defense

package
v0.0.0-...-598a827 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2021 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecryptBlock 

func DecryptBlock(key [32]byte, in []byte) (clear []byte, err kv.Error)

func EncryptBlock 

func EncryptBlock(data []byte) (key [32]byte, enc []byte, err kv.Error)

func GenerateKeyPair 

func GenerateKeyPair(pwd string) (privatePEM []byte, publicPEM []byte, err kv.Error)

generateKeyPair produces a 4096 bit PEM formatted public and password protected RSA key pair

func HybridSeal 

func HybridSeal(buffer []byte, pub *rsa.PublicKey) (output string, err kv.Error)

func IsEnvelope 

func IsEnvelope(msg []byte) (isEnvelope bool, err kv.Error)

IsEnvelop is used to test if a JSON payload is indeed present

func ParseSSHSignature 

func ParseSSHSignature(in []byte) (out *ssh.Signature, err kv.Error)

ParseSSHSignature is used to extract a signature from a byte buffer encoded formatted according to, https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-01. A pair of Length,Value items. The first the Format string for the signature and the second the bytes of the key blob.

func SSHKeys 

func SSHKeys(cryptoDir string, passphraseDir string) (publicPEM []byte, privatePEM []byte, passphrase []byte, err kv.Error)

func StopSecret 

func StopSecret()

func Unseal 

func Unseal(encrypted string, prvKey *rsa.PrivateKey) (decrypted []byte, err kv.Error)

func WillEscape 

func WillEscape(candidate string, target string) (escapes bool, err kv.Error)

WillEscape checks to see if the candidate name will escape the target directory

func WriteKeyToFile 

func WriteKeyToFile(keyBytes []byte, outputFN string) (err kv.Error)

Types

type DSExtract 

type DSExtract func(data []byte) (item interface{}, err kv.Error)

type DynamicStore 

type DynamicStore struct {
	sync.Mutex
	// contains filtered or unexported fields
}

DynamicStore encapsulates an instance of a single directory that is backing the in-memory file contents, it also includes a reference to the next pending refresh and a function that is used when the directory files change

func NewDynamicStore 

func NewDynamicStore(ctx context.Context, configuredDir string, extractFN DSExtract, refresh time.Duration, errorC chan<- kv.Error) (store *DynamicStore, err kv.Error)

NewDynamicStore is used to initialize a watched dynamic store of items that is backed by the file system. This is a non-blocking function that will spawn a go routine that uses the ctx context to stop when the context is done.

func (*DynamicStore) Init 

func (s *DynamicStore) Init(ctx context.Context, configuredDir string, refresh time.Duration, errorC chan<- kv.Error) (err kv.Error)

Init is used to initialize a directory watcher backed store

func (*DynamicStore) Reset 

func (s *DynamicStore) Reset()

Reset is used to load a new pending refresh notification channel and trigger the old one

type Envelope 

type Envelope struct {
	Message Message `json:"message"`
}

Request marshals the requests made by studioML under which all of the other meta data can be found

func UnmarshalEnvelope 

func UnmarshalEnvelope(data []byte) (e *Envelope, err kv.Error)

UnmarshalRequest takes an encoded StudioML envelope and extracts it into go data structures used by the go runner.

func (*Envelope) Marshal 

func (e *Envelope) Marshal() ([]byte, error)

Marshal takes the go data structure used to define a StudioML experiment envelope and serializes it as json to the byte array

type Message 

type Message struct {
	Experiment         OpenExperiment  `json:"experiment"`
	TimeAdded          float64         `json:"time_added"`
	ExperimentLifetime string          `json:"experiment_lifetime"`
	Resource           server.Resource `json:"resources_needed"`
	Payload            string          `json:"payload"`
	Fingerprint        string          `json:"fingerprint"`
	Signature          string          `json:"signature"`
}

Message contains any clear text fields and either an an encrypted payload or clear text payloads as a Request.

type OpenExperiment 

type OpenExperiment struct {
	Status    string `json:"status"`
	PythonVer string `json:"pthonver"`
}

type PubkeyStore 

type PubkeyStore struct {
	sync.Mutex
	// contains filtered or unexported fields
}

PubkeyStore encapsulates a store of SSH public keys used for message signing, and encryption

func InitRqstSigWatcher 

func InitRqstSigWatcher(ctx context.Context, configuredDir string, errorC chan<- kv.Error) (sigs *PubkeyStore, err kv.Error)

InitRqstSigWatcher is used to initialize a watch for signatures and to spawn the file system backed service function to perform the watching.

func InitRspnsEncryptWatcher 

func InitRspnsEncryptWatcher(ctx context.Context, configuredDir string, errorC chan<- kv.Error) (sigs *PubkeyStore, err kv.Error)

InitRspnsSigWatcher is used to initialize a watch for signatures and to spawn the file system backed service function to perform the watching.

func (*PubkeyStore) Dir 

func (s *PubkeyStore) Dir() (dir string)

Dir returns the absolute directory path from which signature files are being retrieved and used

func (*PubkeyStore) GetRefresh 

func (s *PubkeyStore) GetRefresh() (doneCtx context.Context)

GetRefresh will return a context that will be cancelled on the next refresh of signatures completing. This us principally for testing at this time. This function will return nil if the key store is not yet initialized fully.

func (*PubkeyStore) GetSSH 

func (s *PubkeyStore) GetSSH(q string) (key ssh.PublicKey, fingerprint string, err kv.Error)

GetSSH retrieves a signature that has a queue name supplied by the caller as an exact match

func (*PubkeyStore) Select 

func (s *PubkeyStore) Select(q string) (key *rsa.PublicKey, err kv.Error)

Select retrieves an SSH style signature that has a queue name supplied by the caller using the longest prefix matched queue name for the supplied queue name that can be found.

func (*PubkeyStore) SelectSSH 

func (s *PubkeyStore) SelectSSH(q string) (key ssh.PublicKey, fingerprint string, err kv.Error)

SelectSSH retrieves an SSH style signature that has a queue name supplied by the caller using the longest prefix matched queue name for the supplied queue name that can be found.

type RefreshContext 

type RefreshContext struct {
	// contains filtered or unexported fields
}

RefreshContext is used to track when the background service function has checked the file system backing store for new, updated, or deleted items

type Wrapper 

type Wrapper struct {
	// contains filtered or unexported fields
}

func KubernetesWrapper 

func KubernetesWrapper(mountDir string) (w *Wrapper, err kv.Error)

KubertesWrapper is used to obtain, if available, the Kubernetes stored encryption parameters for the server

func NewWrapper 

func NewWrapper(publicPEM []byte, privatePEM []byte, passphrase []byte) (w *Wrapper, err kv.Error)

func (*Wrapper) Envelope 

func (w *Wrapper) Envelope(r *request.Request) (e *Envelope, err kv.Error)

func (*Wrapper) Request 

func (w *Wrapper) Request(e *Envelope) (r *request.Request, err kv.Error)

func (*Wrapper) UnwrapRequest 

func (w *Wrapper) UnwrapRequest(encrypted string) (r *request.Request, err kv.Error)

func (*Wrapper) WrapRequest 

func (w *Wrapper) WrapRequest(r *request.Request) (encrypted string, err kv.Error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.