Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for EncryptedDEKSourceType (0.39 sec)

  2. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2/api.pb.go 

    	// encryptedDEKSourceType defines the process of using the plaintext of encryptedDEKSource to determine the DEK.
	EncryptedDEKSourceType EncryptedDEKSourceType `protobuf:"varint,5,opt,name=encryptedDEKSourceType,proto3,enum=v2.EncryptedDEKSourceType" json:"encryptedDEKSourceType,omitempty"`
	XXX_NoUnkeyedLiteral   struct{}               `json:"-"`
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Oct 30 18:43:30 UTC 2023
    - 8.2K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2/api.proto 

      //  2. The size of annotations keys + values is less than 32 kB.
  map<string, bytes> annotations = 4;

  // encryptedDEKSourceType defines the process of using the plaintext of encryptedDEKSource to determine the DEK.
  EncryptedDEKSourceType encryptedDEKSourceType = 5;
}

enum EncryptedDEKSourceType {
  // AES_GCM_KEY means that the plaintext of encryptedDEKSource is the DEK itself, with AES-GCM as the encryption algorithm.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Oct 30 18:43:30 UTC 2023
    - 2.7K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go 

    	}

	if useSeed {
		o.EncryptedDEKSourceType = kmstypes.EncryptedDEKSourceType_HKDF_SHA256_XNONCE_AES_GCM_SEED
	} else {
		o.EncryptedDEKSourceType = kmstypes.EncryptedDEKSourceType_AES_GCM_KEY
	}

	if err := ValidateEncryptedObject(o); err != nil {
		return nil, nil, nil, err
	}

	cacheKey, err := generateCacheKey(o.EncryptedDEKSourceType, resp.Ciphertext, resp.KeyID, resp.Annotations)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Oct 27 00:23:50 UTC 2023
    - 18.7K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope_test.go 

    				EncryptedData:          []byte{0},
				EncryptedDEKSourceType: 55,
			},
			expectedError: fmt.Errorf("unknown encryptedDEKSourceType: 55"),
		},
		{
			desc: "empty dek source",
			originalData: &kmstypes.EncryptedObject{
				EncryptedData:          []byte{0},
				EncryptedDEKSourceType: 1,
				KeyID:                  "1",
			},
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Oct 25 16:50:20 UTC 2023
    - 47.2K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config_test.go 

    				if tt.useSeed {
					validCiphertext = validCiphertext && gotState.EncryptedObject.EncryptedDEKSourceType == kmstypes.EncryptedDEKSourceType_HKDF_SHA256_XNONCE_AES_GCM_SEED
				} else {
					validCiphertext = validCiphertext && gotState.EncryptedObject.EncryptedDEKSourceType == kmstypes.EncryptedDEKSourceType_AES_GCM_KEY
				}
				if !validCiphertext {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu May 16 16:56:39 UTC 2024
    - 72.3K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go 

    	// this allows us to easily exercise both modes without restarting the API server
	// TODO integration test that this dynamically takes effect
	useSeed := GetKDF()
	stateUseSeed := state.EncryptedObject.EncryptedDEKSourceType == kmstypes.EncryptedDEKSourceType_HKDF_SHA256_XNONCE_AES_GCM_SEED

	// state is valid and status keyID is unchanged from when we generated this DEK/seed so there is no need to rotate it
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu May 16 16:56:39 UTC 2024
    - 41.2K bytes
    - Viewed (0)
Back to top