v.io: v.io/x/ref/lib/security/bcrypter Index | Files

package bcrypter

import "v.io/x/ref/lib/security/bcrypter"

nolint:golint

Package bcrypter defines the mechanisms for blessings based encryption and decryption.

Index

Package Files

bcrypter.vdl.go crypter.go marshal.go

Variables

var (
    ErrInternal           = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.Internal", verror.NoRetry)
    ErrNoParams           = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.NoParams", verror.NoRetry)
    ErrPrivateKeyNotFound = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.PrivateKeyNotFound", verror.NoRetry)
    ErrInvalidPrivateKey  = verror.NewIDAction("v.io/x/ref/lib/security/bcrypter.InvalidPrivateKey", verror.NoRetry)
)

func ErrorfInternal Uses

func ErrorfInternal(ctx *context.T, format string, err error) error

ErrorfInternal calls ErrInternal.Errorf with the supplied arguments.

func ErrorfInvalidPrivateKey Uses

func ErrorfInvalidPrivateKey(ctx *context.T, format string, err error) error

ErrorfInvalidPrivateKey calls ErrInvalidPrivateKey.Errorf with the supplied arguments.

func ErrorfNoParams Uses

func ErrorfNoParams(ctx *context.T, format string, pattern security.BlessingPattern) error

ErrorfNoParams calls ErrNoParams.Errorf with the supplied arguments.

func ErrorfPrivateKeyNotFound Uses

func ErrorfPrivateKeyNotFound(ctx *context.T, format string) error

ErrorfPrivateKeyNotFound calls ErrPrivateKeyNotFound.Errorf with the supplied arguments.

func MessageInternal Uses

func MessageInternal(ctx *context.T, message string, err error) error

MessageInternal calls ErrInternal.Message with the supplied arguments.

func MessageInvalidPrivateKey Uses

func MessageInvalidPrivateKey(ctx *context.T, message string, err error) error

MessageInvalidPrivateKey calls ErrInvalidPrivateKey.Message with the supplied arguments.

func MessageNoParams Uses

func MessageNoParams(ctx *context.T, message string, pattern security.BlessingPattern) error

MessageNoParams calls ErrNoParams.Message with the supplied arguments.

func MessagePrivateKeyNotFound Uses

func MessagePrivateKeyNotFound(ctx *context.T, message string) error

MessagePrivateKeyNotFound calls ErrPrivateKeyNotFound.Message with the supplied arguments.

func NewErrInternal Uses

func NewErrInternal(ctx *context.T, err error) error

NewErrInternal returns an error with the ErrInternal ID. Deprecated: this function will be removed in the future, use ErrorfInternal or MessageInternal instead.

func NewErrInvalidPrivateKey Uses

func NewErrInvalidPrivateKey(ctx *context.T, err error) error

NewErrInvalidPrivateKey returns an error with the ErrInvalidPrivateKey ID. Deprecated: this function will be removed in the future, use ErrorfInvalidPrivateKey or MessageInvalidPrivateKey instead.

func NewErrNoParams Uses

func NewErrNoParams(ctx *context.T, pattern security.BlessingPattern) error

NewErrNoParams returns an error with the ErrNoParams ID. Deprecated: this function will be removed in the future, use ErrorfNoParams or MessageNoParams instead.

func NewErrPrivateKeyNotFound Uses

func NewErrPrivateKeyNotFound(ctx *context.T) error

NewErrPrivateKeyNotFound returns an error with the ErrPrivateKeyNotFound ID. Deprecated: this function will be removed in the future, use ErrorfPrivateKeyNotFound or MessagePrivateKeyNotFound instead.

func ParamsErrInternal Uses

func ParamsErrInternal(argumentError error) (verrorComponent string, verrorOperation string, err error, returnErr error)

ParamsErrInternal extracts the expected parameters from the error's ParameterList.

func ParamsErrInvalidPrivateKey Uses

func ParamsErrInvalidPrivateKey(argumentError error) (verrorComponent string, verrorOperation string, err error, returnErr error)

ParamsErrInvalidPrivateKey extracts the expected parameters from the error's ParameterList.

func ParamsErrNoParams Uses

func ParamsErrNoParams(argumentError error) (verrorComponent string, verrorOperation string, pattern security.BlessingPattern, returnErr error)

ParamsErrNoParams extracts the expected parameters from the error's ParameterList.

func ParamsErrPrivateKeyNotFound Uses

func ParamsErrPrivateKeyNotFound(argumentError error) (verrorComponent string, verrorOperation string, returnErr error)

ParamsErrPrivateKeyNotFound extracts the expected parameters from the error's ParameterList.

func WithCrypter Uses

func WithCrypter(ctx *context.T, crypter *Crypter) *context.T

WithCrypter derives a new context from the provided one by attaching the provided crypter to it.

type Ciphertext Uses

type Ciphertext struct {
    // contains filtered or unexported fields
}

Ciphertext represents the ciphertext generated by a Crypter.

func (*Ciphertext) FromWire Uses

func (c *Ciphertext) FromWire(wire WireCiphertext)

FromWire unmarshals the provided WireCiphertext into the Ciphertext 'c'.

func (*Ciphertext) ToWire Uses

func (c *Ciphertext) ToWire(wire *WireCiphertext)

ToWire marshals the Ciphertext 'c' into the WireCiphertext 'wire'

type Crypter Uses

type Crypter struct {
    // contains filtered or unexported fields
}

Crypter provides operations for encrypting and decrypting messages for principals with specific blessings.

In particular, it offers a mechanism to encrypt a message for a specific blessing pattern so that it can only be decrypted by crypters that possess a private key for a blessing matched by that pattern. Such a private key is generated by the identity provider that granted the blessing.

func GetCrypter Uses

func GetCrypter(ctx *context.T) *Crypter

GetCrypter returns the crypter attached to the context, or nil if no crypter is attached.

func NewCrypter Uses

func NewCrypter() *Crypter

NewCrypter returns a new Crypter with an empty set of private keys and identity provider parameters.

func (*Crypter) AddKey Uses

func (c *Crypter) AddKey(ctx *context.T, key *PrivateKey) error

AddKey adds the provided private key 'key' and the associated public parameters (key.Params()) to this crypter.

func (*Crypter) AddParams Uses

func (c *Crypter) AddParams(ctx *context.T, params Params) error

AddParams adds the provided identity provider parameters to this crypter.

The added parameters would be used to encrypt plaintexts for blessing patterns that the identity provider is authoritative on.

func (*Crypter) Decrypt Uses

func (c *Crypter) Decrypt(ctx *context.T, ciphertext *Ciphertext) ([]byte, error)

Decrypt decrypts the provided 'ciphertext' and returns the corresponding plaintext.

Decryption succeeds only if this crypter possesses a private key for a blessing that matches the blessing pattern corresponding to the ciphertext.

func (*Crypter) Encrypt Uses

func (c *Crypter) Encrypt(ctx *context.T, forPattern security.BlessingPattern, plaintext []byte) (*Ciphertext, error)

Encrypt encrypts the provided 'plaintext' so that it can only be decrypted by a crypter possessing a private key for a blessing matching the provided blessing pattern.

Encryption makes use of the public parameters of the identity provider that is authoritative on the set of blessings that match the provided blessing pattern. These parameters must have been previously added to this crypter via AddParams.

type Params Uses

type Params struct {
    // contains filtered or unexported fields
}

Params represents the public parameters of an identity provider (aka Root).

func (*Params) Blessing Uses

func (p *Params) Blessing() string

Blessing returns the blessing name of the identity provider with public parameters 'p'.

func (*Params) FromWire Uses

func (p *Params) FromWire(wire WireParams) error

FromWire unmarshals the provided WireParams into the Params 'p'.

func (*Params) ToWire Uses

func (p *Params) ToWire(wire *WireParams) error

ToWire marshals the Params 'p' into the WireParams 'wire'.

type PrivateKey Uses

type PrivateKey struct {
    // contains filtered or unexported fields
}

PrivateKey represent the private key corresponding to a blessing.

The private key can be used for decrypting any message encrypted using a pattern matched by the blessing (assuming the private key and encryption used the same identity provider parameters).

func (*PrivateKey) Blessing Uses

func (k *PrivateKey) Blessing() string

Blessing returns the blessing that this private key was extracted for.

func (*PrivateKey) FromWire Uses

func (k *PrivateKey) FromWire(wire WirePrivateKey) error

FromWire unmarshals the provided WirePrivateKey into the PrivateKey 'k'.

func (*PrivateKey) Params Uses

func (k *PrivateKey) Params() Params

Params returns the public parameters of the identity provider that extracted this private key.

func (*PrivateKey) ToWire Uses

func (k *PrivateKey) ToWire(wire *WirePrivateKey) error

ToWire marshals the PrivateKey 'k' into the WirePrivateKey 'wire'.

type Root Uses

type Root struct {
    // contains filtered or unexported fields
}

Root represents an identity provider for the purposes of blessings based encryption and decryption.

It generates private keys for specific blessings which can be used to decrypt any message encrypted for a pattern matched by the blessing ( assuming the encryption used this identity provider's parameters).

func NewRoot Uses

func NewRoot(blessing string, master ibe.Master) *Root

NewRoot returns a new root identity provider that has the provided blessing name and uses the provided 'master' for setting up identity-based encryption.

func (*Root) Extract Uses

func (r *Root) Extract(ctx *context.T, blessing string) (*PrivateKey, error)

Extract returns a private key for the provided blessing.

The private key can be used for decrypting any message encrypted using a pattern matched by the blessing (assuming the encryption made use of the public parameters of this root).

func (*Root) Params Uses

func (r *Root) Params() Params

Params returns the public parameters of the identity provider represented by 'r'.

type WireCiphertext Uses

type WireCiphertext struct {
    // PatternId is an identifier of the blessing pattern that this
    // ciphertext is for. It is represented by a 16 byte truncated
    // SHA256 hash of the pattern.
    PatternId string
    // Bytes is a map from an identifier of the public IBE params to
    // the ciphertext bytes that were generated using those params.
    //
    // The params identifier is a 16 byte truncated SHA256 hash
    // of the marshaled form of the IBE params.
    Bytes map[string][]byte
}

WireCiphertext represents the wire format of the ciphertext generated by a Crypter.

func (WireCiphertext) VDLIsZero Uses

func (x WireCiphertext) VDLIsZero() bool

func (*WireCiphertext) VDLRead Uses

func (x *WireCiphertext) VDLRead(dec vdl.Decoder) error

func (WireCiphertext) VDLReflect Uses

func (WireCiphertext) VDLReflect(struct {
    Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WireCiphertext"`
})

func (WireCiphertext) VDLWrite Uses

func (x WireCiphertext) VDLWrite(enc vdl.Encoder) error

type WireParams Uses

type WireParams struct {
    // Blessing is the blessing name of the identity provider. The identity
    // provider  can extract private keys for blessings that are extensions
    // of this blessing name.
    Blessing string
    // Params is the marshaled form of the public IBE params of the
    // the identity provider.
    Params []byte
}

WireParams represents the wire format of the public parameters of an identity provider (aka Root).

func (WireParams) VDLIsZero Uses

func (x WireParams) VDLIsZero() bool

func (*WireParams) VDLRead Uses

func (x *WireParams) VDLRead(dec vdl.Decoder) error

func (WireParams) VDLReflect Uses

func (WireParams) VDLReflect(struct {
    Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WireParams"`
})

func (WireParams) VDLWrite Uses

func (x WireParams) VDLWrite(enc vdl.Encoder) error

type WirePrivateKey Uses

type WirePrivateKey struct {
    // Blessing is the blessing for which this private key was extracted for.
    Blessing string
    // Params are the public parameters of the identity provider that extracted
    // this private key.
    Params WireParams
    // Keys contain the extracted IBE private keys for each pattern that is
    // matched by the blessing and is an extension of the identity provider's
    // name. The keys are enumerated in increasing order of the lengths of the
    // corresponding patterns.
    //
    // For example, if the blessing is "google:u:alice:phone" and the identity
    // provider's name is "google:u" then the keys are extracted for the patterns
    // - "google:u"
    // - "google:u:alice"
    // - "google:u:alice:phone"
    // - "google:u:alice:phone:$"
    //
    // The private keys are listed in increasing order of the lengths of the
    // corresponding patterns.
    Keys [][]byte
}

WirePrivateKey represents the wire format of the private key corresponding to a blessing.

func (WirePrivateKey) VDLIsZero Uses

func (x WirePrivateKey) VDLIsZero() bool

func (*WirePrivateKey) VDLRead Uses

func (x *WirePrivateKey) VDLRead(dec vdl.Decoder) error

func (WirePrivateKey) VDLReflect Uses

func (WirePrivateKey) VDLReflect(struct {
    Name string `vdl:"v.io/x/ref/lib/security/bcrypter.WirePrivateKey"`
})

func (WirePrivateKey) VDLWrite Uses

func (x WirePrivateKey) VDLWrite(enc vdl.Encoder) error

Package bcrypter imports 10 packages (graph) and is imported by 15 packages. Updated 2020-10-22. Refresh now. Tools for package owners.