key

package
v0.21.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2022 License: AGPL-3.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MaxSize is the maximum byte size of an encoded key.
	MaxSize = 1 << 20

	// Size is the byte size of a cryptographic key.
	Size = 256 / 8
)

Variables

This section is empty.

Functions

func LogStoreStatus added in v0.17.3 

func LogStoreStatus(ctx context.Context, store Store, interval time.Duration, out *log.Logger)

LogStoreStatus periodically fetches the Store status and writes a log message whenever the Store is not available.

It stops whenever the given Context.Done() channel returns.

func ValidName added in v0.19.2 

func ValidName(name string) bool

ValidName returns true if and only if name is a valid name for a key.

Types

type Algorithm added in v0.19.2 

type Algorithm string

Algorithm is a cryptographic algorithm that requires a cryptographic key. 

const (
	// AlgorithmGeneric is a generic value that indicates
	// that the key can be used with multiple algorithms.
	AlgorithmGeneric Algorithm = ""

	// AES256_GCM_SHA256 is an algorithm that uses HMAC-SHA256
	// for key derivation and AES256-GCM for en/decryption.
	AES256_GCM_SHA256 Algorithm = "AES256-GCM_SHA256"

	// XCHACHA20_POLY1305 is an algorithm that uses HChaCha20
	// for key derivation and ChaCha20-Poly1305 for en/decryption.
	XCHACHA20_POLY1305 Algorithm = "XCHACHA20-POLY1305"
)

func (Algorithm) KeySize added in v0.19.2 

func (a Algorithm) KeySize() int

KeySize returns the Algorithm's key size.

func (Algorithm) String added in v0.19.2 

func (a Algorithm) String() string

String returns the Algorithm's string representation.

type Cache added in v0.18.0 

type Cache struct {
	Store Store
	// contains filtered or unexported fields
}

Cache is a Store that caches keys from an underlying Store in memory.

func NewCache added in v0.18.0 

func NewCache(store Store, config *CacheConfig) *Cache

NewCache returns a new Cache that caches keys from the Store in memory.

A Cache removes cache entries when they expiry. Stop the cache to release associated resources.

func (*Cache) Create added in v0.18.0 

func (c *Cache) Create(ctx context.Context, name string, key Key) error

Create stors the givem key at the Store if and only if no entry with the given name exists.

If such an entry already exists, Create returns kes.ErrKeyExists.

func (*Cache) Delete added in v0.18.0 

func (c *Cache) Delete(ctx context.Context, name string) error

Delete deletes the key associated with the given name.

func (*Cache) Get added in v0.18.0 

func (c *Cache) Get(ctx context.Context, name string) (Key, error)

Get returns the key associated with the given name. If noc such entry exists, Get returns kes.ErrKeyNotFound.

func (*Cache) List added in v0.18.0 

func (c *Cache) List(ctx context.Context) (Iterator, error)

List returns a new Iterator over the Store.

func (*Cache) Status added in v0.18.0 

func (c *Cache) Status(ctx context.Context) (StoreState, error)

Status returns the current state of the Store.

func (*Cache) Stop added in v0.18.0 

func (c *Cache) Stop()

Stop stops all background tasks performed by the Cache.

type CacheConfig added in v0.18.0 

type CacheConfig struct {
	// Expiry is the time period keys remain, at
	// most, in the cache.
	Expiry time.Duration

	// ExpiryUnused is the time period keys remain
	// in the cache even though they are not used.
	//
	// A key that is used before one ExpiryUnused
	// interval elapses is marked as used again and
	// remains in the cache.
	ExpiryUnused time.Duration

	// ExpiryOffline is the time keys remain in the
	// offline cache, if enabled.
	//
	// The offline cache is only used when the Store
	// is not available and ExpiryOffline > 0.
	//
	// The offline cache, if enabled, gets cleared
	// whenever the Store becomes available again.
	ExpiryOffline time.Duration
}

CacheConfig is a structure containing Cache configuration options.

type Iterator 

type Iterator interface {
	// Next moves the iterator to the next key, if any.
	// This key is available until Next is called again.
	//
	// It returns true if and only if there is a new key
	// available. If there are no more keys or an error
	// has been encountered, Next returns false.
	Next() bool

	// Name returns the name of the current key. Name
	// can be called multiple times an returns the
	// same value until Next is called again.
	Name() string

	// Err returns the first error, if any, encountered
	// while iterating over the set of keys.
	Err() error
}

Iterator iterates over the names of set of cryptographic keys. 

for iterator.Next() {
    _ := iterator.Name() // Get the name of the key
}
if err := iterator.Err(); err != nil { // error handling
}

Iterator implementations may or may not reflect concurrent changes to the set of keys they iterate over. Further, they do not guarantee any ordering.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key is a symmetric cryptographic key.

func New 

func New(algorithm Algorithm, key []byte, owner kes.Identity) (Key, error)

New returns an new Key for the given cryptographic algorithm. The key len must match algorithm's key size. The returned key is owned to the specified identity.

func Parse 

func Parse(b []byte) (Key, error)

Parse parses b as encoded Key.

func Random added in v0.19.2 

func Random(algorithm Algorithm, owner kes.Identity) (Key, error)

Random generates a new random Key for the cryptographic algorithm. The returned key is owned to the specified identity.

func (*Key) Algorithm added in v0.19.2 

func (k *Key) Algorithm() Algorithm

Algorithm returns the cryptographic algorithm for which the key can be used.

func (*Key) Clone added in v0.19.2 

func (k *Key) Clone() Key

Clone returns a deep copy of the key.

func (*Key) CreatedAt added in v0.19.2 

func (k *Key) CreatedAt() time.Time

CreatedAt returns the point in time when the key has been created.

func (*Key) CreatedBy added in v0.19.2 

func (k *Key) CreatedBy() kes.Identity

CreatedBy returns the identity that created the key.

func (*Key) Equal 

func (k *Key) Equal(other Key) bool

Equal returns true if and only if both keys are identical.

func (*Key) ID 

func (k *Key) ID() string

ID returns the k's key ID.

func (Key) MarshalBinary added in v0.20.0 

func (k Key) MarshalBinary() ([]byte, error)

MarshalBinary returns the Key's binary representation.

func (Key) MarshalText added in v0.19.2 

func (k Key) MarshalText() ([]byte, error)

MarshalText returns the key's text representation.

func (*Key) UnmarshalBinary added in v0.20.0 

func (k *Key) UnmarshalBinary(b []byte) error

UnmarshalBinary unmarshals the Key's binary representation.

func (*Key) UnmarshalText added in v0.19.2 

func (k *Key) UnmarshalText(text []byte) error

UnmarshalText parses and decodes text as encoded key.

func (*Key) Unwrap 

func (k *Key) Unwrap(ciphertext, associatedData []byte) ([]byte, error)

Unwrap decrypts the ciphertext and returns the resulting plaintext.

It verifies that the associatedData matches the value used when the ciphertext has been generated.

func (*Key) Wrap 

func (k *Key) Wrap(plaintext, associatedData []byte) ([]byte, error)

Wrap encrypts the given plaintext and binds the associatedData to the returned ciphertext.

To unwrap the ciphertext the same associatedData has to be provided again.

type Store 

type Store interface {
	// Status returns the current state of the
	// Store.
	//
	// If Status fails to reach the Store - e.g.
	// due to a network error - it should return
	// a StoreState with StoreUnreachable and no
	// error.
	//
	// Status should return an error whenever it
	// fails to reach the Store but StoreUnreachable
	// is not appropriate to describe the error
	// condition.
	Status(context.Context) (StoreState, error)

	// Create stores the given key at the key store if
	// and only if no entry with the given name exists.
	//
	// If such entry exists, Create returns kes.ErrKeyExists.
	Create(ctx context.Context, name string, key Key) error

	// Delete deletes the key associated with the given name
	// from the key store. It may not return an error if no
	// entry for the given name exists.
	Delete(ctx context.Context, name string) error

	// Get returns the key associated with the given name.
	//
	// If there is no such entry, Get returns kes.ErrKeyNotFound.
	Get(ctx context.Context, name string) (Key, error)

	// List returns a new Iterator over the key store.
	//
	// The returned iterator may or may not reflect any
	// concurrent changes to the key store - i.e. creates
	// or deletes. Further, it does not provide any ordering
	// guarantees.
	List(context.Context) (Iterator, error)
}

Store is a key store that persists keys that are referenced by a unique name.

type StoreState added in v0.17.3 

type StoreState struct {
	// State is the state of the Store. A Store
	// can either be reachable or unreachable.
	State StoreStatus

	// Latency is the time elapsed to reach
	// the Store.
	Latency time.Duration
}

StoreState describes the state of a Store.

func DialStore added in v0.17.3 

func DialStore(ctx context.Context, endpoint string) (StoreState, error)

DialStore dials to the Store at the given endpoint and returns a StoreState describing the Store status.

If it succeeds to dial the Store it returns a StoreState with the StoreReachable status - never the StoreAvailable status.

If endpoint does not contain any URL scheme, DialStore uses the https URL scheme as default.

type StoreStatus added in v0.17.3 

type StoreStatus string

StoreStatus describes that the state of a Store. 

const (
	// StoreAvailable is the state of a Store
	// that is reachable and can serve requests.
	StoreAvailable StoreStatus = "available"

	// StoreReachable is the state of a Store
	// that is reachable but may not be able
	// to serve requests.
	// For example, a Store may be reachable
	// over the network but needs to be
	// initialized or unsealed to serve requests.
	StoreReachable StoreStatus = "reachable"

	// StoreUnreachable is the state of a Store
	// that is not reachable.
	StoreUnreachable StoreStatus = "unreachable"
)

func (StoreStatus) String added in v0.17.3 

func (s StoreStatus) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.