util

package
v2.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 7, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package util provides helper data types and functions for the GREP11 examples

Index

Constants

This section is empty.

Variables

View Source 
var (
	// The following variables are standardized elliptic curve definitions
	OIDNamedCurveP224      = asn1.ObjectIdentifier{1, 3, 132, 0, 33}
	OIDNamedCurveP256      = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
	OIDNamedCurveP384      = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
	OIDNamedCurveP521      = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
	OIDNamedCurveSecp256k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 10}
	OIDNamedCurveX25519    = asn1.ObjectIdentifier{1, 3, 101, 110}
	OIDNamedCurveX448      = asn1.ObjectIdentifier{1, 3, 101, 111}
	OIDNamedCurveED25519   = asn1.ObjectIdentifier{1, 3, 101, 112}
	OIDNamedCurveED448     = asn1.ObjectIdentifier{1, 3, 101, 113}

	// The following variables are regular brainpool elliptic curve definitions
	OIDBrainpoolP160r1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}
	OIDBrainpoolP192r1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}
	OIDBrainpoolP224r1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}
	OIDBrainpoolP256r1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}
	OIDBrainpoolP320r1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}
	OIDBrainpoolP384r1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}

	// The following variables are twisted brainpool elliptic curve definitions
	OIDBrainpoolP160t1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 2}
	OIDBrainpoolP192t1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 4}
	OIDBrainpoolP224t1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 6}
	OIDBrainpoolP256t1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 8}
	OIDBrainpoolP320t1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 10}
	OIDBrainpoolP384t1 = asn1.ObjectIdentifier{1, 3, 36, 3, 3, 2, 8, 1, 1, 12}

	// Public key object identifiers
	OIDECPublicKey  = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
	OIDRSAPublicKey = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
	OIDDSAPublicKey = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}     // RFC 3279, 2.3.2  DSA Signature Keys
	OIDDHPublicKey  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 3, 1} // PKCS#3, 9. Object identifier

	// Supported Dilithium round 2 strengths with SHAKE-256 as PRF
	OIDDilithiumHigh = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 1, 6, 5}
	OIDDilithium87   = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 1, 8, 7}

	// Supported Dilithium round 3 strengths with SHAKE-256 as PRF
	OIDDilithiumR3Weak  = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 7, 4, 4}
	OIDDilithiumR3Rec   = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 7, 6, 5}
	OIDDilithiumR3VHigh = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 7, 8, 7}

	// Supported Kyber round 2 strengths with SHAKE-128 as PRF
	OIDKyberR2Rec  = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 5, 3, 3}
	OIDKyberR2High = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 5, 4, 4}

	// Supported BLS12-381 OIDs
	OIDBLS12_381ET = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 999, 3, 2}
)

Functions

func AttributeMap 

func AttributeMap(attrs ep11.EP11Attributes) map[ep11.Attribute]*pb.AttributeValue

AttributeMap is a map conversion helper function

func AttributeValue 

func AttributeValue(v interface{}) *pb.AttributeValue

AttributeValue converts a standard Golang type into an AttributeValue structure

func Convert 

func Convert(err error) (bool, *pb.Grep11Error)

Convert is a helper function for generating proper Grep11Error structures

func GenerateIV 

func GenerateIV(cryptoClient pb.CryptoClient, blockType BlockType) ([]byte, error)

GenerateIV generates a 16-byte initialization vector for symmetric key operations The remote HSM is used to generate 16 random bytes for the IV This function supports BlockType values of "AESBlkSize" or "DESBlkSize"

func GetAttributeByteValue 

func GetAttributeByteValue(val interface{}) ([]byte, error)

GetAttributeByteValue obtains the byte slice equivalent of an attribute struct

func GetCryptoClient 

func GetCryptoClient(config *ClientConfig) (pb.CryptoClient, *grpc.ClientConn, error)

GetCryptoClient connects to the GREP11 server and returns a gRPC Crypto service client

func GetECPointFromSPKI 

func GetECPointFromSPKI(spki []byte) ([]byte, error)

GetECPointFromSPKI extracts a coordinate bit array (EC point) from the public key in SPKI format

func GetNamedCurveFromOID 

func GetNamedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve

GetNamedCurveFromOID returns an elliptic curve from the specified curve OID

func GetPubKey 

func GetPubKey(spki []byte) (crypto.PublicKey, asn1.ObjectIdentifier, error)

GetPubKey converts an ep11 SPKI structure to a golang ecdsa.PublicKey

func GetSignMechanismFromOID 

func GetSignMechanismFromOID(oid asn1.ObjectIdentifier) (ep11.Mechanism, error)

GetSignMechanismFromOID returns the signing mechanism associated with an object identifier

func MechanismExists 

func MechanismExists(cryptoClient pb.CryptoClient, mech ep11.Mechanism) bool

MechanismExists determines if a mechanism is supported on the remote HSM

func Pause 

func Pause(m chan string, sigs chan os.Signal, message string)

Pause is a helper function that pauses test execution until the user types CTRL-c

func PrintAttributes 

func PrintAttributes(attrs map[ep11.Attribute]*pb.AttributeValue)

PrintAttributes prints a table of all key attribute names and their values

func SetMechParm 

func SetMechParm(parm []byte) *pb.Mechanism_ParameterB

SetMechParm is a helper function that returns a properly formatted mechanism parameter for byte slice parameters

Types

type BlockType 

type BlockType int

BlockType and the associated constants defined below are used for the GenerateIV helper function 

const (
	// AESBlkSize represents the AES block size in bytes
	AESBlkSize BlockType = ep11.AES_BLOCK_SIZE
	// DESBlkSize represents the DES block size in bytes
	DESBlkSize BlockType = ep11.DES_BLOCK_SIZE
)

type ClientConfig 

type ClientConfig struct {
	Address     string
	APIKey      string
	IAMEndpoint string
	DialOpts    []grpc.DialOption
}

ClientConfig is used to setup a gRPC connection with a remote GREP11 server

type DH2Int 

type DH2Int struct {
	Prime *big.Int
	Base  *big.Int
}

DH2Int defines the Diffie-Hellman Prime and Base values extracted from the public key

type DHParam 

type DHParam struct {
	Algorithm asn1.ObjectIdentifier
	PB        DH2Int
}

DHParam defines the Diffie-Hellman algorithm Identifier structure

type DHPubKeyASN 

type DHPubKeyASN struct {
	Parameter DHParam
	PublicKey asn1.BitString
}

DHPubKeyASN defines the Diffie-Hellman public key ASN1 encoding structure for GREP11

type EP11PrivateKey 

type EP11PrivateKey struct {
	// contains filtered or unexported fields
}

EP11PrivateKey MUST implement crypto.Signer interface so that the crypt/tls package can use an EP11PrivateKey in tls.Certificate: https://golang.org/pkg/crypto/tls/#Certificate

func NewEP11Signer 

func NewEP11Signer(cryptoClient pb.CryptoClient, privKeyBlob *pb.KeyBlob, spki *pb.KeyBlob) (*EP11PrivateKey, error)

NewEP11Signer is used in the creation of a TLS certificate

func (*EP11PrivateKey) Public 

func (priv *EP11PrivateKey) Public() crypto.PublicKey

Public is part of the crypto.Signer interface implementation

func (*EP11PrivateKey) Sign 

func (priv *EP11PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign returns a signature in ASN1 format Reference code crypto/ecdsa.go, func (priv *PrivateKey) Sign() ([]byte, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.