-
-
Notifications
You must be signed in to change notification settings - Fork 344
/
constants.go
99 lines (85 loc) · 4.56 KB
/
constants.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// Copyright 2023 Woodpecker Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package encryption
import "errors"
// common
const (
rawKeyConfigFlag = "encryption-raw-key"
tinkKeysetFilepathConfigFlag = "encryption-tink-keyset"
disableEncryptionConfigFlag = "encryption-disable-flag"
ciphertextSampleConfigKey = "encryption-ciphertext-sample"
keyTypeTink = "tink"
keyTypeRaw = "raw"
keyTypeNone = "none"
keyIDAssociatedData = "Primary key id"
AESGCMSIVNonceSize = 12
)
var (
errEncryptionNotEnabled = errors.New("encryption is not enabled")
errEncryptionKeyInvalid = errors.New("encryption key is invalid")
errEncryptionKeyRotated = errors.New("encryption key is being rotated")
)
const (
// error wrapping templates
errTemplateFailedInitializingUnencrypted = "failed initializing server in unencrypted mode: %w"
errTemplateFailedInitializing = "failed initializing encryption service: %w"
errTemplateFailedEnablingEncryption = "failed enabling encryption: %w"
errTemplateFailedRotatingEncryption = "failed rotating encryption: %w"
errTemplateFailedDisablingEncryption = "failed disabling encryption: %w"
errTemplateFailedLoadingServerConfig = "failed to load server encryption config: %w"
errTemplateFailedUpdatingServerConfig = "failed updating server encryption configuration: %w"
errTemplateFailedInitializingClients = "failed initializing encryption clients: %w"
errTemplateFailedValidatingKey = "failed validating encryption key: %w"
errTemplateEncryptionFailed = "encryption error: %w"
errTemplateBase64DecryptionFailed = "decryption error: Base64 decryption failed. Cause: %w"
errTemplateDecryptionFailed = "decryption error: %w"
// error messages
errMessageTemplateUnsupportedKeyType = "unsupported encryption key type: %s"
errMessageCantUseBothServices = "can not use raw encryption key and tink keyset at the same time"
errMessageNoKeysProvided = "encryption enabled but no keys provided"
errMessageFailedRotatingEncryption = "failed rotating encryption"
// log messages
logMessageEncryptionEnabled = "encryption enabled"
logMessageEncryptionDisabled = "encryption disabled"
logMessageEncryptionKeyRegistered = "registered new encryption key"
logMessageClientsInitialized = "initialized encryption on registered clients"
logMessageClientsEnabled = "enabled encryption on registered services"
logMessageClientsRotated = "updated encryption key on registered services"
logMessageClientsDecrypted = "disabled encryption on registered services"
)
// tink
const (
// error wrapping templates
errTemplateTinkFailedLoadingKeyset = "failed loading encryption keyset: %w"
errTemplateTinkFailedValidatingKeyset = "failed validating encryption keyset: %w"
errTemplateTinkFailedInitializeFileWatcher = "failed initializing keyset file watcher: %w"
errTemplateTinkFailedSubscribeKeysetFileChanges = "failed subscribing on encryption keyset file changes: %w"
errTemplateTinkFailedOpeningKeyset = "failed opening encryption keyset file: %w"
errTemplateTinkFailedReadingKeyset = "failed reading encryption keyset from file: %w"
errTemplateTinkFailedInitializingAEAD = "failed initializing AEAD instance: %w"
// error messages
errMessageTinkKeysetFileWatchFailed = "failed watching encryption keyset file changes"
// log message templates
logTemplateTinkKeysetFileChanged = "changes detected in encryption keyset file: '%s'. Encryption service will be reloaded"
logTemplateTinkLoadingKeyset = "loading encryption keyset from file: %s"
logTemplateTinkFailedClosingKeysetFile = "could not close keyset file: %s"
)
// aes
const (
// error wrapping templates
errTemplateAesFailedLoadingCipher = "failed loading encryption cipher: %w"
errTemplateAesFailedCalculatingHash = "failed calculating hash: %w"
errTemplateAesFailedGeneratingKey = "failed generating key from passphrase: %w"
errTemplateAesFailedGeneratingKeyID = "failed generating key id: %w"
)