Documentation ¶
Overview ¶
Package phpcloud provides net/rpc services to offload functionality from PHP to Go via the spiral/goridge codec. It has an accompanying PHP client library and Docker image.
Index ¶
- Constants
- func Register(c *Crypto, a *AWS) error
- func Serve(ctx context.Context, sock string, ready chan struct{}) error
- type AWS
- type CheckPasswordRequest
- type CheckPasswordResponse
- type Crypto
- func (c *Crypto) CheckPassword(req CheckPasswordRequest, resp *CheckPasswordResponse) error
- func (c *Crypto) Decrypt(req DecryptRequest, resp *DecryptResponse) error
- func (c *Crypto) EncryptAESGCM(req EncryptRequest, resp *EncryptResponse) error
- func (c *Crypto) HashPassword(req HashPasswordRequest, resp *HashPasswordResponse) error
- type DecryptRequest
- type DecryptResponse
- type EncryptRequest
- type EncryptResponse
- type Error
- type HashPasswordRequest
- type HashPasswordResponse
- type KeySourceType
- type SecretRequest
- type SecretResponse
Constants ¶
const ServeSocketPermission = 0770
ServeSocketPermission is the POSIX permission to which Serve sets its socket.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AWS ¶
type AWS struct {
// contains filtered or unexported fields
}
AWS implements a net/rpc service for interacting with AWS services.
func NewAWS ¶
func NewAWS(secrets secretsmanageriface.SecretsManagerAPI) *AWS
NewAWS returns a new AWS service.
func (*AWS) Secret ¶
func (a *AWS) Secret(req SecretRequest, resp *SecretResponse) error
Secret is a helper for secretsmanager::GetSecretValue(). The secret is indefinitely cached in memory.
A threat model in which an adversary has access to this binary's memory is such that we assume access to PHP memory too. The alternatives are (a) storing secrets in some other format; or (b) a new GetSecretValue() request on every call, which will become expensive for secrets such as database credentials that PHP needs on every request (even for persistent connections, in the case of MySQL).
type CheckPasswordRequest ¶
type CheckPasswordRequest struct {
Password, Hash string
}
CheckPasswordRequest is the request argument for Crypto.CheckPassword.
type CheckPasswordResponse ¶
type CheckPasswordResponse struct { Match bool // If `Update==true`, the stored hash should be changed to `UpdatedHash` for // improved security. Update bool UpdatedHash string DebugReason string }
CheckPasswordResponse is the response argument for Crypto.CheckPassword.
type Crypto ¶
type Crypto struct{}
Crypto implements a net/rpc service providing cryptographic methods.
func (*Crypto) CheckPassword ¶
func (c *Crypto) CheckPassword(req CheckPasswordRequest, resp *CheckPasswordResponse) error
CheckPassword confirms that the password matches the hash. It supports both bcrypt and Argon2. If the password matches, and the hash is anything other than argon2i, an updated hash is returned by internally calling HashPassword.
func (*Crypto) Decrypt ¶
func (c *Crypto) Decrypt(req DecryptRequest, resp *DecryptResponse) error
Decrypt decrypts the request.
func (*Crypto) EncryptAESGCM ¶
func (c *Crypto) EncryptAESGCM(req EncryptRequest, resp *EncryptResponse) error
EncryptAESGCM encrypts the request with AES-GCM.
func (*Crypto) HashPassword ¶
func (c *Crypto) HashPassword(req HashPasswordRequest, resp *HashPasswordResponse) error
HashPassword returns req.Password, hashed with Argon2i.
type DecryptRequest ¶
type DecryptRequest struct { EncryptedData []byte KeySources []string RotateKeySource string // AllowedModes specifies the Modes that are allowed, and can be used to // disable ECB fallback, which allows for circumventing GCM authentication // checks. AllowedModes map[pb.Ciphertext_Mode]bool }
DecryptRequest is the request argument for Crypto.Decrypt.
type DecryptResponse ¶
type DecryptResponse struct { DecryptedData []byte AuthenticatedData []byte ReEncryptedData []byte }
DecryptResponse is the response argument for Crypto.Decrypt.
type EncryptRequest ¶
type EncryptRequest struct { DataToEncrypt []byte AuthenticatedNotEncrypted []byte KeySource string }
EncryptRequest is the request argument for Crypto.Encrypt*.
type EncryptResponse ¶
type EncryptResponse struct {
EncryptedData []byte
}
EncryptResponse is the response argument for Crypto.Encrypt*.
type Error ¶
type Error int
Error implements the error interface.
type HashPasswordRequest ¶
type HashPasswordRequest struct {
Password string
}
HashPasswordRequest is the request argument for Crypto.HashPassword.
type HashPasswordResponse ¶
type HashPasswordResponse struct {
Hash string
}
HashPasswordResponse is the response argument for Crypto.HashPassword.
type KeySourceType ¶
type KeySourceType string
A KeySourceType is a type of source for cryptographic keys.
const ( RawKey KeySourceType = `raw:` Passphrase KeySourceType = `passphrase:` )
KeySourceTypes of the form "[type]:[base64-key-material]" indicate how the key material should be interpreted.
type SecretRequest ¶
type SecretRequest struct {
ID string
}
SecretRequest is the request argument for AWS.Secret.
type SecretResponse ¶
SecretResponse is the response argument for AWS.Secret.
Directories ¶
Path | Synopsis |
---|---|
The phpcloud binary is a daemon that provides a "Crypto" RPC service.
|
The phpcloud binary is a daemon that provides a "Crypto" RPC service. |