blockcipher

package

v1.2.1 Latest Latest Go to latest Published: Dec 16, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/containers/ocicrypt

Links

Open Source Insights

Documentation ¶

Index ¶

type AESCTRLayerBlockCipher
type Finalizer
type LayerBlockCipher
- func NewAESCTRLayerBlockCipher(bits int) (LayerBlockCipher, error)
type LayerBlockCipherHandler
- func NewLayerBlockCipherHandler() (*LayerBlockCipherHandler, error)
- func (h *LayerBlockCipherHandler) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
- func (h *LayerBlockCipherHandler) Encrypt(plainDataReader io.Reader, typ LayerCipherType) (io.Reader, Finalizer, error)
type LayerBlockCipherOptions
- func (lbco LayerBlockCipherOptions) GetOpt(key string) (value []byte, ok bool)
type LayerCipherType
type PrivateLayerBlockCipherOptions
type PublicLayerBlockCipherOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AESCTRLayerBlockCipher ¶

type AESCTRLayerBlockCipher struct {
	// contains filtered or unexported fields
}

AESCTRLayerBlockCipher implements the AES CTR stream cipher

func (*AESCTRLayerBlockCipher) Decrypt ¶

func (bc *AESCTRLayerBlockCipher) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)

Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions

func (*AESCTRLayerBlockCipher) Encrypt ¶

func (bc *AESCTRLayerBlockCipher) Encrypt(plainDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, Finalizer, error)

Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions

func (*AESCTRLayerBlockCipher) GenerateKey ¶

func (bc *AESCTRLayerBlockCipher) GenerateKey() ([]byte, error)

GenerateKey creates a synmmetric key

type Finalizer ¶

type Finalizer func() (LayerBlockCipherOptions, error)

Finalizer is called after data blobs are written, and returns the LayerBlockCipherOptions for the encrypted blob

type LayerBlockCipher ¶

type LayerBlockCipher interface {
	// GenerateKey creates a symmetric key
	GenerateKey() ([]byte, error)
	// Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions
	Encrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, Finalizer, error)
	// Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions
	Decrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
}

LayerBlockCipher returns a provider for encrypt/decrypt functionality for handling the layer data for a specific algorithm

func NewAESCTRLayerBlockCipher ¶

func NewAESCTRLayerBlockCipher(bits int) (LayerBlockCipher, error)

NewAESCTRLayerBlockCipher returns a new AES SIV block cipher of 256 or 512 bits

type LayerBlockCipherHandler ¶

type LayerBlockCipherHandler struct {
	// contains filtered or unexported fields
}

LayerBlockCipherHandler is the handler for encrypt/decrypt for layers

func NewLayerBlockCipherHandler ¶

func NewLayerBlockCipherHandler() (*LayerBlockCipherHandler, error)

NewLayerBlockCipherHandler returns a new default handler

func (*LayerBlockCipherHandler) Decrypt ¶

func (h *LayerBlockCipherHandler) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)

Decrypt is the handler for the layer decryption routine

func (*LayerBlockCipherHandler) Encrypt ¶

func (h *LayerBlockCipherHandler) Encrypt(plainDataReader io.Reader, typ LayerCipherType) (io.Reader, Finalizer, error)

Encrypt is the handler for the layer decryption routine

type LayerBlockCipherOptions ¶

type LayerBlockCipherOptions struct {
	Public  PublicLayerBlockCipherOptions
	Private PrivateLayerBlockCipherOptions
}

LayerBlockCipherOptions contains the public and private LayerBlockCipherOptions required to encrypt/decrypt an image

func (LayerBlockCipherOptions) GetOpt ¶

func (lbco LayerBlockCipherOptions) GetOpt(key string) (value []byte, ok bool)

GetOpt returns the value of the cipher option and if the option exists

type LayerCipherType ¶

type LayerCipherType string

LayerCipherType is the ciphertype as specified in the layer metadata

const (
	AES256CTR LayerCipherType = "AES_256_CTR_HMAC_SHA256"
)

TODO: Should be obtained from OCI spec once included

type PrivateLayerBlockCipherOptions ¶

type PrivateLayerBlockCipherOptions struct {
	// SymmetricKey represents the symmetric key used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	SymmetricKey []byte `json:"symkey"`

	// Digest is the digest of the original data for verification.
	// This is NOT populated by Encrypt/Decrypt calls
	Digest digest.Digest `json:"digest"`

	// CipherOptions contains the cipher metadata used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	CipherOptions map[string][]byte `json:"cipheroptions"`
}

PrivateLayerBlockCipherOptions includes the information required to encrypt/decrypt an image which are sensitive and should not be in plaintext

type PublicLayerBlockCipherOptions ¶

type PublicLayerBlockCipherOptions struct {
	// CipherType denotes the cipher type according to the list of OCI suppported
	// cipher types.
	CipherType LayerCipherType `json:"cipher"`

	// Hmac contains the hmac string to help verify encryption
	Hmac []byte `json:"hmac"`

	// CipherOptions contains the cipher metadata used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	CipherOptions map[string][]byte `json:"cipheroptions"`
}

PublicLayerBlockCipherOptions includes the information required to encrypt/decrypt an image which are public and can be deduplicated in plaintext across multiple recipients

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL