constellation/keyservice/kms/kms.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package kms

import (
	"context"
	"errors"
)

// CloudKMS enables using cloud base Key Management Services.
type CloudKMS interface {
	// CreateKEK creates a new KEK with the given key material, if provided. If successful, the key can be referenced by keyID in the KMS in accordance to the policy.
	CreateKEK(ctx context.Context, keyID string, kek []byte) error
	// GetDEK returns the DEK for dekID and kekID from the KMS.
	// If the DEK does not exist, a new one is created and saved to storage.
	GetDEK(ctx context.Context, kekID string, dekID string, dekSize int) ([]byte, error)
}

// Storage provides an abstract interface for the storage backend used for DEKs.
type Storage interface {
	// Get returns a DEK from the storage by key ID. If the DEK does not exist, returns storage.ErrDEKUnset.
	Get(context.Context, string) ([]byte, error)
	// Put saves a DEK to the storage by key ID.
	Put(context.Context, string, []byte) error
}

// ErrKEKUnknown is an error raised by unknown KEK in the KMS.
var ErrKEKUnknown = errors.New("requested KEK not found")
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 03:06:08 -04:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`package kms`

			`import (`
			`"context"`
			`"errors"`
			`)`

			`// CloudKMS enables using cloud base Key Management Services.`
			`type CloudKMS interface {`
			`// CreateKEK creates a new KEK with the given key material, if provided. If successful, the key can be referenced by keyID in the KMS in accordance to the policy.`
			`CreateKEK(ctx context.Context, keyID string, kek []byte) error`
			`// GetDEK returns the DEK for dekID and kekID from the KMS.`
			`// If the DEK does not exist, a new one is created and saved to storage.`
			`GetDEK(ctx context.Context, kekID string, dekID string, dekSize int) ([]byte, error)`
			`}`

			`// Storage provides an abstract interface for the storage backend used for DEKs.`
			`type Storage interface {`
			`// Get returns a DEK from the storage by key ID. If the DEK does not exist, returns storage.ErrDEKUnset.`
			`Get(context.Context, string) ([]byte, error)`
			`// Put saves a DEK to the storage by key ID.`
			`Put(context.Context, string, []byte) error`
			`}`

			`// ErrKEKUnknown is an error raised by unknown KEK in the KMS.`
			`var ErrKEKUnknown = errors.New("requested KEK not found")`