1package wrapping
2
3import (
4	"context"
5
6	"github.com/hashicorp/go-hclog"
7)
8
9// These values define known types of Wrappers
10const (
11	AEAD            = "aead"
12	AliCloudKMS     = "alicloudkms"
13	AWSKMS          = "awskms"
14	AzureKeyVault   = "azurekeyvault"
15	GCPCKMS         = "gcpckms"
16	HuaweiCloudKMS  = "huaweicloudkms"
17	MultiWrapper    = "multiwrapper"
18	OCIKMS          = "ocikms"
19	PKCS11          = "pkcs11"
20	Shamir          = "shamir"
21	TencentCloudKMS = "tencentcloudkms"
22	Transit         = "transit"
23	YandexCloudKMS  = "yandexcloudkms"
24	Test            = "test-auto"
25
26	// HSMAutoDeprecated is a deprecated type relevant to Vault prior to 0.9.0.
27	// It is still referenced in certain code paths for upgrade purporses
28	HSMAutoDeprecated = "hsm-auto"
29)
30
31// Wrapper is the embedded implementation of autoSeal that contains logic
32// specific to encrypting and decrypting data, or in this case keys.
33type Wrapper interface {
34	// Type is the type of Wrapper
35	Type() string
36
37	// KeyID is the ID of the key currently used for encryption
38	KeyID() string
39	// HMACKeyID is the ID of the key currently used for HMACing (if any)
40	HMACKeyID() string
41
42	// Init allows performing any necessary setup calls before using this Wrapper
43	Init(context.Context) error
44	// Finalize should be called when all usage of this Wrapper is done
45	Finalize(context.Context) error
46
47	// Encrypt encrypts the given byte slice and puts information about the final result in the returned value. The second byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation.
48	Encrypt(context.Context, []byte, []byte) (*EncryptedBlobInfo, error)
49	// Decrypt takes in the value and decrypts it into the byte slice.  The byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation.
50	Decrypt(context.Context, *EncryptedBlobInfo, []byte) ([]byte, error)
51}
52
53// WrapperOptions contains options used when creating a Wrapper
54type WrapperOptions struct {
55	Logger hclog.Logger
56}
57