-
Notifications
You must be signed in to change notification settings - Fork 467
/
subtlecrypto.go
174 lines (159 loc) · 4.56 KB
/
subtlecrypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
/*
Copyright 2023 The Dapr Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package crypto
import (
"context"
"github.com/lestrrat-go/jwx/v2/jwk"
"github.com/dapr/components-contrib/metadata"
)
// SubtleCrypto offers an interface to perform low-level ("subtle") cryptographic operations with keys stored in a vault.
type SubtleCrypto interface {
metadata.ComponentWithMetadata
SubtleCryptoAlgorithms
// Init the component.
Init(ctx context.Context, metadata Metadata) error
// GetKey returns the public part of a key stored in the vault.
// This method returns an error if the key is symmetric.
GetKey(ctx context.Context,
// Name (or name/version) of the key to use in the key vault
keyName string,
) (
// Object containing the public key
pubKey jwk.Key,
err error,
)
// Encrypt a small message and returns the ciphertext.
Encrypt(ctx context.Context,
// Input plaintext
plaintext []byte,
// Encryption algorithm to use
algorithm string,
// Name (or name/version) of the key to use in the key vault
keyName string,
// Nonce / initialization vector
// Ignored with asymmetric ciphers
nonce []byte,
// Associated Data when using AEAD ciphers
// Optional, can be nil
associatedData []byte,
) (
// Encrypted ciphertext
ciphertext []byte,
// Authentication tag
// This is nil when not using an authenticated cipher
tag []byte,
err error,
)
// Decrypt a small message and returns the plaintext.
Decrypt(ctx context.Context,
// Input ciphertext
ciphertext []byte,
// Encryption algorithm to use
algorithm string,
// Name (or name/version) of the key to use in the key vault
keyName string,
// Nonce / initialization vector
// Ignored with asymmetric ciphers
nonce []byte,
// Authentication tag
// Ignored when not using an authenticated cipher
tag []byte,
// Associated Data when using AEAD ciphers
// Optional, can be nil
associatedData []byte,
) (
// Decrypted plaintext
plaintext []byte,
err error,
)
// WrapKey wraps a key.
WrapKey(ctx context.Context,
// Key to wrap as Key object
plaintextKey jwk.Key,
// Encryption algorithm to use
algorithm string,
// Name (or name/version) of the key to use in the key vault
keyName string,
// Nonce / initialization vector
// Ignored with asymmetric ciphers
nonce []byte,
// Associated Data when using AEAD ciphers
// Optional, can be nil
associatedData []byte,
) (
// Wrapped key
wrappedKey []byte,
// Authentication tag
// This is nil when not using an authenticated cipher
tag []byte,
err error,
)
// UnwrapKey unwraps a key.
// The consumer needs to unserialize the key in the correct format.
UnwrapKey(ctx context.Context,
// Wrapped key
wrappedKey []byte,
// Encryption algorithm to use
algorithm string,
// Name (or name/version) of the key to use in the key vault
keyName string,
// Nonce / initialization vector
// Ignored with asymmetric ciphers
nonce []byte,
// Authentication tag
// Ignored when not using an authenticated cipher
tag []byte,
// Associated Data when using AEAD ciphers
// Optional, can be nil
associatedData []byte,
) (
// Plaintext key
plaintextKey jwk.Key,
err error,
)
// Sign a digest.
Sign(ctx context.Context,
// Digest to sign
digest []byte,
// Signing algorithm to use
algorithm string,
// Name (or name/version) of the key to use in the key vault
// The key must be asymmetric
keyName string,
) (
// Signature that was computed
signature []byte,
err error,
)
// Verify a signature.
Verify(ctx context.Context,
// Digest of the message
digest []byte,
// Signature to verify
signature []byte,
// Signing algorithm to use
algorithm string,
// Name (or name/version) of the key to use in the key vault
// The key must be asymmetric
keyName string,
) (
// True if the signature is valid
valid bool,
err error,
)
}
// SubtleCryptoAlgorithms is an extension to SubtleCrypto that includes methods to return information on the supported algorithms.
type SubtleCryptoAlgorithms interface {
SupportedEncryptionAlgorithms() []string
SupportedSignatureAlgorithms() []string
}