bcrypter

package
v0.1.20 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2021 License: BSD-3-Clause Imports: 9 Imported by: 11

Documentation

Overview

Package bcrypter defines the mechanisms for blessings based encryption and decryption.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInternal           = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.Internal", verror.NoRetry)
	ErrNoParams           = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.NoParams", verror.NoRetry)
	ErrPrivateKeyNotFound = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.PrivateKeyNotFound", verror.NoRetry)
	ErrInvalidPrivateKey  = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.InvalidPrivateKey", verror.NoRetry)
)

Functions

func ErrorfInternal added in v0.1.10

func ErrorfInternal(ctx *context.T, format string, err error) error

ErrorfInternal calls ErrInternal.Errorf with the supplied arguments.

func ErrorfInvalidPrivateKey added in v0.1.10

func ErrorfInvalidPrivateKey(ctx *context.T, format string, err error) error

ErrorfInvalidPrivateKey calls ErrInvalidPrivateKey.Errorf with the supplied arguments.

func ErrorfNoParams added in v0.1.10

func ErrorfNoParams(ctx *context.T, format string, pattern security.BlessingPattern) error

ErrorfNoParams calls ErrNoParams.Errorf with the supplied arguments.

func ErrorfPrivateKeyNotFound added in v0.1.10

func ErrorfPrivateKeyNotFound(ctx *context.T, format string) error

ErrorfPrivateKeyNotFound calls ErrPrivateKeyNotFound.Errorf with the supplied arguments.

func MessageInternal added in v0.1.10

func MessageInternal(ctx *context.T, message string, err error) error

MessageInternal calls ErrInternal.Message with the supplied arguments.

func MessageInvalidPrivateKey added in v0.1.10

func MessageInvalidPrivateKey(ctx *context.T, message string, err error) error

MessageInvalidPrivateKey calls ErrInvalidPrivateKey.Message with the supplied arguments.

func MessageNoParams added in v0.1.10

func MessageNoParams(ctx *context.T, message string, pattern security.BlessingPattern) error

MessageNoParams calls ErrNoParams.Message with the supplied arguments.

func MessagePrivateKeyNotFound added in v0.1.10

func MessagePrivateKeyNotFound(ctx *context.T, message string) error

MessagePrivateKeyNotFound calls ErrPrivateKeyNotFound.Message with the supplied arguments.

func ParamsErrInternal added in v0.1.10

func ParamsErrInternal(argumentError error) (verrorComponent string, verrorOperation string, err error, returnErr error)

ParamsErrInternal extracts the expected parameters from the error's ParameterList.

func ParamsErrInvalidPrivateKey added in v0.1.10

func ParamsErrInvalidPrivateKey(argumentError error) (verrorComponent string, verrorOperation string, err error, returnErr error)

ParamsErrInvalidPrivateKey extracts the expected parameters from the error's ParameterList.

func ParamsErrNoParams added in v0.1.10

func ParamsErrNoParams(argumentError error) (verrorComponent string, verrorOperation string, pattern security.BlessingPattern, returnErr error)

ParamsErrNoParams extracts the expected parameters from the error's ParameterList.

func ParamsErrPrivateKeyNotFound added in v0.1.10

func ParamsErrPrivateKeyNotFound(argumentError error) (verrorComponent string, verrorOperation string, returnErr error)

ParamsErrPrivateKeyNotFound extracts the expected parameters from the error's ParameterList.

func WithCrypter

func WithCrypter(ctx *context.T, crypter *Crypter) *context.T

WithCrypter derives a new context from the provided one by attaching the provided crypter to it.

Types

type Ciphertext

type Ciphertext struct {
	// contains filtered or unexported fields
}

Ciphertext represents the ciphertext generated by a Crypter.

func (*Ciphertext) FromWire

func (c *Ciphertext) FromWire(wire WireCiphertext)

FromWire unmarshals the provided WireCiphertext into the Ciphertext 'c'.

func (*Ciphertext) ToWire

func (c *Ciphertext) ToWire(wire *WireCiphertext)

ToWire marshals the Ciphertext 'c' into the WireCiphertext 'wire'

type Crypter

type Crypter struct {
	// contains filtered or unexported fields
}

Crypter provides operations for encrypting and decrypting messages for principals with specific blessings.

In particular, it offers a mechanism to encrypt a message for a specific blessing pattern so that it can only be decrypted by crypters that possess a private key for a blessing matched by that pattern. Such a private key is generated by the identity provider that granted the blessing.

func GetCrypter

func GetCrypter(ctx *context.T) *Crypter

GetCrypter returns the crypter attached to the context, or nil if no crypter is attached.

func NewCrypter

func NewCrypter() *Crypter

NewCrypter returns a new Crypter with an empty set of private keys and identity provider parameters.

func (*Crypter) AddKey

func (c *Crypter) AddKey(ctx *context.T, key *PrivateKey) error

AddKey adds the provided private key 'key' and the associated public parameters (key.Params()) to this crypter.

func (*Crypter) AddParams

func (c *Crypter) AddParams(ctx *context.T, params Params) error

AddParams adds the provided identity provider parameters to this crypter.

The added parameters would be used to encrypt plaintexts for blessing patterns that the identity provider is authoritative on.

func (*Crypter) Decrypt

func (c *Crypter) Decrypt(ctx *context.T, ciphertext *Ciphertext) ([]byte, error)

Decrypt decrypts the provided 'ciphertext' and returns the corresponding plaintext.

Decryption succeeds only if this crypter possesses a private key for a blessing that matches the blessing pattern corresponding to the ciphertext.

func (*Crypter) Encrypt

func (c *Crypter) Encrypt(ctx *context.T, forPattern security.BlessingPattern, plaintext []byte) (*Ciphertext, error)

Encrypt encrypts the provided 'plaintext' so that it can only be decrypted by a crypter possessing a private key for a blessing matching the provided blessing pattern.

Encryption makes use of the public parameters of the identity provider that is authoritative on the set of blessings that match the provided blessing pattern. These parameters must have been previously added to this crypter via AddParams.

type Params

type Params struct {
	// contains filtered or unexported fields
}

Params represents the public parameters of an identity provider (aka Root).

func (*Params) Blessing

func (p *Params) Blessing() string

Blessing returns the blessing name of the identity provider with public parameters 'p'.

func (*Params) FromWire

func (p *Params) FromWire(wire WireParams) error

FromWire unmarshals the provided WireParams into the Params 'p'.

func (*Params) ToWire

func (p *Params) ToWire(wire *WireParams) error

ToWire marshals the Params 'p' into the WireParams 'wire'.

type PrivateKey

type PrivateKey struct {
	// contains filtered or unexported fields
}

PrivateKey represent the private key corresponding to a blessing.

The private key can be used for decrypting any message encrypted using a pattern matched by the blessing (assuming the private key and encryption used the same identity provider parameters).

func (*PrivateKey) Blessing

func (k *PrivateKey) Blessing() string

Blessing returns the blessing that this private key was extracted for.

func (*PrivateKey) FromWire

func (k *PrivateKey) FromWire(wire WirePrivateKey) error

FromWire unmarshals the provided WirePrivateKey into the PrivateKey 'k'.

func (*PrivateKey) Params

func (k *PrivateKey) Params() Params

Params returns the public parameters of the identity provider that extracted this private key.

func (*PrivateKey) ToWire

func (k *PrivateKey) ToWire(wire *WirePrivateKey) error

ToWire marshals the PrivateKey 'k' into the WirePrivateKey 'wire'.

type Root

type Root struct {
	// contains filtered or unexported fields
}

Root represents an identity provider for the purposes of blessings based encryption and decryption.

It generates private keys for specific blessings which can be used to decrypt any message encrypted for a pattern matched by the blessing ( assuming the encryption used this identity provider's parameters).

func NewRoot

func NewRoot(blessing string, master ibe.Master) *Root

NewRoot returns a new root identity provider that has the provided blessing name and uses the provided 'master' for setting up identity-based encryption.

func (*Root) Extract

func (r *Root) Extract(ctx *context.T, blessing string) (*PrivateKey, error)

Extract returns a private key for the provided blessing.

The private key can be used for decrypting any message encrypted using a pattern matched by the blessing (assuming the encryption made use of the public parameters of this root).

func (*Root) Params

func (r *Root) Params() Params

Params returns the public parameters of the identity provider represented by 'r'.

type WireCiphertext

type WireCiphertext struct {
	// PatternId is an identifier of the blessing pattern that this
	// ciphertext is for. It is represented by a 16 byte truncated
	// SHA256 hash of the pattern.
	PatternId string
	// Bytes is a map from an identifier of the public IBE params to
	// the ciphertext bytes that were generated using those params.
	//
	// The params identifier is a 16 byte truncated SHA256 hash
	// of the marshaled form of the IBE params.
	Bytes map[string][]byte
}

WireCiphertext represents the wire format of the ciphertext generated by a Crypter.

func (WireCiphertext) VDLIsZero

func (x WireCiphertext) VDLIsZero() bool

func (*WireCiphertext) VDLRead

func (x *WireCiphertext) VDLRead(dec vdl.Decoder) error

func (WireCiphertext) VDLReflect

func (WireCiphertext) VDLReflect(struct {
	Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WireCiphertext"`
})

func (WireCiphertext) VDLWrite

func (x WireCiphertext) VDLWrite(enc vdl.Encoder) error

type WireParams

type WireParams struct {
	// Blessing is the blessing name of the identity provider. The identity
	// provider  can extract private keys for blessings that are extensions
	// of this blessing name.
	Blessing string
	// Params is the marshaled form of the public IBE params of the
	// the identity provider.
	Params []byte
}

WireParams represents the wire format of the public parameters of an identity provider (aka Root).

func (WireParams) VDLIsZero

func (x WireParams) VDLIsZero() bool

func (*WireParams) VDLRead

func (x *WireParams) VDLRead(dec vdl.Decoder) error

func (WireParams) VDLReflect

func (WireParams) VDLReflect(struct {
	Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WireParams"`
})

func (WireParams) VDLWrite

func (x WireParams) VDLWrite(enc vdl.Encoder) error

type WirePrivateKey

type WirePrivateKey struct {
	// Blessing is the blessing for which this private key was extracted for.
	Blessing string
	// Params are the public parameters of the identity provider that extracted
	// this private key.
	Params WireParams
	// Keys contain the extracted IBE private keys for each pattern that is
	// matched by the blessing and is an extension of the identity provider's
	// name. The keys are enumerated in increasing order of the lengths of the
	// corresponding patterns.
	//
	// For example, if the blessing is "google:u:alice:phone" and the identity
	// provider's name is "google:u" then the keys are extracted for the patterns
	// - "google:u"
	// - "google:u:alice"
	// - "google:u:alice:phone"
	// - "google:u:alice:phone:$"
	//
	// The private keys are listed in increasing order of the lengths of the
	// corresponding patterns.
	Keys [][]byte
}

WirePrivateKey represents the wire format of the private key corresponding to a blessing.

func (WirePrivateKey) VDLIsZero

func (x WirePrivateKey) VDLIsZero() bool

func (*WirePrivateKey) VDLRead

func (x *WirePrivateKey) VDLRead(dec vdl.Decoder) error

func (WirePrivateKey) VDLReflect

func (WirePrivateKey) VDLReflect(struct {
	Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WirePrivateKey"`
})

func (WirePrivateKey) VDLWrite

func (x WirePrivateKey) VDLWrite(enc vdl.Encoder) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL