parsec

package
v0.0.0-...-f0a77d2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2022 License: Apache-2.0 Imports: 12 Imported by: 2

Documentation

Overview

Copyright 2021 Contributors to the Parsec project. SPDX-License-Identifier: Apache-2.0

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator 

type Authenticator interface {

	// GetAuthenticatorType return the type of this authenticator.
	GetAuthenticatorType() AuthenticatorType
	// contains filtered or unexported methods
}

Authenticator object providing authenticator functionality to the basic client.

func NewDirectAuthenticator 

func NewDirectAuthenticator(appName string) Authenticator

NewDirectAuthenticator creates an authenticator which uses the supplied appName as the means of authentication with the parsec service

func NewNoAuthAuthenticator 

func NewNoAuthAuthenticator() Authenticator

NewNoAuthAuthenticator creates an authenticator that does no authentication. Used only for testing, or for initial connection when discovering the available authenticators to select a default.

func NewUnixPeerAuthenticator 

func NewUnixPeerAuthenticator() Authenticator

NewUnixPeerAuthenticator creates a new authenticator which uses current logged in user id as authentication to the parsec service

type AuthenticatorInfo 

type AuthenticatorInfo struct {
	ID          AuthenticatorType
	Description string
	VersionMaj  uint32
	VersionMin  uint32
	VersionRev  uint32
}

AuthenticatorInfo contains information about an authenticator. Id is the id used to select the authenticator Name name of the authenticator

type AuthenticatorType 

type AuthenticatorType uint8

AuthenticatorType enum to identify authenticators 

const (
	AuthNoAuth AuthenticatorType = AuthenticatorType(auth.AuthNoAuth)
	// Direct authentication
	AuthDirect AuthenticatorType = AuthenticatorType(auth.AuthDirect)
	// JSON Web Tokens (JWT) authentication (not currently supported)
	AuthJwt AuthenticatorType = AuthenticatorType(auth.AuthJwt)
	// Unix peer credentials authentication
	AuthUnixPeerCredentials AuthenticatorType = AuthenticatorType(auth.AuthUnixPeerCredentials)
	// Authentication verifying a JWT SPIFFE Verifiable Identity Document
	AuthJwtSvid AuthenticatorType = AuthenticatorType(auth.AuthJwtSvid)
)

Authenticator Types

type BasicClient 

type BasicClient struct {
	// contains filtered or unexported fields
}

BasicClient is a Parsec client representing a connection and set of API implementations

func CreateConfiguredClient 

func CreateConfiguredClient(config interface{}) (*BasicClient, error)

CreateConfiguredClient initializes a Parsec client This will autoselect the first provider returned by the parsec service. It will also attempt to select the first available authenticator it can configure. The config can either be a *ClientConfig or a string. If it is a string, then this is used as an application name if the default authenticator is the Direct Authenticator - it will be ignored otherwise. If nil is passed, then the client will try and find the first supported authenticator that requires no configuration.

func CreateNakedClient 

func CreateNakedClient() (*BasicClient, error)

CreateNakedClient creates a Parsec client, setting implicit provider to ProviderCore and setting the authenticator to NoAuth.

func (*BasicClient) Close 

func (c *BasicClient) Close() error

Close the client and any underlying connections

func (BasicClient) DeleteClient 

func (c BasicClient) DeleteClient(client string) error

Delete a client. Requires admin privileges

func (*BasicClient) GetAuthenticatorType 

func (c *BasicClient) GetAuthenticatorType() AuthenticatorType

GetAuthenticatorType returns the type of authenticator currently in use

func (*BasicClient) GetImplicitProvider 

func (c *BasicClient) GetImplicitProvider() ProviderID

GetImplicitProvider returns the provider used for non-core operations

func (BasicClient) ListAuthenticators 

func (c BasicClient) ListAuthenticators() ([]*AuthenticatorInfo, error)

ListAuthenticators obtain authenticators supported by server

func (BasicClient) ListClients 

func (c BasicClient) ListClients() ([]string, error)

ListClients lists the clients. Requires admin privileges

func (BasicClient) ListKeys 

func (c BasicClient) ListKeys() ([]*KeyInfo, error)

ListKeys obtain keys stored for current application

func (BasicClient) ListOpcodes 

func (c BasicClient) ListOpcodes(providerID ProviderID) ([]uint32, error)

ListOpcodes list the opcodes for a provider

func (BasicClient) ListProviders 

func (c BasicClient) ListProviders() ([]*ProviderInfo, error)

ListProviders returns a list of the providers supported by the server.

func (BasicClient) Ping 

func (c BasicClient) Ping() (uint8, uint8, error)

Ping server and return wire protocol major and minor version number

func (BasicClient) PsaAeadDecrypt 

func (c BasicClient) PsaAeadDecrypt(keyName string, alg *algorithm.AeadAlgorithm, nonce, additionalData, ciphertext []byte) ([]byte, error)

PsaAeadDecrypt decrypts Aead encrypted cipher text and validates authenticates over nonce, additionalData and plaintext. Returns plaintext

func (BasicClient) PsaAeadEncrypt 

func (c BasicClient) PsaAeadEncrypt(keyName string, alg *algorithm.AeadAlgorithm, nonce, additionalData, plaintext []byte) ([]byte, error)

PsaAeadEncrypt encrypts plaintext and provides authentication protection to plaintext, nonce and additionalData, returns ciphertext

func (BasicClient) PsaAsymmetricDecrypt 

func (c BasicClient) PsaAsymmetricDecrypt(keyName string, alg *algorithm.AsymmetricEncryptionAlgorithm, salt, ciphertext []byte) ([]byte, error)

PsaAsymmetricDecrypt decrypt ciphertext using specified key and asymmetric algorithm. Returns plaintext.

func (BasicClient) PsaAsymmetricEncrypt 

func (c BasicClient) PsaAsymmetricEncrypt(keyName string, alg *algorithm.AsymmetricEncryptionAlgorithm, salt, plaintext []byte) ([]byte, error)

PsaAsymmetricEncrypt encrypt plaintext using specified asymmetric key and algorithm. Returns ciphertext.

func (BasicClient) PsaCipherDecrypt 

func (c BasicClient) PsaCipherDecrypt(keyName string, alg *algorithm.Cipher, ciphertext []byte) ([]byte, error)

PsaCipherDecrypt decrypts symmetrically encrypted ciphertext using defined key/algorithm, returning plaintext

func (BasicClient) PsaCipherEncrypt 

func (c BasicClient) PsaCipherEncrypt(keyName string, alg *algorithm.Cipher, plaintext []byte) ([]byte, error)

PsaCipherEncrypt carries out symmetric encryption on plaintext using defined key/algorithm, returning ciphertext

func (BasicClient) PsaDestroyKey 

func (c BasicClient) PsaDestroyKey(name string) error

PsaDestroyKey destroys a key with given name

func (BasicClient) PsaExportKey 

func (c BasicClient) PsaExportKey(keyName string) ([]byte, error)

PsaExportKey exports the key, if it is exportable.

func (BasicClient) PsaExportPublicKey 

func (c BasicClient) PsaExportPublicKey(keyName string) ([]byte, error)

PsaExportPublicKey exports a public key.

func (BasicClient) PsaGenerateKey 

func (c BasicClient) PsaGenerateKey(name string, attributes *KeyAttributes) error

PsaGenerateKey create key named name with attributes

func (BasicClient) PsaGenerateRandom 

func (c BasicClient) PsaGenerateRandom(size uint64) ([]byte, error)

PsaGenerateRandom generates size bytes of random data

func (BasicClient) PsaHashCompute 

func (c BasicClient) PsaHashCompute(message []byte, alg algorithm.HashAlgorithmType) ([]byte, error)

PsaHashCompute calculates a hash of a message using specified algorithm

func (BasicClient) PsaImportKey 

func (c BasicClient) PsaImportKey(keyName string, attributes *KeyAttributes, data []byte) error

PsaImportKey imports a key and gives it the specified attributes

func (BasicClient) PsaMACCompute 

func (c BasicClient) PsaMACCompute(keyName string, alg *algorithm.MacAlgorithm, input []byte) ([]byte, error)

PsaMACCompute computes a mac over the input, using defined key, using the defined algorithm. Returns the mac.

func (BasicClient) PsaMACVerify 

func (c BasicClient) PsaMACVerify(keyName string, alg *algorithm.MacAlgorithm, input, mac []byte) error

PsaMACVerify verifies the supplied mac matches the input, for the defined key and algorithm.

func (BasicClient) PsaRawKeyAgreement 

func (c BasicClient) PsaRawKeyAgreement(alg *algorithm.KeyAgreementRaw, privateKey string, peerKey []byte) ([]byte, error)

PsaRawKeyAgreement creates a key agreement using specified algorithm and keys.

func (BasicClient) PsaSignHash 

func (c BasicClient) PsaSignHash(signingKey string, hash []byte, alg *algorithm.AsymmetricSignatureAlgorithm) ([]byte, error)

PsaSignHash signs hash using signingKey and algorithm, returning the signature.

func (BasicClient) PsaSignMessage 

func (c BasicClient) PsaSignMessage(signingKey string, message []byte, alg *algorithm.AsymmetricSignatureAlgorithm) ([]byte, error)

PsaSignMessage signs message using signingKey and algorithm, returning the signature.

func (BasicClient) PsaVerifyHash 

func (c BasicClient) PsaVerifyHash(verifyingKey string, hash, signature []byte, alg *algorithm.AsymmetricSignatureAlgorithm) error

PsaVerifyHash verify a signature of hash with verifyingKey using signature algorithm alg.

func (BasicClient) PsaVerifyMessage 

func (c BasicClient) PsaVerifyMessage(verifyingKey string, message, signature []byte, alg *algorithm.AsymmetricSignatureAlgorithm) error

PsaVerifyMessage verify a signature of message with verifyingKey using signature algorithm alg.

func (*BasicClient) SetImplicitProvider 

func (c *BasicClient) SetImplicitProvider(provider ProviderID)

SetImplicitProvider sets the provider to use for non-core operations

type ClientConfig 

type ClientConfig struct {
	// contains filtered or unexported fields
}

ClientConfig holds a configuration for the basic client to be passed to InitClient ClientConfig's methods use the Builder pattern to build configurations, e.g: config := NewClientConfig().DirectAuthConfigData("myapp").Connection(myConn)

func DirectAuthConfigData 

func DirectAuthConfigData(appName string) *ClientConfig

DirectAuthConfigData creates a new ClientConfig with the appName parameter set for Direct Authentication

func NewClientConfig 

func NewClientConfig() *ClientConfig

NewClientConfig ceates a ClientConfig with defaults

func (*ClientConfig) Authenticator 

func (config *ClientConfig) Authenticator(authenticator Authenticator) *ClientConfig

Authenticator sets the authenticator to use. If this is set, the basic client won't attempt to auto select an authenticator even if this one is not supported by the parsec service

func (*ClientConfig) Connection 

func (config *ClientConfig) Connection(conn connection.Connection) *ClientConfig

Connection sets the conn.Connection object to use when connecting to the parsec service. This is primarily used for testing purposes, to allow for mocking of the parsec service.

func (*ClientConfig) DirectAuthConfigData 

func (config *ClientConfig) DirectAuthConfigData(appName string) *ClientConfig

DirectAuthConfigData sets the appName parameter to use when using Direct Authentication

func (*ClientConfig) Provider 

func (config *ClientConfig) Provider(provider ProviderID) *ClientConfig

Provider set the provider to use. If this is set the basic client won't attempt to auto select a provider, even if this one is not supported by the parsec service.

type DefaultKeyAttributeFactory 

type DefaultKeyAttributeFactory interface {
	SigningKey() *KeyAttributes
}

func DefaultKeyAttribute 

func DefaultKeyAttribute() DefaultKeyAttributeFactory

type DhFamily 

type DhFamily int32
const (
	KeyTypeRFC7919 DhFamily = 0
)

type EccFamily 

type EccFamily int32
const (
	KeyTypeECCFAMILYNONE EccFamily = 0 // This default variant should not be used.
	KeyTypeSECPK1        EccFamily = 1
	KeyTypeSECPR1        EccFamily = 2
	// Deprecated: Do not use.
	KeyTypeSECPR2 EccFamily = 3
	KeyTypeSECTK1 EccFamily = 4 // DEPRECATED for sect163k1 curve
	KeyTypeSECTR1 EccFamily = 5 // DEPRECATED for sect163r1 curve
	// Deprecated: Do not use.
	KeyTypeSECTR2       EccFamily = 6
	KeyTypeBRAINPOOLPR1 EccFamily = 7 // DEPRECATED for brainpoolP160r1 curve
	KeyTypeFRP          EccFamily = 8
	KeyTypeMONTGOMERY   EccFamily = 9
)

type KeyAttributes 

type KeyAttributes struct {
	KeyType   *KeyType
	KeyBits   uint32
	KeyPolicy *KeyPolicy
}

type KeyInfo 

type KeyInfo struct {
	ProviderID ProviderID
	Name       string
	Attributes *KeyAttributes
}

type KeyPolicy 

type KeyPolicy struct {
	KeyUsageFlags *UsageFlags
	KeyAlgorithm  *algorithm.Algorithm
}

type KeyType 

type KeyType struct {
	// contains filtered or unexported fields
}

func (*KeyType) ToWireInterface 

func (k *KeyType) ToWireInterface() interface{}

type KeyTypeAes 

type KeyTypeAes struct{}

type KeyTypeArc4 

type KeyTypeArc4 struct{}

type KeyTypeCamellia 

type KeyTypeCamellia struct{}

type KeyTypeChacha20 

type KeyTypeChacha20 struct{}

type KeyTypeDerive 

type KeyTypeDerive struct{}

type KeyTypeDes 

type KeyTypeDes struct{}

type KeyTypeDhKeyPair 

type KeyTypeDhKeyPair struct {
	GroupFamily DhFamily
}

type KeyTypeDhPublicKey 

type KeyTypeDhPublicKey struct{ GroupFamily DhFamily }

type KeyTypeEccKeyPair 

type KeyTypeEccKeyPair struct {
	CurveFamily EccFamily
}

type KeyTypeEccPublicKey 

type KeyTypeEccPublicKey struct {
	CurveFamily EccFamily
}

type KeyTypeFactory 

type KeyTypeFactory interface {
	RawData() *KeyType
	Hmac() *KeyType
	Derive() *KeyType
	Aes() *KeyType
	Des() *KeyType
	Camellia() *KeyType
	Arc4() *KeyType
	Chacha20() *KeyType
	RsaPublicKey() *KeyType
	RsaKeyPair() *KeyType
	EccKeyPair(curveFamily EccFamily) *KeyType
	EccPublicKey(curveFamily EccFamily) *KeyType
	DhKeyPair(groupFamily DhFamily) *KeyType
	DhPublicKey(groupFamily DhFamily) *KeyType
}

func NewKeyType 

func NewKeyType() KeyTypeFactory

type KeyTypeHmac 

type KeyTypeHmac struct{}

type KeyTypeRawData 

type KeyTypeRawData struct{}

type KeyTypeRsaKeyPair 

type KeyTypeRsaKeyPair struct{}

type KeyTypeRsaPublicKey 

type KeyTypeRsaPublicKey struct{}

type ProviderID 

type ProviderID uint8

ProviderID for providers 

const (
	ProviderCore           ProviderID = 0
	ProviderMBed           ProviderID = 1
	ProviderPKCS11         ProviderID = 2
	ProviderTPM            ProviderID = 3
	ProviderTrustedService ProviderID = 4
)

Provider UUIDs

func (*ProviderID) HasCrypto 

func (p *ProviderID) HasCrypto() bool

HasCrypto returns true if the provider supports crypto

func (ProviderID) String 

func (p ProviderID) String() string

type ProviderInfo 

type ProviderInfo struct {
	UUID        string
	Description string
	Vendor      string
	VersionMaj  uint32
	VersionMin  uint32
	VersionRev  uint32
	ID          ProviderID
}

type ToWire 

type ToWire interface {
	ToWireInterface() interface{}
}

type UsageFlags 

type UsageFlags struct {
	Export        bool
	Copy          bool
	Cache         bool
	Encrypt       bool
	Decrypt       bool
	SignMessage   bool
	VerifyMessage bool
	SignHash      bool
	VerifyHash    bool
	Derive        bool
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.