security

package

v0.0.0-...-ab689eb Latest Latest Go to latest Published: Mar 28, 2024 License: BSD-3-Clause-Clear Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/opentdf/platform

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type ECKeyPair
type Error
- func (e Error) Error() string
type HSMConfig
type HSMSession
- func New(c *HSMConfig) (*HSMSession, error)
type KeyInfo
type PrivateKeyEC
type PrivateKeyRSA
type RSAKeyPair

Constants ¶

View Source

const (
	ErrHSMUnexpected = Error("hsm unexpected")
	ErrHSMDecrypt    = Error("hsm decrypt error")
	ErrHSMNotFound   = Error("hsm unavailable")
	ErrKeyConfig     = Error("key configuration error")
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ECKeyPair ¶

type ECKeyPair struct {
	PrivateKey PrivateKeyEC
	*ecdsa.PublicKey
	*x509.Certificate
}

type Error ¶

type Error string

func (Error) Error ¶

func (e Error) Error() string

type HSMConfig ¶

type HSMConfig struct {
	Enabled    bool               `yaml:"enabled"`
	ModulePath string             `yaml:"modulePath,omitempty"`
	PIN        string             `yaml:"pin,omitempty"`
	SlotID     uint               `yaml:"slotId,omitempty"`
	SlotLabel  string             `yaml:"slotLabel,omitempty"`
	Keys       map[string]KeyInfo `yaml:"keys,omitempty"`
}

func (*HSMConfig) WithLabel ¶

func (c *HSMConfig) WithLabel(label string) *HSMConfig

func (*HSMConfig) WithPIN ¶

func (c *HSMConfig) WithPIN(pin string) *HSMConfig

func (*HSMConfig) WithSlot ¶

func (c *HSMConfig) WithSlot(slot uint) *HSMConfig

type HSMSession ¶

type HSMSession struct {
	RSA *RSAKeyPair
	EC  *ECKeyPair
	// contains filtered or unexported fields
}

A session with a security module; useful for abstracting basic cryptographic operations.

HSM Session HAS-A PKCS11 Context HSM Session HAS-A login for a given USER TYPE to a single SLOT When you start this application, you assign a slot and user to the associated security module.

func New ¶

func New(c *HSMConfig) (*HSMSession, error)

func (*HSMSession) DecryptOAEP ¶

func (session *HSMSession) DecryptOAEP(key *PrivateKeyRSA, ciphertext []byte, hashFunction crypto.Hash, label []byte) ([]byte, error)

func (*HSMSession) Destroy ¶

func (s *HSMSession) Destroy()

func (*HSMSession) GenerateEphemeralKasKeys ¶

func (h *HSMSession) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)

func (*HSMSession) GenerateNanoTDFSessionKey ¶

func (h *HSMSession) GenerateNanoTDFSessionKey(
	privateKeyHandle PrivateKeyEC,
	ephemeralPublicKey []byte,
) ([]byte, error)

func (*HSMSession) GenerateNanoTDFSymmetricKey ¶

func (h *HSMSession) GenerateNanoTDFSymmetricKey(ephemeralPublicKeyBytes []byte, key PrivateKeyEC) ([]byte, error)

func (*HSMSession) LoadECKey ¶

func (h *HSMSession) LoadECKey(info KeyInfo) (*ECKeyPair, error)

func (*HSMSession) LoadRSAKey ¶

func (h *HSMSession) LoadRSAKey(info KeyInfo) (*RSAKeyPair, error)

type KeyInfo ¶

type KeyInfo struct {
	Name  string `yaml:"name,omitempty"`
	Label string `yaml:"label,omitempty"`
}

type PrivateKeyEC ¶

type PrivateKeyEC pkcs11.ObjectHandle

type PrivateKeyRSA ¶

type PrivateKeyRSA pkcs11.ObjectHandle

type RSAKeyPair ¶

type RSAKeyPair struct {
	PrivateKey PrivateKeyRSA
	*rsa.PublicKey
	*x509.Certificate
}

Source Files ¶

View all Source files

hsm.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL