v1.0.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2022 License: MIT, MIT, MIT Imports: 21 Imported by: 0



Package protocol implemets parts of cryptographic message syntax RFC 5652. This package is mostly for handling of the asn1 sturctures of cms. For de/encryption and signing/verfiying use to package cms.



This section is empty.


View Source
var (
	// ErrWrongType is returned by methods that make assumptions about types.
	// Helper methods are defined for accessing CHOICE and  ANY feilds. These
	// helper methods get the value of the field, assuming it is of a given type.
	// This error is returned if that assumption is wrong and the field has a
	// different type.
	ErrWrongType = errors.New("cms/protocol: wrong choice or any type")

	// ErrNoCertificate is returned when a requested certificate cannot be found.
	ErrNoCertificate = errors.New("no certificate found")

	// ErrNoKeyFound is returned when a requested certificate cannot be found.
	ErrNoKeyFound = errors.New("no key for decryption found")

	// ErrUnsupported is returned when an unsupported type or version
	// is encountered.
	ErrUnsupported = ASN1Error{"unsupported type or version"}

	// ErrTrailingData is returned when extra data is found after parsing an ASN.1
	// structure.
	ErrTrailingData = ASN1Error{"unexpected trailing data"}
View Source
var ErrUnsupportedAlgorithm = errors.New("cms: cannot decrypt data: unsupported algorithm")

ErrUnsupportedAlgorithm is returned if the algorithm is unsupported.


func ANSIx963KDF

func ANSIx963KDF(sharedSecret, sharedInfo []byte, keyLen int, hash crypto.Hash) (key []byte, err error)

ANSIx963KDF implents ANSI X9.63 key derivation function

func ECDHsharedSecret

func ECDHsharedSecret(curve elliptic.Curve, priv []byte, pubX, pubY *big.Int) []byte

ECDHsharedSecret computes shared secret with ephemeral static ECDH

func IASstring

func IASstring(cert *x509.Certificate) (iasString string, err error)

IASstring retuns the ias of the cert as hex encoded string.

func RawValue

func RawValue(val interface{}, params ...string) (rv asn1.RawValue, err error)

RawValue marshals val and returns the asn1.RawValue


type ASN1Error

type ASN1Error struct {
	Message string

ASN1Error is an error from parsing ASN.1 structures.

func (ASN1Error) Error

func (err ASN1Error) Error() string

Error implements the error interface.

type Attribute

type Attribute struct {
	Type asn1.ObjectIdentifier

	// This should be a SET OF ANY, but Go's asn1 parser can't handle slices of
	// RawValues. Use value() to get an AnySet of the value.
	RawValue []asn1.RawValue `asn1:"set"`
Attribute ::= SEQUENCE {
  attrValues SET OF AttributeValue }

AttributeValue ::= ANY

func NewAttribute

func NewAttribute(attrType asn1.ObjectIdentifier, val interface{}) (attr Attribute, err error)

NewAttribute creates a single-value Attribute.

type Attributes

type Attributes []Attribute

Attributes is a common Go type for SignedAttributes and UnsignedAttributes.

SignedAttributes ::= SET SIZE (1..MAX) OF Attribute

UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute

func (Attributes) GetOnlyAttributeValueBytes

func (attrs Attributes) GetOnlyAttributeValueBytes(oid asn1.ObjectIdentifier) (rv asn1.RawValue, err error)

GetOnlyAttributeValueBytes gets an attribute value, returning an error if the attribute occurs multiple times or has multiple values.

func (Attributes) GetValues

func (attrs Attributes) GetValues(oid asn1.ObjectIdentifier) ([][]asn1.RawValue, error)

GetValues retreives the attributes with the given OID. A nil value is returned if the OPTIONAL SET of Attributes is missing from the SignerInfo. An empty slice is returned if the specified attribute isn't in the set.

type AuthEnvelopedData

type AuthEnvelopedData struct {
	Version        int
	OriginatorInfo asn1.RawValue   `asn1:"optional,tag:0"`
	RecipientInfos []RecipientInfo `asn1:"set,choice"`
	AECI           EncryptedContentInfo
	AauthAttrs     []Attribute `asn1:"set,optional,tag:1"`
	MAC            []byte
	UnAauthAttrs   []Attribute `asn1:"set,optional,tag:2"`
AuthEnvelopedData ::= SEQUENCE {
	version CMSVersion,
	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
	recipientInfos RecipientInfos,
	authEncryptedContentInfo EncryptedContentInfo,

/ authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,

mac MessageAuthenticationCode,
unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }

func NewAuthEnvelopedData

func NewAuthEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo, mac []byte) AuthEnvelopedData

NewAuthEnvelopedData creates AuthEnvelopedData from an EncryptedContentInfo with mac and given RecipientInfos.

func (AuthEnvelopedData) ContentInfo

func (ed AuthEnvelopedData) ContentInfo() (ContentInfo, error)

ContentInfo marshals AuthEnvelopedData and returns ContentInfo.

func (*AuthEnvelopedData) Decrypt

func (ed *AuthEnvelopedData) Decrypt(keyPair []tls.Certificate) (plain []byte, err error)

Decrypt decrypts AuthEnvelopedData and returns the plaintext.

type CertificateChoices

type CertificateChoices struct {
	Cert       x509.Certificate       `asn1:"optional"`
	V2AttrCert asn1.RawValue          `asn1:"optional,tag:2"`
	Other      OtherCertificateFormat `asn1:"optional,tag:3"`
CertificateChoices ::= CHOICE {
  certificate Certificate,
  extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
  v1AttrCert [1] IMPLICIT AttributeCertificateV1,       -- Obsolete
  v2AttrCert [2] IMPLICIT AttributeCertificateV2,
  other [3] IMPLICIT OtherCertificateFormat }

type ContentInfo

type ContentInfo struct {
	ContentType asn1.ObjectIdentifier
	Content     asn1.RawValue `asn1:"explicit,tag:0"`
ContentInfo ::= SEQUENCE {
  contentType ContentType,
  content [0] EXPLICIT ANY DEFINED BY contentType }


func ParseContentInfo

func ParseContentInfo(der []byte) (ci ContentInfo, err error)

ParseContentInfo parses DER-encoded ASN.1 data and returns ContentInfo.

func (ContentInfo) AuthEnvelopedDataContent

func (ci ContentInfo) AuthEnvelopedDataContent() (*AuthEnvelopedData, error)

AuthEnvelopedDataContent unmarshals ContentInfo and returns AuthEnvelopedData if content type is AuthEnvelopedData.

func (ContentInfo) Base64

func (ci ContentInfo) Base64() ([]byte, error)

Base64 encodes the DER-encoded ASN.1 data in base64 for use in S/MIME.

func (ContentInfo) DER

func (ci ContentInfo) DER() ([]byte, error)

DER returns the DER-encoded ASN.1 data.

func (ContentInfo) EnvelopedDataContent

func (ci ContentInfo) EnvelopedDataContent() (*EnvelopedData, error)

EnvelopedDataContent returns EnvelopedData if ContentType is EnvelopedData.

func (ContentInfo) SignedDataContent

func (ci ContentInfo) SignedDataContent() (*SignedData, error)

SignedDataContent returns SignedData if ContentType is SignedData.

type ECCCMSSharedInfo

type ECCCMSSharedInfo struct {
	KeyInfo     pkix.AlgorithmIdentifier
	EntityUInfo []byte `asn1:"optional,explicit,tag:0"`
	SuppPubInfo []byte `asn1:"explicit,tag:2"`
ECCCMSSharedInfo ECC-CMS-SharedInfo ::= SEQUENCE {
	keyInfo         AlgorithmIdentifier,

type EncapsulatedContentInfo

type EncapsulatedContentInfo struct {
	EContentType asn1.ObjectIdentifier ``                               // ContentType ::= OBJECT IDENTIFIER
	EContent     []byte                `asn1:"optional,explicit,tag:0"` //
EncapsulatedContentInfo ::= SEQUENCE {
  eContentType ContentType,

func NewDataEncapsulatedContentInfo

func NewDataEncapsulatedContentInfo(data []byte) (EncapsulatedContentInfo, error)

NewDataEncapsulatedContentInfo creates a new EncapsulatedContentInfo of type id-data.

func NewEncapsulatedContentInfo

func NewEncapsulatedContentInfo(contentType asn1.ObjectIdentifier, content []byte) (EncapsulatedContentInfo, error)

NewEncapsulatedContentInfo creates a new EncapsulatedContentInfo.

func (EncapsulatedContentInfo) IsTypeData

func (eci EncapsulatedContentInfo) IsTypeData() bool

IsTypeData checks if the EContentType is id-data.

type EncryptedContentInfo

type EncryptedContentInfo struct {
	EContentType               asn1.ObjectIdentifier
	ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
	EContent                   []byte `asn1:"optional,implicit,tag:0"`
EncryptedContentInfo ::= SEQUENCE {
	contentType ContentType,
	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
	encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }

func NewEncryptedContentInfo

func NewEncryptedContentInfo(contentType asn1.ObjectIdentifier, contentEncryptionAlg asn1.ObjectIdentifier, content []byte) (eci EncryptedContentInfo, key, mac []byte, err error)

NewEncryptedContentInfo encrypts the conent with the contentEncryptionAlgorithm and retuns the EncryptedContentInfo, the key and the MAC.

type EnvelopedData

type EnvelopedData struct {
	Version          int
	OriginatorInfo   asn1.RawValue        `asn1:"optional,tag:0"`
	RecipientInfos   []RecipientInfo      `asn1:"set,choice"`
	ECI              EncryptedContentInfo ``
	UnprotectedAttrs []Attribute          `asn1:"set,optional,tag:1"`
EnvelopedData ::= SEQUENCE {
	version CMSVersion,
	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
	recipientInfos RecipientInfos,
	encryptedContentInfo EncryptedContentInfo,
	unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }

func NewEnvelopedData

func NewEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo) EnvelopedData

NewEnvelopedData creates a new EnvelopedData from the given data.

func (EnvelopedData) ContentInfo

func (ed EnvelopedData) ContentInfo() (ContentInfo, error)

ContentInfo returns new ContentInfo with ContentType EnvelopedData.

func (*EnvelopedData) Decrypt

func (ed *EnvelopedData) Decrypt(keyPairs []tls.Certificate) (plain []byte, err error)

Decrypt decrypts the EnvelopedData with the given keyPair and retuns the plaintext.

type IssuerAndSerialNumber

type IssuerAndSerialNumber struct {
	Issuer       asn1.RawValue
	SerialNumber *big.Int
IssuerAndSerialNumber ::= SEQUENCE {
	issuer Name,
	serialNumber CertificateSerialNumber }

CertificateSerialNumber ::= INTEGER

func NewIssuerAndSerialNumber

func NewIssuerAndSerialNumber(cert *x509.Certificate) (sid IssuerAndSerialNumber, err error)

NewIssuerAndSerialNumber creates a IssuerAndSerialNumber SID for the given cert.

func (*IssuerAndSerialNumber) Equal

Equal returns true if ias and ias2 agree.

func (*IssuerAndSerialNumber) RawValue

func (ias *IssuerAndSerialNumber) RawValue() (rv asn1.RawValue, err error)

RawValue returns the RawValue of the IssuerAndSerialNumber.

type KeyAgreeRecipientIdentifier

type KeyAgreeRecipientIdentifier struct {
	IAS    IssuerAndSerialNumber  `asn1:"optional"`
	RKeyID RecipientKeyIdentifier `asn1:"optional,tag:0"`
KeyAgreeRecipientIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	rKeyId [0] IMPLICIT RecipientKeyIdentifier }

type KeyAgreeRecipientInfo

type KeyAgreeRecipientInfo struct {
	Version                int
	Originator             OriginatorIdentifierOrKey `asn1:"explicit,choice,tag:0"`
	UKM                    []byte                    `asn1:"explicit,optional,tag:1"`
	KeyEncryptionAlgorithm pkix.AlgorithmIdentifier  ``
	RecipientEncryptedKeys []RecipientEncryptedKey   `asn1:"sequence"` //RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
KeyAgreeRecipientInfo ::= SEQUENCE {
	version CMSVersion,  -- always set to 3
	originator [0] EXPLICIT OriginatorIdentifierOrKey,
	ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
	recipientEncryptedKeys RecipientEncryptedKeys }

type KeyTransRecipientInfo

type KeyTransRecipientInfo struct {
	Version                int
	Rid                    RecipientIdentifier `asn1:"choice"`
	KeyEncryptionAlgorithm pkix.AlgorithmIdentifier
	EncryptedKey           []byte
KeyTransRecipientInfo ::= SEQUENCE {
	version CMSVersion,  -- always set to 0 or 2
	rid RecipientIdentifier,
	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
	encryptedKey EncryptedKey }

type OriginatorIdentifierOrKey

type OriginatorIdentifierOrKey struct {
	IAS           IssuerAndSerialNumber `asn1:"optional"`
	SKI           []byte                `asn1:"optional,tag:0"`
	OriginatorKey OriginatorPublicKey   `asn1:"optional,tag:1"`
OriginatorIdentifierOrKey ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] SubjectKeyIdentifier,
	originatorKey [1] OriginatorPublicKey }

type OriginatorPublicKey

type OriginatorPublicKey struct {
	Algorithm pkix.AlgorithmIdentifier
	PublicKey asn1.BitString
OriginatorPublicKey ::= SEQUENCE {
	algorithm AlgorithmIdentifier,
	publicKey BIT STRING

type OtherCertificateFormat

type OtherCertificateFormat struct {
	OtherCertFormat asn1.ObjectIdentifier
	OtherCert       asn1.RawValue
OtherCertificateFormat ::= SEQUENCE {
  otherCertFormat OBJECT IDENTIFIER,
  otherCert ANY DEFINED BY otherCertFormat }

type OtherKeyAttribute

type OtherKeyAttribute struct {
	KeyAttrID asn1.ObjectIdentifier
	KeyAttr   asn1.RawValue `asn1:"optional"`
OtherKeyAttribute ::= SEQUENCE {

type OtherRevocationInfoFormat

type OtherRevocationInfoFormat struct {
	OtherRevInfoFormat asn1.ObjectIdentifier
	OtherRevInfo       asn1.RawValue
OtherRevocationInfoFormat ::= SEQUENCE {
  otherRevInfoFormat OBJECT IDENTIFIER,
  otherRevInfo ANY DEFINED BY otherRevInfoFormat }

type RSAESOAEPparams

type RSAESOAEPparams struct {
	HashFunc    pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:0"`
	MaskGenFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:1"`
	PSourceFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:2"`
	hashFunc    [0] AlgorithmIdentifier DEFAULT sha1Identifier,
	maskGenFunc [1] AlgorithmIdentifier DEFAULT mgf1SHA1Identifier,
	pSourceFunc [2] AlgorithmIdentifier DEFAULT
						pSpecifiedEmptyIdentifier  }

type RecipientEncryptedKey

type RecipientEncryptedKey struct {
	RID          KeyAgreeRecipientIdentifier `asn1:"choice"`
	EncryptedKey []byte
RecipientEncryptedKey ::= SEQUENCE {
	rid KeyAgreeRecipientIdentifier,
	encryptedKey EncryptedKey }

type RecipientIdentifier

type RecipientIdentifier struct {
	IAS IssuerAndSerialNumber `asn1:"optional"`
	SKI []byte                `asn1:"optional,tag:0"`
RecipientIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] SubjectKeyIdentifier }

type RecipientInfo

type RecipientInfo struct {
	KTRI  KeyTransRecipientInfo `asn1:"optional"`
	KARI  KeyAgreeRecipientInfo `asn1:"optional,tag:1"` //KeyAgreeRecipientInfo
	KEKRI asn1.RawValue         `asn1:"optional,tag:2"`
	PWRI  asn1.RawValue         `asn1:"optional,tag:3"`
	ORI   asn1.RawValue         `asn1:"optional,tag:4"`
RecipientInfo ::= CHOICE {
	ktri KeyTransRecipientInfo,
	kari [1] KeyAgreeRecipientInfo,
	kekri [2] KEKRecipientInfo,
	pwri [3] PasswordRecipientInfo,
	ori [4] OtherRecipientInfo }

func NewRecipientInfo

func NewRecipientInfo(recipient *x509.Certificate, key []byte) (info RecipientInfo, err error)

NewRecipientInfo creates RecipientInfo for giben recipient and key.

type RecipientKeyIdentifier

type RecipientKeyIdentifier struct {
	SubjectKeyIdentifier []byte            //SubjectKeyIdentifier ::= OCTET STRING
	Date                 time.Time         `asn1:"optional"`
	Other                OtherKeyAttribute `asn1:"optional"`
RecipientKeyIdentifier ::= SEQUENCE {
	subjectKeyIdentifier SubjectKeyIdentifier,
	date GeneralizedTime OPTIONAL,
	other OtherKeyAttribute OPTIONAL }

type RevocationInfoChoice

type RevocationInfoChoice struct {
	Crl   pkix.CertificateList      `asn1:"optional"`
	Other OtherRevocationInfoFormat `asn1:"optional,tag:1"`
RevocationInfoChoice ::= CHOICE {
  crl CertificateList,
  other [1] IMPLICIT OtherRevocationInfoFormat }

type SignedData

type SignedData struct {
	Version          int                        ``                          // CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
	DigestAlgorithms []pkix.AlgorithmIdentifier `asn1:"set"`                //DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier //DigestAlgorithmIdentifier ::= AlgorithmIdentifier
	EncapContentInfo EncapsulatedContentInfo    ``                          //
	Certificates     []asn1.RawValue            `asn1:"optional,set,tag:0"` // CertificateSet ::= SET OF CertificateChoices
	CRLs             []RevocationInfoChoice     `asn1:"optional,set,tag:1"` // RevocationInfoChoices ::= SET OF RevocationInfoChoice
	SignerInfos      []SignerInfo               `asn1:"set"`                // SignerInfos ::= SET OF SignerInfo
SignedData ::= SEQUENCE {
  version CMSVersion,
  digestAlgorithms DigestAlgorithmIdentifiers,
  encapContentInfo EncapsulatedContentInfo,
  certificates [0] IMPLICIT CertificateSet OPTIONAL,
  crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
  signerInfos SignerInfos }

func NewSignedData

func NewSignedData(eci EncapsulatedContentInfo) (*SignedData, error)

NewSignedData creates a new SignedData.

func (*SignedData) AddCertificate

func (sd *SignedData) AddCertificate(cert []byte) error

AddCertificate adds a *x509.Certificate.

func (*SignedData) AddSignerInfo

func (sd *SignedData) AddSignerInfo(keypPair tls.Certificate, attrs []Attribute) (err error)

AddSignerInfo adds a SignerInfo to the SignedData.

func (*SignedData) ClearCertificates

func (sd *SignedData) ClearCertificates()

ClearCertificates removes all certificates.

func (*SignedData) ContentInfo

func (sd *SignedData) ContentInfo() (ContentInfo, error)

ContentInfo returns the SignedData wrapped in a ContentInfo packet.

func (*SignedData) Verify

func (sd *SignedData) Verify(Opts x509.VerifyOptions, detached []byte) (chains [][][]*x509.Certificate, err error)

Verify checks the signature

func (*SignedData) X509Certificates

func (sd *SignedData) X509Certificates() (map[string]*x509.Certificate, error)

X509Certificates gets the certificates, assuming that they're X.509 encoded.

type SignerIdentifier

type SignerIdentifier struct {
	IAS IssuerAndSerialNumber `asn1:"optional"`
	SKI []byte                `asn1:"optional,tag:0"`
SignerIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] SubjectKeyIdentifier }

type SignerInfo

type SignerInfo struct {
	Version            int                      ``                          // CMSVersion ::= INTEGER    { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
	SID                SignerIdentifier         `asn1:"choice"`             //
	DigestAlgorithm    pkix.AlgorithmIdentifier ``                          // DigestAlgorithmIdentifier ::= AlgorithmIdentifier
	SignedAttrs        []Attribute              `asn1:"set,optional,tag:0"` // SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
	SignatureAlgorithm pkix.AlgorithmIdentifier ``                          // SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
	Signature          []byte                   ``                          // SignatureValue ::= OCTET STRING
	UnsignedAttrs      []Attribute              `asn1:"set,optional,tag:1"` // UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
SignerInfo ::= SEQUENCE {
  version CMSVersion,
  sid SignerIdentifier,
  digestAlgorithm DigestAlgorithmIdentifier,
  signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
  signatureAlgorithm SignatureAlgorithmIdentifier,
  signature SignatureValue,
  unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }

func (SignerInfo) FindCertificate

func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)

FindCertificate finds this SignerInfo's certificate in a slice of certificates.

func (SignerInfo) GetContentTypeAttribute

func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)

GetContentTypeAttribute gets the signed ContentType attribute from the SignerInfo.

func (SignerInfo) GetMessageDigestAttribute

func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)

GetMessageDigestAttribute gets the signed MessageDigest attribute from the SignerInfo.

func (SignerInfo) GetSigningTimeAttribute

func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)

GetSigningTimeAttribute gets the signed SigningTime attribute from the SignerInfo.

func (SignerInfo) Hash

func (si SignerInfo) Hash() (crypto.Hash, error)

Hash gets the crypto.Hash associated with this SignerInfo's DigestAlgorithm. 0 is returned for unrecognized algorithms.

func (SignerInfo) X509SignatureAlgorithm

func (si SignerInfo) X509SignatureAlgorithm() (sigAlg x509.SignatureAlgorithm, err error)

X509SignatureAlgorithm gets the x509.SignatureAlgorithm that should be used for verifying this SignerInfo's signature.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL