Documentation
¶
Overview ¶
Package model contains SDK data model.
Index ¶
- type AEADDecrypter
- type AEADEncrypter
- type BaseKeyProvider
- type CryptoMaterialsManager
- type DataKey
- type DataKeyI
- type DecryptionHandler
- type DecryptionMaterial
- type DecryptionMaterials
- type DecryptionMaterialsRequest
- type EncryptedDataKey
- type EncryptedDataKeyI
- type EncryptionBuffer
- type EncryptionHandler
- type EncryptionMaterial
- type EncryptionMaterials
- type EncryptionMaterialsRequest
- type GcmCrypter
- type GcmDecrypter
- type GcmEncrypter
- type KMSClient
- type KMSClientFactory
- type Key
- type KeyMeta
- type MasterKey
- type MasterKeyBase
- type MasterKeyFactory
- type MasterKeyProvider
- type Wrapper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AEADDecrypter ¶ added in v0.4.0
type AEADDecrypter interface {
GcmDecrypter
// ValidateHeaderAuth validates that the header authentication tag against the
// message header, and returns an error if any occurred.
ValidateHeaderAuth(derivedDataKey, headerAuthTag, headerBytes []byte) error
}
AEADDecrypter is an interface for AEAD decryption implementations.
type AEADEncrypter ¶ added in v0.4.0
type AEADEncrypter interface {
GcmEncrypter
// GenerateHeaderAuth generates the header authentication tag and returns the
// authentication tag, iv, and an error if any occurred.
GenerateHeaderAuth(derivedDataKey, headerBytes []byte) ([]byte, []byte, error)
// ConstructIV constructs the IV from the sequence number.
ConstructIV(seqNum int) []byte
}
AEADEncrypter is an interface for AEAD encryption implementations.
type BaseKeyProvider ¶
type BaseKeyProvider interface {
// ID returns the ID of the key provider.
ID() string
// Kind returns the kind of the key provider.
Kind() types.ProviderKind
// VendOnDecrypt returns true if the key provider indicates that it can decrypt
// encrypted data keys that is not registered with master key provider.
VendOnDecrypt() bool
// DecryptDataKey attempts to decrypt the encrypted data key and returns the data
// key.
DecryptDataKey(ctx context.Context, MKP MasterKeyProvider, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
// DecryptDataKeyFromList attempts to decrypt the encrypted data keys and returns
// the data key.
DecryptDataKeyFromList(ctx context.Context, MKP MasterKeyProvider, encryptedDataKeys []EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
}
BaseKeyProvider is the base interface for key provider. It responsible for a logic of decrypting encrypted data keys for an abstract MasterKeyProvider.
type CryptoMaterialsManager ¶
type CryptoMaterialsManager interface {
// GetEncryptionMaterials returns the encryption materials for the given request.
// Used during encryption process to get the encryption materials from registered
// master key providers.
GetEncryptionMaterials(ctx context.Context, request EncryptionMaterialsRequest) (EncryptionMaterial, error)
// DecryptMaterials returns the decryption materials for the given request. Used
// during decryption process to get the decryption materials from registered
// master key providers.
DecryptMaterials(ctx context.Context, request DecryptionMaterialsRequest) (DecryptionMaterial, error)
// GetInstance returns a new instance of the crypto materials manager to interact
// within encryption/decryption process.
GetInstance() CryptoMaterialsManager
}
CryptoMaterialsManager is an interface for crypto materials manager implementations.
type DataKey ¶
type DataKey struct {
// contains filtered or unexported fields
}
DataKey contains unencrypted data key and its encrypted version.
func NewDataKey ¶
NewDataKey returns a new DataKey with the given provider, dataKey, and encryptedDataKey.
func (DataKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key of data key.
func (DataKey) KeyProvider ¶
KeyProvider returns the KeyMeta of the key.
type DataKeyI ¶
type DataKeyI interface {
Key
// EncryptedDataKey returns the encrypted data key of data key.
EncryptedDataKey() []byte
// DataKey returns unencrypted data key.
DataKey() []byte
}
DataKeyI is an interface for DataKey.
type DecryptionHandler ¶ added in v0.3.0
type DecryptionHandler interface {
// Decrypt decrypts ciphertext encrypted message and returns the decrypted
// plaintext and associated message header.
Decrypt(ctx context.Context, ciphertext []byte) ([]byte, format.MessageHeader, error)
}
DecryptionHandler is an interface for decryption handler implementations.
type DecryptionMaterial ¶
type DecryptionMaterial interface {
// DataKey returns the data key used for decryption.
DataKey() DataKeyI
// VerificationKey returns a verification key used to verify footer signature. It
// returns nil if non-signing algorithm is used.
VerificationKey() []byte
}
DecryptionMaterial is an interface for decryption material.
type DecryptionMaterials ¶
type DecryptionMaterials struct {
// contains filtered or unexported fields
}
DecryptionMaterials contains the decryption materials produced by a CryptoMaterialsManager.
func NewDecryptionMaterials ¶
func NewDecryptionMaterials(dataKey DataKeyI, verificationKey []byte) *DecryptionMaterials
NewDecryptionMaterials returns a new instance of DecryptionMaterial.
func (DecryptionMaterials) DataKey ¶
func (d DecryptionMaterials) DataKey() DataKeyI
DataKey returns the data encryption key to be used for decryption.
func (DecryptionMaterials) VerificationKey ¶
func (d DecryptionMaterials) VerificationKey() []byte
VerificationKey returns a verification key used to verify footer signature. It returns nil if non-signing algorithm is used.
type DecryptionMaterialsRequest ¶
type DecryptionMaterialsRequest struct {
// Algorithm is the algorithm to be used for decryption.
Algorithm *suite.AlgorithmSuite
// EncryptedDataKeys is a list of encrypted data keys to decrypt data key.
EncryptedDataKeys []EncryptedDataKeyI
// EncryptionContext is a map of key-value pairs that will be used to decrypt data keys.
EncryptionContext suite.EncryptionContext
}
DecryptionMaterialsRequest is a request to get DecryptionMaterial from a CryptoMaterialsManager.
type EncryptedDataKey ¶
type EncryptedDataKey struct {
// contains filtered or unexported fields
}
EncryptedDataKey contains the encrypted data key and its provider.
func NewEncryptedDataKey ¶
func NewEncryptedDataKey(provider KeyMeta, encryptedDataKey []byte) *EncryptedDataKey
NewEncryptedDataKey returns a new EncryptedDataKey with the given provider and encryptedDataKey.
func (EncryptedDataKey) EncryptedDataKey ¶
func (edk EncryptedDataKey) EncryptedDataKey() []byte
EncryptedDataKey returns the encrypted data key of data key.
func (EncryptedDataKey) KeyID ¶
func (edk EncryptedDataKey) KeyID() string
KeyID returns the ID of the key.
func (EncryptedDataKey) KeyProvider ¶
func (edk EncryptedDataKey) KeyProvider() KeyMeta
KeyProvider returns the KeyMeta of the key.
type EncryptedDataKeyI ¶
type EncryptedDataKeyI interface {
Key
// EncryptedDataKey returns the encrypted data key of data key.
EncryptedDataKey() []byte
}
EncryptedDataKeyI is an interface for EncryptedDataKey.
type EncryptionBuffer ¶ added in v0.3.0
type EncryptionBuffer interface {
io.ReadWriter
// Bytes returns a slice of buffer length holding the unread portion of the
// buffer.
Bytes() []byte
// Len returns the number of bytes of the unread portion of the buffer.
Len() int
// Reset resets the buffer to be empty.
Reset()
}
EncryptionBuffer is an interface to be used as a buffer for encryption. See bytes.Buffer for more details on Bytes, Len and Reset methods.
type EncryptionHandler ¶ added in v0.3.0
type EncryptionHandler interface {
// Encrypt encrypts the plaintext and returns the encrypted ciphertext and
// associated message header.
Encrypt(ctx context.Context, source []byte, ec suite.EncryptionContext) ([]byte, format.MessageHeader, error)
}
EncryptionHandler is an interface for encryption handler implementations.
type EncryptionMaterial ¶
type EncryptionMaterial interface {
// DataEncryptionKey returns the data encryption key to be used for encryption.
DataEncryptionKey() DataKeyI
// EncryptedDataKeys returns the encrypted data keys encrypted with primary
// master key provider data key.
EncryptedDataKeys() []EncryptedDataKeyI
// EncryptionContext returns the encryption context associated with the encryption.
EncryptionContext() suite.EncryptionContext
// SigningKey returns the signing key used to sign the footer. It returns nil if
// non-signing algorithm is used.
SigningKey() *ecdsa.PrivateKey
}
EncryptionMaterial is an interface for encryption material.
type EncryptionMaterials ¶
type EncryptionMaterials struct {
// contains filtered or unexported fields
}
EncryptionMaterials contains the encryption materials produced by a CryptoMaterialsManager.
func NewEncryptionMaterials ¶
func NewEncryptionMaterials(dataEncryptionKey DataKeyI, encryptedDataKeys []EncryptedDataKeyI, ec suite.EncryptionContext, signingKey *ecdsa.PrivateKey) *EncryptionMaterials
NewEncryptionMaterials returns a new instance of EncryptionMaterials.
func (EncryptionMaterials) DataEncryptionKey ¶
func (e EncryptionMaterials) DataEncryptionKey() DataKeyI
DataEncryptionKey returns the data encryption key to be used for encryption.
func (EncryptionMaterials) EncryptedDataKeys ¶
func (e EncryptionMaterials) EncryptedDataKeys() []EncryptedDataKeyI
EncryptedDataKeys returns the encrypted data keys encrypted with primary master key provider data key.
func (EncryptionMaterials) EncryptionContext ¶
func (e EncryptionMaterials) EncryptionContext() suite.EncryptionContext
EncryptionContext returns the encryption context associated with the encryption.
func (EncryptionMaterials) SigningKey ¶
func (e EncryptionMaterials) SigningKey() *ecdsa.PrivateKey
SigningKey returns the signing key used to sign the footer. It returns nil if non-signing algorithm is used.
type EncryptionMaterialsRequest ¶
type EncryptionMaterialsRequest struct {
// EncryptionContext is a map of key-value pairs that will be used to generate
// primary data key, and encrypt other data keys.
EncryptionContext suite.EncryptionContext
// Algorithm is the algorithm to be used for encryption.
Algorithm *suite.AlgorithmSuite
// PlaintextLength is the length of the plaintext to be encrypted.
PlaintextLength int
}
EncryptionMaterialsRequest is a request to get EncryptionMaterial from a CryptoMaterialsManager.
type GcmCrypter ¶ added in v0.4.0
type GcmCrypter interface {
GcmEncrypter
GcmDecrypter
}
GcmCrypter is a combined interface for GCM encryption and decryption.
type GcmDecrypter ¶ added in v0.4.0
type GcmDecrypter interface {
// Decrypt is a method for decrypting data. It returns the decrypted plaintext,
// and an error if any occurred.
Decrypt(key, iv, ciphertext, tag, aadData []byte) ([]byte, error)
}
GcmDecrypter is an interface for GCM decryption implementations.
type GcmEncrypter ¶ added in v0.4.0
type GcmEncrypter interface {
// Encrypt is a method for encrypting data. It returns three values: the
// encrypted ciphertext, the authentication tag, and an error if any occurred
// during the encryption process.
Encrypt(key, iv, plaintext, aadData []byte) ([]byte, []byte, error)
}
GcmEncrypter is an interface for GCM encryption implementations.
type KMSClient ¶
type KMSClient interface {
GenerateDataKey(ctx context.Context, params *kms.GenerateDataKeyInput, optFns ...func(*kms.Options)) (*kms.GenerateDataKeyOutput, error)
Encrypt(ctx context.Context, params *kms.EncryptInput, optFns ...func(*kms.Options)) (*kms.EncryptOutput, error)
Decrypt(ctx context.Context, params *kms.DecryptInput, optFns ...func(*kms.Options)) (*kms.DecryptOutput, error)
}
KMSClient is an interface for the AWS KMS client.
type KMSClientFactory ¶
type KMSClientFactory interface {
NewFromConfig(cfg aws.Config, optFns ...func(options *kms.Options)) KMSClient
}
KMSClientFactory is an interface for the AWS KMS client factory.
type Key ¶
type Key interface {
// KeyProvider returns the KeyMeta of the key.
KeyProvider() KeyMeta
// KeyID returns the ID of the key.
KeyID() string
}
Key is a base interface for both DataKey and EncryptedDataKey.
type KeyMeta ¶
type KeyMeta struct {
// ProviderID is the ID of the key provider.
ProviderID string
// KeyID is the ID of the key.
KeyID string
}
KeyMeta is a struct that holds metadata of a Key.
func WithKeyMeta ¶
WithKeyMeta returns a new KeyMeta with the given providerID and keyID.
type MasterKey ¶
type MasterKey interface {
MasterKeyBase
// GenerateDataKey generates a new data key and returns it.
GenerateDataKey(ctx context.Context, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
// EncryptDataKey encrypts the data key and returns the encrypted data key.
EncryptDataKey(ctx context.Context, dataKey DataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (EncryptedDataKeyI, error)
// DecryptDataKey decrypts the encrypted data key and returns the data key.
DecryptDataKey(ctx context.Context, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
}
MasterKey is an interface for master key implementations.
type MasterKeyBase ¶
type MasterKeyBase interface {
// KeyID returns the key ID of the master key.
KeyID() string
// Metadata returns the metadata of the master key.
Metadata() KeyMeta
// OwnsDataKey returns true if key is owned by the master key. In other words,
// the key was encrypted with the master key.
OwnsDataKey(key Key) bool
}
MasterKeyBase is the base interface for all master keys.
type MasterKeyFactory ¶
type MasterKeyFactory interface {
// NewMasterKey returns a new instance of master key.
NewMasterKey(args ...interface{}) (MasterKey, error)
}
MasterKeyFactory is an interface for master key factory.
type MasterKeyProvider ¶
type MasterKeyProvider interface {
// ProviderKind returns the kind of the master key provider.
ProviderKind() types.ProviderKind
// ProviderID returns the ID of the master key provider.
ProviderID() string
// ValidateProviderID validates master key provider ID matches the given provider ID.
ValidateProviderID(otherID string) error
// AddMasterKey creates a new master key and adds it to the master key provider.
AddMasterKey(keyID string) (MasterKey, error)
// NewMasterKey returns a new instance of master key.
NewMasterKey(ctx context.Context, keyID string) (MasterKey, error)
// MasterKeysForEncryption returns the primary master key and a list of master
// keys for encryption.
MasterKeysForEncryption(ctx context.Context, ec suite.EncryptionContext) (MasterKey, []MasterKey, error)
// MasterKeyForDecrypt returns the master key for the given metadata.
MasterKeyForDecrypt(ctx context.Context, metadata KeyMeta) (MasterKey, error)
// DecryptDataKey attempts to decrypt the encrypted data key with a KeyProvider.
DecryptDataKey(ctx context.Context, encryptedDataKey EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
// DecryptDataKeyFromList attempts to decrypt the encrypted data keys with a
// KeyProvider.
DecryptDataKeyFromList(ctx context.Context, encryptedDataKeys []EncryptedDataKeyI, alg *suite.AlgorithmSuite, ec suite.EncryptionContext) (DataKeyI, error)
// ValidateMasterKey validates the master key with the given key ID.
ValidateMasterKey(keyID string) error
// MasterKeysForDecryption returns the list of master keys for decryption.
MasterKeysForDecryption() []MasterKey
}
MasterKeyProvider is an interface for master key provider implementations.
type Wrapper ¶
type Wrapper interface {
// SerializeEncryptedDataKey serializes the encrypted data key and returns the
// serialized form.
SerializeEncryptedDataKey(encryptedKey, tag, iv []byte) []byte
// DeserializeEncryptedDataKey deserializes the encrypted data key and returns
// the encrypted data key, tag and IV.
DeserializeEncryptedDataKey(b []byte, iVLen int) (encryptedData, iv []byte)
// SerializeKeyInfoPrefix serializes the key ID and returns the serialized form.
SerializeKeyInfoPrefix(keyID string) []byte
}
Wrapper is an interface for wrapping key implementations.
Source Files
Directories