hoard

package module
v3.0.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2019 License: Apache-2.0 Imports: 14 Imported by: 0

README

Hoard

Hoard is a stateless, deterministically encrypted, content-addressed object store.

hoarding marmot

Introduction

It convergently encrypts an object using its (SHA256) hash as the secret key (which can than be shared as a 'grant'). The address is then deterministically generated from the encrypted object's (SHA256) digest and allocated to the configured storage backend:

Supported

Installing

Hoard should be go-gettable with:

# Install Hoard-Daemon:
go get github.com/monax/hoard/cmd/hoard

# Install Hoard-Control:
go get github.com/monax/hoard/cmd/hoarctl

Usage

Hoard runs as a daemon providing a GRPC service to other clients including the command line client hoarctl. The purpose of the daemon is to read local secrets (such as PGP or other keys) and to configure itself to use a particular storage backend. You can run the daemon with:

# Run the daemon
hoard

# or with logging
hoard --logging

You can initialise a Hoard config by running one of:

# Initialise Hoard with memory backend
hoard config --init mem

# Initialise Hoard with filesystem backend
hoard config --init fs

# Initialise Hoard with S3 backend
hoard config --init aws

# Initialise Hoard with Azure backend
hoard config --init azure

# Initialise Hoard with GCS backend
hoard config --init gcp

# Initialise Hoard with IPFS backend
hoard config --init ipfs

These will provide base configurations you can configure to meet your needs. The config is located by default in $HOME/.config/hoard.toml but you can specify a file with hoard -c /path/to/config. The XDG base directory specification is used to search for config.

You can interact with Hoard using hoarctl:

# Store an object:
ref=$(echo bar | hoarctl put)

# Retrieve 'bar' from its (deterministic) reference
echo $ref | hoarctl get

# Or get information about the object without decrypting
echo $ref | hoarctl stat

# This one-liner exercises the entire API:
echo foo | hoarctl put | hoarctl get | hoarctl putseal | hoarctl unsealget | hoarctl encrypt | hoarctl insert | hoarctl stat | hoarctl cat | hoarctl decrypt -k tbudgBSg+bHWHiHnlteNzN8TUvI80ygS9IULh4rklEw= | hoarctl ref | hoarctl seal | hoarctl reseal | hoarctl unseal | hoarctl get

You can chop off segments of the final command to see the output of each intermediate command. It is contrived so that the outputs can be used as inputs for the next pipeline step. hoarctl either returns JSON references or raw bytes depending on the command. You may find the excellent jq useful for working with single-line JSON files on the command line.

Config

Using the filesystem storage backend as an example (generated with hoard init -o- fs) you can configure Hoard with a file like:

# The listen address, also supported is "unix:///tmp/hoard.socket" for a unix domain socket
ListenAddress = "tcp://localhost:53431"

[Storage]
  StorageType = "filesystem"
  # One of: base64, base32, or hex (base 16)
  AddressEncoding = "base64"
  RootDirectory = "/home/user/.local/share/hoard"

[Logging]
  LoggingType = "logfmt"
  # Removing "trace" from this array will reduce log output
  Channels = ["info", "trace"]

The default directory is $HOME/.config/hoard.toml or you can pass the file with hoard -c.

Encryption scheme

Hoard implements an encryption scheme based off the SHA256 cryptographic hash function and the symmetric block cipher AES256-GCM (Galois Counter Mode is an authenticated mode of AES). It is an example of envelope encryption where an object is encrypted with a specific one-time key and where that secret key can itself be shared by encrypting it (asymmetrically or otherwise) and publishing it to a recipient. It is motivated by and possesses the following features:

  • Usable on a publicly-accessible storage backend (strongly encrypted by AES256-GCM)
  • Addressable by the hash of the ciphertext (the bytes of encrypted object) so can be ciphertext can de-duplicated and object existence can be queried without the secret key
  • Ciphertext is recoverable from plaintext (if you have a copy of the plaintext you can check whether the ciphertext is stored and recover the secret key)
  • Permits sharing of access grants in public via asymmetric encryption of the secret key and address (can be used to implement a decentralised equivalent of access control lists)
  • Optional salt allows one to simulate random encryption keys or to add entropy to short objects

The encryption scheme relies on well-known cryptographic primitives. Given an object (just a sequence of bytes) and a salt the encryption proceeds as follows:

  1. Compute the SHA256 of the object.
  2. Prepend the salt (just arbitrary bytes) to the object.
  3. Encrypt the salted object with AES256-GCM with an empty IV (this is okay since our keys are one-time since they are based on a semantically secure hash of the object) with authenticated additional data describing the presence of the salt (authenticated additional data is a feature of GCM).
  4. Compute the SHA256 of the encrypted object.
  5. Return the output of (1) as the secretKey, the output of (3) as the encryptedData, and the output of (4) as the address.

Given an encrypted object, secret key, and salt the decryption proceeds as follows:

  1. Decrypt the encrypted object with AES256-GCM with an empty IV with secretKey and additional authenticated data associated with salt.
  2. Trim the prefix salt from the output of (1).
  3. Return the object as data from the output of (2).
Security

By design this scheme is trivially vulnerable to known-plaintext attacks (if you know the plaintext you can find the key).

It is also vulnerable to a ciphertext-only attack where a rainbow table of ciphertexts may be computed where the space of variation in a set of plaintexts is small. This occurs when the plaintexts are short or when the plaintexts are mostly identical template with a small amount of variation (an 8-digit account number for example). This is only a problem if revealing that an object has been stored at all leaks sensitive information.

The scheme should not be vulnerable to general chosen-ciphertext attacks (CCA) through the use of Galois Counter Mode with AES that is CCA-secure.

If you want known-plaintext or ciphertext-only security you can provide a salt. The salt can be of any length and can be used a number of ways. If you are encrypting short plaintexts you can agree a sufficiently long salt to be pre-shared amongst a set of parties that adds entropy to the encryption so that a rainbow table of possible values cannot be feasibly built (semantic security of SHA256 means the salt will induce an unpredictable variation of ciphertexts). In this case amongst the parties in possession of the salt the advantages of deterministic encryption are preserved. Alternatively a random hash can be used for the salt, this will induce a different secret key and address each time you encrypt the same bytes. It is effectively the same as using a random key.

The encryption is furthermore vulnerable to the same timing and length attacks that to which AES is susceptible, but for most purposes these attacks are not usually considered an issue.

Maturity

Hoard is still young, but the API should be mostly stable. The cryptographic libraries used are standard Go libraries (and Go's NACL implementation) so should be of reasonable quality and are widely deployed. The encryption scheme is straight-forward and has an isolated implementation. However there may be bugs in the implementation.

Specification

See hoard.proto for the protobuf3 definition of the API. Also see hoarctl <CMD> -h for full help on each sub-command.

Clients

Hoard uses GRPC for its API for which there is a wide range of client libraries available. You should be able to set up a client in any GRPC supported language with relative ease.

Javascript

A Javascript client library can be found here: hoard-js.

Hoard-js is a fairly lightweight wrapper around the Hoard GRPC API. It mainly serves to abstract over the dynamic protobuf library and the static protobuf generation.

Usage

First we need to have Hoard running. For development purposes this can be accomplished by:

go get github.com/monax/hoard/cmd/hoard 
# Run Hoard with logging
hoard --logging

Hoard will run with an in-memory store by default that will be discarded when it is shutdown, but will expose the same interface as when using remote storage backends.

To interact with Hoard from Node see example.js for a self-contained example of how to use every method of the API. To run use:

# Get dependencies
npm install
# Run example
node example.js

Building

To build Hoard you will need to have the following installed:

Then, from the project root run:

# Install protobuf GRPC plugin, glide, and glide dependencies
make protobuf_deps
# Run checks, tests, and build binaries
make build && make install

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewHoardServer 

func NewHoardServer(des DeterministicEncryptedStore, gs GrantService) *grpcService

func RegisterCleartextServer 

func RegisterCleartextServer(s *grpc.Server, srv CleartextServer)

func RegisterEncryptionServer 

func RegisterEncryptionServer(s *grpc.Server, srv EncryptionServer)

func RegisterGrantServer 

func RegisterGrantServer(s *grpc.Server, srv GrantServer)

func RegisterStorageServer 

func RegisterStorageServer(s *grpc.Server, srv StorageServer)

Types

type Address 

type Address struct {
	Address              []byte   `protobuf:"bytes,1,opt,name=Address,proto3" json:"Address,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Address) Descriptor 

func (*Address) Descriptor() ([]byte, []int)

func (*Address) GetAddress 

func (m *Address) GetAddress() []byte

func (*Address) ProtoMessage 

func (*Address) ProtoMessage()

func (*Address) ProtoSize 

func (m *Address) ProtoSize() (n int)

func (*Address) Reset 

func (m *Address) Reset()

func (*Address) String 

func (m *Address) String() string

func (*Address) XXX_DiscardUnknown 

func (m *Address) XXX_DiscardUnknown()

func (*Address) XXX_Marshal 

func (m *Address) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Address) XXX_Merge 

func (dst *Address) XXX_Merge(src proto.Message)

func (*Address) XXX_Size 

func (m *Address) XXX_Size() int

func (*Address) XXX_Unmarshal 

func (m *Address) XXX_Unmarshal(b []byte) error

type Ciphertext 

type Ciphertext struct {
	EncryptedData        []byte   `protobuf:"bytes,1,opt,name=EncryptedData,proto3" json:"EncryptedData,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Ciphertext) Descriptor 

func (*Ciphertext) Descriptor() ([]byte, []int)

func (*Ciphertext) GetEncryptedData 

func (m *Ciphertext) GetEncryptedData() []byte

func (*Ciphertext) ProtoMessage 

func (*Ciphertext) ProtoMessage()

func (*Ciphertext) ProtoSize 

func (m *Ciphertext) ProtoSize() (n int)

func (*Ciphertext) Reset 

func (m *Ciphertext) Reset()

func (*Ciphertext) String 

func (m *Ciphertext) String() string

func (*Ciphertext) XXX_DiscardUnknown 

func (m *Ciphertext) XXX_DiscardUnknown()

func (*Ciphertext) XXX_Marshal 

func (m *Ciphertext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Ciphertext) XXX_Merge 

func (dst *Ciphertext) XXX_Merge(src proto.Message)

func (*Ciphertext) XXX_Size 

func (m *Ciphertext) XXX_Size() int

func (*Ciphertext) XXX_Unmarshal 

func (m *Ciphertext) XXX_Unmarshal(b []byte) error

type CleartextClient 

type CleartextClient interface {
	// Push some plaintext data into storage and get its deterministically
	// generated secret reference.
	Put(ctx context.Context, in *Plaintext, opts ...grpc.CallOption) (*reference.Ref, error)
	// Provide a secret reference to an encrypted blob and get the plaintext
	// data back.
	Get(ctx context.Context, in *reference.Ref, opts ...grpc.CallOption) (*Plaintext, error)
}

CleartextClient is the client API for Cleartext service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewCleartextClient 

func NewCleartextClient(cc *grpc.ClientConn) CleartextClient

type CleartextServer 

type CleartextServer interface {
	// Push some plaintext data into storage and get its deterministically
	// generated secret reference.
	Put(context.Context, *Plaintext) (*reference.Ref, error)
	// Provide a secret reference to an encrypted blob and get the plaintext
	// data back.
	Get(context.Context, *reference.Ref) (*Plaintext, error)
}

CleartextServer is the server API for Cleartext service.

type DeterministicEncryptedStore 

type DeterministicEncryptedStore interface {
	DeterministicEncryptor
	// Get encrypted data from underlying storage at address and decrypt it using
	// secretKey
	Get(ref *reference.Ref) (data []byte, err error)
	// Encrypt data and put it in underlying storage
	Put(data, salt []byte) (*reference.Ref, error)
	// Get the underlying ContentAddressedStore
	Store() storage.ContentAddressedStore
}

type DeterministicEncryptor 

type DeterministicEncryptor interface {
	// Encrypt data and return it along with reference
	Encrypt(data, salt []byte) (ref *reference.Ref, encryptedData []byte, err error)
	// Encrypt data and return it along with reference
	Decrypt(ref *reference.Ref, encryptedData []byte) (data []byte, err error)
}

type EncryptionClient 

type EncryptionClient interface {
	// Encrypt some data and get its deterministically generated
	// secret reference including its address without storing the data.
	Encrypt(ctx context.Context, in *Plaintext, opts ...grpc.CallOption) (*ReferenceAndCiphertext, error)
	// Decrypt the provided data by supplying it alongside its secret
	// reference. The address is not used for decryption and may be omitted.
	Decrypt(ctx context.Context, in *ReferenceAndCiphertext, opts ...grpc.CallOption) (*Plaintext, error)
}

EncryptionClient is the client API for Encryption service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewEncryptionClient 

func NewEncryptionClient(cc *grpc.ClientConn) EncryptionClient

type EncryptionServer 

type EncryptionServer interface {
	// Encrypt some data and get its deterministically generated
	// secret reference including its address without storing the data.
	Encrypt(context.Context, *Plaintext) (*ReferenceAndCiphertext, error)
	// Decrypt the provided data by supplying it alongside its secret
	// reference. The address is not used for decryption and may be omitted.
	Decrypt(context.Context, *ReferenceAndCiphertext) (*Plaintext, error)
}

EncryptionServer is the server API for Encryption service.

type GrantAndGrantSpec 

type GrantAndGrantSpec struct {
	Grant *grant.Grant `protobuf:"bytes,1,opt,name=Grant" json:"Grant,omitempty"`
	// The type of grant to output
	GrantSpec            *grant.Spec `protobuf:"bytes,2,opt,name=GrantSpec" json:"GrantSpec,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

func (*GrantAndGrantSpec) Descriptor 

func (*GrantAndGrantSpec) Descriptor() ([]byte, []int)

func (*GrantAndGrantSpec) GetGrant 

func (m *GrantAndGrantSpec) GetGrant() *grant.Grant

func (*GrantAndGrantSpec) GetGrantSpec 

func (m *GrantAndGrantSpec) GetGrantSpec() *grant.Spec

func (*GrantAndGrantSpec) ProtoMessage 

func (*GrantAndGrantSpec) ProtoMessage()

func (*GrantAndGrantSpec) ProtoSize 

func (m *GrantAndGrantSpec) ProtoSize() (n int)

func (*GrantAndGrantSpec) Reset 

func (m *GrantAndGrantSpec) Reset()

func (*GrantAndGrantSpec) String 

func (m *GrantAndGrantSpec) String() string

func (*GrantAndGrantSpec) XXX_DiscardUnknown 

func (m *GrantAndGrantSpec) XXX_DiscardUnknown()

func (*GrantAndGrantSpec) XXX_Marshal 

func (m *GrantAndGrantSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GrantAndGrantSpec) XXX_Merge 

func (dst *GrantAndGrantSpec) XXX_Merge(src proto.Message)

func (*GrantAndGrantSpec) XXX_Size 

func (m *GrantAndGrantSpec) XXX_Size() int

func (*GrantAndGrantSpec) XXX_Unmarshal 

func (m *GrantAndGrantSpec) XXX_Unmarshal(b []byte) error

type GrantClient 

type GrantClient interface {
	// Seal a Reference to create a Grant
	Seal(ctx context.Context, in *ReferenceAndGrantSpec, opts ...grpc.CallOption) (*grant.Grant, error)
	// Unseal a Grant to recover the Reference
	Unseal(ctx context.Context, in *grant.Grant, opts ...grpc.CallOption) (*reference.Ref, error)
	// Convert one grant to another grant to re-share with another party or just
	// to change grant type
	Reseal(ctx context.Context, in *GrantAndGrantSpec, opts ...grpc.CallOption) (*grant.Grant, error)
	// Put a Plaintext and returned the sealed Reference as a Grant
	PutSeal(ctx context.Context, in *PlaintextAndGrantSpec, opts ...grpc.CallOption) (*grant.Grant, error)
	// Unseal a Grant and follow the Reference to return a Plaintext
	UnsealGet(ctx context.Context, in *grant.Grant, opts ...grpc.CallOption) (*Plaintext, error)
}

GrantClient is the client API for Grant service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewGrantClient 

func NewGrantClient(cc *grpc.ClientConn) GrantClient

type GrantServer 

type GrantServer interface {
	// Seal a Reference to create a Grant
	Seal(context.Context, *ReferenceAndGrantSpec) (*grant.Grant, error)
	// Unseal a Grant to recover the Reference
	Unseal(context.Context, *grant.Grant) (*reference.Ref, error)
	// Convert one grant to another grant to re-share with another party or just
	// to change grant type
	Reseal(context.Context, *GrantAndGrantSpec) (*grant.Grant, error)
	// Put a Plaintext and returned the sealed Reference as a Grant
	PutSeal(context.Context, *PlaintextAndGrantSpec) (*grant.Grant, error)
	// Unseal a Grant and follow the Reference to return a Plaintext
	UnsealGet(context.Context, *grant.Grant) (*Plaintext, error)
}

GrantServer is the server API for Grant service.

type GrantService 

type GrantService interface {
	// Seal a reference by encrypting it according to a grant spec
	Seal(ref *reference.Ref, spec *grant.Spec) (*grant.Grant, error)
	// Unseal a grant by decrypting it and returning the reference
	Unseal(grt *grant.Grant) (*reference.Ref, error)
}

type Hoard 

type Hoard struct {
	// contains filtered or unexported fields
}

This is our top level API object providing library acting as a deterministic encrypted store and a grant issuer. It can be consumed as a Go library or as a GRPC service through grpcService which just plumbs this object into the hoard.proto interface.

func NewHoard 

func NewHoard(store storage.NamedStore, secrets secrets.Manager, logger log.Logger) *Hoard

func (*Hoard) Decrypt 

func (hrd *Hoard) Decrypt(ref *reference.Ref, encryptedData []byte) ([]byte, error)

Decrypt data using reference

func (*Hoard) Encrypt 

func (hrd *Hoard) Encrypt(data, salt []byte) (*reference.Ref, []byte, error)

Encrypt data and get reference

func (*Hoard) Get 

func (hrd *Hoard) Get(ref *reference.Ref) ([]byte, error)

Gets encrypted blob

func (*Hoard) Name 

func (hrd *Hoard) Name() string

func (*Hoard) Put 

func (hrd *Hoard) Put(data, salt []byte) (*reference.Ref, error)

Encrypts data and stores it in underlying store and returns the address

func (*Hoard) Seal 

func (hrd *Hoard) Seal(ref *reference.Ref, spec *grant.Spec) (*grant.Grant, error)

func (*Hoard) Store 

func (hrd *Hoard) Store() storage.ContentAddressedStore

func (*Hoard) Unseal 

func (hrd *Hoard) Unseal(grt *grant.Grant) (*reference.Ref, error)

type Plaintext 

type Plaintext struct {
	Data                 []byte   `protobuf:"bytes,1,opt,name=Data,proto3" json:"Data,omitempty"`
	Salt                 []byte   `protobuf:"bytes,2,opt,name=Salt,proto3" json:"Salt,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Plaintext) Descriptor 

func (*Plaintext) Descriptor() ([]byte, []int)

func (*Plaintext) GetData 

func (m *Plaintext) GetData() []byte

func (*Plaintext) GetSalt 

func (m *Plaintext) GetSalt() []byte

func (*Plaintext) ProtoMessage 

func (*Plaintext) ProtoMessage()

func (*Plaintext) ProtoSize 

func (m *Plaintext) ProtoSize() (n int)

func (*Plaintext) Reset 

func (m *Plaintext) Reset()

func (*Plaintext) String 

func (m *Plaintext) String() string

func (*Plaintext) XXX_DiscardUnknown 

func (m *Plaintext) XXX_DiscardUnknown()

func (*Plaintext) XXX_Marshal 

func (m *Plaintext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Plaintext) XXX_Merge 

func (dst *Plaintext) XXX_Merge(src proto.Message)

func (*Plaintext) XXX_Size 

func (m *Plaintext) XXX_Size() int

func (*Plaintext) XXX_Unmarshal 

func (m *Plaintext) XXX_Unmarshal(b []byte) error

type PlaintextAndGrantSpec 

type PlaintextAndGrantSpec struct {
	Plaintext *Plaintext `protobuf:"bytes,1,opt,name=Plaintext" json:"Plaintext,omitempty"`
	// The type of grant to output
	GrantSpec            *grant.Spec `protobuf:"bytes,2,opt,name=GrantSpec" json:"GrantSpec,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

func (*PlaintextAndGrantSpec) Descriptor 

func (*PlaintextAndGrantSpec) Descriptor() ([]byte, []int)

func (*PlaintextAndGrantSpec) GetGrantSpec 

func (m *PlaintextAndGrantSpec) GetGrantSpec() *grant.Spec

func (*PlaintextAndGrantSpec) GetPlaintext 

func (m *PlaintextAndGrantSpec) GetPlaintext() *Plaintext

func (*PlaintextAndGrantSpec) ProtoMessage 

func (*PlaintextAndGrantSpec) ProtoMessage()

func (*PlaintextAndGrantSpec) ProtoSize 

func (m *PlaintextAndGrantSpec) ProtoSize() (n int)

func (*PlaintextAndGrantSpec) Reset 

func (m *PlaintextAndGrantSpec) Reset()

func (*PlaintextAndGrantSpec) String 

func (m *PlaintextAndGrantSpec) String() string

func (*PlaintextAndGrantSpec) XXX_DiscardUnknown 

func (m *PlaintextAndGrantSpec) XXX_DiscardUnknown()

func (*PlaintextAndGrantSpec) XXX_Marshal 

func (m *PlaintextAndGrantSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PlaintextAndGrantSpec) XXX_Merge 

func (dst *PlaintextAndGrantSpec) XXX_Merge(src proto.Message)

func (*PlaintextAndGrantSpec) XXX_Size 

func (m *PlaintextAndGrantSpec) XXX_Size() int

func (*PlaintextAndGrantSpec) XXX_Unmarshal 

func (m *PlaintextAndGrantSpec) XXX_Unmarshal(b []byte) error

type ReferenceAndCiphertext 

type ReferenceAndCiphertext struct {
	Reference            *reference.Ref `protobuf:"bytes,1,opt,name=Reference" json:"Reference,omitempty"`
	Ciphertext           *Ciphertext    `protobuf:"bytes,2,opt,name=Ciphertext" json:"Ciphertext,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

func (*ReferenceAndCiphertext) Descriptor 

func (*ReferenceAndCiphertext) Descriptor() ([]byte, []int)

func (*ReferenceAndCiphertext) GetCiphertext 

func (m *ReferenceAndCiphertext) GetCiphertext() *Ciphertext

func (*ReferenceAndCiphertext) GetReference 

func (m *ReferenceAndCiphertext) GetReference() *reference.Ref

func (*ReferenceAndCiphertext) ProtoMessage 

func (*ReferenceAndCiphertext) ProtoMessage()

func (*ReferenceAndCiphertext) ProtoSize 

func (m *ReferenceAndCiphertext) ProtoSize() (n int)

func (*ReferenceAndCiphertext) Reset 

func (m *ReferenceAndCiphertext) Reset()

func (*ReferenceAndCiphertext) String 

func (m *ReferenceAndCiphertext) String() string

func (*ReferenceAndCiphertext) XXX_DiscardUnknown 

func (m *ReferenceAndCiphertext) XXX_DiscardUnknown()

func (*ReferenceAndCiphertext) XXX_Marshal 

func (m *ReferenceAndCiphertext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReferenceAndCiphertext) XXX_Merge 

func (dst *ReferenceAndCiphertext) XXX_Merge(src proto.Message)

func (*ReferenceAndCiphertext) XXX_Size 

func (m *ReferenceAndCiphertext) XXX_Size() int

func (*ReferenceAndCiphertext) XXX_Unmarshal 

func (m *ReferenceAndCiphertext) XXX_Unmarshal(b []byte) error

type ReferenceAndGrantSpec 

type ReferenceAndGrantSpec struct {
	Reference *reference.Ref `protobuf:"bytes,1,opt,name=Reference" json:"Reference,omitempty"`
	// The type of grant to output
	GrantSpec            *grant.Spec `protobuf:"bytes,2,opt,name=GrantSpec" json:"GrantSpec,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

func (*ReferenceAndGrantSpec) Descriptor 

func (*ReferenceAndGrantSpec) Descriptor() ([]byte, []int)

func (*ReferenceAndGrantSpec) GetGrantSpec 

func (m *ReferenceAndGrantSpec) GetGrantSpec() *grant.Spec

func (*ReferenceAndGrantSpec) GetReference 

func (m *ReferenceAndGrantSpec) GetReference() *reference.Ref

func (*ReferenceAndGrantSpec) ProtoMessage 

func (*ReferenceAndGrantSpec) ProtoMessage()

func (*ReferenceAndGrantSpec) ProtoSize 

func (m *ReferenceAndGrantSpec) ProtoSize() (n int)

func (*ReferenceAndGrantSpec) Reset 

func (m *ReferenceAndGrantSpec) Reset()

func (*ReferenceAndGrantSpec) String 

func (m *ReferenceAndGrantSpec) String() string

func (*ReferenceAndGrantSpec) XXX_DiscardUnknown 

func (m *ReferenceAndGrantSpec) XXX_DiscardUnknown()

func (*ReferenceAndGrantSpec) XXX_Marshal 

func (m *ReferenceAndGrantSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReferenceAndGrantSpec) XXX_Merge 

func (dst *ReferenceAndGrantSpec) XXX_Merge(src proto.Message)

func (*ReferenceAndGrantSpec) XXX_Size 

func (m *ReferenceAndGrantSpec) XXX_Size() int

func (*ReferenceAndGrantSpec) XXX_Unmarshal 

func (m *ReferenceAndGrantSpec) XXX_Unmarshal(b []byte) error

type StorageClient 

type StorageClient interface {
	// Insert the (presumably) encrypted data provided and get the its address.
	Push(ctx context.Context, in *Ciphertext, opts ...grpc.CallOption) (*Address, error)
	// Retrieve the (presumably) encrypted data stored at address.
	Pull(ctx context.Context, in *Address, opts ...grpc.CallOption) (*Ciphertext, error)
	// Get some information about the encrypted blob stored at an address,
	// including whether it exists.
	Stat(ctx context.Context, in *Address, opts ...grpc.CallOption) (*storage.StatInfo, error)
}

StorageClient is the client API for Storage service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewStorageClient 

func NewStorageClient(cc *grpc.ClientConn) StorageClient

type StorageServer 

type StorageServer interface {
	// Insert the (presumably) encrypted data provided and get the its address.
	Push(context.Context, *Ciphertext) (*Address, error)
	// Retrieve the (presumably) encrypted data stored at address.
	Pull(context.Context, *Address) (*Ciphertext, error)
	// Get some information about the encrypted blob stored at an address,
	// including whether it exists.
	Stat(context.Context, *Address) (*storage.StatInfo, error)
}

StorageServer is the server API for Storage service.

Source Files

View all Source files

Directories

Path Synopsis
cmd
hoarctl
hoard
logging
secrets
source
storage
loggers
structure
cmd/changelog
cmd/notes
cmd/version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.