107 lines
2.5 KiB
Go
107 lines
2.5 KiB
Go
package keyenc
|
|
|
|
import (
|
|
"crypto/rsa"
|
|
"hash"
|
|
|
|
"github.com/lestrrat-go/jwx/v2/jwa"
|
|
"github.com/lestrrat-go/jwx/v2/jwe/internal/keygen"
|
|
)
|
|
|
|
// Encrypter is an interface for things that can encrypt keys
|
|
type Encrypter interface {
|
|
Algorithm() jwa.KeyEncryptionAlgorithm
|
|
Encrypt([]byte) (keygen.ByteSource, error)
|
|
// KeyID returns the key id for this Encrypter. This exists so that
|
|
// you can pass in a Encrypter to MultiEncrypt, you can rest assured
|
|
// that the generated key will have the proper key ID.
|
|
KeyID() string
|
|
|
|
SetKeyID(string)
|
|
}
|
|
|
|
// Decrypter is an interface for things that can decrypt keys
|
|
type Decrypter interface {
|
|
Algorithm() jwa.KeyEncryptionAlgorithm
|
|
Decrypt([]byte) ([]byte, error)
|
|
}
|
|
|
|
type Noop struct {
|
|
alg jwa.KeyEncryptionAlgorithm
|
|
keyID string
|
|
sharedkey []byte
|
|
}
|
|
|
|
// AES encrypts content encryption keys using AES key wrap.
|
|
// Contrary to what the name implies, it also decrypt encrypted keys
|
|
type AES struct {
|
|
alg jwa.KeyEncryptionAlgorithm
|
|
keyID string
|
|
sharedkey []byte
|
|
}
|
|
|
|
// AESGCM encrypts content encryption keys using AES-GCM key wrap.
|
|
type AESGCMEncrypt struct {
|
|
algorithm jwa.KeyEncryptionAlgorithm
|
|
keyID string
|
|
sharedkey []byte
|
|
}
|
|
|
|
// ECDHESEncrypt encrypts content encryption keys using ECDH-ES.
|
|
type ECDHESEncrypt struct {
|
|
algorithm jwa.KeyEncryptionAlgorithm
|
|
keyID string
|
|
generator keygen.Generator
|
|
}
|
|
|
|
// ECDHESDecrypt decrypts keys using ECDH-ES.
|
|
type ECDHESDecrypt struct {
|
|
keyalg jwa.KeyEncryptionAlgorithm
|
|
contentalg jwa.ContentEncryptionAlgorithm
|
|
apu []byte
|
|
apv []byte
|
|
privkey interface{}
|
|
pubkey interface{}
|
|
}
|
|
|
|
// RSAOAEPEncrypt encrypts keys using RSA OAEP algorithm
|
|
type RSAOAEPEncrypt struct {
|
|
alg jwa.KeyEncryptionAlgorithm
|
|
pubkey *rsa.PublicKey
|
|
keyID string
|
|
}
|
|
|
|
// RSAOAEPDecrypt decrypts keys using RSA OAEP algorithm
|
|
type RSAOAEPDecrypt struct {
|
|
alg jwa.KeyEncryptionAlgorithm
|
|
privkey *rsa.PrivateKey
|
|
}
|
|
|
|
// RSAPKCS15Decrypt decrypts keys using RSA PKCS1v15 algorithm
|
|
type RSAPKCS15Decrypt struct {
|
|
alg jwa.KeyEncryptionAlgorithm
|
|
privkey *rsa.PrivateKey
|
|
generator keygen.Generator
|
|
}
|
|
|
|
// RSAPKCSEncrypt encrypts keys using RSA PKCS1v15 algorithm
|
|
type RSAPKCSEncrypt struct {
|
|
alg jwa.KeyEncryptionAlgorithm
|
|
pubkey *rsa.PublicKey
|
|
keyID string
|
|
}
|
|
|
|
// DirectDecrypt does no encryption (Note: Unimplemented)
|
|
type DirectDecrypt struct {
|
|
Key []byte
|
|
}
|
|
|
|
// PBES2Encrypt encrypts keys with PBES2 / PBKDF2 password
|
|
type PBES2Encrypt struct {
|
|
algorithm jwa.KeyEncryptionAlgorithm
|
|
hashFunc func() hash.Hash
|
|
keylen int
|
|
keyID string
|
|
password []byte
|
|
}
|