UnwrapAES128Key

func UnwrapAES128Key(
	ctx context.Context, wrapped *ttnpb.KeyEnvelope, ks crypto.KeyService,
) (key types.AES128Key, err error)

UnwrapAES128Key performs the RFC 3394 Unwrap algorithm on the given key envelope using the given key service. If the KEK label is empty, the key is assumed to be stored in the clear.

func UnwrapKeyEnvelope added in v3.10.0

func UnwrapKeyEnvelope(ctx context.Context, ke *ttnpb.KeyEnvelope, ks crypto.KeyService) (*ttnpb.KeyEnvelope, error)

UnwrapKeyEnvelope calls UnwrapAES128Key on the given key envelope using the given key service if necessary and returns the result as a key envelope. NOTE: UnwrapKeyEnvelope returns ke if unwrapping is not necessary.

func UnwrapSelectedSessionKeys

func UnwrapSelectedSessionKeys(
	ctx context.Context, ks crypto.KeyService, sk *ttnpb.SessionKeys, prefix string, paths ...string,
) (*ttnpb.SessionKeys, error)

UnwrapSelectedSessionKeys unwraps the selected session keys in the given session keys using the given key service.

func WrapAES128Key

func WrapAES128Key(
	ctx context.Context, key types.AES128Key, kekLabel string, ks crypto.KeyService,
) (*ttnpb.KeyEnvelope, error)

WrapAES128Key performs the RFC 3394 Wrap algorithm on the given key using the given key service and KEK label. If the KEK label is empty, the key will be returned in the clear.

func WrapAES128KeyWithKEK added in v3.10.0

func WrapAES128KeyWithKEK(
	ctx context.Context, key types.AES128Key, kekLabel string, kek types.AES128Key,
) (*ttnpb.KeyEnvelope, error)

WrapAES128KeyWithKEK wraps the key with the given KEK. If the KEK label is empty, the key will be returned in the clear.

Types

type CacheKeyVaultClock added in v3.24.0

type CacheKeyVaultClock interface {
	Now() time.Time
}

CacheKeyVaultClock provides a time source.

type CacheKeyVaultClockFunc added in v3.24.0

type CacheKeyVaultClockFunc func() time.Time

CacheKeyVaultClockFunc implements CacheKeyVaultClock.

func (CacheKeyVaultClockFunc) Now added in v3.24.0

Now implements CacheKeyVaultClock.

type CacheKeyVaultOption added in v3.24.0

type CacheKeyVaultOption interface {
	// contains filtered or unexported methods
}

CacheKeyVaultOption configures CacheKeyVault.

func WithCacheKeyVaultClock added in v3.24.0

func WithCacheKeyVaultClock(clock CacheKeyVaultClock) CacheKeyVaultOption

WithCacheKeyVaultClock configures a time source. This is useful for testing.

func WithCacheKeyVaultSize added in v3.24.0

func WithCacheKeyVaultSize(size int) CacheKeyVaultOption

WithCacheKeyVaultSize configures the size of the cache.

func WithCacheKeyVaultTTL added in v3.24.0

func WithCacheKeyVaultTTL(ttl, errTTL time.Duration) CacheKeyVaultOption

WithCacheKeyVaultTTL configures the time-to-live of the cache. If 0, no expiry is used.

type ComponentPrefixKEKLabeler

type ComponentPrefixKEKLabeler struct {
	// Separator is the string to join parts.
	Separator string
	// ReplaceOldNew is a set of old and new string pairs to replace in parts.
	ReplaceOldNew []string
}

ComponentPrefixKEKLabeler is a ComponentKEKLabeler that joins the component prefix, separators and host.

func (ComponentPrefixKEKLabeler) AsKEKLabel

func (c ComponentPrefixKEKLabeler) AsKEKLabel(ctx context.Context, addr string) string

AsKEKLabel returns a KEK label in the form `as:host` from the given address, where `:` is the default separator. Empty parts are omitted.

func (ComponentPrefixKEKLabeler) NsKEKLabel

func (c ComponentPrefixKEKLabeler) NsKEKLabel(ctx context.Context, netID *types.NetID, addr string) string

NsKEKLabel returns a KEK label in the form `ns:netID:host` from the given NetID and address, where `:` is the default separator. Empty parts are omitted.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL