ski

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 21, 2021 License: GPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

Package ski (Secure Key Interface) contains PLAN's crypto abstractions and pluggable interfaces

Package ski (Secure Key Interface) contains PLAN's crypto abstractions and pluggable interfaces

Index

Constants

View Source 
const (

	// ErrorOnKeyNotFound - if set, the export attempt will return an error if a given key was not found.   Otherwise, the entry is skipped/dropped.
	ErrorOnKeyNotFound = 1 << iota
)
View Source 
const (

	// MinPubKeyPrefixSz prevents suspiciously small pub key prefixes from being used.
	MinPubKeyPrefixSz = 16
)

Variables

View Source 
var (
	ErrInvalidLengthSki        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowSki          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupSki = fmt.Errorf("proto: unexpected end of group")
)
View Source 
var CryptOp_name = map[int32]string{
	0: "Sign",
	1: "EncryptSym",
	2: "DecryptSym",
	3: "EncryptToPeer",
	4: "DecryptFromPeer",
	5: "ImportUsingPw",
	6: "ExportUsingPw",
	7: "ImportFromPeer",
	8: "ExportToPeer",
}
View Source 
var CryptOp_value = map[string]int32{
	"Sign":            0,
	"EncryptSym":      1,
	"DecryptSym":      2,
	"EncryptToPeer":   3,
	"DecryptFromPeer": 4,
	"ImportUsingPw":   5,
	"ExportUsingPw":   6,
	"ImportFromPeer":  7,
	"ExportToPeer":    8,
}
View Source 
var CryptoKitID_name = map[int32]string{
	0: "UnspecifiedCrypto",
	1: "NaCl",
	2: "ED25519",
}
View Source 
var CryptoKitID_value = map[string]int32{
	"UnspecifiedCrypto": 0,
	"NaCl":              1,
	"ED25519":           2,
}
View Source 
var ErrCode_name = map[int32]string{
	0:    "NoErr",
	4999: "Unimplemented",
	5000: "UnnamedErr",
	5001: "InternalErr",
	5020: "AssertFailed",
	8001: "CryptoKitAlreadyRegistered",
	8002: "UnrecognizedCryptoKit",
	8007: "DecryptFailed",
	8008: "VerifySignatureFailed",
	8009: "BadKeyFormat",
	8010: "KeyGenerationFailed",
	8011: "KeyringNotFound",
	8012: "KeyEntryNotFound",
	8013: "HashKitNotFound",
	8020: "SessionNotReady",
	8021: "UnrecognizedCryptOp",
	8030: "MarshalFailed",
	8031: "UnmarshalFailed",
	8040: "KeyHiveFailedToLoad",
	8041: "KeyTomeFailedToSave",
}
View Source 
var ErrCode_value = map[string]int32{
	"NoErr":                      0,
	"Unimplemented":              4999,
	"UnnamedErr":                 5000,
	"InternalErr":                5001,
	"AssertFailed":               5020,
	"CryptoKitAlreadyRegistered": 8001,
	"UnrecognizedCryptoKit":      8002,
	"DecryptFailed":              8007,
	"VerifySignatureFailed":      8008,
	"BadKeyFormat":               8009,
	"KeyGenerationFailed":        8010,
	"KeyringNotFound":            8011,
	"KeyEntryNotFound":           8012,
	"HashKitNotFound":            8013,
	"SessionNotReady":            8020,
	"UnrecognizedCryptOp":        8021,
	"MarshalFailed":              8030,
	"UnmarshalFailed":            8031,
	"KeyHiveFailedToLoad":        8040,
	"KeyTomeFailedToSave":        8041,
}
View Source 
var HashKitID_name = map[int32]string{
	0: "UnspecifiedHashKit",
	1: "LegacyKeccak_256",
	2: "LegacyKeccak_512",
	3: "SHA3_256",
	4: "SHA3_512",
	5: "Blake2b_256",
	6: "Blake2b_512",
}
View Source 
var HashKitID_value = map[string]int32{
	"UnspecifiedHashKit": 0,
	"LegacyKeccak_256":   1,
	"LegacyKeccak_512":   2,
	"SHA3_256":           3,
	"SHA3_512":           4,
	"Blake2b_256":        5,
	"Blake2b_512":        6,
}
View Source 
var KeyType_name = map[int32]string{
	0: "Unspecified",
	1: "SymmetricKey",
	2: "AsymmetricKey",
	3: "SigningKey",
}
View Source 
var KeyType_value = map[string]int32{
	"Unspecified":   0,
	"SymmetricKey":  1,
	"AsymmetricKey": 2,
	"SigningKey":    3,
}

Functions

func CompareKeyEntry 

func CompareKeyEntry(a, b *KeyEntry) int

CompareKeyEntry fully compares two KeyEntrys.

If 0 is returned, a and b are identical.

func CompareKeyInfo 

func CompareKeyInfo(a, b *KeyInfo) int

CompareKeyInfo fully compares two KeyInfos, sorting first by PubKey, then TimeCreated such that 

ewer keys will appear first (descending TimeCreated)

If 0 is returned, a and b are identical.

func FetchHasher 

func FetchHasher(hashKitID HashKitID) func() hash.Hash

FetchHasher returns the hash pkg for the given hash kit

func IsError 

func IsError(err error, errCodes ...ErrCode) bool

IsError tests if the given error is a Err error code (below). If err == nil, this returns false.

func RegisterCryptoKit 

func RegisterCryptoKit(
	inKit CryptoKit,
) error

RegisterCryptoKit is convenience fuction that registers the given provider so it can be invoked via ski.StartSession()

func VerifySignature 

func VerifySignature(
	inCryptoKitID CryptoKitID,
	inSig []byte,
	inDigest []byte,
	inSignerPubKey []byte,
) error

VerifySignature is a convenience function that performs signature validation for any registered CryptoKit. Returns nil err if the signature of inDigest plus the signer's private key matches the given signature. This function is threadsafe.

func Zero 

func Zero(buf []byte)

Zero zeros out a given slice

Types

type ByKeyringName 

type ByKeyringName []*Keyring

ByKeyringName implements sort.Interface to sort a slice of Keyrings by binary name.

func (ByKeyringName) Len 

func (a ByKeyringName) Len() int

func (ByKeyringName) Less 

func (a ByKeyringName) Less(i, j int) bool

func (ByKeyringName) Swap 

func (a ByKeyringName) Swap(i, j int)

type ByNewestKey 

type ByNewestKey []*KeyEntry

ByNewestKey implements sort.Interface based on KeyEntry.TimeCreated

func (ByNewestKey) Len 

func (a ByNewestKey) Len() int

func (ByNewestKey) Less 

func (a ByNewestKey) Less(i, j int) bool

func (ByNewestKey) Swap 

func (a ByNewestKey) Swap(i, j int)

type ByNewestPubKey 

type ByNewestPubKey []*KeyEntry

ByNewestPubKey implements sort.Interface based on KeyEntry.PubKey followed by TimeCreated. See CompareEntries() to see sort order. For keys that have the same PubKey, the newer (larger TimeCreated) keys will appear first.

func (ByNewestPubKey) Len 

func (a ByNewestPubKey) Len() int

func (ByNewestPubKey) Less 

func (a ByNewestPubKey) Less(i, j int) bool

func (ByNewestPubKey) Swap 

func (a ByNewestPubKey) Swap(i, j int)

type CryptOp 

type CryptOp int32
const (
	// Generates a signature for BufIn using the referenced signing key, placing the signature into BufOut.
	CryptOp_Sign CryptOp = 0
	// Inverse of DecryptSym
	// Encrypts BufIn using the symmetric key referenced by OpKey.
	CryptOp_EncryptSym CryptOp = 1
	// Inverse of EncryptSym
	// Decrypts BufIn using the symmetric key referenced by OpKey.
	CryptOp_DecryptSym CryptOp = 2
	// Encrypts BufIn for a recipient holding the private key associated with the pub key contained in PeerKey,
	//    encrypting using the referenced asymmetric key and placing the encrypted result into BufOut.
	CryptOp_EncryptToPeer CryptOp = 3
	// Decrypts BufIn from a sender holding the private key associated with the pub key contained in PeerKey,
	//    decrypting using the referenced asymmetric key and placing the decrypted result into BufOut.
	CryptOp_DecryptFromPeer CryptOp = 4
	// Inverse of ExportUsingPw
	// Identical to ImportFromPeer except that BufIn is instead decrypted via CryptoKit.DecryptUsingPassword(),
	//    using CryptOp.PeerKey as a the password.  The CryptoKit invoked is determined by CryptOpArgs.DefaultCryptoKit.
	CryptOp_ImportUsingPw CryptOp = 5
	// Inverse of ImportUsingPw
	// Identical to ExportToPeer except the output serialized KeyTome is encrypted via CryptoKit.EncryptUsingPassword(),
	//    using CryptOp.PeerKey as a the password.  The CryptoKit invoked is determined by CryptOpArgs.DefaultCryptoKit.
	CryptOp_ExportUsingPw CryptOp = 6
	// Inverse of ExportToPeer
	// First, performs as DecryptFromPeer.
	// The result/output buf is then unmarshalled (assumed to be a ski.KeyTome protobuf) and is merged into the host KeyTome.
	// See ski.ImportKeys() for how the incoming KeyTome is merged into the host KeyTome.
	CryptOp_ImportFromPeer CryptOp = 7
	// Inverse of ImportFromPeer
	// For each entry in CryptOpArgs.TomeIn, PubKey is used to lookup a corresponding KeyEntry in the host KeyTome.
	// Each KeyEntry with a matching PubKey is copied into a new temp KeyTome, into the appropriate Keyring,
	//    creating a Keyring if it does not yet exist.
	// If a Keyring appears in CryptOpArgs.TomeIn but contains no entries, the entire Keyring will be exported.
	// If a Keyring or KeyEntry from TomeIn isn't found, an error is returned.
	// See KeyTome.ExportUsingGuide() for how TomeIn is handled.
	// On completion, the temp KeyTome is serialized, assigned to CryptOpArgs.BufIn, and EncryptToPeer is executed.
	CryptOp_ExportToPeer CryptOp = 8
)

func (CryptOp) EnumDescriptor 

func (CryptOp) EnumDescriptor() ([]byte, []int)

func (CryptOp) String 

func (x CryptOp) String() string

type CryptOpArgs 

type CryptOpArgs struct {
	// Specifies which op to invoke for these given set of args
	CryptOp CryptOp `protobuf:"varint,1,opt,name=CryptOp,proto3,enum=ski.CryptOp" json:"CryptOp,omitempty"`
	// Specifies the default CryptoKit for ops when not specified.
	DefaultCryptoKit CryptoKitID `protobuf:"varint,2,opt,name=DefaultCryptoKit,proto3,enum=ski.CryptoKitID" json:"DefaultCryptoKit,omitempty"`
	// The source/input buffer that is signed/encrypted/decrypted.
	BufIn []byte `protobuf:"bytes,3,opt,name=BufIn,proto3" json:"BufIn,omitempty"`
	// A reference to an existing KeyEntry in the host's KeyTome used as the key for this op's encryption/decryption.
	OpKey *KeyRef `protobuf:"bytes,4,opt,name=OpKey,proto3" json:"OpKey,omitempty"`
	// For EncryptToPeer and ExportToPeer, this is what the recipient will use for OpKey.PubKey.
	// For DecryptFromPeer and ImportFromPeer, this is what the sender used for OpKey.PubKey.
	// For ImportUsingPw and ExportUsingPw, this is the password.
	PeerKey []byte `protobuf:"bytes,5,opt,name=PeerKey,proto3" json:"PeerKey,omitempty"`
	// Keyring and key info used to identify existing (or to-be-created) keys in the host's KeyTome.
	// Used for ExportToPeer and GenerateKeys().
	TomeIn               *KeyTome `protobuf:"bytes,6,opt,name=TomeIn,proto3" json:"TomeIn,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*CryptOpArgs) Descriptor 

func (*CryptOpArgs) Descriptor() ([]byte, []int)

func (*CryptOpArgs) GetBufIn 

func (m *CryptOpArgs) GetBufIn() []byte

func (*CryptOpArgs) GetCryptOp 

func (m *CryptOpArgs) GetCryptOp() CryptOp

func (*CryptOpArgs) GetDefaultCryptoKit 

func (m *CryptOpArgs) GetDefaultCryptoKit() CryptoKitID

func (*CryptOpArgs) GetOpKey 

func (m *CryptOpArgs) GetOpKey() *KeyRef

func (*CryptOpArgs) GetPeerKey 

func (m *CryptOpArgs) GetPeerKey() []byte

func (*CryptOpArgs) GetTomeIn 

func (m *CryptOpArgs) GetTomeIn() *KeyTome

func (*CryptOpArgs) Marshal 

func (m *CryptOpArgs) Marshal() (dAtA []byte, err error)

func (*CryptOpArgs) MarshalTo 

func (m *CryptOpArgs) MarshalTo(dAtA []byte) (int, error)

func (*CryptOpArgs) MarshalToSizedBuffer 

func (m *CryptOpArgs) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CryptOpArgs) ProtoMessage 

func (*CryptOpArgs) ProtoMessage()

func (*CryptOpArgs) Reset 

func (m *CryptOpArgs) Reset()

func (*CryptOpArgs) Size 

func (m *CryptOpArgs) Size() (n int)

func (*CryptOpArgs) String 

func (m *CryptOpArgs) String() string

func (*CryptOpArgs) Unmarshal 

func (m *CryptOpArgs) Unmarshal(dAtA []byte) error

func (*CryptOpArgs) XXX_DiscardUnknown 

func (m *CryptOpArgs) XXX_DiscardUnknown()

func (*CryptOpArgs) XXX_Marshal 

func (m *CryptOpArgs) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CryptOpArgs) XXX_Merge 

func (m *CryptOpArgs) XXX_Merge(src proto.Message)

func (*CryptOpArgs) XXX_Size 

func (m *CryptOpArgs) XXX_Size() int

func (*CryptOpArgs) XXX_Unmarshal 

func (m *CryptOpArgs) XXX_Unmarshal(b []byte) error

type CryptOpOut 

type CryptOpOut struct {
	// Output buf from the given crypto op (and depends on the given CryptOp)
	BufOut []byte `protobuf:"bytes,1,opt,name=BufOut,proto3" json:"BufOut,omitempty"`
	// Returns the pub key used in the op (needed when CryptOpArgs.OpKey.PubKey wasn't specified)
	OpPubKey             []byte   `protobuf:"bytes,2,opt,name=OpPubKey,proto3" json:"OpPubKey,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*CryptOpOut) Descriptor 

func (*CryptOpOut) Descriptor() ([]byte, []int)

func (*CryptOpOut) GetBufOut 

func (m *CryptOpOut) GetBufOut() []byte

func (*CryptOpOut) GetOpPubKey 

func (m *CryptOpOut) GetOpPubKey() []byte

func (*CryptOpOut) Marshal 

func (m *CryptOpOut) Marshal() (dAtA []byte, err error)

func (*CryptOpOut) MarshalTo 

func (m *CryptOpOut) MarshalTo(dAtA []byte) (int, error)

func (*CryptOpOut) MarshalToSizedBuffer 

func (m *CryptOpOut) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CryptOpOut) ProtoMessage 

func (*CryptOpOut) ProtoMessage()

func (*CryptOpOut) Reset 

func (m *CryptOpOut) Reset()

func (*CryptOpOut) Size 

func (m *CryptOpOut) Size() (n int)

func (*CryptOpOut) String 

func (m *CryptOpOut) String() string

func (*CryptOpOut) Unmarshal 

func (m *CryptOpOut) Unmarshal(dAtA []byte) error

func (*CryptOpOut) XXX_DiscardUnknown 

func (m *CryptOpOut) XXX_DiscardUnknown()

func (*CryptOpOut) XXX_Marshal 

func (m *CryptOpOut) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CryptOpOut) XXX_Merge 

func (m *CryptOpOut) XXX_Merge(src proto.Message)

func (*CryptOpOut) XXX_Size 

func (m *CryptOpOut) XXX_Size() int

func (*CryptOpOut) XXX_Unmarshal 

func (m *CryptOpOut) XXX_Unmarshal(b []byte) error

type CryptoKit 

type CryptoKit interface {

	// CryptoKitID univeserally identifies a specific crypto suite and version.
	CryptoKitID() CryptoKitID

	// Pre: ioEntry.KeyType, .KeyDomain, .CryptoKitID, and .TimeCreated are set.
	// inRequestedKeySz is the requested length of the private key (ignored for some implementations)
	GenerateNewKey(
		inRequestedKeySz int,
		ioRand io.Reader,
		ioEntry *KeyEntry,
	) error

	// Encrypts a buffer using any arbitrary-length password
	EncryptUsingPassword(
		ioRand io.Reader,
		inMsg []byte,
		inPwd []byte,
	) ([]byte, error)

	// Decrypt a buffer encrypted via EncryptUsingPassword()
	DecryptUsingPassword(
		inMsg []byte,
		inPwd []byte,
	) ([]byte, error)

	Encrypt(
		ioRand io.Reader,
		inMsg []byte,
		inKey []byte,
	) ([]byte, error)

	Decrypt(
		inMsg []byte,
		inKey []byte,
	) ([]byte, error)

	EncryptFor(
		ioRand io.Reader,
		inMsg []byte,
		inPeerPubKey []byte,
		inPrivKey []byte,
	) ([]byte, error)

	DecryptFrom(
		inMsg []byte,
		inPeerPubKey []byte,
		inPrivKey []byte,
	) ([]byte, error)

	Sign(
		inDigest []byte,
		inSignerPrivKey []byte,
	) ([]byte, error)

	VerifySignature(
		inSig []byte,
		inDigest []byte,
		inSignerPubKey []byte,
	) error
}

CryptoKit is a generic pluggable interface that any crypto package can implement. It can even be partially implemented (just set nil values for funcs not implemented). All calls are assumed to be threadsafe.

func GetCryptoKit 

func GetCryptoKit(
	inCryptoKitID CryptoKitID,
) (CryptoKit, error)

GetCryptoKit fetches a given registered crypto module for use If the associated CryptoKit has not been registered, an error is returned.

type CryptoKitID 

type CryptoKitID int32

CryptoKitID identifies an encryption suite that implements ski.CryptoKit 

const (
	CryptoKitID_UnspecifiedCrypto CryptoKitID = 0
	CryptoKitID_NaCl              CryptoKitID = 1
	CryptoKitID_ED25519           CryptoKitID = 2
)

func (CryptoKitID) EnumDescriptor 

func (CryptoKitID) EnumDescriptor() ([]byte, []int)

func (CryptoKitID) String 

func (x CryptoKitID) String() string

type EnclaveSession 

type EnclaveSession interface {

	// Generates a new KeyEntry for each entry in srcTome (based on the entry's KeyType and CryptoKitID, ignoring the rest) and merges it
	// with the host KeyTome. A copy of each newly generated entry (except for PrivKey) is placed into result KeyTome.
	// See "KeyGen mode" notes where KeyEntry is declared.
	GenerateKeys(srcTome *KeyTome) (*KeyTome, error)

	// Returns a info about a key for the referenced key.
	// If len(inKeyRef.PubKey) == 0, then the newest KeyEntry in the implied Keyring is returned.
	FetchKeyInfo(inKeyRef *KeyRef) (*KeyInfo, error)

	// Performs signing, encryption, and decryption.
	DoCryptOp(inArgs *CryptOpArgs) (*CryptOpOut, error)

	// EndSession ends this session, resulting in the host Provider to call its inOnSessionEnded() callback followed by inOnCompletion.
	// Following a call to EndSession(), no more calls into this interface should be made.
	EndSession(reason string)
}

EnclaveSession provides crypto services from an opaque crypto services provider

type Err 

type Err struct {
	Code ErrCode `protobuf:"varint,1,opt,name=Code,proto3,enum=ski.ErrCode" json:"Code,omitempty"`
	// Msg is a human-readable info string that offers amplifying info about the given error.
	Msg                  string   `protobuf:"bytes,2,opt,name=Msg,proto3" json:"Msg,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Err wraps errors

func (*Err) Descriptor 

func (*Err) Descriptor() ([]byte, []int)

func (*Err) Error 

func (err *Err) Error() string

Error makes our custom error type conform to a standard Go error

func (*Err) GetCode 

func (m *Err) GetCode() ErrCode

func (*Err) GetMsg 

func (m *Err) GetMsg() string

func (*Err) Marshal 

func (m *Err) Marshal() (dAtA []byte, err error)

func (*Err) MarshalTo 

func (m *Err) MarshalTo(dAtA []byte) (int, error)

func (*Err) MarshalToSizedBuffer 

func (m *Err) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Err) ProtoMessage 

func (*Err) ProtoMessage()

func (*Err) Reset 

func (m *Err) Reset()

func (*Err) Size 

func (m *Err) Size() (n int)

func (*Err) String 

func (m *Err) String() string

func (*Err) Unmarshal 

func (m *Err) Unmarshal(dAtA []byte) error

func (*Err) XXX_DiscardUnknown 

func (m *Err) XXX_DiscardUnknown()

func (*Err) XXX_Marshal 

func (m *Err) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Err) XXX_Merge 

func (m *Err) XXX_Merge(src proto.Message)

func (*Err) XXX_Size 

func (m *Err) XXX_Size() int

func (*Err) XXX_Unmarshal 

func (m *Err) XXX_Unmarshal(b []byte) error

type ErrCode 

type ErrCode int32

ErrCode expresses status and error codes. 

const (
	ErrCode_NoErr                      ErrCode = 0
	ErrCode_Unimplemented              ErrCode = 4999
	ErrCode_UnnamedErr                 ErrCode = 5000
	ErrCode_InternalErr                ErrCode = 5001
	ErrCode_AssertFailed               ErrCode = 5020
	ErrCode_CryptoKitAlreadyRegistered ErrCode = 8001
	ErrCode_UnrecognizedCryptoKit      ErrCode = 8002
	ErrCode_DecryptFailed              ErrCode = 8007
	ErrCode_VerifySignatureFailed      ErrCode = 8008
	ErrCode_BadKeyFormat               ErrCode = 8009
	ErrCode_KeyGenerationFailed        ErrCode = 8010
	ErrCode_KeyringNotFound            ErrCode = 8011
	ErrCode_KeyEntryNotFound           ErrCode = 8012
	ErrCode_HashKitNotFound            ErrCode = 8013
	ErrCode_SessionNotReady            ErrCode = 8020
	ErrCode_UnrecognizedCryptOp        ErrCode = 8021
	ErrCode_MarshalFailed              ErrCode = 8030
	ErrCode_UnmarshalFailed            ErrCode = 8031
	ErrCode_KeyHiveFailedToLoad        ErrCode = 8040
	ErrCode_KeyTomeFailedToSave        ErrCode = 8041
)

func (ErrCode) EnumDescriptor 

func (ErrCode) EnumDescriptor() ([]byte, []int)

func (ErrCode) Err 

func (code ErrCode) Err() error

Err returns a Err with the given error code

func (ErrCode) ErrWithMsg 

func (code ErrCode) ErrWithMsg(msg string) error

ErrWithMsg returns a Err with the given error code and msg set.

func (ErrCode) ErrWithMsgf 

func (code ErrCode) ErrWithMsgf(msgFormat string, msgArgs ...interface{}) error

ErrWithMsgf returns a Err with the given error code and formattable msg set.

func (ErrCode) String 

func (x ErrCode) String() string

func (ErrCode) Wrap 

func (code ErrCode) Wrap(cause error) error

Wrap returns a Err with the given error code and "cause" error

type ExportKeysOptions 

type ExportKeysOptions uint32

ExportKeysOptions is used with ExportWithGuide()

type HashKit 

type HashKit struct {
	HashKitID HashKitID
	Hasher    hash.Hash
	HashSz    int
}

HashKit is an abstraction for hash.Hash

func NewHashKit 

func NewHashKit(hashKitID HashKitID) (HashKit, error)

NewHashKit returns the requested HashKit.

type HashKitID 

type HashKitID int32

CryptoKitID identifies a hash algorithm that implements ski.HaskKit 

const (
	HashKitID_UnspecifiedHashKit HashKitID = 0
	HashKitID_LegacyKeccak_256   HashKitID = 1
	HashKitID_LegacyKeccak_512   HashKitID = 2
	HashKitID_SHA3_256           HashKitID = 3
	HashKitID_SHA3_512           HashKitID = 4
	HashKitID_Blake2b_256        HashKitID = 5
	HashKitID_Blake2b_512        HashKitID = 6
)

func (HashKitID) EnumDescriptor 

func (HashKitID) EnumDescriptor() ([]byte, []int)

func (HashKitID) String 

func (x HashKitID) String() string

type KeyEntry 

type KeyEntry struct {
	// Info about this key
	KeyInfo *KeyInfo `protobuf:"bytes,1,opt,name=KeyInfo,proto3" json:"KeyInfo,omitempty"`
	// Private part of the key -- should be used and copied carefully.
	// When a KeyEntry is used to reference/specify an existing key, this field is not set and/or is ignored.
	PrivKey              []byte   `protobuf:"bytes,6,opt,name=PrivKey,proto3" json:"PrivKey,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KeyEntry is used in 3 ways:

  1. Storage/Export mode: used to store all fields of a fully generated key - KeyEntry.PrivKey != nil
  2. Ref/Spec mode: used to reference an existing key somewhere else - KeyEntry.PrivKey == nil - Fields used: KeyInfo.PubKey (other fields ignored)
  3. GenerateKeys "guide" mode: KeyInfo used as a guide to generate a new key - Fields used: KeyInfo.KeyType and KeyInfo.CryptoKitID (other fields ignored)

func (*KeyEntry) Descriptor 

func (*KeyEntry) Descriptor() ([]byte, []int)

func (*KeyEntry) EqualTo 

func (entry *KeyEntry) EqualTo(other *KeyEntry) bool

EqualTo compares if two key entries are identical/interchangable

func (*KeyEntry) GetKeyInfo 

func (m *KeyEntry) GetKeyInfo() *KeyInfo

func (*KeyEntry) GetPrivKey 

func (m *KeyEntry) GetPrivKey() []byte

func (*KeyEntry) Marshal 

func (m *KeyEntry) Marshal() (dAtA []byte, err error)

func (*KeyEntry) MarshalTo 

func (m *KeyEntry) MarshalTo(dAtA []byte) (int, error)

func (*KeyEntry) MarshalToSizedBuffer 

func (m *KeyEntry) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KeyEntry) ProtoMessage 

func (*KeyEntry) ProtoMessage()

func (*KeyEntry) Reset 

func (m *KeyEntry) Reset()

func (*KeyEntry) Size 

func (m *KeyEntry) Size() (n int)

func (*KeyEntry) String 

func (m *KeyEntry) String() string

func (*KeyEntry) Unmarshal 

func (m *KeyEntry) Unmarshal(dAtA []byte) error

func (*KeyEntry) XXX_DiscardUnknown 

func (m *KeyEntry) XXX_DiscardUnknown()

func (*KeyEntry) XXX_Marshal 

func (m *KeyEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyEntry) XXX_Merge 

func (m *KeyEntry) XXX_Merge(src proto.Message)

func (*KeyEntry) XXX_Size 

func (m *KeyEntry) XXX_Size() int

func (*KeyEntry) XXX_Unmarshal 

func (m *KeyEntry) XXX_Unmarshal(b []byte) error

func (*KeyEntry) ZeroOut 

func (entry *KeyEntry) ZeroOut()

ZeroOut zeros out this entry's private key buffer

type KeyInfo 

type KeyInfo struct {
	// Specifies the type of key this is (optional)
	KeyType KeyType `protobuf:"varint,1,opt,name=KeyType,proto3,enum=ski.KeyType" json:"KeyType,omitempty"`
	// Specifies which crypto suite to invoke.
	CryptoKitID CryptoKitID `protobuf:"varint,2,opt,name=CryptoKitID,proto3,enum=ski.CryptoKitID" json:"CryptoKitID,omitempty"`
	// Unix timestamp << 16 (TimeFS) when this key was created (or 0 if not set)
	TimeCreated int64 `protobuf:"varint,3,opt,name=TimeCreated,proto3" json:"TimeCreated,omitempty"`
	// Public part of the key; how this key is also referenced publicly (in base-256 form)
	PubKey               []byte   `protobuf:"bytes,4,opt,name=PubKey,proto3" json:"PubKey,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KeyInfo specifies info an existing KeyEntry or and KeyEntry this is to be created.

KeyInfo exists in two modes/uses:

  1. Generated/copied from an existing KeyEntry
  2. Key gen mode: used as a guide to generate a new key a) Fields used: KeyType and CryptoKitID (other fields ignored)

func GenerateNewKey 

func GenerateNewKey(
	inSession EnclaveSession,
	inKeyringName []byte,
	inKeyInfo KeyInfo,
) (*KeyInfo, error)

GenerateNewKey creates a new key, blocking until completion

func (*KeyInfo) DescStr 

func (ki *KeyInfo) DescStr(verbose bool) string

DescStr returns a human readable desc string for this KeyInfo

func (*KeyInfo) Descriptor 

func (*KeyInfo) Descriptor() ([]byte, []int)

func (*KeyInfo) GetCryptoKitID 

func (m *KeyInfo) GetCryptoKitID() CryptoKitID

func (*KeyInfo) GetKeyType 

func (m *KeyInfo) GetKeyType() KeyType

func (*KeyInfo) GetPubKey 

func (m *KeyInfo) GetPubKey() []byte

func (*KeyInfo) GetTimeCreated 

func (m *KeyInfo) GetTimeCreated() int64

func (*KeyInfo) Marshal 

func (m *KeyInfo) Marshal() (dAtA []byte, err error)

func (*KeyInfo) MarshalTo 

func (m *KeyInfo) MarshalTo(dAtA []byte) (int, error)

func (*KeyInfo) MarshalToSizedBuffer 

func (m *KeyInfo) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KeyInfo) ProtoMessage 

func (*KeyInfo) ProtoMessage()

func (*KeyInfo) Reset 

func (m *KeyInfo) Reset()

func (*KeyInfo) Size 

func (m *KeyInfo) Size() (n int)

func (*KeyInfo) String 

func (m *KeyInfo) String() string

func (*KeyInfo) Unmarshal 

func (m *KeyInfo) Unmarshal(dAtA []byte) error

func (*KeyInfo) XXX_DiscardUnknown 

func (m *KeyInfo) XXX_DiscardUnknown()

func (*KeyInfo) XXX_Marshal 

func (m *KeyInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyInfo) XXX_Merge 

func (m *KeyInfo) XXX_Merge(src proto.Message)

func (*KeyInfo) XXX_Size 

func (m *KeyInfo) XXX_Size() int

func (*KeyInfo) XXX_Unmarshal 

func (m *KeyInfo) XXX_Unmarshal(b []byte) error

type KeyRef 

type KeyRef struct {
	// Specifies the Keyring that the key resides on (required when referencing a KeyEntry in a KeyTome).
	KeyringName []byte `protobuf:"bytes,1,opt,name=KeyringName,proto3" json:"KeyringName,omitempty"`
	// The pub key of the key being referenced (or len()==0 to imply the newest key in the cited keyring).
	// Note that the complete pub key isn't required, just a sufficiently long matching prefix (typically 16-64 bytes).
	PubKey               []byte   `protobuf:"bytes,2,opt,name=PubKey,proto3" json:"PubKey,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*KeyRef) DescStr 

func (kref *KeyRef) DescStr() string

DescStr returns a human readable desc string for this KeyRef

func (*KeyRef) Descriptor 

func (*KeyRef) Descriptor() ([]byte, []int)

func (*KeyRef) GetKeyringName 

func (m *KeyRef) GetKeyringName() []byte

func (*KeyRef) GetPubKey 

func (m *KeyRef) GetPubKey() []byte

func (*KeyRef) Marshal 

func (m *KeyRef) Marshal() (dAtA []byte, err error)

func (*KeyRef) MarshalTo 

func (m *KeyRef) MarshalTo(dAtA []byte) (int, error)

func (*KeyRef) MarshalToSizedBuffer 

func (m *KeyRef) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KeyRef) ProtoMessage 

func (*KeyRef) ProtoMessage()

func (*KeyRef) Reset 

func (m *KeyRef) Reset()

func (*KeyRef) Size 

func (m *KeyRef) Size() (n int)

func (*KeyRef) String 

func (m *KeyRef) String() string

func (*KeyRef) Unmarshal 

func (m *KeyRef) Unmarshal(dAtA []byte) error

func (*KeyRef) XXX_DiscardUnknown 

func (m *KeyRef) XXX_DiscardUnknown()

func (*KeyRef) XXX_Marshal 

func (m *KeyRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyRef) XXX_Merge 

func (m *KeyRef) XXX_Merge(src proto.Message)

func (*KeyRef) XXX_Size 

func (m *KeyRef) XXX_Size() int

func (*KeyRef) XXX_Unmarshal 

func (m *KeyRef) XXX_Unmarshal(b []byte) error

type KeyTome 

type KeyTome struct {
	// Incremented each time this KeyTome is altered.
	Rev int64 `protobuf:"varint,1,opt,name=Rev,proto3" json:"Rev,omitempty"`
	// Ordered list of Keyrings (potentially sorted by Keyring.Name)
	Keyrings []*Keyring `protobuf:"bytes,2,rep,name=Keyrings,proto3" json:"Keyrings,omitempty"`
	// If set, []Keyrings is sorted by Keyring.Name via bytes.Compare()
	SortedByName         bool     `protobuf:"varint,3,opt,name=SortedByName,proto3" json:"SortedByName,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*KeyTome) Descriptor 

func (*KeyTome) Descriptor() ([]byte, []int)

func (*KeyTome) ExportUsingGuide 

func (tome *KeyTome) ExportUsingGuide(
	inGuide *KeyTome,
	inOpts ExportKeysOptions,
) ([]byte, error)

ExportUsingGuide walks through inGuide and for each Keyring.Name + KeyEntry.PubKey match, the KeyEntry fields 

are copied to a new KeyTome.  When complete, the new KeyTome is marshalled into an output buffer and returned.

Note: Only Keyring.Name and KeyEntry.PubKey are used from ioGuide (other fields are ignored).

Warning: since the returned buffer contains private key bytes, one should zero the result buffer after using it.

func (*KeyTome) FetchKeyring 

func (tome *KeyTome) FetchKeyring(
	inKeyringName []byte,
) *Keyring

FetchKeyring returns the named Keyring (or nil if not found).

O(log n) if SortedByName is set, O(n) otherwise.

func (*KeyTome) GenerateFork 

func (tome *KeyTome) GenerateFork(
	ioRand io.Reader,
	inRequestedKeySz int,
) (*KeyTome, error)

GenerateFork returns a new KeyTome identical to this KeyTome, but with newly generated PubKey/PrivKey pairs. For each generated key, each originating KeyEntry's fields are reset (except for PrivKey which is set to to nil)

func (*KeyTome) GetKeyrings 

func (m *KeyTome) GetKeyrings() []*Keyring

func (*KeyTome) GetRev 

func (m *KeyTome) GetRev() int64

func (*KeyTome) GetSortedByName 

func (m *KeyTome) GetSortedByName() bool

func (*KeyTome) Marshal 

func (m *KeyTome) Marshal() (dAtA []byte, err error)

func (*KeyTome) MarshalTo 

func (m *KeyTome) MarshalTo(dAtA []byte) (int, error)

func (*KeyTome) MarshalToSizedBuffer 

func (m *KeyTome) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KeyTome) MergeTome 

func (tome *KeyTome) MergeTome(
	srcTome *KeyTome,
)

MergeTome merges the given tome into this tome, moving entries from srcTome. An incoming KeyEntry that is exact duplicate is ignored/dropped. If there is a Keyring containing one or more rejected keys (either ill-formed or a pub key collision that is NOT an exact duplicate, then the problem Keyrings will remain in srcTome and should be considered an error condition.

Post: len(srcTome.Keyrings) == 0 if all keys were merged.

func (*KeyTome) Optimize 

func (tome *KeyTome) Optimize()

Optimize resorts all the contained Keyrings using ByKeyringName()

func (*KeyTome) ProtoMessage 

func (*KeyTome) ProtoMessage()

func (*KeyTome) Reset 

func (m *KeyTome) Reset()

func (*KeyTome) Size 

func (m *KeyTome) Size() (n int)

func (*KeyTome) String 

func (m *KeyTome) String() string

func (*KeyTome) Unmarshal 

func (m *KeyTome) Unmarshal(dAtA []byte) error

func (*KeyTome) XXX_DiscardUnknown 

func (m *KeyTome) XXX_DiscardUnknown()

func (*KeyTome) XXX_Marshal 

func (m *KeyTome) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyTome) XXX_Merge 

func (m *KeyTome) XXX_Merge(src proto.Message)

func (*KeyTome) XXX_Size 

func (m *KeyTome) XXX_Size() int

func (*KeyTome) XXX_Unmarshal 

func (m *KeyTome) XXX_Unmarshal(b []byte) error

func (*KeyTome) ZeroOut 

func (tome *KeyTome) ZeroOut()

ZeroOut zeros out the private key field of each key in each key set

type KeyTomeCrypt 

type KeyTomeCrypt struct {
	// A serialized ski.KeyTome encrypted in accordance with the accompanying key params
	Tome []byte `protobuf:"bytes,1,opt,name=Tome,proto3" json:"Tome,omitempty"`
	// Optional -- used to identify how (or with what key) the KeyTome in KeyTomeCrypt.Tpme is encrypted.
	KeyRef               *KeyRef  `protobuf:"bytes,10,opt,name=KeyRef,proto3" json:"KeyRef,omitempty"`
	KeyInfo              *KeyInfo `protobuf:"bytes,11,opt,name=KeyInfo,proto3" json:"KeyInfo,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*KeyTomeCrypt) Descriptor 

func (*KeyTomeCrypt) Descriptor() ([]byte, []int)

func (*KeyTomeCrypt) GetKeyInfo 

func (m *KeyTomeCrypt) GetKeyInfo() *KeyInfo

func (*KeyTomeCrypt) GetKeyRef 

func (m *KeyTomeCrypt) GetKeyRef() *KeyRef

func (*KeyTomeCrypt) GetTome 

func (m *KeyTomeCrypt) GetTome() []byte

func (*KeyTomeCrypt) Marshal 

func (m *KeyTomeCrypt) Marshal() (dAtA []byte, err error)

func (*KeyTomeCrypt) MarshalTo 

func (m *KeyTomeCrypt) MarshalTo(dAtA []byte) (int, error)

func (*KeyTomeCrypt) MarshalToSizedBuffer 

func (m *KeyTomeCrypt) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KeyTomeCrypt) ProtoMessage 

func (*KeyTomeCrypt) ProtoMessage()

func (*KeyTomeCrypt) Reset 

func (m *KeyTomeCrypt) Reset()

func (*KeyTomeCrypt) Size 

func (m *KeyTomeCrypt) Size() (n int)

func (*KeyTomeCrypt) String 

func (m *KeyTomeCrypt) String() string

func (*KeyTomeCrypt) Unmarshal 

func (m *KeyTomeCrypt) Unmarshal(dAtA []byte) error

func (*KeyTomeCrypt) XXX_DiscardUnknown 

func (m *KeyTomeCrypt) XXX_DiscardUnknown()

func (*KeyTomeCrypt) XXX_Marshal 

func (m *KeyTomeCrypt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyTomeCrypt) XXX_Merge 

func (m *KeyTomeCrypt) XXX_Merge(src proto.Message)

func (*KeyTomeCrypt) XXX_Size 

func (m *KeyTomeCrypt) XXX_Size() int

func (*KeyTomeCrypt) XXX_Unmarshal 

func (m *KeyTomeCrypt) XXX_Unmarshal(b []byte) error

type KeyTomeMgr 

type KeyTomeMgr struct {
	// contains filtered or unexported fields
}

KeyTomeMgr wraps ski.KeyTome, offering threadsafe access and easy serialization.

func NewKeyTomeMgr 

func NewKeyTomeMgr() *KeyTomeMgr

NewKeyTomeMgr creates a new KeyTomeMgr

func (*KeyTomeMgr) Clear 

func (mgr *KeyTomeMgr) Clear()

Clear resets this KeyHive as if NewKeyHive() was called instead, also zeroing out all private keys.

THREADSAFE

func (*KeyTomeMgr) ExportUsingGuide 

func (mgr *KeyTomeMgr) ExportUsingGuide(
	inGuide *KeyTome,
	inOpts ExportKeysOptions,
) ([]byte, error)

ExportUsingGuide -- see ski.KeyTome.ExportUsingGuide()

func (*KeyTomeMgr) FetchKey 

func (mgr *KeyTomeMgr) FetchKey(
	keyringName []byte,
	pubKeyPrefix []byte,
) (*KeyEntry, error)

FetchKey returns the first KeyEntry in the specified key set with a matching pub key prefix.

If len(inPubKeyPrefix) == 0, then the newest key on the specified is returned.

THREADSAFE

func (*KeyTomeMgr) Marshal 

func (mgr *KeyTomeMgr) Marshal() ([]byte, error)

Marshal writes out entire state to a given buffer. Warning: the return buffer is not encrypted and contains private key data!

THREADSAFE

func (*KeyTomeMgr) MergeTome 

func (mgr *KeyTomeMgr) MergeTome(
	ioSrc *KeyTome,
)

MergeTome merges the given tome into this tome, moving entries from ioSrc. If there is a KeyEntry.PubKey collision, the incoming key will remain in ioSrc

THREADSAFE

func (*KeyTomeMgr) Unmarshal 

func (mgr *KeyTomeMgr) Unmarshal(dAtA []byte) error

Unmarshal first calls ZeroOut() on itself and then performs deserializaton.

THREADSAFE

type KeyType 

type KeyType int32

KeyType identifies how a key operates 

const (
	KeyType_Unspecified   KeyType = 0
	KeyType_SymmetricKey  KeyType = 1
	KeyType_AsymmetricKey KeyType = 2
	KeyType_SigningKey    KeyType = 3
)

func (KeyType) EnumDescriptor 

func (KeyType) EnumDescriptor() ([]byte, []int)

func (KeyType) String 

func (x KeyType) String() string

type Keyring 

type Keyring struct {
	// Any binary name for this Keyring (except a zero-length name).
	Name []byte `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
	// Ordered list of KeyEntry (potentially sorted by KeyInfo.PubKey)
	Keys []*KeyEntry `protobuf:"bytes,2,rep,name=Keys,proto3" json:"Keys,omitempty"`
	// If set, []Keys is sorted by KeyInfo.PubKey via ski.CompareEntries()
	SortedByPubKey bool `protobuf:"varint,3,opt,name=SortedByPubKey,proto3" json:"SortedByPubKey,omitempty"`
	// PubKey of the KeyEntry in this keyring that has the largest TimeCreated (or nil if not known/determined)
	NewestPubKey         []byte   `protobuf:"bytes,4,opt,name=NewestPubKey,proto3" json:"NewestPubKey,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Keyring) Descriptor 

func (*Keyring) Descriptor() ([]byte, []int)

func (*Keyring) DropDupes 

func (kr *Keyring) DropDupes() int

DropDupes sorts this Keyring (if not already sorted) and drops all KeyEntries 

that are dupes (where all contents are identical).

Returns the number of dupes dropped

func (*Keyring) FetchKey 

func (kr *Keyring) FetchKey(
	inPubKey []byte,
) *KeyEntry

FetchKey returns the KeyEntry in this Keyring with a matching pub key.

O(log n) if SortedByPubKey is set, O(n) otherwise.

func (*Keyring) FetchKeyWithPrefix 

func (kr *Keyring) FetchKeyWithPrefix(
	inPubKeyPrefix []byte,
) *KeyEntry

FetchKeyWithPrefix returns the KeyEntry in this Keyring with a matching pub key prefix.

O(log n) if SortedByPubKey is set, O(n) otherwise.

func (*Keyring) FetchNewestKey 

func (kr *Keyring) FetchNewestKey() *KeyEntry

FetchNewestKey returns the KeyEntry with the largest TimeCreated

func (*Keyring) GetKeys 

func (m *Keyring) GetKeys() []*KeyEntry

func (*Keyring) GetName 

func (m *Keyring) GetName() []byte

func (*Keyring) GetNewestPubKey 

func (m *Keyring) GetNewestPubKey() []byte

func (*Keyring) GetSortedByPubKey 

func (m *Keyring) GetSortedByPubKey() bool

func (*Keyring) Marshal 

func (m *Keyring) Marshal() (dAtA []byte, err error)

func (*Keyring) MarshalTo 

func (m *Keyring) MarshalTo(dAtA []byte) (int, error)

func (*Keyring) MarshalToSizedBuffer 

func (m *Keyring) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Keyring) MergeKeys 

func (kr *Keyring) MergeKeys(srcKeyring *Keyring)

MergeKeys is similar to MergeTome(), this consumes entries from srcKeyring and inserts them into this Keyring.

Dupe keys are ignored/dropped. If there is a pub key collision that is NOT an exact dupe (or there is a sketchy looking incoming KeyEntry), then the key will remain in srcKeyring. This should be considered an error condition since natural collions are impossibly rare and a bad KeyEntry should never be live.

Post: len(srcKeyring.Keys) == 0 if all the incoming keys were merged

func (*Keyring) Optimize 

func (kr *Keyring) Optimize()

Optimize resorts and resets this Keyring for optimized read access.

func (*Keyring) ProtoMessage 

func (*Keyring) ProtoMessage()

func (*Keyring) Reset 

func (m *Keyring) Reset()

func (*Keyring) Resort 

func (kr *Keyring) Resort()

Resort resorts this Keyring's keys for speedy searching

func (*Keyring) Size 

func (m *Keyring) Size() (n int)

func (*Keyring) String 

func (m *Keyring) String() string

func (*Keyring) Unmarshal 

func (m *Keyring) Unmarshal(dAtA []byte) error

func (*Keyring) XXX_DiscardUnknown 

func (m *Keyring) XXX_DiscardUnknown()

func (*Keyring) XXX_Marshal 

func (m *Keyring) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Keyring) XXX_Merge 

func (m *Keyring) XXX_Merge(src proto.Message)

func (*Keyring) XXX_Size 

func (m *Keyring) XXX_Size() int

func (*Keyring) XXX_Unmarshal 

func (m *Keyring) XXX_Unmarshal(b []byte) error

func (*Keyring) ZeroOut 

func (kr *Keyring) ZeroOut()

ZeroOut zeros out the private key field of each contained key and resets the length of Entries.

type PackingInfo 

type PackingInfo struct {
	SignedBuf []byte
	Hash      []byte
	Sig       []byte
	Extra     []byte
}

PackingInfo returns info from PackAndSign()

type PayloadPacker 

type PayloadPacker struct {
	// contains filtered or unexported fields
}

PayloadPacker signs and packs payload buffers IAW ski.SigHeader

func NewPacker 

func NewPacker(
	inMakeThreadsafe bool,
) PayloadPacker

NewPacker creates a new PayloadSigner

func (*PayloadPacker) PackAndSign 

func (P *PayloadPacker) PackAndSign(
	inHeaderCodec uint32,
	inHeader []byte,
	inBody []byte,
	inExtraAlloc int,
	out *PackingInfo,
) error

PackAndSign signs a hash digest and packages it along with the payload and encodinginto into a single composite buffer intended to be decoded via PayloadUnpacker.UnpackAndVerify()

THREADSAFE

func (*PayloadPacker) ResetSession 

func (P *PayloadPacker) ResetSession(
	inSession EnclaveSession,
	inSigningKey KeyRef,
	inHashKit HashKitID,
	outKeyInfo *KeyInfo,
) error

ResetSession prepares this packer for use.

type PayloadUnpacker 

type PayloadUnpacker struct {
	// contains filtered or unexported fields
}

PayloadUnpacker unpacks and decodes signed buffers IAW ski.SigHeader

func NewUnpacker 

func NewUnpacker(
	makeThreadsafe bool,
) PayloadUnpacker

NewUnpacker creates a new

func (*PayloadUnpacker) UnpackAndVerify 

func (U *PayloadUnpacker) UnpackAndVerify(
	inSignedBuf []byte,
	out *SignedPayload,
) error

UnpackAndVerify decodes the given buffer into its payload and signature components, and verifies the signature. This procedure assumes the signed buf was produced via Signer.SignAndPack() Note: the returned payload buffer is a slice of inSignedBuf.

type SigHeader 

type SigHeader struct {
	// References a signing key -- who and what crypto kit signed the payload header.
	SignerCryptoKit CryptoKitID `protobuf:"varint,1,opt,name=SignerCryptoKit,proto3,enum=ski.CryptoKitID" json:"SignerCryptoKit,omitempty"`
	SignerPubKey    []byte      `protobuf:"bytes,2,opt,name=SignerPubKey,proto3" json:"SignerPubKey,omitempty"`
	// Specifies which hash kit to use to perform payload hashing
	HashKitID HashKitID `protobuf:"varint,6,opt,name=HashKitID,proto3,enum=ski.HashKitID" json:"HashKitID,omitempty"`
	// Size of the "header" payload (i.e. the payload that is also hashed and signed)
	HeaderSz uint32 `protobuf:"varint,7,opt,name=HeaderSz,proto3" json:"HeaderSz,omitempty"`
	// HeaderCodec allows the client store/signal how it should be unmarshalled or handled.
	HeaderCodec uint32 `protobuf:"varint,8,opt,name=HeaderCodec,proto3" json:"HeaderCodec,omitempty"`
	// Size of the "body" payload (i.e. the payload that is NOT hashed signed)
	BodySz               uint64   `protobuf:"varint,9,opt,name=BodySz,proto3" json:"BodySz,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*SigHeader) Descriptor 

func (*SigHeader) Descriptor() ([]byte, []int)

func (*SigHeader) GetBodySz 

func (m *SigHeader) GetBodySz() uint64

func (*SigHeader) GetHashKitID 

func (m *SigHeader) GetHashKitID() HashKitID

func (*SigHeader) GetHeaderCodec 

func (m *SigHeader) GetHeaderCodec() uint32

func (*SigHeader) GetHeaderSz 

func (m *SigHeader) GetHeaderSz() uint32

func (*SigHeader) GetSignerCryptoKit 

func (m *SigHeader) GetSignerCryptoKit() CryptoKitID

func (*SigHeader) GetSignerPubKey 

func (m *SigHeader) GetSignerPubKey() []byte

func (*SigHeader) Marshal 

func (m *SigHeader) Marshal() (dAtA []byte, err error)

func (*SigHeader) MarshalTo 

func (m *SigHeader) MarshalTo(dAtA []byte) (int, error)

func (*SigHeader) MarshalToSizedBuffer 

func (m *SigHeader) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SigHeader) ProtoMessage 

func (*SigHeader) ProtoMessage()

func (*SigHeader) Reset 

func (m *SigHeader) Reset()

func (*SigHeader) Size 

func (m *SigHeader) Size() (n int)

func (*SigHeader) String 

func (m *SigHeader) String() string

func (*SigHeader) Unmarshal 

func (m *SigHeader) Unmarshal(dAtA []byte) error

func (*SigHeader) XXX_DiscardUnknown 

func (m *SigHeader) XXX_DiscardUnknown()

func (*SigHeader) XXX_Marshal 

func (m *SigHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SigHeader) XXX_Merge 

func (m *SigHeader) XXX_Merge(src proto.Message)

func (*SigHeader) XXX_Size 

func (m *SigHeader) XXX_Size() int

func (*SigHeader) XXX_Unmarshal 

func (m *SigHeader) XXX_Unmarshal(b []byte) error

type SignedPayload 

type SignedPayload struct {
	HeaderCodec uint32    // Client-specified encoding
	Header      []byte    // Client payload (hashed into .HeaderSig)
	Body        []byte    // Client body (NOT hashed into sig)
	HashKit     HashKitID // The ID of the hash kit that generated .Hash
	Hash        []byte    // A hash digest generated from .Header and .Body
	HashSig     []byte    // Signature of .Hash by .Signer
	Signer      KeyInfo   // The pub key that orginated .Sig
}

SignedPayload are the params associated with signing a payload buffer.

Source Files

View all Source files

Directories

Path Synopsis
CryptoKits
ed25519
Package ed25519 uses the Ed25519 to implement sig-related parts of ski.CryptoKit.
 Package ed25519 uses the Ed25519 to implement sig-related parts of ski.CryptoKit.
nacl
Package nacl uses (libSodium/naclKit) to implement ski.CryptoKit
 Package nacl uses (libSodium/naclKit) to implement ski.CryptoKit
Providers
hive
Package hive implements ski.EnclaveSession for keys stored on the local file system (via encrypted file)
 Package hive implements ski.EnclaveSession for keys stored on the local file system (via encrypted file)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.