kcmstools

package
v0.0.0-...-9b07614 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2023 License: MulanPSL-2.0 Imports: 23 Imported by: 0

Documentation

Overview

kcmstools package implements the whole process of key caching management service

Index

Constants

View Source 
const (
	// AesKeySize means aes algorithm key size
	AesKeySize = 16
	// KeyIdSize means the size of key id
	KeyIdSize = 8
	// AlgAES means aes algorithm
	AlgAES = 0x0006
	// AlgCBC means cbc algorithm
	AlgCBC = 0x0042
)

Variables

This section is empty.

Functions

func DeleteKey 

func DeleteKey(taid []byte, keyid []byte, ktaid string, deviceId int64) ([]byte, []byte, error)

DeleteKey deletes the key ciphertext which is stored in kcms.

func EncryptWithAES256GCM 

func EncryptWithAES256GCM(plaintext []byte, sessionkey []byte) ([]byte, error)

EncryptWithAES256GCM encrypts plaintext with the session key, and returns the ciphertext of the key.

func GenerateNewKey 

func GenerateNewKey(
	taid []byte,
	account []byte,
	password []byte,
	hostkeyid []byte,
	ktaid string,
	deviceId int64) ([]byte, []byte, []byte, []byte, []byte, error)

GenerateNewKey firstly asks KMS to generate a new key for the specific TA according to host key id, then generates a random key id to save key ciphertext in the database, and returns plaintext of key, key id and session key which is generated randomly by kcms.

func GetKTATrusted 

func GetKTATrusted(deviceId int64, ktaid string) error

GetKTATrusted gets the trusted status of the KTA and verifies weather it is trusted.

func GetKey 

func GetKey(
	taid []byte,
	account []byte,
	password []byte,
	keyid []byte,
	hostkeyid []byte,
	ktaid string,
	deviceId int64) ([]byte, []byte, []byte, []byte, []byte, error)

GetKey firstly queries the database according to the key id to get the key ciphertext, then asks KMS to decrypt the ciphertext of key according to host key id, and returns plaintext of key, key id and session key which is generated randomly by kcms.

func KmsGenerateKey 

func KmsGenerateKey(account, passwd, hostkeyid []byte) ([]byte, []byte, []byte, error)

KmsGenerateKey creates a new key based on master key(host key), and returns key ciphertext and key plaintext.

func KmsGetKey 

func KmsGetKey(account []byte, passwd []byte, ciphertext string, hostkeyid []byte) ([]byte, []byte, []byte, error)

KmsGetKey decrypts key ciphertext based on master key(host key), and returns key ciphertext and key plaintext.

func PathExists 

func PathExists(path string) (bool, error)

PathExists checks if the path exists, and returns true if exists, otherwise returns false.

func ReadCert 

func ReadCert(pathname string) ([]byte, error)

ReadCert reads the certificate contents from the specified file pathname.

func SaveCert 

func SaveCert(param []byte, certpath string, filename string) error

SaveCert saves the certificate contents to the specified path.

func SendKCMPubKeyCert 

func SendKCMPubKeyCert() ([]byte, error)

SendKCMPubKeyCert sends kcm public key cert to ka.

func VerifyKTAPubKeyCert 

func VerifyKTAPubKeyCert(deviceId int64, ktaPubKeyCert []byte) error

VerifyKTAPubKeyCert verifies weather kta public key cert which is signed by ca cert.

func VerifyPubCert 

func VerifyPubCert(cacertpath string, pubcertpath string) (string, error)

VerifyPubCert verifies kta public key cert and returns ok if validation passes, otherwise returns an error message or null character.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.