decryption

package
v1.56.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNoBytesToRead  = errors.New("no bytes to read")
	ErrSeekNotAllowed = errors.New("impossible to seek bytes")
)
View Source 
var (
	ErrInvalidHeaderLine       = errors.New("not a valid header line")
	ErrKeyProviderMissing      = errors.New("key provider not set")
	ErrKeyProviderNotSupported = errors.New("key provider not supported")
)
View Source 
var (
	ErrTimestampMissing       = errors.New("missing timestamp")
	ErrVersionMissing         = errors.New("missing version")
	ErrCompressionModeMissing = errors.New("missing compression mode")
	ErrCompressionModeInvalid = errors.New("invalid compression mode")
	ErrProviderMissing        = errors.New("missing provider")
	ErrEncryptedKeyMissing    = errors.New("missing encrypted key")
	ErrMACMissing             = errors.New("missing mac")
	ErrHeaderRecordInvalid    = errors.New("incorrect header record")
)
View Source 
var (
	ErrLogMissing            = errors.New("missing log")
	ErrLogCorrupted          = errors.New("log corrupted")
	ErrDecryptionFailure     = errors.New("decryption failure")
	ErrDecompressionFailure  = errors.New("decompression failure")
	ErrParse                 = errors.New("parsing error")
	ErrKeyInvokCountMismatch = errors.New("logRecordIdx missmatch")
)
View Source 
var ErrUnsupportedCompression = errors.New("unsupported compression mode")

Functions

func WithAWSOpts 

func WithAWSOpts(accessKey, secretAccessKey, sessionToken string) func(d *Decryption)

func WithAzureOpts 

func WithAzureOpts(tenantID, clientID, secret string) func(d *Decryption)

func WithGCPOpts 

func WithGCPOpts(serviceAccountKey string) func(d *Decryption)

func WithKMIPOpts 

func WithKMIPOpts(opts *KeyProviderKMIPOpts) func(d *Decryption)

func WithLocalOpts 

func WithLocalOpts(fileName string) func(d *Decryption)

Types

type AuditLogError 

type AuditLogError struct {
	Level AuditLogErrorLevel
	Line  int
	TS    *time.Time
	Err   error
}

func (AuditLogError) Error 

func (e AuditLogError) Error() string

func (AuditLogError) MarshalBSON 

func (e AuditLogError) MarshalBSON() ([]byte, error)

type AuditLogErrorLevel 

type AuditLogErrorLevel string
const (
	AuditLogErrorLevelError   AuditLogErrorLevel = "decryptionLogError"
	AuditLogErrorLevelWarning AuditLogErrorLevel = "decryptionLogWarning"
)

type AuditLogFormat 

type AuditLogFormat string
const (
	JSON AuditLogFormat = "JSON"
	BSON AuditLogFormat = "BSON"
)

type AuditLogLine 

type AuditLogLine struct {
	TS                 *time.Time
	AuditRecordType    AuditRecordType
	Version            *string
	CompressionMode    *string
	KeyStoreIdentifier AuditLogLineKeyStoreIdentifier
	EncryptedKey       []byte
	MAC                *string
	Log                *string
}

func (*AuditLogLine) KeyProvider 

func (logLine *AuditLogLine) KeyProvider(opts KeyProviderOpts) (keyproviders.KeyProvider, error)

type AuditLogLineKeyStoreIdentifier 

type AuditLogLineKeyStoreIdentifier struct {
	Provider *keyproviders.KeyStoreProvider `json:"provider,omitempty"`
	// localKey
	Filename string `json:"filename,omitempty"`
	// kmip
	UID            string                         `json:"uniqueKeyID,omitempty"`
	KMIPServerName []string                       `json:"kmipServerName,omitempty"`
	KMIPPort       int                            `json:"kmipPort,omitempty"`
	KeyWrapMethod  keyproviders.KMIPKeyWrapMethod `json:"keyWrapMethod,omitempty"`
	// aws
	Key      string `json:"key,omitempty"`
	Region   string `json:"region,omitempty"`
	Endpoint string `json:"endpoint,omitempty"`
	// azure & gcp
	KeyName string `json:"keyName,omitempty"`
	// azure
	Environment      string `json:"environment,omitempty"`
	KeyVaultEndpoint string `json:"keyVaultEndpoint,omitempty"`
	KeyVersion       string `json:"keyVersion,omitempty"`
	// gcp
	ProjectID string `json:"projectId,omitempty"`
	Location  string `json:"location,omitempty"`
	KeyRing   string `json:"keyRing,omitempty"`
}

func ListKeyProviders 

func ListKeyProviders(logReader io.ReadSeeker) ([]*AuditLogLineKeyStoreIdentifier, error)

type AuditLogOutput 

type AuditLogOutput interface {
	Warningf(lineNb int, logLine *AuditLogLine, format string, a ...interface{}) error
	Error(lineNb int, logLine *AuditLogLine, err error) error
	Errorf(lineNb int, logLine *AuditLogLine, format string, a ...interface{}) error
	LogRecord(lineNb int, logRecord interface{}) error
}

func NewAuditLogOutput 

func NewAuditLogOutput(out io.Writer) AuditLogOutput

type AuditRecordType 

type AuditRecordType string
const (
	AuditHeaderRecord AuditRecordType = "header"
	AuditLogRecord    AuditRecordType = ""
)

type CompressionMode 

type CompressionMode string
const (
	CompressionModeNone CompressionMode = "none"
	CompressionModeZstd CompressionMode = "zstd"
)

type DecodedLogRecord 

type DecodedLogRecord struct {
	CipherText         []byte
	Tag                []byte
	IV                 []byte
	AAD                []byte
	KeyInitCount       uint32
	KeyInvocationCount uint64
}

type DecryptSection 

type DecryptSection struct {
	// contains filtered or unexported fields
}

type Decryption 

type Decryption struct {
	// contains filtered or unexported fields
}

func NewDecryption 

func NewDecryption(options ...Option) *Decryption

func (*Decryption) Decrypt 

func (d *Decryption) Decrypt(logReader io.ReadSeeker, out io.Writer) error

Decrypt decrypts the content of an audit log file using the metadata found in the file, the credentials provided by the user and the AES-GCM algorithm. The decrypted audit log records are saved in the out stream.

type HeaderRecord 

type HeaderRecord struct {
	Timestamp       time.Time
	Version         string
	CompressionMode CompressionMode
	KeyProvider     keyproviders.KeyProvider
	EncryptedKey    []byte
	MAC             string
}

func (*HeaderRecord) DecryptKey 

func (h *HeaderRecord) DecryptKey() ([]byte, error)

type KeyProviderAWSOpts 

type KeyProviderAWSOpts struct {
	AccessKey       string
	SecretAccessKey string
	SessionToken    string
}

type KeyProviderAzureOpts 

type KeyProviderAzureOpts struct {
	ClientID string
	TenantID string
	Secret   string
}

type KeyProviderGCPOpts 

type KeyProviderGCPOpts struct {
	ServiceAccountKey string
}

type KeyProviderKMIPOpts 

type KeyProviderKMIPOpts struct {
	ServerCAFileName          string
	ClientCertificateFileName string
	ClientCertificatePassword string
	Username                  string
	Password                  string
}

type KeyProviderLocalOpts 

type KeyProviderLocalOpts struct {
	KeyFileName string
}

type KeyProviderOpts 

type KeyProviderOpts struct {
	Local *KeyProviderLocalOpts
	KMIP  *KeyProviderKMIPOpts
	AWS   *KeyProviderAWSOpts
	GCP   *KeyProviderGCPOpts
	Azure *KeyProviderAzureOpts
}

type Option 

type Option func(d *Decryption)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.