phpcloud

package
v0.0.0-...-caadfb4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2020 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package phpcloud provides net/rpc services to offload functionality from PHP to Go via the spiral/goridge codec. It has an accompanying PHP client library and Docker image.

Index

Constants

View Source 
const ServeSocketPermission = 0770

ServeSocketPermission is the POSIX permission to which Serve sets its socket.

Variables

This section is empty.

Functions

func Register 

func Register(c *Crypto, a *AWS) error

Register registers instances of RPC services.

func Serve 

func Serve(ctx context.Context, sock string, ready chan struct{}) error

Serve listens on sock, closing ready (if non-nil) once listening, and then accepts net/rpc connections with the goridge Codec. It sets ownership of sock to the current uid:gid and permissions to ServeSocketPermission. Serve is blocking, and respects context cancellation.

Types

type AWS 

type AWS struct {
	// contains filtered or unexported fields
}

AWS implements a net/rpc service for interacting with AWS services.

func NewAWS 

func NewAWS(secrets secretsmanageriface.SecretsManagerAPI) *AWS

NewAWS returns a new AWS service.

func (*AWS) Secret 

func (a *AWS) Secret(req SecretRequest, resp *SecretResponse) error

Secret is a helper for secretsmanager::GetSecretValue(). The secret is indefinitely cached in memory.

A threat model in which an adversary has access to this binary's memory is such that we assume access to PHP memory too. The alternatives are (a) storing secrets in some other format; or (b) a new GetSecretValue() request on every call, which will become expensive for secrets such as database credentials that PHP needs on every request (even for persistent connections, in the case of MySQL).

type CheckPasswordRequest 

type CheckPasswordRequest struct {
	Password, Hash string
}

CheckPasswordRequest is the request argument for Crypto.CheckPassword.

type CheckPasswordResponse 

type CheckPasswordResponse struct {
	Match bool

	// If `Update==true`, the stored hash should be changed to `UpdatedHash` for
	// improved security.
	Update      bool
	UpdatedHash string

	DebugReason string
}

CheckPasswordResponse is the response argument for Crypto.CheckPassword.

type Crypto 

type Crypto struct{}

Crypto implements a net/rpc service providing cryptographic methods.

func NewCrypto 

func NewCrypto() *Crypto

NewCrypto returns a new Crypto service.

func (*Crypto) CheckPassword 

func (c *Crypto) CheckPassword(req CheckPasswordRequest, resp *CheckPasswordResponse) error

CheckPassword confirms that the password matches the hash. It supports both bcrypt and Argon2. If the password matches, and the hash is anything other than argon2i, an updated hash is returned by internally calling HashPassword.

func (*Crypto) Decrypt 

func (c *Crypto) Decrypt(req DecryptRequest, resp *DecryptResponse) error

Decrypt decrypts the request.

func (*Crypto) EncryptAESGCM 

func (c *Crypto) EncryptAESGCM(req EncryptRequest, resp *EncryptResponse) error

EncryptAESGCM encrypts the request with AES-GCM.

func (*Crypto) HashPassword 

func (c *Crypto) HashPassword(req HashPasswordRequest, resp *HashPasswordResponse) error

HashPassword returns req.Password, hashed with Argon2i.

type DecryptRequest 

type DecryptRequest struct {
	EncryptedData   []byte
	KeySources      []string
	RotateKeySource string

	// AllowedModes specifies the Modes that are allowed, and can be used to
	// disable ECB fallback, which allows for circumventing GCM authentication
	// checks.
	AllowedModes map[pb.Ciphertext_Mode]bool
}

DecryptRequest is the request argument for Crypto.Decrypt.

type DecryptResponse 

type DecryptResponse struct {
	DecryptedData     []byte
	AuthenticatedData []byte

	ReEncryptedData []byte
}

DecryptResponse is the response argument for Crypto.Decrypt.

type EncryptRequest 

type EncryptRequest struct {
	DataToEncrypt             []byte
	AuthenticatedNotEncrypted []byte
	KeySource                 string
}

EncryptRequest is the request argument for Crypto.Encrypt*.

type EncryptResponse 

type EncryptResponse struct {
	EncryptedData []byte
}

EncryptResponse is the response argument for Crypto.Encrypt*.

type Error 

type Error int

Error implements the error interface. 

const (
	ErrUnknown Error = iota
	ErrUnimplemented
	ErrKeyTypeUnsupported
	ErrKeyBase64
	ErrNotDecrypted
	ErrBlockModeUnsupported
	ErrDetectCiphertextMode
	ErrAllowedDecryptMode
)

Pre-defined errors.

func (Error) Error 

func (e Error) Error() string

type HashPasswordRequest 

type HashPasswordRequest struct {
	Password string
}

HashPasswordRequest is the request argument for Crypto.HashPassword.

type HashPasswordResponse 

type HashPasswordResponse struct {
	Hash string
}

HashPasswordResponse is the response argument for Crypto.HashPassword.

type KeySourceType 

type KeySourceType string

A KeySourceType is a type of source for cryptographic keys. 

const (
	RawKey     KeySourceType = `raw:`
	Passphrase KeySourceType = `passphrase:`
)

KeySourceTypes of the form "[type]:[base64-key-material]" indicate how the key material should be interpreted.

type SecretRequest 

type SecretRequest struct {
	ID string
}

SecretRequest is the request argument for AWS.Secret.

type SecretResponse 

type SecretResponse struct {
	String    string
	Binary    []byte
	VersionID string
}

SecretResponse is the response argument for AWS.Secret.

Source Files

View all Source files

Directories

Path Synopsis
The phpcloud binary is a daemon that provides a "Crypto" RPC service.
 The phpcloud binary is a daemon that provides a "Crypto" RPC service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.