当前位置: 首页>>代码示例>>Golang>>正文


Golang security.ManagedKey类代码示例

本文整理汇总了Golang中euphoria/io/heim/proto/security.ManagedKey的典型用法代码示例。如果您正苦于以下问题:Golang ManagedKey类的具体用法?Golang ManagedKey怎么用?Golang ManagedKey使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了ManagedKey类的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: NewAgent

func NewAgent(agentID []byte, accessKey *security.ManagedKey) (*Agent, error) {
	if accessKey.Encrypted() {
		return nil, security.ErrKeyMustBeDecrypted
	}

	iv := make([]byte, accessKey.KeySize())
	if _, err := rand.Read(iv); err != nil {
		return nil, err
	}

	if agentID == nil {
		agentID = make([]byte, AgentIDSize)
		if _, err := rand.Read(agentID); err != nil {
			return nil, err
		}
	}

	var (
		mac [16]byte
		key [32]byte
	)
	copy(key[:], accessKey.Plaintext)
	poly1305.Sum(&mac, iv, &key)

	agent := &Agent{
		ID:      agentID,
		IV:      iv,
		MAC:     mac[:],
		Created: time.Now(),
	}
	return agent, nil
}
开发者ID:logan,项目名称:heim,代码行数:32,代码来源:agent.go

示例2: ChangeClientKey

func (sec *AccountSecurity) ChangeClientKey(oldKey, newKey *security.ManagedKey) error {
	if oldKey.Encrypted() || newKey.Encrypted() {
		return security.ErrKeyMustBeDecrypted
	}

	// Extract decrypted UserKey and verify correctness of oldKey.
	kek, _, err := sec.unlock(oldKey)
	if err != nil {
		return err
	}

	// Encrypt new UserKey.
	if err := kek.Encrypt(newKey); err != nil {
		return err
	}

	// Update MAC and encrypted UserKey.
	var (
		mac [16]byte
		key [32]byte
	)
	copy(key[:], newKey.Plaintext)
	poly1305.Sum(&mac, sec.Nonce, &key)
	sec.MAC = mac[:]
	sec.UserKey = *kek

	return nil
}
开发者ID:NotAMoose,项目名称:heim,代码行数:28,代码来源:account.go

示例3: SetUserKey

func (b *AccountManagerBinding) SetUserKey(
	ctx scope.Context, accountID snowflake.Snowflake, key *security.ManagedKey) error {

	if !key.Encrypted() {
		return security.ErrKeyMustBeEncrypted
	}

	res, err := b.DbMap.Exec(
		"UPDATE account SET encrypted_user_key = $2 WHERE id = $1", accountID.String(), key.Ciphertext)
	if err != nil {
		if err == sql.ErrNoRows {
			return proto.ErrAccountNotFound
		}
		return err
	}

	n, err := res.RowsAffected()
	if err != nil {
		return err
	}
	if n == 0 {
		return proto.ErrAccountNotFound
	}

	return nil
}
开发者ID:NotAMoose,项目名称:heim,代码行数:26,代码来源:account.go

示例4: unlock

func (sec *AccountSecurity) unlock(clientKey *security.ManagedKey) (
	*security.ManagedKey, *security.ManagedKeyPair, error) {

	if clientKey.Encrypted() {
		return nil, nil, security.ErrKeyMustBeDecrypted
	}

	var (
		mac [16]byte
		key [32]byte
	)
	copy(mac[:], sec.MAC)
	copy(key[:], clientKey.Plaintext)
	if !poly1305.Verify(&mac, sec.Nonce, &key) {
		return nil, nil, ErrAccessDenied
	}

	kek := sec.UserKey.Clone()
	if err := kek.Decrypt(clientKey); err != nil {
		return nil, nil, err
	}

	kp := sec.KeyPair.Clone()
	if err := kp.Decrypt(&kek); err != nil {
		return nil, nil, err
	}

	return &kek, &kp, nil
}
开发者ID:NotAMoose,项目名称:heim,代码行数:29,代码来源:account.go

示例5: emailVerificationToken

func emailVerificationToken(key *security.ManagedKey, email string) ([]byte, error) {
	if key.Encrypted() {
		return nil, security.ErrKeyMustBeDecrypted
	}

	mac := hmac.New(sha1.New, key.Plaintext)
	mac.Write([]byte(email))
	return mac.Sum(nil), nil
}
开发者ID:rmasoni,项目名称:heim,代码行数:9,代码来源:heim.go

示例6: newAgentCredentials

func newAgentCredentials(agent *proto.Agent, agentKey *security.ManagedKey) (*agentCredentials, error) {
	if agentKey.Encrypted() {
		return nil, security.ErrKeyMustBeDecrypted
	}

	ac := &agentCredentials{
		ID:  agent.IDString(),
		Key: agentKey.Plaintext,
	}
	return ac, nil
}
开发者ID:logan,项目名称:heim,代码行数:11,代码来源:agent.go

示例7: transmitToAccount

func (pm *PM) transmitToAccount(kms security.KMS, pmKey *security.ManagedKey, receiver Account) (*PM, error) {
	userKey := receiver.SystemKey()
	if err := kms.DecryptKey(&userKey); err != nil {
		return nil, err
	}

	encryptedReceiverKey := pmKey.Clone()
	encryptedReceiverKey.IV = pm.IV
	if err := encryptedReceiverKey.Encrypt(&userKey); err != nil {
		return nil, err
	}

	pm.EncryptedReceiverKey = &encryptedReceiverKey
	return pm, nil
}
开发者ID:logan,项目名称:heim,代码行数:15,代码来源:pm.go

示例8: Unlock

func (a *Agent) Unlock(accessKey *security.ManagedKey) (*security.ManagedKey, error) {
	if a.EncryptedClientKey == nil {
		return nil, ErrClientKeyNotFound
	}

	if accessKey.Encrypted() {
		return nil, security.ErrKeyMustBeDecrypted
	}

	if !a.verify(accessKey) {
		return nil, ErrAccessDenied
	}

	clientKey := a.EncryptedClientKey.Clone()
	if err := clientKey.Decrypt(accessKey); err != nil {
		return nil, err
	}
	return &clientKey, nil
}
开发者ID:logan,项目名称:heim,代码行数:19,代码来源:agent.go

示例9: DecryptKey

func (k *KMS) DecryptKey(key *security.ManagedKey) error {
	if !key.Encrypted() {
		return fmt.Errorf("aws kms: key is already decrypted")
	}
	ctx := map[string]*string{key.ContextKey: &key.ContextValue}
	req := &kms.DecryptInput{
		CiphertextBlob:    key.Ciphertext,
		EncryptionContext: ctx,
	}
	resp, err := k.kms.Decrypt(req)
	if err != nil {
		if apiErr, ok := err.(awserr.Error); ok && apiErr.Message() == "" {
			err = fmt.Errorf("%s", apiErr.Code())
		}
		return fmt.Errorf("aws kms: error decrypting data key: %s", err)
	}
	key.Plaintext = resp.Plaintext
	key.Ciphertext = nil
	return nil
}
开发者ID:logan,项目名称:heim,代码行数:20,代码来源:kms.go

示例10: decryptRoomKey

func decryptRoomKey(clientKey *security.ManagedKey, capability security.Capability) (
	*security.ManagedKey, error) {

	if clientKey.Encrypted() {
		return nil, security.ErrKeyMustBeDecrypted
	}

	iv, err := base64.URLEncoding.DecodeString(capability.CapabilityID())
	if err != nil {
		return nil, err
	}

	roomKeyJSON := capability.EncryptedPayload()
	if err := clientKey.BlockCrypt(iv, clientKey.Plaintext, roomKeyJSON, false); err != nil {
		return nil, err
	}

	roomKey := &security.ManagedKey{
		KeyType: security.AES128,
	}
	if err := json.Unmarshal(clientKey.Unpad(roomKeyJSON), &roomKey.Plaintext); err != nil {
		return nil, err
	}
	return roomKey, nil
}
开发者ID:logan,项目名称:heim,代码行数:25,代码来源:crypto.go

示例11: Unlock

func (sec *RoomSecurity) Unlock(managerKey *security.ManagedKey) (*security.ManagedKeyPair, error) {
	if managerKey.Encrypted() {
		return nil, security.ErrKeyMustBeDecrypted
	}

	var (
		mac [16]byte
		key [32]byte
	)
	copy(mac[:], sec.MAC)
	copy(key[:], managerKey.Plaintext)
	if !poly1305.Verify(&mac, sec.KeyPair.IV, &key) {
		return nil, ErrAccessDenied
	}

	kp := sec.KeyPair.Clone()
	if err := kp.Decrypt(managerKey); err != nil {
		return nil, err
	}

	return &kp, nil
}
开发者ID:robot0x,项目名称:heim,代码行数:22,代码来源:room.go

示例12: EncryptMessage

func EncryptMessage(msg *Message, keyID string, key *security.ManagedKey) error {
	if key == nil {
		return security.ErrInvalidKey
	}
	if key.Encrypted() {
		return security.ErrKeyMustBeDecrypted
	}

	payload := &Message{
		Sender:  msg.Sender,
		Content: msg.Content,
	}
	plaintext, err := json.Marshal(payload)
	if err != nil {
		return err
	}

	// TODO: incorporate last edit ID into nonce
	nonce := []byte(msg.ID.String())
	data := []byte(msg.Sender.ID)

	digest, ciphertext, err := security.EncryptGCM(key, nonce, plaintext, data)
	if err != nil {
		return fmt.Errorf("message encrypt: %s", err)
	}

	digestStr := base64.URLEncoding.EncodeToString(digest)
	cipherStr := base64.URLEncoding.EncodeToString(ciphertext)

	msg.Sender = SessionView{
		IdentityView: IdentityView{ID: msg.Sender.ID},
		SessionID:    msg.Sender.SessionID,
	}
	msg.Content = digestStr + "/" + cipherStr
	msg.EncryptionKeyID = "v1/" + keyID
	return nil
}
开发者ID:logan,项目名称:heim,代码行数:37,代码来源:crypto.go

示例13: SetClientKey

func (a *Agent) SetClientKey(accessKey, clientKey *security.ManagedKey) error {
	if accessKey.Encrypted() || clientKey.Encrypted() {
		return security.ErrKeyMustBeDecrypted
	}

	if !a.verify(accessKey) {
		return ErrAccessDenied
	}

	encryptedClientKey := clientKey.Clone()
	encryptedClientKey.IV = a.IV
	if err := encryptedClientKey.Encrypt(accessKey); err != nil {
		return err
	}

	a.EncryptedClientKey = &encryptedClientKey
	return nil
}
开发者ID:logan,项目名称:heim,代码行数:18,代码来源:agent.go


注:本文中的euphoria/io/heim/proto/security.ManagedKey类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。