security

package

v0.4.7 Latest Latest Go to latest Published: Jun 24, 2024 License: BSD-3-Clause-Clear Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opentdf/platform

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Config
type CryptoProvider
- func NewCryptoProvider(cfg Config) (CryptoProvider, error)
type Error
- func (e Error) Error() string
type KeyPairInfo
type StandardConfig
type StandardCrypto
- func NewStandardCrypto(cfg StandardConfig) (*StandardCrypto, error)
type StandardECCrypto
type StandardKeyInfo
type StandardRSACrypto

Constants ¶

View Source

const (
	// Key agreement along P-256
	AlgorithmECP256R1 = "ec:secp256r1"
	// Used for encryption with RSA of the KAO
	AlgorithmRSA2048 = "rsa:2048"
)

View Source

const (
	ErrCertNotFound        = Error("not found")
	ErrCertificateEncode   = Error("certificate encode error")
	ErrPublicKeyMarshal    = Error("public key marshal error")
	ErrHSMUnexpected       = Error("hsm unexpected")
	ErrHSMDecrypt          = Error("hsm decrypt error")
	ErrHSMNotFound         = Error("hsm unavailable")
	ErrKeyConfig           = Error("key configuration error")
	ErrUnknownHashFunction = Error("unknown hash function")
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	Type string `yaml:"type" default:"standard"`
	// StandardConfig is the configuration for the standard key provider
	StandardConfig StandardConfig `yaml:"standard,omitempty" mapstructure:"standard"`
}

type CryptoProvider ¶

type CryptoProvider interface {
	// Gets some KID associated with a given algorithm.
	// Returns empty string if none are found.
	FindKID(alg string) string
	RSAPublicKey(keyID string) (string, error)
	RSAPublicKeyAsJSON(keyID string) (string, error)
	RSADecrypt(hash crypto.Hash, keyID string, keyLabel string, ciphertext []byte) ([]byte, error)

	ECPublicKey(keyID string) (string, error)
	ECCertificate(keyID string) (string, error)
	GenerateNanoTDFSymmetricKey(kasKID string, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) ([]byte, error)
	GenerateEphemeralKasKeys() (any, []byte, error)
	GenerateNanoTDFSessionKey(privateKeyHandle any, ephemeralPublicKey []byte) ([]byte, error)
	Close()
}

func NewCryptoProvider ¶

func NewCryptoProvider(cfg Config) (CryptoProvider, error)

type Error ¶

type Error string

func (Error) Error ¶

func (e Error) Error() string

type KeyPairInfo ¶ added in v0.4.7

type KeyPairInfo struct {
	// Valid algorithm. May be able to be derived from Private but it is better to just say it.
	Algorithm string `mapstructure:"alg"`
	// Key identifier. Should be short
	KID string `mapstructure:"kid"`
	// Implementation specific locator for private key;
	// for 'standard' crypto service this is the path to a PEM file
	Private string `mapstructure:"private"`
	// Optional locator for the corresponding certificate.
	// If not found, only public key (derivable from Private) is available.
	Certificate string `mapstructure:"cert"`
	// Optional enumeration of intended usages of keypair
	Usage string `mapstructure:"usage"`
	// Optional long form description of key pair including purpose and life cycle information
	Purpose string `mapstructure:"purpose"`
}

type StandardConfig ¶

type StandardConfig struct {
	Keys []KeyPairInfo `mapstructure:"keys"`
	// Deprecated
	RSAKeys map[string]StandardKeyInfo `yaml:"rsa,omitempty" mapstructure:"rsa"`
	// Deprecated
	ECKeys map[string]StandardKeyInfo `yaml:"ec,omitempty" mapstructure:"ec"`
}

type StandardCrypto ¶

type StandardCrypto struct {
	// contains filtered or unexported fields
}

func NewStandardCrypto ¶

func NewStandardCrypto(cfg StandardConfig) (*StandardCrypto, error)

NewStandardCrypto Create a new instance of standard crypto

func (StandardCrypto) Close ¶

func (s StandardCrypto) Close()

func (StandardCrypto) ECCertificate ¶ added in v0.4.4

func (s StandardCrypto) ECCertificate(kid string) (string, error)

func (StandardCrypto) ECPublicKey ¶

func (s StandardCrypto) ECPublicKey(kid string) (string, error)

func (StandardCrypto) FindKID ¶ added in v0.4.7

func (s StandardCrypto) FindKID(alg string) string

func (StandardCrypto) GenerateEphemeralKasKeys ¶

func (s StandardCrypto) GenerateEphemeralKasKeys() (any, []byte, error)

func (StandardCrypto) GenerateNanoTDFSessionKey ¶

func (s StandardCrypto) GenerateNanoTDFSessionKey(privateKey any, ephemeralPublicKeyPEM []byte) ([]byte, error)

func (StandardCrypto) GenerateNanoTDFSymmetricKey ¶

func (s StandardCrypto) GenerateNanoTDFSymmetricKey(kasKID string, ephemeralPublicKeyBytes []byte, curve elliptic.Curve) ([]byte, error)

func (StandardCrypto) RSADecrypt ¶

func (s StandardCrypto) RSADecrypt(_ crypto.Hash, kid string, _ string, ciphertext []byte) ([]byte, error)

func (StandardCrypto) RSAPublicKey ¶

func (s StandardCrypto) RSAPublicKey(kid string) (string, error)

func (StandardCrypto) RSAPublicKeyAsJSON ¶

func (s StandardCrypto) RSAPublicKeyAsJSON(kid string) (string, error)

type StandardECCrypto ¶

type StandardECCrypto struct {
	KeyPairInfo
	// contains filtered or unexported fields
}

type StandardKeyInfo ¶

type StandardKeyInfo struct {
	PrivateKeyPath string `yaml:"private_key_path" mapstructure:"private_key_path"`
	PublicKeyPath  string `yaml:"public_key_path" mapstructure:"public_key_path"`
}

type StandardRSACrypto ¶

type StandardRSACrypto struct {
	KeyPairInfo
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL