v2

package
v0.31.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 2, 2024 License: Apache-2.0 Imports: 3 Imported by: 1

Documentation

Overview

Package v2 contains definition of kms-plugin's serialized types.

Index

Constants

This section is empty.

Variables

View Source
var EncryptedDEKSourceType_name = map[int32]string{
	0: "AES_GCM_KEY",
	1: "HKDF_SHA256_XNONCE_AES_GCM_SEED",
}
View Source
var EncryptedDEKSourceType_value = map[string]int32{
	"AES_GCM_KEY":                     0,
	"HKDF_SHA256_XNONCE_AES_GCM_SEED": 1,
}

Functions

This section is empty.

Types

type EncryptedDEKSourceType added in v0.28.0

type EncryptedDEKSourceType int32
const (
	// AES_GCM_KEY means that the plaintext of encryptedDEKSource is the DEK itself, with AES-GCM as the encryption algorithm.
	EncryptedDEKSourceType_AES_GCM_KEY EncryptedDEKSourceType = 0
	// HKDF_SHA256_XNONCE_AES_GCM_SEED means that the plaintext of encryptedDEKSource is the pseudo random key
	// (referred to as the seed throughout the code) that is fed into HKDF expand.  SHA256 is the hash algorithm
	// and first 32 bytes of encryptedData are the info param.  The first 32 bytes from the HKDF stream are used
	// as the DEK with AES-GCM as the encryption algorithm.
	EncryptedDEKSourceType_HKDF_SHA256_XNONCE_AES_GCM_SEED EncryptedDEKSourceType = 1
)

func (EncryptedDEKSourceType) EnumDescriptor added in v0.28.0

func (EncryptedDEKSourceType) EnumDescriptor() ([]byte, []int)

func (EncryptedDEKSourceType) String added in v0.28.0

func (x EncryptedDEKSourceType) String() string

type EncryptedObject

type EncryptedObject struct {
	// EncryptedData is the encrypted data.
	EncryptedData []byte `protobuf:"bytes,1,opt,name=encryptedData,proto3" json:"encryptedData,omitempty"`
	// KeyID is the KMS key ID used for encryption operations.
	// keyID must satisfy the following constraints:
	// 1. The keyID is not empty.
	// 2. The size of keyID is less than 1 kB.
	KeyID string `protobuf:"bytes,2,opt,name=keyID,proto3" json:"keyID,omitempty"`
	// EncryptedDEKSource is the ciphertext of the source of the DEK used to encrypt the data stored in encryptedData.
	// encryptedDEKSourceType defines the process of using the plaintext of this field to determine the aforementioned DEK.
	// encryptedDEKSource must satisfy the following constraints:
	// 1. The encrypted DEK source is not empty.
	// 2. The size of encrypted DEK source is less than 1 kB.
	EncryptedDEKSource []byte `protobuf:"bytes,3,opt,name=encryptedDEKSource,proto3" json:"encryptedDEKSource,omitempty"`
	// Annotations is additional metadata that was provided by the KMS plugin.
	// Annotations must satisfy the following constraints:
	//  1. Annotation key must be a fully qualified domain name that conforms to the definition in DNS (RFC 1123).
	//  2. The size of annotations keys + values is less than 32 kB.
	Annotations map[string][]byte `` /* 163-byte string literal not displayed */
	// encryptedDEKSourceType defines the process of using the plaintext of encryptedDEKSource to determine the DEK.
	EncryptedDEKSourceType EncryptedDEKSourceType `` /* 129-byte string literal not displayed */
	XXX_NoUnkeyedLiteral   struct{}               `json:"-"`
	XXX_unrecognized       []byte                 `json:"-"`
	XXX_sizecache          int32                  `json:"-"`
}

EncryptedObject is the representation of data stored in etcd after envelope encryption.

func (*EncryptedObject) Descriptor

func (*EncryptedObject) Descriptor() ([]byte, []int)

func (*EncryptedObject) GetAnnotations

func (m *EncryptedObject) GetAnnotations() map[string][]byte

func (*EncryptedObject) GetEncryptedDEKSource added in v0.28.0

func (m *EncryptedObject) GetEncryptedDEKSource() []byte

func (*EncryptedObject) GetEncryptedDEKSourceType added in v0.28.0

func (m *EncryptedObject) GetEncryptedDEKSourceType() EncryptedDEKSourceType

func (*EncryptedObject) GetEncryptedData

func (m *EncryptedObject) GetEncryptedData() []byte

func (*EncryptedObject) GetKeyID

func (m *EncryptedObject) GetKeyID() string

func (*EncryptedObject) ProtoMessage

func (*EncryptedObject) ProtoMessage()

func (*EncryptedObject) Reset

func (m *EncryptedObject) Reset()

func (*EncryptedObject) String

func (m *EncryptedObject) String() string

func (*EncryptedObject) XXX_DiscardUnknown

func (m *EncryptedObject) XXX_DiscardUnknown()

func (*EncryptedObject) XXX_Marshal

func (m *EncryptedObject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptedObject) XXX_Merge

func (m *EncryptedObject) XXX_Merge(src proto.Message)

func (*EncryptedObject) XXX_Size

func (m *EncryptedObject) XXX_Size() int

func (*EncryptedObject) XXX_Unmarshal

func (m *EncryptedObject) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL