import "v.io/x/ref/lib/security/bcrypter"
Package bcrypter defines the mechanisms for blessings based encryption and decryption.
bcrypter.vdl.go crypter.go marshal.go
var (
ErrInternal = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.Internal", verror.NoRetry)
ErrNoParams = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.NoParams", verror.NoRetry)
ErrPrivateKeyNotFound = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.PrivateKeyNotFound", verror.NoRetry)
ErrInvalidPrivateKey = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.InvalidPrivateKey", verror.NoRetry)
)ErrorfInternal calls ErrInternal.Errorf with the supplied arguments.
ErrorfInvalidPrivateKey calls ErrInvalidPrivateKey.Errorf with the supplied arguments.
ErrorfNoParams calls ErrNoParams.Errorf with the supplied arguments.
ErrorfPrivateKeyNotFound calls ErrPrivateKeyNotFound.Errorf with the supplied arguments.
MessageInternal calls ErrInternal.Message with the supplied arguments.
MessageInvalidPrivateKey calls ErrInvalidPrivateKey.Message with the supplied arguments.
MessageNoParams calls ErrNoParams.Message with the supplied arguments.
MessagePrivateKeyNotFound calls ErrPrivateKeyNotFound.Message with the supplied arguments.
func ParamsErrInternal(argumentError error) (verrorComponent string, verrorOperation string, err error, returnErr error)
ParamsErrInternal extracts the expected parameters from the error's ParameterList.
func ParamsErrInvalidPrivateKey(argumentError error) (verrorComponent string, verrorOperation string, err error, returnErr error)
ParamsErrInvalidPrivateKey extracts the expected parameters from the error's ParameterList.
func ParamsErrNoParams(argumentError error) (verrorComponent string, verrorOperation string, pattern security.BlessingPattern, returnErr error)
ParamsErrNoParams extracts the expected parameters from the error's ParameterList.
func ParamsErrPrivateKeyNotFound(argumentError error) (verrorComponent string, verrorOperation string, returnErr error)
ParamsErrPrivateKeyNotFound extracts the expected parameters from the error's ParameterList.
WithCrypter derives a new context from the provided one by attaching the provided crypter to it.
type Ciphertext struct {
// contains filtered or unexported fields
}Ciphertext represents the ciphertext generated by a Crypter.
func (c *Ciphertext) FromWire(wire WireCiphertext)
FromWire unmarshals the provided WireCiphertext into the Ciphertext 'c'.
func (c *Ciphertext) ToWire(wire *WireCiphertext)
ToWire marshals the Ciphertext 'c' into the WireCiphertext 'wire'
type Crypter struct {
// contains filtered or unexported fields
}Crypter provides operations for encrypting and decrypting messages for principals with specific blessings.
In particular, it offers a mechanism to encrypt a message for a specific blessing pattern so that it can only be decrypted by crypters that possess a private key for a blessing matched by that pattern. Such a private key is generated by the identity provider that granted the blessing.
GetCrypter returns the crypter attached to the context, or nil if no crypter is attached.
NewCrypter returns a new Crypter with an empty set of private keys and identity provider parameters.
AddKey adds the provided private key 'key' and the associated public parameters (key.Params()) to this crypter.
AddParams adds the provided identity provider parameters to this crypter.
The added parameters would be used to encrypt plaintexts for blessing patterns that the identity provider is authoritative on.
Decrypt decrypts the provided 'ciphertext' and returns the corresponding plaintext.
Decryption succeeds only if this crypter possesses a private key for a blessing that matches the blessing pattern corresponding to the ciphertext.
func (c *Crypter) Encrypt(ctx *context.T, forPattern security.BlessingPattern, plaintext []byte) (*Ciphertext, error)
Encrypt encrypts the provided 'plaintext' so that it can only be decrypted by a crypter possessing a private key for a blessing matching the provided blessing pattern.
Encryption makes use of the public parameters of the identity provider that is authoritative on the set of blessings that match the provided blessing pattern. These parameters must have been previously added to this crypter via AddParams.
type Params struct {
// contains filtered or unexported fields
}Params represents the public parameters of an identity provider (aka Root).
Blessing returns the blessing name of the identity provider with public parameters 'p'.
func (p *Params) FromWire(wire WireParams) error
FromWire unmarshals the provided WireParams into the Params 'p'.
func (p *Params) ToWire(wire *WireParams) error
ToWire marshals the Params 'p' into the WireParams 'wire'.
type PrivateKey struct {
// contains filtered or unexported fields
}PrivateKey represent the private key corresponding to a blessing.
The private key can be used for decrypting any message encrypted using a pattern matched by the blessing (assuming the private key and encryption used the same identity provider parameters).
func (k *PrivateKey) Blessing() string
Blessing returns the blessing that this private key was extracted for.
func (k *PrivateKey) FromWire(wire WirePrivateKey) error
FromWire unmarshals the provided WirePrivateKey into the PrivateKey 'k'.
func (k *PrivateKey) Params() Params
Params returns the public parameters of the identity provider that extracted this private key.
func (k *PrivateKey) ToWire(wire *WirePrivateKey) error
ToWire marshals the PrivateKey 'k' into the WirePrivateKey 'wire'.
type Root struct {
// contains filtered or unexported fields
}Root represents an identity provider for the purposes of blessings based encryption and decryption.
It generates private keys for specific blessings which can be used to decrypt any message encrypted for a pattern matched by the blessing ( assuming the encryption used this identity provider's parameters).
NewRoot returns a new root identity provider that has the provided blessing name and uses the provided 'master' for setting up identity-based encryption.
Extract returns a private key for the provided blessing.
The private key can be used for decrypting any message encrypted using a pattern matched by the blessing (assuming the encryption made use of the public parameters of this root).
Params returns the public parameters of the identity provider represented by 'r'.
type WireCiphertext struct {
// PatternId is an identifier of the blessing pattern that this
// ciphertext is for. It is represented by a 16 byte truncated
// SHA256 hash of the pattern.
PatternId string
// Bytes is a map from an identifier of the public IBE params to
// the ciphertext bytes that were generated using those params.
//
// The params identifier is a 16 byte truncated SHA256 hash
// of the marshaled form of the IBE params.
Bytes map[string][]byte
}WireCiphertext represents the wire format of the ciphertext generated by a Crypter.
func (x WireCiphertext) VDLIsZero() bool
func (x *WireCiphertext) VDLRead(dec vdl.Decoder) error
func (WireCiphertext) VDLReflect(struct { Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WireCiphertext"` })
func (x WireCiphertext) VDLWrite(enc vdl.Encoder) error
type WireParams struct {
// Blessing is the blessing name of the identity provider. The identity
// provider can extract private keys for blessings that are extensions
// of this blessing name.
Blessing string
// Params is the marshaled form of the public IBE params of the
// the identity provider.
Params []byte
}WireParams represents the wire format of the public parameters of an identity provider (aka Root).
func (x WireParams) VDLIsZero() bool
func (x *WireParams) VDLRead(dec vdl.Decoder) error
func (WireParams) VDLReflect(struct { Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WireParams"` })
func (x WireParams) VDLWrite(enc vdl.Encoder) error
type WirePrivateKey struct {
// Blessing is the blessing for which this private key was extracted for.
Blessing string
// Params are the public parameters of the identity provider that extracted
// this private key.
Params WireParams
// Keys contain the extracted IBE private keys for each pattern that is
// matched by the blessing and is an extension of the identity provider's
// name. The keys are enumerated in increasing order of the lengths of the
// corresponding patterns.
//
// For example, if the blessing is "google:u:alice:phone" and the identity
// provider's name is "google:u" then the keys are extracted for the patterns
// - "google:u"
// - "google:u:alice"
// - "google:u:alice:phone"
// - "google:u:alice:phone:$"
//
// The private keys are listed in increasing order of the lengths of the
// corresponding patterns.
Keys [][]byte
}WirePrivateKey represents the wire format of the private key corresponding to a blessing.
func (x WirePrivateKey) VDLIsZero() bool
func (x *WirePrivateKey) VDLRead(dec vdl.Decoder) error
func (WirePrivateKey) VDLReflect(struct { Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WirePrivateKey"` })
func (x WirePrivateKey) VDLWrite(enc vdl.Encoder) error
Package bcrypter imports 9 packages (graph) and is imported by 15 packages. Updated 2021-01-14. Refresh now. Tools for package owners.