protected_objects

package
v0.0.0-...-b5aa0b6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 30, 2017 License: Apache-2.0 Imports: 8 Imported by: 0

README

The protected_object library consists of a number of commonly used routines to maintain a key protection hierarchy. Key hierearchies are rooted in a master key (like the primary sealing key for a CloudProxy Program).

This library maintains an in memory (or serialized to storage protobuf) list of objects. Objects represent things like files or keys. All objects have universal names, object types, validity periods, status, values and epochs. Values are object dependent. For keys, the value is the key and parameters. For files, the value may be the file contents or a pointer to a storage object.

The library also maintains a list of "protected objects" consisting of a protector name, epoch and type and a protected object consisting of name, epoch and type as well a value for the protected object. When the protected object is a key, the value is the key object encrypted and integrity protected by the key of the protector object. When the protected object is a file, the value is (or points to) the file contents encrypted and integrity protected with the protector key.

A chain of protected objects terminating, say, in a file object gives a recipie for decrypting an object given the key at the top of a heierarchy. For example, the top level program sealing key, may be the root protector object, protecting a zone key which, in turn protects a file key which protects a file.

Library functions can construct a chain of such protected objects or find all descendent objects protected directly or indirectly by a given object or all objects protecting, directly or indirectly by a given object. This is useful when decrypting objects or adding or rotating keys. The model is "active" objects can encrypt or decrypt or be read or written, "retired" objects can decrypt or be read and "inactive" objects can no longer be used.

Documentation

Overview

Package protected_objects is a generated protocol buffer package.

It is generated from these files: 

protected_objects.proto

It has these top-level messages: 

ObjectIdMessage
ObjectMessage
NodeMessage
ProtectedObjectMessage
ObjectStoreMessage
NodeStoreMessage
ProtectedObjectStoreMessage

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddObject 

func AddObject(l *list.List, obj ObjectMessage) error

Add the indicated protected object to the list.

func AddObjectId 

func AddObjectId(l *list.List, obj ObjectIdMessage) error

Add the indicated objectid to the list.

func AddProtectedObject 

func AddProtectedObject(l *list.List, obj ProtectedObjectMessage) error

Add the indicated protected object to the list.

func ConstructProtectorChain 

func ConstructProtectorChain(obj_list *list.List, nameProtector string, epochProtector int32,
	nameTop *string, epochTop *int32,
	statuses []string, types []string, seen_list *list.List,
	protected_object_list *list.List) (*list.List, error)

Construct chain of protector objects for (nameProtector, epochProtector) Stops when there are no protectors for top object

func ConstructProtectorChainFromBase 

func ConstructProtectorChainFromBase(obj_list *list.List, nameProtected string, epochProtected int32,
	statuses []string, types []string, base_list *list.List,
	seen_list *list.List, protected_object_list *list.List) (*list.List, error)

Construct chain of protector objects for (nameProtected, epochProtected) 

Chain must terminate with an object from the base list

func DeleteObject 

func DeleteObject(l *list.List, name string, epoch int32) error

Remove the referenced object from the list.

func DeleteProtectedObject 

func DeleteProtectedObject(l *list.List, name string, epoch int32) error

Remove the referenced protected object from the list.

func FindElementById 

func FindElementById(l *list.List, name string, epoch int32) *list.Element

func FindProtectedObjects 

func FindProtectedObjects(l *list.List, name string, epoch int32) *list.List

Find objects protected by object with given name and epoch.

func FindProtectorObjects 

func FindProtectorObjects(l *list.List, name string, epoch int32) *list.List

Find protectors of the object with given name and epoch.

func IsValid 

func IsValid(obj ObjectMessage, statuses []string, types []string) bool

Is object the right type, have the right status and in it's validity period?

func LoadObjects 

func LoadObjects(file string) *list.List

Read and unmarshal an object file.

func LoadProtectedObjects 

func LoadProtectedObjects(file string) *list.List

Read and unmarshal an protected object file.

func PrintObject 

func PrintObject(obj *ObjectMessage)

func PrintProtectedObject 

func PrintProtectedObject(obj *ProtectedObjectMessage)

func SaveObjects 

func SaveObjects(l *list.List, file string) error

Marshal objects and save them in a file. nil is error return

func SaveProtectedObjects 

func SaveProtectedObjects(l *list.List, file string) error

Marshal protected objects and save them in a file. nil is error return

Types

type NodeMessage 

type NodeMessage struct {
	ProtectedObjId   *ObjectIdMessage `protobuf:"bytes,1,req,name=protected_obj_id" json:"protected_obj_id,omitempty"`
	ProtectorObjId   *ObjectIdMessage `protobuf:"bytes,2,opt,name=protector_obj_id" json:"protector_obj_id,omitempty"`
	XXX_unrecognized []byte           `json:"-"`
}

func (*NodeMessage) Descriptor 

func (*NodeMessage) Descriptor() ([]byte, []int)

func (*NodeMessage) GetProtectedObjId 

func (m *NodeMessage) GetProtectedObjId() *ObjectIdMessage

func (*NodeMessage) GetProtectorObjId 

func (m *NodeMessage) GetProtectorObjId() *ObjectIdMessage

func (*NodeMessage) ProtoMessage 

func (*NodeMessage) ProtoMessage()

func (*NodeMessage) Reset 

func (m *NodeMessage) Reset()

func (*NodeMessage) String 

func (m *NodeMessage) String() string

type NodeStoreMessage 

type NodeStoreMessage struct {
	NodeObjects      []*NodeMessage `protobuf:"bytes,1,rep,name=node_objects" json:"node_objects,omitempty"`
	XXX_unrecognized []byte         `json:"-"`
}

func (*NodeStoreMessage) Descriptor 

func (*NodeStoreMessage) Descriptor() ([]byte, []int)

func (*NodeStoreMessage) GetNodeObjects 

func (m *NodeStoreMessage) GetNodeObjects() []*NodeMessage

func (*NodeStoreMessage) ProtoMessage 

func (*NodeStoreMessage) ProtoMessage()

func (*NodeStoreMessage) Reset 

func (m *NodeStoreMessage) Reset()

func (*NodeStoreMessage) String 

func (m *NodeStoreMessage) String() string

type ObjectIdMessage 

type ObjectIdMessage struct {
	ObjName          *string `protobuf:"bytes,1,req,name=obj_name" json:"obj_name,omitempty"`
	ObjEpoch         *int32  `protobuf:"varint,2,opt,name=obj_epoch" json:"obj_epoch,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

Epochs must increase monotonically and be > 0

func (*ObjectIdMessage) Descriptor 

func (*ObjectIdMessage) Descriptor() ([]byte, []int)

func (*ObjectIdMessage) GetObjEpoch 

func (m *ObjectIdMessage) GetObjEpoch() int32

func (*ObjectIdMessage) GetObjName 

func (m *ObjectIdMessage) GetObjName() string

func (*ObjectIdMessage) ProtoMessage 

func (*ObjectIdMessage) ProtoMessage()

func (*ObjectIdMessage) Reset 

func (m *ObjectIdMessage) Reset()

func (*ObjectIdMessage) String 

func (m *ObjectIdMessage) String() string

type ObjectMessage 

type ObjectMessage struct {
	ObjId            *ObjectIdMessage `protobuf:"bytes,1,req,name=obj_id" json:"obj_id,omitempty"`
	ObjType          *string          `protobuf:"bytes,2,opt,name=obj_type" json:"obj_type,omitempty"`
	ObjStatus        *string          `protobuf:"bytes,3,opt,name=obj_status" json:"obj_status,omitempty"`
	NotBefore        *string          `protobuf:"bytes,4,opt,name=not_before" json:"not_before,omitempty"`
	NotAfter         *string          `protobuf:"bytes,5,opt,name=not_after" json:"not_after,omitempty"`
	ObjVal           []byte           `protobuf:"bytes,6,opt,name=obj_val" json:"obj_val,omitempty"`
	XXX_unrecognized []byte           `json:"-"`
}

Standard statuses are: active, retired, inactive, revoked Standard types are: file, key, key-aes128-ctr-hmacsha256 NotBefore and notAfter are string with the standard 

string format: 2006-01-02 15:04:05.999999999 -0700 MST

func CreateObject 

func CreateObject(name string, epoch int32, obj_type *string, status *string, notBefore *time.Time,
	notAfter *time.Time, v []byte) (*ObjectMessage, error)

Create the object with the provided data.

func FindObject 

func FindObject(l *list.List, name string, epoch int32, types []string,
	statuses []string) *ObjectMessage

Find object with given name, epoch, with one of the offered types and names. A nil types or names list matches anything (even nil)

func GetEarliestEpoch 

func GetEarliestEpoch(l *list.List, name string, status []string) *ObjectMessage

Get object with given name and earliest epoch.

func GetLatestEpoch 

func GetLatestEpoch(l *list.List, name string, status []string) *ObjectMessage

Get object with given name and latest epoch.

func RecoverProtectedObject 

func RecoverProtectedObject(obj *ProtectedObjectMessage, protectorKeys []byte) (*ObjectMessage, error)

Decrypt and unmarshal a protected object blob

func (*ObjectMessage) Descriptor 

func (*ObjectMessage) Descriptor() ([]byte, []int)

func (*ObjectMessage) GetNotAfter 

func (m *ObjectMessage) GetNotAfter() string

func (*ObjectMessage) GetNotBefore 

func (m *ObjectMessage) GetNotBefore() string

func (*ObjectMessage) GetObjId 

func (m *ObjectMessage) GetObjId() *ObjectIdMessage

func (*ObjectMessage) GetObjStatus 

func (m *ObjectMessage) GetObjStatus() string

func (*ObjectMessage) GetObjType 

func (m *ObjectMessage) GetObjType() string

func (*ObjectMessage) GetObjVal 

func (m *ObjectMessage) GetObjVal() []byte

func (*ObjectMessage) ProtoMessage 

func (*ObjectMessage) ProtoMessage()

func (*ObjectMessage) Reset 

func (m *ObjectMessage) Reset()

func (*ObjectMessage) String 

func (m *ObjectMessage) String() string

type ObjectStoreMessage 

type ObjectStoreMessage struct {
	Objects          []*ObjectMessage `protobuf:"bytes,1,rep,name=objects" json:"objects,omitempty"`
	XXX_unrecognized []byte           `json:"-"`
}

func (*ObjectStoreMessage) Descriptor 

func (*ObjectStoreMessage) Descriptor() ([]byte, []int)

func (*ObjectStoreMessage) GetObjects 

func (m *ObjectStoreMessage) GetObjects() []*ObjectMessage

func (*ObjectStoreMessage) ProtoMessage 

func (*ObjectStoreMessage) ProtoMessage()

func (*ObjectStoreMessage) Reset 

func (m *ObjectStoreMessage) Reset()

func (*ObjectStoreMessage) String 

func (m *ObjectStoreMessage) String() string

type ProtectedObjectMessage 

type ProtectedObjectMessage struct {
	ProtectedObjId   *ObjectIdMessage `protobuf:"bytes,1,req,name=protected_obj_id" json:"protected_obj_id,omitempty"`
	ProtectorObjId   *ObjectIdMessage `protobuf:"bytes,2,opt,name=protector_obj_id" json:"protector_obj_id,omitempty"`
	Blob             []byte           `protobuf:"bytes,3,opt,name=blob" json:"blob,omitempty"`
	XXX_unrecognized []byte           `json:"-"`
}

func MakeProtectedObject 

func MakeProtectedObject(obj ObjectMessage, protectorName string, protectorEpoch int32,
	protectorKeys []byte) (*ProtectedObjectMessage, error)

Create, marshal and encrypt a protected object blob protecting obj.

func (*ProtectedObjectMessage) Descriptor 

func (*ProtectedObjectMessage) Descriptor() ([]byte, []int)

func (*ProtectedObjectMessage) GetBlob 

func (m *ProtectedObjectMessage) GetBlob() []byte

func (*ProtectedObjectMessage) GetProtectedObjId 

func (m *ProtectedObjectMessage) GetProtectedObjId() *ObjectIdMessage

func (*ProtectedObjectMessage) GetProtectorObjId 

func (m *ProtectedObjectMessage) GetProtectorObjId() *ObjectIdMessage

func (*ProtectedObjectMessage) ProtoMessage 

func (*ProtectedObjectMessage) ProtoMessage()

func (*ProtectedObjectMessage) Reset 

func (m *ProtectedObjectMessage) Reset()

func (*ProtectedObjectMessage) String 

func (m *ProtectedObjectMessage) String() string

type ProtectedObjectStoreMessage 

type ProtectedObjectStoreMessage struct {
	ProtectedObjects []*ProtectedObjectMessage `protobuf:"bytes,1,rep,name=protected_objects" json:"protected_objects,omitempty"`
	XXX_unrecognized []byte                    `json:"-"`
}

func (*ProtectedObjectStoreMessage) Descriptor 

func (*ProtectedObjectStoreMessage) Descriptor() ([]byte, []int)

func (*ProtectedObjectStoreMessage) GetProtectedObjects 

func (m *ProtectedObjectStoreMessage) GetProtectedObjects() []*ProtectedObjectMessage

func (*ProtectedObjectStoreMessage) ProtoMessage 

func (*ProtectedObjectStoreMessage) ProtoMessage()

func (*ProtectedObjectStoreMessage) Reset 

func (m *ProtectedObjectStoreMessage) Reset()

func (*ProtectedObjectStoreMessage) String 

func (m *ProtectedObjectStoreMessage) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.