kms

package
v0.0.0-...-020e20f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 1, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package kms implements Key Management System According the best practices from "sections 3.5 and 3.6 of the PCI DSS standard" and "ANSI X9.17 - Financial Institution Key Management". we store a Elliptic Curve Master Key as the "Key Encrypting Key". The KEK is used to encrypt/decrypt and sign the PrivateKey which will be use with ECDH to generate Data Encrypting Key.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// AnonymousNodeID is the anonymous node id
	AnonymousNodeID = proto.NodeID(strings.Repeat("f", 64))
	// AnonymousRawNodeID is the anonymous node id
	AnonymousRawNodeID = AnonymousNodeID.ToRawNodeID()
)
View Source 
var (
	// ErrNotKeyFile indicates specified key file is empty
	ErrNotKeyFile = errors.New("private key file empty")
	// ErrHashNotMatch indicates specified key hash is wrong
	ErrHashNotMatch = errors.New("private key hash not match")
	// ErrInvalidBase58Version indicates specified key is not base58 version
	ErrInvalidBase58Version = errors.New("invalid base58 version")
	// PrivateKeyStoreVersion defines the private key version byte.
	PrivateKeyStoreVersion byte = 0x23
)
View Source 
var (
	// ErrPKSNotInitialized indicates public keystore not initialized
	ErrPKSNotInitialized = errors.New("public keystore not initialized")
	// ErrNilNode indicates input node is nil
	ErrNilNode = errors.New("nil node")
	// ErrKeyNotFound indicates key not found
	ErrKeyNotFound = errors.New("key not found")
	// ErrNodeIDKeyNonceNotMatch indicates node id, key, nonce not match
	ErrNodeIDKeyNonceNotMatch = errors.New("nodeID, key, nonce not match")
)
View Source 
var (

	// BP hold the initial BP info
	BP *conf.BPInfo
)
View Source 
var (
	// ErrNilField indicates field is nil
	ErrNilField = errors.New("local field is nil")
)
View Source 
var (

	// Unittest is a test flag
	Unittest bool
)

Functions

func ClosePublicKeyStore 

func ClosePublicKeyStore()

ClosePublicKeyStore closes the public key store.

func DecodePrivateKey 

func DecodePrivateKey(keyBytes []byte, masterKey []byte) (key *asymmetric.PrivateKey, err error)

DecodePrivateKey loads private key from private key bytes form.

func DelNode 

func DelNode(id proto.NodeID) (err error)

DelNode removes PublicKey to the id.

func EncodePrivateKey 

func EncodePrivateKey(key *asymmetric.PrivateKey, masterKey []byte) (keyBytes []byte, err error)

EncodePrivateKey encode private to key to string format.

func GetAllNodeID 

func GetAllNodeID() (nodeIDs []proto.NodeID, err error)

GetAllNodeID get all node ids exist in store.

func GetLocalNodeID 

func GetLocalNodeID() (rawNodeID proto.NodeID, err error)

GetLocalNodeID gets current node ID in hash string format.

func GetLocalNodeIDBytes 

func GetLocalNodeIDBytes() (rawNodeID []byte, err error)

GetLocalNodeIDBytes get current node ID copy in []byte.

func GetLocalNonce 

func GetLocalNonce() (nonce *mine.Uint256, err error)

GetLocalNonce gets current node nonce copy.

func GetLocalPrivateKey 

func GetLocalPrivateKey() (private *asymmetric.PrivateKey, err error)

GetLocalPrivateKey gets local private key, if not set yet returns nil 

all call to this func will be logged.

func GetLocalPublicKey 

func GetLocalPublicKey() (public *asymmetric.PublicKey, err error)

GetLocalPublicKey gets local public key, if not set yet returns nil.

func GetNodeInfo 

func GetNodeInfo(id proto.NodeID) (nodeInfo *proto.Node, err error)

GetNodeInfo gets node info of given id Returns an error if the id was not found.

func GetPublicKey 

func GetPublicKey(id proto.NodeID) (publicKey *asymmetric.PublicKey, err error)

GetPublicKey gets a PublicKey of given id Returns an error if the id was not found.

func InitBP 

func InitBP()

InitBP initializes kms.BP struct with conf.GConf.

func InitLocalKeyPair 

func InitLocalKeyPair(privateKeyPath string, masterKey []byte) (err error)

InitLocalKeyPair initializes local private key.

func InitPublicKeyStore 

func InitPublicKeyStore(dbPath string, initNodes []proto.Node) (err error)

InitPublicKeyStore opens a db file, if not exist, creates it. and creates a bucket if not exist.

func IsIDPubNonceValid 

func IsIDPubNonceValid(id *proto.RawNodeID, nonce *mine.Uint256, key *asymmetric.PublicKey) bool

IsIDPubNonceValid returns if `id == HashBlock(key, nonce)`.

func LoadPrivateKey 

func LoadPrivateKey(keyFilePath string, masterKey []byte) (key *asymmetric.PrivateKey, err error)

LoadPrivateKey loads private key from keyFilePath, and verifies the hash head.

func ResetBucket 

func ResetBucket() error

ResetBucket this bucket.

func ResetLocalKeyStore 

func ResetLocalKeyStore()

ResetLocalKeyStore FOR UNIT TEST, DO NOT USE IT.

func SavePrivateKey 

func SavePrivateKey(keyFilePath string, key *asymmetric.PrivateKey, masterKey []byte) (err error)

SavePrivateKey saves private key with its hash on the head to keyFilePath, default perm is 0600.

func SetLocalKeyPair 

func SetLocalKeyPair(private *asymmetric.PrivateKey, public *asymmetric.PublicKey)

SetLocalKeyPair sets private and public key, this is a one time thing.

func SetLocalNodeIDNonce 

func SetLocalNodeIDNonce(rawNodeID []byte, nonce *mine.Uint256)

SetLocalNodeIDNonce sets private and public key, this is a one time thing.

func SetNode 

func SetNode(nodeInfo *proto.Node) (err error)

SetNode verifies nonce and sets {proto.Node.ID: proto.Node}.

func SetPublicKey 

func SetPublicKey(id proto.NodeID, nonce mine.Uint256, publicKey *asymmetric.PublicKey) (err error)

SetPublicKey verifies nonce and set Public Key.

Types

type LocalKeyStore 

type LocalKeyStore struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

LocalKeyStore is the type hold local private & public key.

type PublicKeyStore 

type PublicKeyStore struct {
	// contains filtered or unexported fields
}

PublicKeyStore holds db and bucket name.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.