cmk

package
v0.0.0-...-e4d9425 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2023 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AesKey 

type AesKey struct {
	BaseKey
	BackingKeys         [][32]byte
	NextKeyRotation     time.Time
	ParametersForImport ParametersForImport
}

func NewAesKey 

func NewAesKey(metadata KeyMetadata, policy string, origin KeyOrigin) *AesKey

func (*AesKey) Decrypt 

func (k *AesKey) Decrypt(version uint32, ciphertext []byte, context map[string]*string) (plaintext []byte, err error)

func (*AesKey) EncryptAndPackage 

func (k *AesKey) EncryptAndPackage(plaintext []byte, context map[string]*string) (result []byte, err error)

func (*AesKey) GetArn 

func (k *AesKey) GetArn() string

func (*AesKey) GetKeyType 

func (k *AesKey) GetKeyType() KeyType

func (*AesKey) GetMetadata 

func (k *AesKey) GetMetadata() *KeyMetadata

func (*AesKey) GetParametersForImport 

func (k *AesKey) GetParametersForImport() *ParametersForImport

func (*AesKey) GetPolicy 

func (k *AesKey) GetPolicy() string

func (*AesKey) ImportKeyMaterial 

func (k *AesKey) ImportKeyMaterial(m []byte) error

func (*AesKey) RotateIfNeeded 

func (k *AesKey) RotateIfNeeded() bool

func (*AesKey) SetParametersForImport 

func (k *AesKey) SetParametersForImport(p *ParametersForImport)

func (*AesKey) UnmarshalYAML 

func (k *AesKey) UnmarshalYAML(unmarshal func(interface{}) error) error

type BaseKey 

type BaseKey struct {
	Type     KeyType
	Metadata KeyMetadata
	Policy   string
}

type EccKey 

type EccKey struct {
	BaseKey
	PrivateKey EcdsaPrivateKey
}

func NewEccKey 

func NewEccKey(spec KeySpec, metadata KeyMetadata, policy string) (*EccKey, error)

func (*EccKey) GetArn 

func (k *EccKey) GetArn() string

func (*EccKey) GetKeyType 

func (k *EccKey) GetKeyType() KeyType

func (*EccKey) GetMetadata 

func (k *EccKey) GetMetadata() *KeyMetadata

func (*EccKey) GetPolicy 

func (k *EccKey) GetPolicy() string

func (*EccKey) HashAndSign 

func (k *EccKey) HashAndSign(message []byte, algorithm SigningAlgorithm) ([]byte, error)

func (*EccKey) HashAndVerify 

func (k *EccKey) HashAndVerify(signature []byte, message []byte, algorithm SigningAlgorithm) (bool, error)

func (*EccKey) Sign 

func (k *EccKey) Sign(digest []byte, algorithm SigningAlgorithm) ([]byte, error)

func (*EccKey) UnmarshalYAML 

func (k *EccKey) UnmarshalYAML(unmarshal func(interface{}) error) error

---------------------------------------------------- Construct key from YAML (seeding) ---

func (*EccKey) Verify 

func (k *EccKey) Verify(signature []byte, digest []byte, algorithm SigningAlgorithm) (bool, error)

type EcdsaPrivateKey 

type EcdsaPrivateKey ecdsa.PrivateKey

We create our own type to manage JSON Marshaling

func (*EcdsaPrivateKey) MarshalJSON 

func (k *EcdsaPrivateKey) MarshalJSON() ([]byte, error)

func (*EcdsaPrivateKey) UnmarshalJSON 

func (k *EcdsaPrivateKey) UnmarshalJSON(data []byte) error

ecdsa.PrivateKey.Curve is an interface type, so we need to Unmarshal it ourselves to set the concrete type.

type EncryptionAlgorithm 

type EncryptionAlgorithm string
const (
	EncryptionAlgorithmAes           EncryptionAlgorithm = "SYMMETRIC_DEFAULT"
	EncryptionAlgorithmRsaOaepSha1   EncryptionAlgorithm = "RSAES_OAEP_SHA_1"
	EncryptionAlgorithmRsaOaepSha256 EncryptionAlgorithm = "RSAES_OAEP_SHA_256"
)

type ExpirationModel 

type ExpirationModel string
const (
	ExpirationModelKeyMaterialExpires       ExpirationModel = "KEY_MATERIAL_EXPIRES"
	ExpirationModelKeyMaterialDoesNotExpire ExpirationModel = "KEY_MATERIAL_DOES_NOT_EXPIRE"
)

type InvalidDigestLength 

type InvalidDigestLength struct{}

func (*InvalidDigestLength) Error 

func (v *InvalidDigestLength) Error() string

type InvalidSigningAlgorithm 

type InvalidSigningAlgorithm struct{}

func (*InvalidSigningAlgorithm) Error 

func (v *InvalidSigningAlgorithm) Error() string

type Key 

type Key interface {
	GetArn() string
	GetPolicy() string
	GetKeyType() KeyType
	GetMetadata() *KeyMetadata
}

type KeyMetadata 

type KeyMetadata struct {
	AWSAccountId    string          `json:",omitempty"`
	Arn             string          `json:",omitempty"`
	CreationDate    int64           `json:",omitempty"`
	DeletionDate    int64           `json:",omitempty"`
	Description     *string         `yaml:"Description"`
	Enabled         bool            `yaml:"Enabled"`
	ExpirationModel ExpirationModel `json:",omitempty"`
	KeyId           string          `json:",omitempty" yaml:"KeyId"`
	KeyManager      string          `json:",omitempty"`
	KeyState        KeyState        `json:",omitempty"`
	KeyUsage        KeyUsage        `json:",omitempty" yaml:"KeyUsage"`
	Origin          KeyOrigin       `json:",omitempty" yaml:"Origin"`
	ValidTo         int64           `json:",omitempty"`

	SigningAlgorithms     []SigningAlgorithm    `json:",omitempty"`
	EncryptionAlgorithms  []EncryptionAlgorithm `json:",omitempty"`
	KeySpec               KeySpec               `json:",omitempty"`
	CustomerMasterKeySpec KeySpec               `json:",omitempty"`
}

type KeyOrigin 

type KeyOrigin string
const (
	KeyOriginAwsKms      KeyOrigin = "AWS_KMS"
	KeyOriginExternal    KeyOrigin = "EXTERNAL"
	KeyOriginAwsCloudHsm KeyOrigin = "AWS_CLOUDHSM"
)

type KeySpec 

type KeySpec string
const (
	SpecSymmetricDefault KeySpec = "SYMMETRIC_DEFAULT"
	SpecEccNistP256      KeySpec = "ECC_NIST_P256"
	SpecEccNistP384      KeySpec = "ECC_NIST_P384"
	SpecEccNistP521      KeySpec = "ECC_NIST_P521"
	SpecEccSecp256k1     KeySpec = "ECC_SECG_P256K1"
	SpecRsa2048          KeySpec = "RSA_2048"
	SpecRsa3072          KeySpec = "RSA_3072"
	SpecRsa4096          KeySpec = "RSA_4096"
)

type KeyState 

type KeyState string
const (
	KeyStateEnabled         KeyState = "Enabled"
	KeyStateDisabled        KeyState = "Disabled"
	KeyStatePendingImport   KeyState = "PendingImport"
	KeyStatePendingDeletion KeyState = "PendingDeletion"
	KeyStateUnavailable     KeyState = "Unavailable"
)

type KeyType 

type KeyType int
const (
	TypeAes KeyType = iota
	TypeRsa
	TypeEcc
)

type KeyUsage 

type KeyUsage string
const (
	UsageEncryptDecrypt KeyUsage = "ENCRYPT_DECRYPT"
	UsageSignVerify     KeyUsage = "SIGN_VERIFY"
)

type ParametersForImport 

type ParametersForImport struct {
	ParametersValidTo int64
	ImportToken       []byte
	PrivateKey        rsa.PrivateKey
	WrappingAlgorithm WrappingAlgorithm
}

type RsaKey 

type RsaKey struct {
	BaseKey
	PrivateKey RsaPrivateKey
}

func NewRsaKey 

func NewRsaKey(spec KeySpec, usage KeyUsage, metadata KeyMetadata, policy string) (*RsaKey, error)

func (*RsaKey) Decrypt 

func (k *RsaKey) Decrypt(ciphertext []byte, algorithm EncryptionAlgorithm) (plaintext []byte, err error)

func (*RsaKey) Encrypt 

func (k *RsaKey) Encrypt(plaintext []byte, algorithm EncryptionAlgorithm) (result []byte, err error)

func (*RsaKey) GetArn 

func (k *RsaKey) GetArn() string

func (*RsaKey) GetKeyType 

func (k *RsaKey) GetKeyType() KeyType

func (*RsaKey) GetMetadata 

func (k *RsaKey) GetMetadata() *KeyMetadata

func (*RsaKey) GetPolicy 

func (k *RsaKey) GetPolicy() string

func (*RsaKey) HashAndSign 

func (k *RsaKey) HashAndSign(message []byte, algorithm SigningAlgorithm) ([]byte, error)

func (*RsaKey) HashAndVerify 

func (k *RsaKey) HashAndVerify(signature []byte, message []byte, algorithm SigningAlgorithm) (bool, error)

func (*RsaKey) Sign 

func (k *RsaKey) Sign(digest []byte, algorithm SigningAlgorithm) ([]byte, error)

func (*RsaKey) UnmarshalYAML 

func (k *RsaKey) UnmarshalYAML(unmarshal func(interface{}) error) error

---------------------------------------------------- Construct key from YAML (seeding) ---

func (*RsaKey) Verify 

func (k *RsaKey) Verify(signature []byte, digest []byte, algorithm SigningAlgorithm) (bool, error)

type RsaPrivateKey 

type RsaPrivateKey rsa.PrivateKey

type SigningAlgorithm 

type SigningAlgorithm string
const (
	SigningAlgorithmEcdsaSha256   SigningAlgorithm = "ECDSA_SHA_256"
	SigningAlgorithmEcdsaSha384   SigningAlgorithm = "ECDSA_SHA_384"
	SigningAlgorithmEcdsaSha512   SigningAlgorithm = "ECDSA_SHA_512"
	SigningAlgorithmRsaPssSha256  SigningAlgorithm = "RSASSA_PSS_SHA_256"
	SigningAlgorithmRsaPssSha384  SigningAlgorithm = "RSASSA_PSS_SHA_384"
	SigningAlgorithmRsaPssSha512  SigningAlgorithm = "RSASSA_PSS_SHA_512"
	SigningAlgorithmRsaPkcsSha256 SigningAlgorithm = "RSASSA_PKCS1_V1_5_SHA_256"
	SigningAlgorithmRsaPkcsSha384 SigningAlgorithm = "RSASSA_PKCS1_V1_5_SHA_384"
	SigningAlgorithmRsaPkcsSha512 SigningAlgorithm = "RSASSA_PKCS1_V1_5_SHA_512"
)

type SigningKey 

type SigningKey interface {
	Key
	Sign(digest []byte, algorithm SigningAlgorithm) ([]byte, error)
	HashAndSign(message []byte, algorithm SigningAlgorithm) ([]byte, error)
	Verify(signature []byte, digest []byte, algorithm SigningAlgorithm) (bool, error)
	HashAndVerify(signature []byte, digest []byte, algorithm SigningAlgorithm) (bool, error)
}

type UnmarshalYAMLError 

type UnmarshalYAMLError struct {
	// contains filtered or unexported fields
}

func (*UnmarshalYAMLError) Error 

func (e *UnmarshalYAMLError) Error() string

type WrappingAlgorithm 

type WrappingAlgorithm string
const (
	WrappingAlgorithmPkcs1V15  WrappingAlgorithm = "RSAES_PKCS1_V1_5"
	WrappingAlgorithmOaepSha1  WrappingAlgorithm = "RSAES_OAEP_SHA_1"
	WrappingAlgorithmOaepSh256 WrappingAlgorithm = "RSAES_OAEP_SHA_256"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.