api

package
v0.0.0-...-982e07a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package api describes API of Acra Keystore version 2.

Index

Constants

View Source 
const (
	ThemisKeyPairFormat      = KeyFormat(asn1.ThemisKeyPairFormat)
	ThemisSymmetricKeyFormat = KeyFormat(asn1.ThemisSymmetricKeyFormat)
)

Supported key material formats:

View Source 
const (
	KeyPreActive   = KeyState(asn1.KeyPreActive)
	KeyActive      = KeyState(asn1.KeyActive)
	KeySuspended   = KeyState(asn1.KeySuspended)
	KeyDeactivated = KeyState(asn1.KeyDeactivated)
	KeyCompromised = KeyState(asn1.KeyCompromised)
	KeyDestroyed   = KeyState(asn1.KeyDestroyed)
)

Possible KeyState values:

Variables

View Source 
var (
	ErrFormatDuplicated    = errors.New("key format used multiple times")
	ErrFormatMissing       = errors.New("key format not available")
	ErrKeyNotExist         = errors.New("no key with such seqnum")
	ErrKeyDestroyed        = errors.New("key has been destroyed")
	ErrNoKeyData           = errors.New("no key data")
	ErrInvalidFormat       = errors.New("invalid key format")
	ErrInvalidState        = errors.New("invalid state transition")
	ErrInvalidCryptoperiod = errors.New("invalid key cryptoperiod")
)

Errors returned by KeyRing methods accessing key data:

View Source 
var (
	ErrNoCurrentKey = errors.New("key ring has no current key")
)

Errors returned by KeyRing methods:

Functions

func KeyStateTransitionValid 

func KeyStateTransitionValid(oldState, newState KeyState) bool

KeyStateTransitionValid checks a key state change.

Types

type BackupKeystore 

type BackupKeystore interface {
	KeyStore
	// ImportKeyRings unpacks key rings packaged by ExportKeyRings.
	// The provided cryptosuite is used to verify the signature on the container and decrypt key ring data.
	// Optional delegate can be used to control various aspects of the import process, such as conflict resolution.
	// Returns a list of processed key rings.
	ImportKeyRings(exportData []byte, cryptosuite *crypto.KeyStoreSuite, delegate KeyRingImportDelegate) ([]string, error)
}

BackupKeystore represent keystore used for acra-keys import/export subcommands

type ImportDecision 

type ImportDecision int

ImportDecision constants describe how to proceed with import conflict resolution. 

const (
	// Do not modify existing key ring, abort with given error.
	ImportAbort ImportDecision = iota
	// Do not modify existing key ring, proceed with importing others.
	ImportSkip
	// Overwrite existing key ring with new data.
	ImportOverwrite
)

ImportDecision options.

type KeyData 

type KeyData struct {
	Format       KeyFormat
	PublicKey    []byte
	PrivateKey   []byte
	SymmetricKey []byte
}

KeyData contains plaintext key data to be added to keystore. Only relevant fields are stored. They must be filled according to the format.

type KeyDescription 

type KeyDescription struct {
	ValidSince time.Time
	ValidUntil time.Time
	Data       []KeyData
}

KeyDescription describes a newly added key. A key can have multiple representations of attached data, but must have at least one.

type KeyFormat 

type KeyFormat int

KeyFormat describes key material format.

type KeyRing 

type KeyRing interface {
	// CurrentKey returns the key that you should currently use.
	CurrentKey() (int, error)

	// AllKeys returns all keys in the key ring, from newest to oldest.
	AllKeys() ([]int, error)

	// State of the key right now.
	State(seqnum int) (KeyState, error)

	// ValidSince returns the time before which the key cannot be used.
	ValidSince(seqnum int) (time.Time, error)
	// ValidUntil returns the time since which the key should not be used.
	ValidUntil(seqnum int) (time.Time, error)

	// Formats available for this key.
	Formats(seqnum int) ([]KeyFormat, error)
	// PublicKey data in given format, if available.
	PublicKey(seqnum int, format KeyFormat) ([]byte, error)
	// PrivateKey data in given format, if available.
	PrivateKey(seqnum int, format KeyFormat) ([]byte, error)
	// SymmetricKey data in given format, if available.
	SymmetricKey(seqnum int, format KeyFormat) ([]byte, error)
}

KeyRing is a bunch of keys, with currently active one.

type KeyRingImportDelegate 

type KeyRingImportDelegate interface {
	// This method is executed when an imported key ring already exists.
	// Current key ring content is encrypted, new key ring content is in plain.
	// Don't look at the key material, decide based on validity ranges and sequence numbers.
	DecideKeyRingOverwrite(currentData, newData *asn1.KeyRing) (ImportDecision, error)
}

KeyRingImportDelegate controls details of key ring import process.

type KeyState 

type KeyState int

KeyState describes current state of a key or a key pair.

func (KeyState) String 

func (s KeyState) String() string

String returns human-readable name of the state.

type KeyStore 

type KeyStore interface {
	// OpenKeyRing opens an existing key ring with given purpose.
	OpenKeyRing(purpose string) (KeyRing, error)

	// Close this keystore, releasing associated resources.
	// This generally renders opened KeyRings unusable.
	Close() error

	// ListKeyRings enumerates all key rings present in this keystore.
	ListKeyRings() ([]string, error)

	// ExportKeyRings packages specified key rings for export.
	// Key ring data is encrypted and signed using given cryptosuite.
	// Resulting container can be imported into existing or different keystore with ImportKeyRings().
	ExportKeyRings(paths []string, cryptosuite *crypto.KeyStoreSuite, mode keystoreV1.ExportMode) ([]byte, error)

	// DescribeKeyRing describes key ring by its purpose path.
	DescribeKeyRing(purpose string) (*keystoreV1.KeyDescription, error)

	// DescribeRotatedKeyRing describes rotated key ring bys its purpose path.
	DescribeRotatedKeyRing(path string) ([]keystoreV1.KeyDescription, error)
}

KeyStore securely keeps all of the client key data.

type MutableKeyRing 

type MutableKeyRing interface {
	KeyRing

	// AddKey attaches a new key to the ring.
	AddKey(key KeyDescription) (int, error)

	// SetState changes key State to the given one, if allowed.
	SetState(seqnum int, newState KeyState) error

	// DestroyKey erases key data (but keeps the key in the ring).
	DestroyKey(seqnum int) error

	// SetCurrent makes this key current in its key ring.
	// Does nothing if the key is already current.
	SetCurrent(seqnum int) error
}

MutableKeyRing is a bunch of keys, with currently active one. This interface allow to add new keys, update existing ones, and change the current key.

type MutableKeyStore 

type MutableKeyStore interface {
	KeyStore

	// OpenKeyRingRW opens a modifiable key ring with given purpose.
	// A new key ring will be created if it does not exist yet.
	OpenKeyRingRW(purpose string) (MutableKeyRing, error)

	// ImportKeyRings unpacks key rings packaged by ExportKeyRings.
	// The provided cryptosuite is used to verify the signature on the container and decrypt key ring data.
	// Optional delegate can be used to control various aspects of the import process, such as conflict resolution.
	// Returns a list of processed key rings.
	ImportKeyRings(exportData []byte, cryptosuite *crypto.KeyStoreSuite, delegate KeyRingImportDelegate) ([]string, error)
}

MutableKeyStore interface to KeyStore allowing write access.

Source Files

View all Source files

Directories

Path Synopsis
Package tests provides conformity test suite for KeyStore API.
 Package tests provides conformity test suite for KeyStore API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.