common

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BurnAfter_Store_FullMethodName = "/burnafter.BurnAfter/Store"
	BurnAfter_Get_FullMethodName   = "/burnafter.BurnAfter/Get"
	BurnAfter_Ping_FullMethodName  = "/burnafter.BurnAfter/Ping"
)

Variables

View Source 
var BurnAfter_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "burnafter.BurnAfter",
	HandlerType: (*BurnAfterServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Store",
			Handler:    _BurnAfter_Store_Handler,
		},
		{
			MethodName: "Get",
			Handler:    _BurnAfter_Get_Handler,
		},
		{
			MethodName: "Ping",
			Handler:    _BurnAfter_Ping_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "proto/burnafter.proto",
}

BurnAfter_ServiceDesc is the grpc.ServiceDesc for BurnAfter service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_proto_burnafter_proto protoreflect.FileDescriptor

Functions

func Decrypt 

func Decrypt(ciphertext, key []byte) (string, error)

Decrypt decrypts ciphertext using AES-256-GCM with the provided key

func DeriveKey 

func DeriveKey(
	clientBinaryHash, clientNonce, serverSessionID, secretName string, salt []byte,
) ([]byte, error)

DeriveKey derives a secret's encryption key from multiple inputs using HKDF The inputs used to derive the key are as follows:

  • clientBinaryHash: The sha256 digest of the client binary.
  • clientNonce: A value only known to the client application.
  • serverSessionID: Random secret generated by the server
  • secretName: Name of the secret
  • salt: random salt

func Encrypt 

func Encrypt(plaintext string, key []byte) ([]byte, error)

Encrypt encrypts a plaintext string using AES-256-GCM with the provided key.

func GenerateSalt 

func GenerateSalt() ([]byte, error)

GenerateSalt creates a random salt used when deriving the key

func GenerateSessionID 

func GenerateSessionID() (string, error)

GenerateSessionID creates a random server session ID, this is the equivalent to the client nonce. This value is used to infer the secret key and it's lost when the server dies, rendering any encrypted secrets inaccesible.

func GetClientBinaryInfo 

func GetClientBinaryInfo(pid int32) (binaryPath, binaryHash string, err error)

GetClientBinaryInfo extracts the binary path and hash from the client's PID

func GetCurrentBinaryHash 

func GetCurrentBinaryHash() (string, error)

GetCurrentBinaryHash returns the hash of the currently running binary

func HashFile 

func HashFile(path string) (string, error)

HashFile computes the SHA256 hash of a file

func RegisterBurnAfterServer 

func RegisterBurnAfterServer(s grpc.ServiceRegistrar, srv BurnAfterServer)

func ZeroBytes 

func ZeroBytes(b []byte)

ZeroBytes securely zeros out a byte slice to wipe out the secrets

Types

type BurnAfterClient 

type BurnAfterClient interface {
	Store(ctx context.Context, in *StoreRequest, opts ...grpc.CallOption) (*StoreResponse, error)
	Get(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*GetResponse, error)
	Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error)
}

BurnAfterClient is the client API for BurnAfter service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewBurnAfterClient 

func NewBurnAfterClient(cc grpc.ClientConnInterface) BurnAfterClient

type BurnAfterServer 

type BurnAfterServer interface {
	Store(context.Context, *StoreRequest) (*StoreResponse, error)
	Get(context.Context, *GetRequest) (*GetResponse, error)
	Ping(context.Context, *PingRequest) (*PingResponse, error)
	// contains filtered or unexported methods
}

BurnAfterServer is the server API for BurnAfter service. All implementations must embed UnimplementedBurnAfterServer for forward compatibility.

type GetRequest 

type GetRequest struct {

	// Secret name to retrieve
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Client nonce, a baked value in the client somewhat hidden
	ClientNonce string `protobuf:"bytes,2,opt,name=client_nonce,json=clientNonce,proto3" json:"client_nonce,omitempty"` // Compile-time nonce from client
	// contains filtered or unexported fields
}

Get request is a request from the client to retrieve a secre

func (*GetRequest) Descriptor deprecated 

func (*GetRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetRequest.ProtoReflect.Descriptor instead.

func (*GetRequest) GetClientNonce 

func (x *GetRequest) GetClientNonce() string

func (*GetRequest) GetName 

func (x *GetRequest) GetName() string

func (*GetRequest) ProtoMessage 

func (*GetRequest) ProtoMessage()

func (*GetRequest) ProtoReflect 

func (x *GetRequest) ProtoReflect() protoreflect.Message

func (*GetRequest) Reset 

func (x *GetRequest) Reset()

func (*GetRequest) String 

func (x *GetRequest) String() string

type GetResponse 

type GetResponse struct {
	Success bool   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
	Secret  string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
	Error   string `protobuf:"bytes,3,opt,name=error,proto3" json:"error,omitempty"`
	// contains filtered or unexported fields
}

GetResponse returns the results when retrieving the secret.

func (*GetResponse) Descriptor deprecated 

func (*GetResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetResponse.ProtoReflect.Descriptor instead.

func (*GetResponse) GetError 

func (x *GetResponse) GetError() string

func (*GetResponse) GetSecret 

func (x *GetResponse) GetSecret() string

func (*GetResponse) GetSuccess 

func (x *GetResponse) GetSuccess() bool

func (*GetResponse) ProtoMessage 

func (*GetResponse) ProtoMessage()

func (*GetResponse) ProtoReflect 

func (x *GetResponse) ProtoReflect() protoreflect.Message

func (*GetResponse) Reset 

func (x *GetResponse) Reset()

func (*GetResponse) String 

func (x *GetResponse) String() string

type PingRequest 

type PingRequest struct {
	// contains filtered or unexported fields
}

PingRequest an emptyu request to check if the3 server is alive

func (*PingRequest) Descriptor deprecated 

func (*PingRequest) Descriptor() ([]byte, []int)

Deprecated: Use PingRequest.ProtoReflect.Descriptor instead.

func (*PingRequest) ProtoMessage 

func (*PingRequest) ProtoMessage()

func (*PingRequest) ProtoReflect 

func (x *PingRequest) ProtoReflect() protoreflect.Message

func (*PingRequest) Reset 

func (x *PingRequest) Reset()

func (*PingRequest) String 

func (x *PingRequest) String() string

type PingResponse 

type PingResponse struct {
	Alive bool `protobuf:"varint,1,opt,name=alive,proto3" json:"alive,omitempty"`
	// contains filtered or unexported fields
}

Response when the server is running

func (*PingResponse) Descriptor deprecated 

func (*PingResponse) Descriptor() ([]byte, []int)

Deprecated: Use PingResponse.ProtoReflect.Descriptor instead.

func (*PingResponse) GetAlive 

func (x *PingResponse) GetAlive() bool

func (*PingResponse) ProtoMessage 

func (*PingResponse) ProtoMessage()

func (*PingResponse) ProtoReflect 

func (x *PingResponse) ProtoReflect() protoreflect.Message

func (*PingResponse) Reset 

func (x *PingResponse) Reset()

func (*PingResponse) String 

func (x *PingResponse) String() string

type StoreRequest 

type StoreRequest struct {

	// Secret name (id to refetence it)
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Secret value to store
	Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
	// Inactivity TTL in seconds (secret expires if not accessed for this duration)
	TtlSeconds int64 `protobuf:"varint,3,opt,name=ttl_seconds,json=ttlSeconds,proto3" json:"ttl_seconds,omitempty"`
	// Compile-time nonce from client
	ClientNonce string `protobuf:"bytes,4,opt,name=client_nonce,json=clientNonce,proto3" json:"client_nonce,omitempty"`
	// Optional: absolute expiration time in seconds from now (0 = no absolute expiration)
	AbsoluteExpirationSeconds int64 `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

StoreRequest represents a request from the client to store a new secret

func (*StoreRequest) Descriptor deprecated 

func (*StoreRequest) Descriptor() ([]byte, []int)

Deprecated: Use StoreRequest.ProtoReflect.Descriptor instead.

func (*StoreRequest) GetAbsoluteExpirationSeconds 

func (x *StoreRequest) GetAbsoluteExpirationSeconds() int64

func (*StoreRequest) GetClientNonce 

func (x *StoreRequest) GetClientNonce() string

func (*StoreRequest) GetName 

func (x *StoreRequest) GetName() string

func (*StoreRequest) GetSecret 

func (x *StoreRequest) GetSecret() string

func (*StoreRequest) GetTtlSeconds 

func (x *StoreRequest) GetTtlSeconds() int64

func (*StoreRequest) ProtoMessage 

func (*StoreRequest) ProtoMessage()

func (*StoreRequest) ProtoReflect 

func (x *StoreRequest) ProtoReflect() protoreflect.Message

func (*StoreRequest) Reset 

func (x *StoreRequest) Reset()

func (*StoreRequest) String 

func (x *StoreRequest) String() string

type StoreResponse 

type StoreResponse struct {
	Success bool   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
	Error   string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
	// contains filtered or unexported fields
}

StoreResponse returns the results of storing a secret

func (*StoreResponse) Descriptor deprecated 

func (*StoreResponse) Descriptor() ([]byte, []int)

Deprecated: Use StoreResponse.ProtoReflect.Descriptor instead.

func (*StoreResponse) GetError 

func (x *StoreResponse) GetError() string

func (*StoreResponse) GetSuccess 

func (x *StoreResponse) GetSuccess() bool

func (*StoreResponse) ProtoMessage 

func (*StoreResponse) ProtoMessage()

func (*StoreResponse) ProtoReflect 

func (x *StoreResponse) ProtoReflect() protoreflect.Message

func (*StoreResponse) Reset 

func (x *StoreResponse) Reset()

func (*StoreResponse) String 

func (x *StoreResponse) String() string

type UnimplementedBurnAfterServer 

type UnimplementedBurnAfterServer struct{}

UnimplementedBurnAfterServer must be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedBurnAfterServer) Get 

func (UnimplementedBurnAfterServer) Get(context.Context, *GetRequest) (*GetResponse, error)

func (UnimplementedBurnAfterServer) Ping 

func (UnimplementedBurnAfterServer) Ping(context.Context, *PingRequest) (*PingResponse, error)

func (UnimplementedBurnAfterServer) Store 

func (UnimplementedBurnAfterServer) Store(context.Context, *StoreRequest) (*StoreResponse, error)

type UnsafeBurnAfterServer 

type UnsafeBurnAfterServer interface {
	// contains filtered or unexported methods
}

UnsafeBurnAfterServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to BurnAfterServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.