sw

package
v2.1.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2020 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AESCBCPKCS7Decrypt

func AESCBCPKCS7Decrypt(key, src []byte) ([]byte, error)

AESCBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding

func AESCBCPKCS7Encrypt

func AESCBCPKCS7Encrypt(key, src []byte) ([]byte, error)

AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding

func AESCBCPKCS7EncryptWithIV

func AESCBCPKCS7EncryptWithIV(IV []byte, key, src []byte) ([]byte, error)

AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding, the IV used is the one passed to the function

func AESCBCPKCS7EncryptWithRand

func AESCBCPKCS7EncryptWithRand(prng io.Reader, key, src []byte) ([]byte, error)

AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding using as prng the passed to the function

func GetRandomBytes

func GetRandomBytes(len int) ([]byte, error)

GetRandomBytes returns len random looking bytes

func NewDefaultSecurityLevel

func NewDefaultSecurityLevel(keyStorePath string) (bccsp.BCCSP, error)

NewDefaultSecurityLevel returns a new instance of the software-based BCCSP at security level 256, hash family SHA2 and using FolderBasedKeyStore as KeyStore.

func NewDefaultSecurityLevelWithKeystore

func NewDefaultSecurityLevelWithKeystore(keyStore bccsp.KeyStore) (bccsp.BCCSP, error)

NewDefaultSecurityLevel returns a new instance of the software-based BCCSP at security level 256, hash family SHA2 and using the passed KeyStore.

func NewDummyKeyStore

func NewDummyKeyStore() bccsp.KeyStore

NewDummyKeyStore instantiate a dummy key store that neither loads nor stores keys

func NewFileBasedKeyStore

func NewFileBasedKeyStore(pwd []byte, path string, readOnly bool) (bccsp.KeyStore, error)

NewFileBasedKeyStore instantiated a file-based key store at a given position. The key store can be encrypted if a non-empty password is specified. It can be also be set as read only. In this case, any store operation will be forbidden

func NewInMemoryKeyStore

func NewInMemoryKeyStore() bccsp.KeyStore

NewInMemoryKeyStore instantiates an ephemeral in-memory keystore

func NewWithParams

func NewWithParams(securityLevel int, hashFamily string, keyStore bccsp.KeyStore) (bccsp.BCCSP, error)

NewWithParams returns a new instance of the software-based BCCSP set at the passed security level, hash family and KeyStore.

Types

type CSP

type CSP struct {
	KeyGenerators map[reflect.Type]KeyGenerator
	KeyDerivers   map[reflect.Type]KeyDeriver
	KeyImporters  map[reflect.Type]KeyImporter
	Encryptors    map[reflect.Type]Encryptor
	Decryptors    map[reflect.Type]Decryptor
	Signers       map[reflect.Type]Signer
	Verifiers     map[reflect.Type]Verifier
	Hashers       map[reflect.Type]Hasher
	// contains filtered or unexported fields
}

CSP provides a generic implementation of the BCCSP interface based on wrappers. It can be customized by providing implementations for the following algorithm-based wrappers: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher. Each wrapper is bound to a goland type representing either an option or a key.

func New

func New(keyStore bccsp.KeyStore) (*CSP, error)

func (*CSP) AddWrapper

func (csp *CSP) AddWrapper(t reflect.Type, w interface{}) error

AddWrapper binds the passed type to the passed wrapper. Notice that that wrapper must be an instance of one of the following interfaces: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher.

func (*CSP) Decrypt

func (csp *CSP) Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)

Decrypt decrypts ciphertext using key k. The opts argument should be appropriate for the primitive used.

func (*CSP) Encrypt

func (csp *CSP) Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) ([]byte, error)

Encrypt encrypts plaintext using key k. The opts argument should be appropriate for the primitive used.

func (*CSP) GetHash

func (csp *CSP) GetHash(opts bccsp.HashOpts) (h hash.Hash, err error)

GetHash returns and instance of hash.Hash using options opts. If opts is nil then the default hash function is returned.

func (*CSP) GetKey

func (csp *CSP) GetKey(ski []byte) (k bccsp.Key, err error)

GetKey returns the key this CSP associates to the Subject Key Identifier ski.

func (*CSP) Hash

func (csp *CSP) Hash(msg []byte, opts bccsp.HashOpts) (digest []byte, err error)

Hash hashes messages msg using options opts.

func (*CSP) KeyDeriv

func (csp *CSP) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)

KeyDeriv derives a key from k using opts. The opts argument should be appropriate for the primitive used.

func (*CSP) KeyGen

func (csp *CSP) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)

KeyGen generates a key using opts.

func (*CSP) KeyImport

func (csp *CSP) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)

KeyImport imports a key from its raw representation using opts. The opts argument should be appropriate for the primitive used.

func (*CSP) Sign

func (csp *CSP) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)

Sign signs digest using key k. The opts argument should be appropriate for the primitive used.

Note that when a signature of a hash of a larger message is needed, the caller is responsible for hashing the larger message and passing the hash (as digest).

func (*CSP) Verify

func (csp *CSP) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)

Verify verifies signature against key k and digest

type Decryptor

type Decryptor interface {

	// Decrypt decrypts ciphertext using key k.
	// The opts argument should be appropriate for the algorithm used.
	Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)
}

Decryptor is a BCCSP-like interface that provides decryption algorithms

type Encryptor

type Encryptor interface {

	// Encrypt encrypts plaintext using key k.
	// The opts argument should be appropriate for the algorithm used.
	Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) (ciphertext []byte, err error)
}

Encryptor is a BCCSP-like interface that provides encryption algorithms

type Hasher

type Hasher interface {

	// Hash hashes messages msg using options opts.
	// If opts is nil, the default hash function will be used.
	Hash(msg []byte, opts bccsp.HashOpts) (hash []byte, err error)

	// GetHash returns and instance of hash.Hash using options opts.
	// If opts is nil, the default hash function will be returned.
	GetHash(opts bccsp.HashOpts) (h hash.Hash, err error)
}

Hasher is a BCCSP-like interface that provides hash algorithms

type KeyDeriver

type KeyDeriver interface {

	// KeyDeriv derives a key from k using opts.
	// The opts argument should be appropriate for the primitive used.
	KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
}

KeyDeriver is a BCCSP-like interface that provides key derivation algorithms

type KeyGenerator

type KeyGenerator interface {

	// KeyGen generates a key using opts.
	KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
}

KeyGenerator is a BCCSP-like interface that provides key generation algorithms

type KeyImporter

type KeyImporter interface {

	// KeyImport imports a key from its raw representation using opts.
	// The opts argument should be appropriate for the primitive used.
	KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
}

KeyImporter is a BCCSP-like interface that provides key import algorithms

type Signer

type Signer interface {

	// Sign signs digest using key k.
	// The opts argument should be appropriate for the algorithm used.
	//
	// Note that when a signature of a hash of a larger message is needed,
	// the caller is responsible for hashing the larger message and passing
	// the hash (as digest).
	Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
}

Signer is a BCCSP-like interface that provides signing algorithms

type Verifier

type Verifier interface {

	// Verify verifies signature against key k and digest
	// The opts argument should be appropriate for the algorithm used.
	Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
}

Verifier is a BCCSP-like interface that provides verifying algorithms

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL