data

package
v1.0.20 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 15, 2022 License: AGPL-3.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const TokenValidity = time.Hour

Validity period of tokens created with D1.CreateToken.

Variables

This section is empty.

Functions

This section is empty.

Types

type Access 

type Access struct {
	// The set of groups that have access to the associated object. The format of the key strings
	// depends on how the ID Provider implements group identifiers.
	Groups map[string]struct{}

	// The wrapped encryption key for the associated object.
	WrappedOEK []byte
}

Access is used to manage access to encrypted objects. Note: All member fields need to be exported in order for gob to serialize them.

func NewAccess 

func NewAccess(wrappedOEK []byte) Access

NewAccess creates a new access object which contains the provided wrapped key and no groups.

func (*Access) AddGroups 

func (a *Access) AddGroups(ids ...string)

AddGroups appends the provided group IDs to the access object.

func (*Access) ContainsGroups 

func (a *Access) ContainsGroups(ids ...string) bool

ContainsGroups returns true if all provided group IDs are contained in the access object, and false otherwise.

func (*Access) GetGroups 

func (a *Access) GetGroups() map[string]struct{}

GetGroups returns the set of group IDs contained in the access object.

func (*Access) RemoveGroups 

func (a *Access) RemoveGroups(ids ...string)

RemoveGroups removes the provided group IDs from the access object.

func (*Access) Seal 

func (a *Access) Seal(oid uuid.UUID, cryptor crypto.CryptorInterface) (SealedAccess, error)

Seal encrypts the access object.

type Node added in v1.0.19 

type Node struct {
	Identifier  string
	NextCounter uint64
}

Node contains an identifier (e.g. a document ID) and the counter used to compute the next label.

func (*Node) NextLabel added in v1.0.19 

func (n *Node) NextLabel(tagger crypto.TaggerInterface) ([]byte, error)

NextLabel computes the next label based on the value of NextCounter.

func (*Node) Seal added in v1.0.19 

func (n *Node) Seal(label []byte, cryptor crypto.CryptorInterface) (SealedNode, error)

Seal encrypts the plaintext Node.

type Object 

type Object struct {
	// Sensitive plaintext data that will be encrypted.
	Plaintext []byte

	// Associated data that will not be encrypted but will be authenticated.
	AssociatedData []byte
}

Object contains plaintext data provided to D1 for encryption.

func (*Object) Seal 

func (o *Object) Seal(oid uuid.UUID, cryptor crypto.CryptorInterface) ([]byte, SealedObject, error)

Seal encrypts the object and returns the wrapped encryption key and the sealed object.

type SealedAccess 

type SealedAccess struct {
	// The ID of the object this access object provides access to.
	OID uuid.UUID

	Ciphertext []byte
	WrappedKey []byte
}

SealedAccess is an encrypted structure which is used to manage access to encrypted objects.

func (*SealedAccess) Unseal 

func (a *SealedAccess) Unseal(cryptor crypto.CryptorInterface) (Access, error)

Unseal decrypts the sealed object.

type SealedNode added in v1.0.19 

type SealedNode struct {
	Ciphertext []byte
	WrappedKey []byte
}

SealedNode is an encrypted structure which defines an occurrence of a specific keyword in a specific identifier.

func (*SealedNode) Unseal added in v1.0.19 

func (n *SealedNode) Unseal(label []byte, cryptor crypto.CryptorInterface) (Node, error)

Unseal decrypts the sealed Node.

type SealedObject 

type SealedObject struct {
	// The encrypted contents of the object.
	Ciphertext []byte

	// Associated data in plaintext. This data is authenticated upon decryption, and can be used as
	// metadata about the ciphertext.
	AssociatedData []byte

	// A unique ID which identifies the object. The ID is authenticated upon decryption.
	OID uuid.UUID
}

SealedObject contains encrypted and authenticated data.

func (*SealedObject) Unseal 

func (o *SealedObject) Unseal(wrappedKey []byte, cryptor crypto.CryptorInterface) (Object, error)

Unseal uses the wrapped key to decrypt the sealed object.

type SealedToken 

type SealedToken struct {
	// The tokens expiry time. After this time, it can no longer be decrypted.
	ExpiryTime time.Time

	Ciphertext []byte
	WrappedKey []byte
}

SealedToken contains encrypted data which has an expiry time.

func TokenFromString 

func TokenFromString(tokenString string) (SealedToken, error)

TokenFromString takes a raw base 64 URL encoded token and deserializes it.

func (*SealedToken) String 

func (t *SealedToken) String() (string, error)

String serializes the sealed token into a raw base 64 URL encoded format.

func (*SealedToken) Unseal 

func (t *SealedToken) Unseal(cryptor crypto.CryptorInterface) (Token, error)

Unseal decrypts the sealed token.

type Token 

type Token struct {
	// Arbitrary plaintext data.
	Plaintext []byte

	// Expiry time at which point the data is no longer valid.
	ExpiryTime time.Time
}

Token contains arbitrary data along with an expiry time. Note: All fields need to be exported in order for gob to serialize them.

func NewToken 

func NewToken(plaintext []byte, validityPeriod time.Duration) Token

NewToken creates a new token which contains the provided plaintext and has the given validity period.

func (*Token) Seal 

func (t *Token) Seal(cryptor crypto.CryptorInterface) (SealedToken, error)

Seal encrypts the token.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.