Documentation ¶
Overview ¶
Package model contains SDK data model.
Index ¶
- type AEADDecrypter
- type AEADEncrypter
- type BaseKeyProvider
- type CryptoMaterialsManager
- type DataKey
- type DataKeyI
- type DecryptionHandler
- type DecryptionMaterial
- type DecryptionMaterials
- type DecryptionMaterialsRequest
- type EncryptedDataKey
- type EncryptedDataKeyI
- type EncryptionBuffer
- type EncryptionHandler
- type EncryptionMaterial
- type EncryptionMaterials
- type EncryptionMaterialsRequest
- type GcmCrypter
- type GcmDecrypter
- type GcmEncrypter
- type KMSClient
- type KMSClientFactory
- type Key
- type KeyMeta
- type MasterKey
- type MasterKeyBase
- type MasterKeyFactory
- type MasterKeyProvider
- type Wrapper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AEADDecrypter ¶ added in v0.4.0
type AEADDecrypter interface { GcmDecrypter // ValidateHeaderAuth validates that the header authentication tag against the // message header, and returns an error if any occurred. ValidateHeaderAuth(derivedDataKey, headerAuthTag, headerBytes []byte) error }
AEADDecrypter is an interface for AEAD decryption implementations.
type AEADEncrypter ¶ added in v0.4.0
type AEADEncrypter interface { GcmEncrypter // GenerateHeaderAuth generates the header authentication tag and returns the // authentication tag, iv, and an error if any occurred. GenerateHeaderAuth(derivedDataKey, headerBytes []byte) ([]byte, []byte, error) // ConstructIV constructs the IV from the sequence number. ConstructIV(seqNum int) []byte }
AEADEncrypter is an interface for AEAD encryption implementations.
type BaseKeyProvider ¶
type BaseKeyProvider interface { // ID returns the ID of the key provider. ID() string // Kind returns the kind of the key provider. Kind() types.ProviderKind // VendOnDecrypt returns true if the key provider indicates that it can decrypt // encrypted data keys that is not registered with master key provider. VendOnDecrypt() bool // DecryptDataKey attempts to decrypt the encrypted data key and returns the data // key. DecryptDataKey(ctx context.Context, MKP MasterKeyProvider, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error) // DecryptDataKeyFromList attempts to decrypt the encrypted data keys and returns // the data key. DecryptDataKeyFromList(ctx context.Context, MKP MasterKeyProvider, encryptedDataKeys []EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error) }
BaseKeyProvider is the base interface for key provider. It responsible for a logic of decrypting encrypted data keys for an abstract MasterKeyProvider.
type CryptoMaterialsManager ¶
type CryptoMaterialsManager interface { // GetEncryptionMaterials returns the encryption materials for the given request. // Used during encryption process to get the encryption materials from registered // master key providers. GetEncryptionMaterials(ctx context.Context, request EncryptionMaterialsRequest) (EncryptionMaterial, error) // DecryptMaterials returns the decryption materials for the given request. Used // during decryption process to get the decryption materials from registered // master key providers. DecryptMaterials(ctx context.Context, request DecryptionMaterialsRequest) (DecryptionMaterial, error) // GetInstance returns a new instance of the crypto materials manager to interact // within encryption/decryption process. GetInstance() CryptoMaterialsManager }
CryptoMaterialsManager is an interface for crypto materials manager implementations.
type DataKey ¶
type DataKey struct {
// contains filtered or unexported fields
}
DataKey contains unencrypted data key and its encrypted version.
func NewDataKey ¶
NewDataKey returns a new DataKey with the given provider, dataKey, and encryptedDataKey.
func (DataKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key of data key.
func (DataKey) KeyProvider ¶
KeyProvider returns the KeyMeta of the key.
type DataKeyI ¶
type DataKeyI interface { Key // EncryptedDataKey returns the encrypted data key of data key. EncryptedDataKey() []byte // DataKey returns unencrypted data key. DataKey() []byte }
DataKeyI is an interface for DataKey.
type DecryptionHandler ¶ added in v0.3.0
type DecryptionHandler interface { // Decrypt decrypts ciphertext encrypted message and returns the decrypted // plaintext and associated message header. Decrypt(ctx context.Context, ciphertext []byte) ([]byte, format.MessageHeader, error) }
DecryptionHandler is an interface for decryption handler implementations.
type DecryptionMaterial ¶
type DecryptionMaterial interface { // DataKey returns the data key used for decryption. DataKey() DataKeyI // VerificationKey returns a verification key used to verify footer signature. It // returns nil if non-signing algorithm is used. VerificationKey() []byte }
DecryptionMaterial is an interface for decryption material.
type DecryptionMaterials ¶
type DecryptionMaterials struct {
// contains filtered or unexported fields
}
DecryptionMaterials contains the decryption materials produced by a CryptoMaterialsManager.
func NewDecryptionMaterials ¶
func NewDecryptionMaterials(dataKey DataKeyI, verificationKey []byte) *DecryptionMaterials
NewDecryptionMaterials returns a new instance of DecryptionMaterial.
func (DecryptionMaterials) DataKey ¶
func (d DecryptionMaterials) DataKey() DataKeyI
DataKey returns the data encryption key to be used for decryption.
func (DecryptionMaterials) VerificationKey ¶
func (d DecryptionMaterials) VerificationKey() []byte
VerificationKey returns a verification key used to verify footer signature. It returns nil if non-signing algorithm is used.
type DecryptionMaterialsRequest ¶
type DecryptionMaterialsRequest struct { // Algorithm is the algorithm to be used for decryption. Algorithm *suite.AlgorithmSuite // EncryptedDataKeys is a list of encrypted data keys to decrypt data key. EncryptedDataKeys []EncryptedDataKeyI // EncryptionContext is a map of key-value pairs that will be used to decrypt data keys. EncryptionContext suite.EncryptionContext }
DecryptionMaterialsRequest is a request to get DecryptionMaterial from a CryptoMaterialsManager.
type EncryptedDataKey ¶
type EncryptedDataKey struct {
// contains filtered or unexported fields
}
EncryptedDataKey contains the encrypted data key and its provider.
func NewEncryptedDataKey ¶
func NewEncryptedDataKey(provider KeyMeta, encryptedDataKey []byte) *EncryptedDataKey
NewEncryptedDataKey returns a new EncryptedDataKey with the given provider and encryptedDataKey.
func (EncryptedDataKey) EncryptedDataKey ¶
func (edk EncryptedDataKey) EncryptedDataKey() []byte
EncryptedDataKey returns the encrypted data key of data key.
func (EncryptedDataKey) KeyID ¶
func (edk EncryptedDataKey) KeyID() string
KeyID returns the ID of the key.
func (EncryptedDataKey) KeyProvider ¶
func (edk EncryptedDataKey) KeyProvider() KeyMeta
KeyProvider returns the KeyMeta of the key.
type EncryptedDataKeyI ¶
type EncryptedDataKeyI interface { Key // EncryptedDataKey returns the encrypted data key of data key. EncryptedDataKey() []byte }
EncryptedDataKeyI is an interface for EncryptedDataKey.
type EncryptionBuffer ¶ added in v0.3.0
type EncryptionBuffer interface { io.ReadWriter // Bytes returns a slice of buffer length holding the unread portion of the // buffer. Bytes() []byte // Len returns the number of bytes of the unread portion of the buffer. Len() int // Reset resets the buffer to be empty. Reset() }
EncryptionBuffer is an interface to be used as a buffer for encryption. See bytes.Buffer for more details on Bytes, Len and Reset methods.
type EncryptionHandler ¶ added in v0.3.0
type EncryptionHandler interface { // Encrypt encrypts the plaintext and returns the encrypted ciphertext and // associated message header. Encrypt(ctx context.Context, source []byte, ec suite.EncryptionContext) ([]byte, format.MessageHeader, error) }
EncryptionHandler is an interface for encryption handler implementations.
type EncryptionMaterial ¶
type EncryptionMaterial interface { // DataEncryptionKey returns the data encryption key to be used for encryption. DataEncryptionKey() DataKeyI // EncryptedDataKeys returns the encrypted data keys encrypted with primary // master key provider data key. EncryptedDataKeys() []EncryptedDataKeyI // EncryptionContext returns the encryption context associated with the encryption. EncryptionContext() suite.EncryptionContext // SigningKey returns the signing key used to sign the footer. It returns nil if // non-signing algorithm is used. SigningKey() *ecdsa.PrivateKey }
EncryptionMaterial is an interface for encryption material.
type EncryptionMaterials ¶
type EncryptionMaterials struct {
// contains filtered or unexported fields
}
EncryptionMaterials contains the encryption materials produced by a CryptoMaterialsManager.
func NewEncryptionMaterials ¶
func NewEncryptionMaterials(dataEncryptionKey DataKeyI, encryptedDataKeys []EncryptedDataKeyI, ec suite.EncryptionContext, signingKey *ecdsa.PrivateKey) *EncryptionMaterials
NewEncryptionMaterials returns a new instance of EncryptionMaterials.
func (EncryptionMaterials) DataEncryptionKey ¶
func (e EncryptionMaterials) DataEncryptionKey() DataKeyI
DataEncryptionKey returns the data encryption key to be used for encryption.
func (EncryptionMaterials) EncryptedDataKeys ¶
func (e EncryptionMaterials) EncryptedDataKeys() []EncryptedDataKeyI
EncryptedDataKeys returns the encrypted data keys encrypted with primary master key provider data key.
func (EncryptionMaterials) EncryptionContext ¶
func (e EncryptionMaterials) EncryptionContext() suite.EncryptionContext
EncryptionContext returns the encryption context associated with the encryption.
func (EncryptionMaterials) SigningKey ¶
func (e EncryptionMaterials) SigningKey() *ecdsa.PrivateKey
SigningKey returns the signing key used to sign the footer. It returns nil if non-signing algorithm is used.
type EncryptionMaterialsRequest ¶
type EncryptionMaterialsRequest struct { // EncryptionContext is a map of key-value pairs that will be used to generate // primary data key, and encrypt other data keys. EncryptionContext suite.EncryptionContext // Algorithm is the algorithm to be used for encryption. Algorithm *suite.AlgorithmSuite // PlaintextLength is the length of the plaintext to be encrypted. PlaintextLength int }
EncryptionMaterialsRequest is a request to get EncryptionMaterial from a CryptoMaterialsManager.
type GcmCrypter ¶ added in v0.4.0
type GcmCrypter interface { GcmEncrypter GcmDecrypter }
GcmCrypter is a combined interface for GCM encryption and decryption.
type GcmDecrypter ¶ added in v0.4.0
type GcmDecrypter interface { // Decrypt is a method for decrypting data. It returns the decrypted plaintext, // and an error if any occurred. Decrypt(key, iv, ciphertext, tag, aadData []byte) ([]byte, error) }
GcmDecrypter is an interface for GCM decryption implementations.
type GcmEncrypter ¶ added in v0.4.0
type GcmEncrypter interface { // Encrypt is a method for encrypting data. It returns three values: the // encrypted ciphertext, the authentication tag, and an error if any occurred // during the encryption process. Encrypt(key, iv, plaintext, aadData []byte) ([]byte, []byte, error) }
GcmEncrypter is an interface for GCM encryption implementations.
type KMSClient ¶
type KMSClient interface { GenerateDataKey(ctx context.Context, params *kms.GenerateDataKeyInput, optFns ...func(*kms.Options)) (*kms.GenerateDataKeyOutput, error) Encrypt(ctx context.Context, params *kms.EncryptInput, optFns ...func(*kms.Options)) (*kms.EncryptOutput, error) Decrypt(ctx context.Context, params *kms.DecryptInput, optFns ...func(*kms.Options)) (*kms.DecryptOutput, error) }
KMSClient is an interface for the AWS KMS client.
type KMSClientFactory ¶
type KMSClientFactory interface {
NewFromConfig(cfg aws.Config, optFns ...func(options *kms.Options)) KMSClient
}
KMSClientFactory is an interface for the AWS KMS client factory.
type Key ¶
type Key interface { // KeyProvider returns the KeyMeta of the key. KeyProvider() KeyMeta // KeyID returns the ID of the key. KeyID() string }
Key is a base interface for both DataKey and EncryptedDataKey.
type KeyMeta ¶
type KeyMeta struct { // ProviderID is the ID of the key provider. ProviderID string // KeyID is the ID of the key. KeyID string }
KeyMeta is a struct that holds metadata of a Key.
func WithKeyMeta ¶
WithKeyMeta returns a new KeyMeta with the given providerID and keyID.
type MasterKey ¶
type MasterKey interface { MasterKeyBase // GenerateDataKey generates a new data key and returns it. GenerateDataKey(ctx context.Context, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error) // EncryptDataKey encrypts the data key and returns the encrypted data key. EncryptDataKey(ctx context.Context, dataKey DataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (EncryptedDataKeyI, error) // DecryptDataKey decrypts the encrypted data key and returns the data key. DecryptDataKey(ctx context.Context, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error) }
MasterKey is an interface for master key implementations.
type MasterKeyBase ¶
type MasterKeyBase interface { // KeyID returns the key ID of the master key. KeyID() string // Metadata returns the metadata of the master key. Metadata() KeyMeta // OwnsDataKey returns true if key is owned by the master key. In other words, // the key was encrypted with the master key. OwnsDataKey(key Key) bool }
MasterKeyBase is the base interface for all master keys.
type MasterKeyFactory ¶
type MasterKeyFactory interface { // NewMasterKey returns a new instance of master key. NewMasterKey(args ...interface{}) (MasterKey, error) }
MasterKeyFactory is an interface for master key factory.
type MasterKeyProvider ¶
type MasterKeyProvider interface { // ProviderKind returns the kind of the master key provider. ProviderKind() types.ProviderKind // ProviderID returns the ID of the master key provider. ProviderID() string // ValidateProviderID validates master key provider ID matches the given provider ID. ValidateProviderID(otherID string) error // AddMasterKey creates a new master key and adds it to the master key provider. AddMasterKey(keyID string) (MasterKey, error) // NewMasterKey returns a new instance of master key. NewMasterKey(ctx context.Context, keyID string) (MasterKey, error) // MasterKeysForEncryption returns the primary master key and a list of master // keys for encryption. MasterKeysForEncryption(ctx context.Context, ec suite.EncryptionContext) (MasterKey, []MasterKey, error) // MasterKeyForDecrypt returns the master key for the given metadata. MasterKeyForDecrypt(ctx context.Context, metadata KeyMeta) (MasterKey, error) // DecryptDataKey attempts to decrypt the encrypted data key with a KeyProvider. DecryptDataKey(ctx context.Context, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error) // DecryptDataKeyFromList attempts to decrypt the encrypted data keys with a // KeyProvider. DecryptDataKeyFromList(ctx context.Context, encryptedDataKeys []EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error) // ValidateMasterKey validates the master key with the given key ID. ValidateMasterKey(keyID string) error // MasterKeysForDecryption returns the list of master keys for decryption. MasterKeysForDecryption() []MasterKey }
MasterKeyProvider is an interface for master key provider implementations.
type Wrapper ¶
type Wrapper interface { // SerializeEncryptedDataKey serializes the encrypted data key and returns the // serialized form. SerializeEncryptedDataKey(encryptedKey, tag, iv []byte) []byte // DeserializeEncryptedDataKey deserializes the encrypted data key and returns // the encrypted data key, tag and IV. DeserializeEncryptedDataKey(b []byte, iVLen int) (encryptedData, iv []byte) // SerializeKeyInfoPrefix serializes the key ID and returns the serialized form. SerializeKeyInfoPrefix(keyID string) []byte }
Wrapper is an interface for wrapping key implementations.