README
¶
go-kmip
go-kmip implements subset of KMIP 1.4 protocol. This is a fork fo the go-kmip project can support netapp data systems
Basic TTLV encoding/decoding is fully implemented, as well as the basic client/server operations. Other operations and fields could be implemented by adding required Go structures with KMIP tags.
KMIP protocol is used to access KMS solutions: generating keys, certificates, accessing stored objects, etc.
KMIP is using TTLV-like encoding, which is implemented in this packaged
as encoding/decoding of Go struct types. Go struct fields are annotated with
kmip tags which specify KMIP tag names. Field is encoded/decoded according
to its tag, type.
Two high-level objects are implemented: Server and Client. Server listens for TLS connections, does initial handshake and processes batch requests from the clients. Processing of specific operations is delegated to operation handlers. Client objects establishes connection with the KMIP server and allows sending any number of requests over the connection.
This package doesn't implement any actual key processing or management - it's outside the scope of this package.
Documentation
¶
Overview ¶
Package kmip implements KMIP protocol
KMIP protocol is used to access KMS solutions: generating keys, certificates, accessing stored objects, etc.
KMIP is using TTLV-like encoding, which is implemented in this packaged as encoding/decoding of Go struct types. Go struct fields are annotated with `kmip` tags which specify KMIP tag names. Field is encoded/decoded according to its tag, type.
Two high-level objects are implemented: Server and Client. Server listens for TLS connections, does initial handshake and processes batch requests from the clients. Processing of specific operations is delegated to operation handlers. Client objects establishes connection with the KMIP server and allows sending any number of requests over the connection.
Not all the KMIP operations have corresponding Go structs, missing ones should be added to operations.go, and dynamic type dispatch to RequestBatchItem/ResponseBatchItem.BuildFieldValue methods.
Index ¶
- Constants
- Variables
- func DefaultClientTLSConfig(config *tls.Config)
- func DefaultServerTLSConfig(config *tls.Config)
- type ActivateRequest
- type ActivateResponse
- type Attribute
- type Attributes
- type Authentication
- type Client
- type CreateKeyPairRequest
- type CreateKeyPairResponse
- type CreateRequest
- type CreateResponse
- type CredentialUsernamePassword
- type CryptoParams
- type Decoder
- type DecryptRequest
- type DecryptResponse
- type DestroyRequest
- type DestroyResponse
- type Digest
- type DiscoverVersionsRequest
- type DiscoverVersionsResponse
- type DynamicDispatch
- type Encoder
- type EncryptRequest
- type EncryptResponse
- type EncryptionKeyInformation
- type Enum
- type Error
- type GetAttributeListRequest
- type GetAttributeListResponse
- type GetAttributesRequest
- type GetAttributesResponse
- type GetRequest
- type GetResponse
- type Handler
- type KeyBlock
- type KeyValue
- type KeyWrappingData
- type KeyWrappingSpecification
- type LocateRequest
- type LocateResponse
- type MACSignatureKeyInformation
- type MessageExtension
- type Name
- type Nonce
- type PrivateKey
- type ProtocolVersion
- type PublicKey
- type QueryRequest
- type QueryResponse
- type RegisterRequest
- type RegisterResponse
- type Request
- type RequestBatchItem
- type RequestContext
- type RequestHeader
- type Response
- type ResponseBatchItem
- type ResponseHeader
- type RevocationReason
- type RevokeRequest
- type RevokeResponse
- type Server
- type SessionContext
- type SignRequest
- type SignResponse
- type SymmetricKey
- type Tag
- type TemplateAttribute
- type Type
Constants ¶
View Source
const ( ATTRIBUTE_NAME_UNIQUE_IDENTIFIER = "Unique Identifier" ATTRIBUTE_NAME_NAME = "Name" ATTRIBUTE_NAME_OBJECT_TYPE = "Object Type" ATTRIBUTE_NAME_CRYPTOGRAPHIC_ALGORITHM = "Cryptographic Algorithm" ATTRIBUTE_NAME_CRYPTOGRAPHIC_LENGTH = "Cryptographic Length" ATTRIBUTE_NAME_CRYPTOGRAPHIC_PARAMETERS = "Cryptographic Parameters" ATTRIBUTE_NAME_CRYPTOGRAPHIC_DOMAIN_PARAMETERS = "Cryptographic Domain Parameters" ATTRIBUTE_NAME_CERTIFICATE_TYPE = "Certificate Type" ATTRIBUTE_NAME_CERTIFICATE_LENGTH = "Certificate Length" ATTRIBUTE_NAME_X_509_CERTIFICATE_IDENTIFIER = "X.509 Certificate Identifier" ATTRIBUTE_NAME_X_509_CERTIFICATE_SUBJECT = "X.509 Certificate Subject" ATTRIBUTE_NAME_X_509_CERTIFICATE_ISSUER = "X.509 Certificate Issuer" ATTRIBUTE_NAME_CERTIFICATE_IDENTIFIER = "Certificate Identifier" ATTRIBUTE_NAME_CERTIFICATE_SUBJECT = "Certificate Subject" ATTRIBUTE_NAME_CERTIFICATE_ISSUER = "Certificate Issuer" ATTRIBUTE_NAME_DIGITAL_SIGNATURE_ALGORITHM = "Digital Signature Algorithm" ATTRIBUTE_NAME_DIGEST = "Digest" ATTRIBUTE_NAME_OPERATION_POLICY_NAME = "Operation Policy Name" ATTRIBUTE_NAME_CRYPTOGRAPHIC_USAGE_MASK = "Cryptographic Usage Mask" ATTRIBUTE_NAME_LEASE_TIME = "Lease Time" ATTRIBUTE_NAME_USAGE_LIMITS = "Usage Limits" ATTRIBUTE_NAME_STATE = "State" ATTRIBUTE_NAME_INITIAL_DATE = "Initial Date" ATTRIBUTE_NAME_ACTIVATION_DATE = "Activation Date" ATTRIBUTE_NAME_PROCESS_START_DATE = "Process Start Date" ATTRIBUTE_NAME_PROTECT_STOP_DATE = "Protect Stop Date" ATTRIBUTE_NAME_DEACTIVATION_DATE = "Deactivation Date" ATTRIBUTE_NAME_DESTROY_DATE = "Destroy Date" ATTRIBUTE_NAME_COMPROMISE_OCCURRENCE_DATE = "Compromise Occurrence Date" ATTRIBUTE_NAME_COMPROMISE_DATE = "Compromise Date" ATTRIBUTE_NAME_REVOCATION_REASON = "Revocation Reason" ATTRIBUTE_NAME_ARCHIVE_DATE = "Archive Date" ATTRIBUTE_NAME_OBJECT_GROUP = "Object Group" ATTRIBUTE_NAME_FRESH = "Fresh" ATTRIBUTE_NAME_LINK = "Link" ATTRIBUTE_NAME_APPLICATION_SPECIFIC_INFORMATION = "Application Specific Information" ATTRIBUTE_NAME_CONTACT_INFORMATION = "Contact Information" ATTRIBUTE_NAME_LAST_CHANGE_DATE = "Last Change Date" ATTRIBUTE_NAME_CUSTOM_ATTRIBUTE = "Custom Attribute" ATTRIBUTE_NAME_ALTERNATIVE_NAME = "Alternative Name" ATTRIBUTE_NAME_KEY_VALUE_PRESENT = "Key Value Present" ATTRIBUTE_NAME_KEY_VALUE_LOCATION = "Key Value Location" ATTRIBUTE_NAME_ORIGINAL_CREATION_DATE = "Original Creation Date" )
KMIP Attribute Names.
Variables ¶
View Source
var DefaultSupportedVersions = []ProtocolVersion{
{Major: 1, Minor: 4},
{Major: 1, Minor: 3},
{Major: 1, Minor: 2},
{Major: 1, Minor: 1},
}
DefaultSupportedVersions is a default list of supported KMIP versions
Functions ¶
func DefaultClientTLSConfig ¶
DefaultClientTLSConfig fills in good defaults for client TLS configuration
func DefaultServerTLSConfig ¶
DefaultServerTLSConfig fills in good defaults for server TLS configuration
Types ¶
type ActivateRequest ¶
type ActivateRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
}
ActivateRequest is a Activate Request Payload
type ActivateResponse ¶
type ActivateResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
}
ActivateResponse is a Activate Response Payload
type Attribute ¶
type Attribute struct {
Tag `kmip:"ATTRIBUTE"`
Name string `kmip:"ATTRIBUTE_NAME"`
Index int32 `kmip:"ATTRIBUTE_INDEX"`
Value interface{} `kmip:"ATTRIBUTE_VALUE"`
}
Attribute is a Attribute Object Structure
func (*Attribute) BuildFieldValue ¶
BuildFieldValue builds dynamic Value field
type Attributes ¶
type Attributes []Attribute
Attributes is a sequence of Attribute objects which allows building and search
func (Attributes) Get ¶
func (attrs Attributes) Get(name string) (val interface{})
type Authentication ¶
type Authentication struct {
Tag `kmip:"AUTHENTICATION"`
CredentialType Enum `kmip:"CREDENTIAL_TYPE,required"`
CredentialValue interface{} `kmip:"CREDENTIAL_VALUE,required"`
}
Authentication is an Authentication structure
func (*Authentication) BuildFieldValue ¶
func (a *Authentication) BuildFieldValue(name string) (v interface{}, err error)
BuildFieldValue builds value for CredentialValue based on CredentialType
type Client ¶
type Client struct {
// Server endpoint as "host:port"
Endpoint string
// TLS client config
TLSConfig *tls.Config
// KMIP version to use
//
// Defaults to DefaultSupportedVersions[0] if not set
Version ProtocolVersion
// Network timeouts
ReadTimeout, WriteTimeout time.Duration
// contains filtered or unexported fields
}
Client implements basic KMIP client
Client is not safe for concurrent use
func (*Client) DiscoverVersions ¶
func (c *Client) DiscoverVersions(versions []ProtocolVersion) (serverVersions []ProtocolVersion, err error)
DiscoverVersions with the server
func (*Client) Send ¶
Send request to server and deliver response/error back
Request payload should be passed as req, and response payload will be returned back as resp. Operation will be sent as a batch with single item.
Send is a generic method, it's better to implement specific methods for each operation (use DiscoverVersions as example).
type CreateKeyPairRequest ¶
type CreateKeyPairRequest struct {
CommonTemplateAttribute TemplateAttribute `kmip:"COMMON_TEMPLATE_ATTRIBUTE"`
PrivateKeyTemplateAttribute TemplateAttribute `kmip:"PRIVATE_KEY_TEMPLATE_ATTRIBUTE"`
PublicKeyTemplateAttribute TemplateAttribute `kmip:"PUBLIC_KEY_TEMPLATE_ATTRIBUTE"`
}
CreateKeyPairRequest is a Create Key Pair Request Payload
type CreateKeyPairResponse ¶
type CreateKeyPairResponse struct {
PrivateKeyUniqueIdentifier string `kmip:"PRIVATE_KEY_UNIQUE_IDENTIFIER,required"`
PublicKeyUniqueIdentifier string `kmip:"PUBLIC_KEY_UNIQUE_IDENTIFIER,required"`
PrivateKeyTemplateAttribute TemplateAttribute `kmip:"PRIVATE_KEY_TEMPLATE_ATTRIBUTE"`
PublicKeyTemplateAttribute TemplateAttribute `kmip:"PUBLIC_KEY_TEMPLATE_ATTRIBUTE"`
}
CreateKeyPairResponse is a Create Key Pair Response Payload
type CreateRequest ¶
type CreateRequest struct {
ObjectType Enum `kmip:"OBJECT_TYPE,required"`
TemplateAttribute TemplateAttribute `kmip:"TEMPLATE_ATTRIBUTE,required"`
}
CreateRequest is a Create Request Payload
type CreateResponse ¶
type CreateResponse struct {
ObjectType Enum `kmip:"OBJECT_TYPE,required"`
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
TemplateAttribute TemplateAttribute `kmip:"TEMPLATE_ATTRIBUTE"`
}
CreateResponse is a Create Response Payload
type CredentialUsernamePassword ¶
type CredentialUsernamePassword struct {
Tag `kmip:"CREDENTIAL_VALUE"`
Username string `kmip:"USERNAME,required"`
Password string `kmip:"PASSWORD,required"`
}
CredentialUsernamePassword is a Credential structure for username/password authentication
type CryptoParams ¶
type CryptoParams struct {
Tag `kmip:"CRYPTOGRAPHIC_PARAMETERS"`
BlockCipherMode Enum `kmip:"BLOCK_CIPHER_MODE"`
PaddingMethod Enum `kmip:"PADDING_METHOD"`
HashingAlgorithm Enum `kmip:"HASHING_ALGORITHM"`
KeyRoleType Enum `kmip:"KEY_ROLE_TYPE"`
DigitalSignatureAlgorithm Enum `kmip:"DIGITAL_SIGNATURE_ALGORITHM"`
CryptographicAlgorithm Enum `kmip:"CRYPTOGRAPHIC_ALGORITHM"`
RandomIV bool `kmip:"RANDOM_IV"`
IVLength int32 `kmip:"IV_LENGTH"`
TagLength int32 `kmip:"TAG_LENGTH"`
FixedFieldLength int32 `kmip:"FIXED_FIELD_LENGTH"`
InvocationFieldLength int32 `kmip:"INVOCATION_FIELD_LENGTH"`
CounterLength int32 `kmip:"COUNTER_LENGTH"`
InitialCounterValue int32 `kmip:"INITIAL_COUNTER_VALUE"`
SaltLength int32 `kmip:"SALT_LENGTH"`
MaskGenerator Enum `kmip:"MASK_GENERATOR"`
MaskGeneratorHashingAlgorithm Enum `kmip:"MASK_GENERATOR_HASHING_ALGORITHM"`
PSource []byte `kmip:"P_SOURCE"`
TrailerFIeld int32 `kmip:"TRAILER_FIELD"`
}
CryptoParams is a Cryptographic Parameters Attribute Structure
type Decoder ¶
type Decoder struct {
// contains filtered or unexported fields
}
Decoder implements KMIP protocol decoding
Decoding works exactly the same way as encoding (see Encoder documentation), but the other way around.
func NewDecoder ¶
NewDecoder builds Decoder which reads from r
Buffering can be disabled by providing reader which implements io.ByteScanner
type DecryptRequest ¶
type DecryptRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
CryptoParams CryptoParams `kmip:"CRYPTOGRAPHIC_PARAMETERS"`
Data []byte `kmip:"DATA"`
IVCounterNonce []byte `kmip:"IV_COUNTER_NONCE"`
CorrelationValue []byte `kmip:"CORRELATION_VALUE"`
InitIndicator bool `kmip:"INIT_INDICATOR"`
FinalIndicator bool `kmip:"FINAL_INDICATOR"`
AdditionalData []byte `kmip:"AUTHENTICATED_ENCRYPTION_ADDITIONAL_DATA"`
AuthTag []byte `kmip:"AUTHENTICATED_ENCRYPTION_TAG"`
}
DecryptRequest is a Decrypt Request Payload
type DecryptResponse ¶
type DecryptResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
Data []byte `kmip:"DATA"`
CorrelationValue []byte `kmip:"CORRELATION_VALUE"`
}
DecryptResponse is a Decrypt Response Payload
type DestroyRequest ¶
type DestroyRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
}
DestroyRequest is a Destroy Request Payload
type DestroyResponse ¶
type DestroyResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
}
DestroyResponse is a Destroy Response Payload
type Digest ¶
type Digest struct {
Tag `kmip:"DIGEST"`
HashingAlgorithm Enum `kmip:"HASHING_ALGORITHM,required"`
DigestValue []byte `kmip:"DIGEST_VALUE"`
KeyFormatType Enum `kmip:"KEY_FORMAT_TYPE"`
}
Digest is a Digest Attribute Structure
type DiscoverVersionsRequest ¶
type DiscoverVersionsRequest struct {
ProtocolVersions []ProtocolVersion `kmip:"PROTOCOL_VERSION"`
}
DiscoverVersionsRequest is a Discover Versions Request Payload
type DiscoverVersionsResponse ¶
type DiscoverVersionsResponse struct {
ProtocolVersions []ProtocolVersion `kmip:"PROTOCOL_VERSION"`
}
DiscoverVersionsResponse is a Discover Versions Response Payload
type DynamicDispatch ¶
DynamicDispatch is an interface for structure go set field value based on other field values
type Encoder ¶
type Encoder struct {
// contains filtered or unexported fields
}
Encoder implements encoding to TTLV KMIP protocol format
All core types are supported:
- Integer (int32)
- Long Integer (int64)
- Enumeration (Enum)
- Boolean (bool)
- Bytes ([]byte)
- String (string)
- Timestamp (time.Time)
- Interval (time.Duration)
Encoder processes Go structure, analyzing field tags and parsing out `kmip` Go struct tags, e.g.:
Value string `kmip:"TAG_NAME,required"`
KMIP TAG_NAME is looked up to find tag value, Go type is translated to respective KMIP core type (see above), length is automatically calculated.
Fields with zero value which are not required are skipped while encoding.
type EncryptRequest ¶
type EncryptRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
CryptoParams CryptoParams `kmip:"CRYPTOGRAPHIC_PARAMETERS"`
Data []byte `kmip:"DATA"`
IVCounterNonce []byte `kmip:"IV_COUNTER_NONCE"`
CorrelationValue []byte `kmip:"CORRELATION_VALUE"`
InitIndicator bool `kmip:"INIT_INDICATOR"`
FinalIndicator bool `kmip:"FINAL_INDICATOR"`
AdditionalData []byte `kmip:"AUTHENTICATED_ENCRYPTION_ADDITIONAL_DATA"`
}
EncryptRequest is an Encrypt Request Payload
type EncryptResponse ¶
type EncryptResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
Data []byte `kmip:"DATA"`
IVCounterNonce []byte `kmip:"IV_COUNTER_NONCE"`
CorrelationValue []byte `kmip:"CORRELATION_VALUE"`
AuthTag []byte `kmip:"AUTHENTICATED_ENCRYPTION_TAG"`
}
EncryptResponse is a Encrypt Response Payload
type EncryptionKeyInformation ¶
type EncryptionKeyInformation struct {
Tag `kmip:"ENCRYPTION_KEY_INFORMATION"`
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
CryptoParams CryptoParams `kmip:"CRYPTOGRAPHIC_PARAMETERS"`
}
EncryptionKeyInformation is a Key Wrapping Specification Object
type Enum ¶
type Enum uint32
Enum is KMIP Enumeration type
const ( // KMIP 1.0 OPERATION_CREATE Enum = 0x00000001 OPERATION_CREATE_KEY_PAIR Enum = 0x00000002 OPERATION_REGISTER Enum = 0x00000003 OPERATION_REKEY Enum = 0x00000004 OPERATION_DERIVE_KEY Enum = 0x00000005 OPERATION_CERTIFY Enum = 0x00000006 OPERATION_RECERTIFY Enum = 0x00000007 OPERATION_LOCATE Enum = 0x00000008 OPERATION_CHECK Enum = 0x00000009 OPERATION_GET Enum = 0x0000000A OPERATION_GET_ATTRIBUTES Enum = 0x0000000B OPERATION_GET_ATTRIBUTE_LIST Enum = 0x0000000C OPERATION_ADD_ATTRIBUTE Enum = 0x0000000D OPERATION_MODIFY_ATTRIBUTE Enum = 0x0000000E OPERATION_DELETE_ATTRIBUTE Enum = 0x0000000F OPERATION_OBTAIN_LEASE Enum = 0x00000010 OPERATION_GET_USAGE_ALLOCATION Enum = 0x00000011 OPERATION_ACTIVATE Enum = 0x00000012 OPERATION_REVOKE Enum = 0x00000013 OPERATION_DESTROY Enum = 0x00000014 OPERATION_ARCHIVE Enum = 0x00000015 OPERATION_RECOVER Enum = 0x00000016 OPERATION_VALIDATE Enum = 0x00000017 OPERATION_QUERY Enum = 0x00000018 OPERATION_CANCEL Enum = 0x00000019 OPERATION_POLL Enum = 0x0000001A OPERATION_NOTIFY Enum = 0x0000001B OPERATION_PUT Enum = 0x0000001C // KMIP 1.1 OPERATION_REKEY_KEY_PAIR Enum = 0x0000001D OPERATION_DISCOVER_VERSIONS Enum = 0x0000001E // KMIP 1.2 OPERATION_ENCRYPT Enum = 0x0000001F OPERATION_DECRYPT Enum = 0x00000020 OPERATION_SIGN Enum = 0x00000021 OPERATION_SIGNATURE_VERIFY Enum = 0x00000022 OPERATION_MAC Enum = 0x00000023 OPERATION_MAC_VERIFY Enum = 0x00000024 OPERATION_RNG_RETRIEVE Enum = 0x00000025 OPERATION_RNG_SEED Enum = 0x00000026 OPERATION_HASH Enum = 0x00000027 OPERATION_CREATE_SPLIT_KEY Enum = 0x00000028 OPERATION_JOIN_SPLIT_KEY Enum = 0x00000029 // KMIP 1.4 OPERATION_IMPORT Enum = 0x0000002A OPERATION_EXPORT Enum = 0x0000002B // KMIP 2.0 OPERATION_LOG Enum = 0x0000002C OPERATION_LOGIN Enum = 0x0000002D OPERATION_LOGOUT Enum = 0x0000002E OPERATION_DELEGATED_LOGIN Enum = 0x0000002F OPERATION_ADJUST_ATTRIBUTE Enum = 0x00000030 OPERATION_SET_ATTRIBUTE Enum = 0x00000031 OPERATION_SET_ENDPOINT_ROLE Enum = 0x00000032 OPERATION_PKCS_11 Enum = 0x00000033 OPERATION_INTEROP Enum = 0x00000034 OPERATION_REPROVISION Enum = 0x00000035 )
KMIP Operations
const ( // KMIP 1.0 OBJECT_TYPE_CERTIFICATE Enum = 0x00000001 OBJECT_TYPE_SYMMETRIC_KEY Enum = 0x00000002 OBJECT_TYPE_PUBLIC_KEY Enum = 0x00000003 OBJECT_TYPE_PRIVATE_KEY Enum = 0x00000004 OBJECT_TYPE_SPLIT_KEY Enum = 0x00000005 OBJECT_TYPE_TEMPLATE Enum = 0x00000006 // Deprecated in KMIP 1.3, designated '(Reserved)' in KMIP 2.0 OBJECT_TYPE_SECRET_DATA Enum = 0x00000007 OBJECT_TYPE_OPAQUE_DATA Enum = 0x00000008 // KMIP 1.2 OBJECT_TYPE_PGP_KEY Enum = 0x00000009 // KMIP 2.0 OBJECT_TYPE_CERTIFICATE_REQUEST Enum = 0x0000000A )
KMIP Object Types
const ( // KMIP 1.0 STATE_PRE_ACTIVE Enum = 0x00000001 STATE_ACTIVE Enum = 0x00000002 STATE_DEACTIVATED Enum = 0x00000003 STATE_COMPROMISED Enum = 0x00000004 STATE_DESTROYED Enum = 0x00000005 STATE_DESTROYED_COMPROMISED Enum = 0x00000006 )
KMIP States
const ( // KMIP 1.0 KEY_FORMAT_RAW Enum = 0x00000001 KEY_FORMAT_OPAQUE Enum = 0x00000002 KEY_FORMAT_PKCS_1 Enum = 0x00000003 KEY_FORMAT_PKCS_8 Enum = 0x00000004 KEY_FORMAT_X_509 Enum = 0x00000005 KEY_FORMAT_EC_PRIVATE_KEY Enum = 0x00000006 KEY_FORMAT_TRANSPARENT_SYMMETRIC_KEY Enum = 0x00000007 KEY_FORMAT_TRANSPARENT_DSA_PRIVATE_KEY Enum = 0x00000008 KEY_FORMAT_TRANSPARENT_DSA_PUBLIC_KEY Enum = 0x00000009 KEY_FORMAT_TRANSPARENT_RSA_PRIVATE_KEY Enum = 0x0000000A KEY_FORMAT_TRANSPARENT_RSA_PUBLIC_KEY Enum = 0x0000000B KEY_FORMAT_TRANSPARENT_DH_PRIVATE_KEY Enum = 0x0000000C KEY_FORMAT_TRANSPARENT_DH_PUBLIC_KEY Enum = 0x0000000D KEY_FORMAT_TRANSPARENT_ECDSA_PRIVATE_KEY Enum = 0x0000000E // Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0 KEY_FORMAT_TRANSPARENT_ECDSA_PUBLIC_KEY Enum = 0x0000000F // Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0 KEY_FORMAT_TRANSPARENT_ECDH_PRIVATE_KEY Enum = 0x00000010 // Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0 KEY_FORMAT_TRANSPARENT_ECDH_PUBLIC_KEY Enum = 0x00000011 // Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0 KEY_FORMAT_TRANSPARENT_ECMQV_PRIVATE_KEY Enum = 0x00000012 // Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0 KEY_FORMAT_TRANSPARENT_ECMQV_PUBLIC_KEY Enum = 0x00000013 // Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0 // KMIP 1.3 KEY_FORMAT_TRANSPARENT_EC_PRIVATE_KEY Enum = 0x00000014 KEY_FORMAT_TRANSPARENT_EC_PUBLIC_KEY Enum = 0x00000015 // KMIP 1.4 KEY_FORMAT_PKCS_12 Enum = 0x00000016 )
KMIP Key Formats
KMIP Key Wrap Types
const ( // KMIP 1.0 WRAPPING_METHOD_ENCRYPT Enum = 0x00000001 WRAPPING_METHOD_MAC_SIGN Enum = 0x00000002 WRAPPING_METHOD_ENCRYPT_THEN_MAC_SIGN Enum = 0x00000003 WRAPPING_METHOD_MAC_SIGN_THEN_ENCRYPT Enum = 0x00000004 WRAPPING_METHOD_TR_31 Enum = 0x00000005 )
KMIP Wrapping Methods
const ( // KMIP 1.0 KEY_COMPRESSION_EC_PUBLIC_KEY_TYPE_UNCOMPRESSED Enum = 0x00000001 KEY_COMPRESSION_EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_PRIME Enum = 0x00000002 KEY_COMPRESSION_EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_CHAR2 Enum = 0x00000003 KEY_COMPRESSION_EC_PUBLIC_KEY_TYPE_X9_62_HYBRID Enum = 0x00000004 )
KMIP Key Compression Types
KMIP Name Types
const ( // KMIP 1.0 CRYPTO_DES Enum = 0x00000001 CRYPTO_TRIPLE_DES Enum = 0x00000002 // '3DES' is invalid syntax CRYPTO_AES Enum = 0x00000003 CRYPTO_RSA Enum = 0x00000004 CRYPTO_DSA Enum = 0x00000005 CRYPTO_ECDSA Enum = 0x00000006 CRYPTO_HMAC_SHA1 Enum = 0x00000007 CRYPTO_HMAC_SHA224 Enum = 0x00000008 CRYPTO_HMAC_SHA256 Enum = 0x00000009 CRYPTO_HMAC_SHA384 Enum = 0x0000000A CRYPTO_HMAC_SHA512 Enum = 0x0000000B CRYPTO_HMAC_MD5 Enum = 0x0000000C CRYPTO_DH Enum = 0x0000000D CRYPTO_ECDH Enum = 0x0000000E CRYPTO_ECMQV Enum = 0x0000000F CRYPTO_BLOWFISH Enum = 0x00000010 CRYPTO_CAMELLIA Enum = 0x00000011 CRYPTO_CAST5 Enum = 0x00000012 CRYPTO_IDEA Enum = 0x00000013 CRYPTO_MARS Enum = 0x00000014 CRYPTO_RC2 Enum = 0x00000015 CRYPTO_RC4 Enum = 0x00000016 CRYPTO_RC5 Enum = 0x00000017 CRYPTO_SKIPJACK Enum = 0x00000018 CRYPTO_TWOFISH Enum = 0x00000019 // KMIP 1.2 CRYPTO_EC Enum = 0x0000001A // KMIP 1.3 CRYPTO_ONE_TIME_PAD Enum = 0x0000001B // KMIP 1.4 CRYPTO_CHACHA20 Enum = 0x0000001C CRYPTO_POLY1305 Enum = 0x0000001D CRYPTO_CHACHA20_POLY1305 Enum = 0x0000001E CRYPTO_SHA3_224 Enum = 0x0000001F CRYPTO_SHA3_256 Enum = 0x00000020 CRYPTO_SHA3_384 Enum = 0x00000021 CRYPTO_SHA3_512 Enum = 0x00000022 CRYPTO_HMAC_SHA3_224 Enum = 0x00000023 CRYPTO_HMAC_SHA3_256 Enum = 0x00000024 CRYPTO_HMAC_SHA3_384 Enum = 0x00000025 CRYPTO_HMAC_SHA3_512 Enum = 0x00000026 CRYPTO_SHAKE_128 Enum = 0x00000027 CRYPTO_SHAKE_256 Enum = 0x00000028 // KMIP 2.0 CRYPTO_ARIA Enum = 0x00000029 CRYPTO_SEED Enum = 0x0000002A CRYPTO_SM2 Enum = 0x0000002B CRYPTO_SM3 Enum = 0x0000002C CRYPTO_SM4 Enum = 0x0000002D CRYPTO_GOST_R_34_10_2012 Enum = 0x0000002E CRYPTO_GOST_R_34_11_2012 Enum = 0x0000002F CRYPTO_GOST_R_34_13_2015 Enum = 0x00000030 CRYPTO_GOST_28147_89 Enum = 0x00000031 CRYPTO_XMSS Enum = 0x00000032 CRYPTO_SPHINCS_256 Enum = 0x00000033 CRYPTO_MCELIECE Enum = 0x00000034 CRYPTO_MCELIECE_6960119 Enum = 0x00000035 CRYPTO_MCELIECE_8192128 Enum = 0x00000036 CRYPTO_ED25519 Enum = 0x00000037 CRYPTO_ED448 Enum = 0x00000038 )
KMIP Crypto Algorithms
const ( // KMIP 1.0 PADDING_METHOD_NONE Enum = 0x00000001 PADDING_METHOD_OAEP Enum = 0x00000002 PADDING_METHOD_PKCS_5 Enum = 0x00000003 PADDING_METHOD_SSL_3 Enum = 0x00000004 PADDING_METHOD_ZEROS Enum = 0x00000005 PADDING_METHOD_ANSI_X9_23 Enum = 0x00000006 PADDING_METHOD_ISO_10126 Enum = 0x00000007 PADDING_METHOD_PKCS_1_V1_5 Enum = 0x00000008 PADDING_METHOD_X9_31 Enum = 0x00000009 PADDING_METHOD_PSS Enum = 0x0000000A )
KMIP Padding Method Enumeration
const ( // KMIP 1.0 HASH_MD2 Enum = 0x00000001 HASH_MD4 Enum = 0x00000002 HASH_MD5 Enum = 0x00000003 HASH_SHA1 Enum = 0x00000004 HASH_SHA224 Enum = 0x00000005 HASH_SHA256 Enum = 0x00000006 HASH_SHA384 Enum = 0x00000007 HASH_SHA512 Enum = 0x00000008 HASH_RIPEMD_160 Enum = 0x00000009 HASH_TIGER Enum = 0x0000000A HASH_WHIRLPOOL Enum = 0x0000000B // KMIP 1.2 HASH_SHA512_224 Enum = 0x0000000C HASH_SHA512_256 Enum = 0x0000000D // KMIP 1.4 HASH_SHA3_224 Enum = 0x0000000E HASH_SHA3_256 Enum = 0x0000000F HASH_SHA3_384 Enum = 0x00000010 HASH_SHA3_512 Enum = 0x00000011 )
KMIP Hash Algorithms
const ( // KMIP 1.0 CREDENTIAL_TYPE_USERNAME_AND_PASSWORD Enum = 0x00000001 // KMIP 1.1 CREDENTIAL_TYPE_DEVICE Enum = 0x00000002 // KMIP 1.2 CREDENTIAL_TYPE_ATTESTATION Enum = 0x00000003 // KMIP 2.0 CREDENTIAL_TYPE_ONE_TIME_PASSWORD Enum = 0x00000004 CREDENTIAL_TYPE_HASHED_PASSWORD Enum = 0x00000005 CREDENTIAL_TYPE_TICKET Enum = 0x00000006 )
KMIP Credential Type
const ( RESULT_STATUS_SUCCESS Enum = 0x00000000 RESULT_STATUS_OPERATION_FAILED Enum = 0x00000001 RESULT_STATUS_OPERATION_PENDING Enum = 0x00000002 RESULT_STATUS_OPERATION_UNDONE Enum = 0x00000003 )
KMIP Result Status
const ( // KMIP 1.0 RESULT_REASON_ITEM_NOT_FOUND Enum = 0x00000001 RESULT_REASON_RESPONSE_TOO_LARGE Enum = 0x00000002 RESULT_REASON_AUTHENTICATION_NOT_SUCCESSFUL Enum = 0x00000003 RESULT_REASON_INVALID_MESSAGE Enum = 0x00000004 RESULT_REASON_OPERATION_NOT_SUPPORTED Enum = 0x00000005 RESULT_REASON_MISSING_DATA Enum = 0x00000006 RESULT_REASON_INVALID_FIELD Enum = 0x00000007 RESULT_REASON_FEATURE_NOT_SUPPORTED Enum = 0x00000008 RESULT_REASON_OPERATION_CANCELED_BY_REQUESTER Enum = 0x00000009 RESULT_REASON_CRYPTOGRAPHIC_FAILURE Enum = 0x0000000A RESULT_REASON_ILLEGAL_OPERATION Enum = 0x0000000B RESULT_REASON_PERMISSION_DENIED Enum = 0x0000000C RESULT_REASON_OBJECT_ARCHIVED Enum = 0x0000000D RESULT_REASON_INDEX_OUT_OF_BOUNDS Enum = 0x0000000E RESULT_REASON_APPLICATION_NAMESPACE_NOT_SUPPORTED Enum = 0x0000000F RESULT_REASON_KEY_FORMAT_TYPE_NOT_SUPPORTED Enum = 0x00000010 RESULT_REASON_KEY_COMPRESSION_TYPE_NOT_SUPPORTED Enum = 0x00000011 RESULT_REASON_ENCODING_OPTION_ERROR Enum = 0x00000012 RESULT_REASON_KEY_VALUE_NOT_PRESENT Enum = 0x00000013 RESULT_REASON_ATTESTATION_REQUIRED Enum = 0x00000014 RESULT_REASON_ATTESTATION_FAILED Enum = 0x00000015 RESULT_REASON_SENSITIVE Enum = 0x00000016 RESULT_REASON_NOT_EXTRACTABLE Enum = 0x00000017 RESULT_REASON_OBJECT_ALREADY_EXISTS Enum = 0x00000018 RESULT_REASON_GENERAL_FAILURE Enum = 0x00000100 // KMIP 2.0 RESULT_REASON_INVALID_TICKET Enum = 0x00000019 RESULT_REASON_USAGE_LIMIT_EXCEEDED Enum = 0x0000001A RESULT_REASON_NUMERIC_RANGE Enum = 0x0000001B RESULT_REASON_INVALID_DATA_TYPE Enum = 0x0000001C RESULT_REASON_READ_ONLY_ATTRIBUTE Enum = 0x0000001D RESULT_REASON_MULTI_VALUED_ATTRIBUTE Enum = 0x0000001E RESULT_REASON_UNSUPPORTED_ATTRIBUTE Enum = 0x0000001F RESULT_REASON_ATTRIBUTE_INSTANCE_NOT_FOUND Enum = 0x00000020 RESULT_REASON_ATTRIBUTE_NOT_FOUND Enum = 0x00000021 RESULT_REASON_ATTRIBUTE_READ_ONLY Enum = 0x00000022 RESULT_REASON_ATTRIBUTE_SINGLE_VALUED Enum = 0x00000023 RESULT_REASON_BAD_CRYPTOGRAPHIC_PARAMETERS Enum = 0x00000024 RESULT_REASON_BAD_PASSWORD Enum = 0x00000025 RESULT_REASON_CODEC_ERROR Enum = 0x00000026 // 0x00000027 is designated '(Reserved)' in KMIP 2.0 RESULT_REASON_ILLEGAL_OBJECT_TYPE Enum = 0x00000028 RESULT_REASON_INCOMPATIBLE_CRYPTOGRAPHIC_USAGE_MASK Enum = 0x00000029 RESULT_REASON_INTERNAL_SERVER_ERROR Enum = 0x0000002A RESULT_REASON_INVALID_ASYNCHRONOUS_CORRELATION_VALUE Enum = 0x0000002B RESULT_REASON_INVALID_ATTRIBUTE Enum = 0x0000002C RESULT_REASON_INVALID_ATTRIBUTE_VALUE Enum = 0x0000002D RESULT_REASON_INVALID_CORRELATION_VALUE Enum = 0x0000002E RESULT_REASON_INVALID_CSR Enum = 0x0000002F RESULT_REASON_INVALID_OBJECT_TYPE Enum = 0x00000030 // 0x00000031 is designated '(Reserved)' in KMIP 2.0 RESULT_REASON_KEY_WRAP_TYPE_NOT_SUPPORTED Enum = 0x00000032 // 0x00000033 is designated '(Reserved)' in KMIP 2.0 RESULT_REASON_MISSING_INITIALIZATION_VECTOR Enum = 0x00000034 RESULT_REASON_NON_UNIQUE_NAME_ATTRIBUTE Enum = 0x00000035 RESULT_REASON_OBJECT_DESTROYED Enum = 0x00000036 RESULT_REASON_OBJECT_NOT_FOUND Enum = 0x00000037 // 0x00000038 is unassigned RESULT_REASON_NOT_AUTHORISED Enum = 0x00000039 RESULT_REASON_SERVER_LIMIT_EXCEEDED Enum = 0x0000003A RESULT_REASON_UNKNOWN_ENUMERATION Enum = 0x0000003B RESULT_REASON_UNKNOWN_MESSAGE_EXTENSION Enum = 0x0000003C RESULT_REASON_UNKNOWN_TAG Enum = 0x0000003D RESULT_REASON_UNSUPPORTED_CRYPTOGRAPHIC_PARAMETERS Enum = 0x0000003E RESULT_REASON_UNSUPPORTED_PROTOCOL_VERSION Enum = 0x0000003F RESULT_REASON_WRAPPING_OBJECT_ARCHIVED Enum = 0x00000040 RESULT_REASON_WRAPPING_OBJECT_DESTROYED Enum = 0x00000041 RESULT_REASON_WRAPPING_OBJECT_NOT_FOUND Enum = 0x00000042 RESULT_REASON_WRONG_KEY_LIFECYCLE_STATE Enum = 0x00000043 RESULT_REASON_PROTECTION_STORAGE_UNAVAILABLE Enum = 0x00000044 RESULT_REASON_PKCS11_CODEC_ERROR Enum = 0x00000045 RESULT_REASON_PKCS11_INVALID_FUNCTION Enum = 0x00000046 RESULT_REASON_PKCS11_INVALID_INTERFACE Enum = 0x00000047 )
KMIP Result Reason
const ( REVOCATION_REASON_UNSPECIFIED Enum = 0x0000001 REVOCATION_REASON_KEY_COMPROMISE Enum = 0x0000002 REVOCATION_REASON_CA_COMPROMISE Enum = 0x0000003 REVOCATION_REASON_AFFILIATION_CHANGED Enum = 0x0000004 REVOCATION_REASON_SUPERSEDED Enum = 0x0000005 REVOCATION_REASON_CESSATION_OF_OPERATION Enum = 0x0000006 REVOCATION_REASON_PRIVILEGE_WITHDRAWN Enum = 0x0000007 )
const ( CRYPTO_USAGE_MASK_SIGN Enum = 0x00000001 CRYPTO_USAGE_MASK_VERIFY Enum = 0x00000002 CRYPTO_USAGE_MASK_ENCRYPT Enum = 0x00000004 CRYPTO_USAGE_MASK_DECRYPT Enum = 0x00000008 CRYPTO_USAGE_MASK_WRAP_KEY Enum = 0x00000010 CRYPTO_USAGE_MASK_UNWRAP_KEY Enum = 0x00000020 CRYPTO_USAGE_MASK_EXPORT Enum = 0x00000040 CRYPTO_USAGE_MASK_MAC_GENERATE Enum = 0x00000080 CRYPTO_USAGE_MASK_MAC_VERIFY Enum = 0x00000100 CRYPTO_USAGE_MASK_DERIVE_KEY Enum = 0x00000200 CRYPTO_USAGE_MASK_CONTENT_COMMITMENT Enum = 0x00000400 CRYPTO_USAGE_MASK_KEY_AGREEMENT Enum = 0x00000800 CRYPTO_USAGE_MASK_CERTIFICATE_SIGN Enum = 0x00001000 CRYPTO_USAGE_MASK_CRL_SIGN Enum = 0x00002000 CRYPTO_USAGE_MASK_GENERATE_CRYPTOGRAM Enum = 0x00004000 CRYPTO_USAGE_MASK_VALIDATE_CRYPTOGRAM Enum = 0x00008000 CRYPTO_USAGE_MASK_TRANSLATE_ENCRYPT Enum = 0x00010000 CRYPTO_USAGE_MASK_TRANSLATE_DECRYPT Enum = 0x00020000 CRYPTO_USAGE_MASK_TRANSLATE_WRAP Enum = 0x00040000 CRYPTO_USAGE_MASK_TRANSLATE_UNWRAP Enum = 0x00080000 )
const ( BLOCK_MODE_CBC Enum = 0x00000001 BLOCK_MODE_ECB Enum = 0x00000002 BLOCK_MODE_PCBC Enum = 0x00000003 BLOCK_MODE_CFB Enum = 0x00000004 BLOCK_MODE_OFB Enum = 0x00000005 BLOCK_MODE_CTR Enum = 0x00000006 BLOCK_MODE_CMAC Enum = 0x00000007 BLOCK_MODE_CCM Enum = 0x00000008 BLOCK_MODE_GCM Enum = 0x00000009 BLOCK_MODE_CBC_MAC Enum = 0x0000000A BLOCK_MODE_XTS Enum = 0x0000000B BLOCK_MODE_AESKeyWrapPadding Enum = 0x0000000C BLOCK_MODE_NISTKeyWrap Enum = 0x0000000D BLOCK_MODE_X9_102_AESKW Enum = 0x0000000E BLOCK_MODE_X9_102_TDKW Enum = 0x0000000F BLOCK_MODE_X9_102_AKW1 Enum = 0x00000010 BLOCK_MODE_X9_102_AKW2 Enum = 0x00000011 BLOCK_MODE_AEAD Enum = 0x00000012 )
KMIP Block Cipher Mode Enumeration.
type Error ¶
Error enhances error with "Result Reason" field
Any Error instance is returned back to the caller with message and result reason set, any other Go error is returned as "General Failure"
type GetAttributeListRequest ¶
type GetAttributeListRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
}
GetAttributeListRequest is a Get Attribute List Request Payload
type GetAttributeListResponse ¶
type GetAttributeListResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
AttributeNames []string `kmip:"ATTRIBUTE_NAME"`
}
GetAttributeListResponse is a Get Attribute List Response Payload
type GetAttributesRequest ¶
type GetAttributesRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
AttributeNames []string `kmip:"ATTRIBUTE_NAME"`
}
GetAttributesRequest is a Get Attributes Request Payload
type GetAttributesResponse ¶
type GetAttributesResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
Attributes Attributes `kmip:"ATTRIBUTE"`
}
GetAttributesResponse is a Get Attributes Response Payload
type GetRequest ¶
type GetRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
KeyFormatType Enum `kmip:"KEY_FORMAT_TYPE"`
KeyWrapType Enum `kmip:"KEY_WRAP_TYPE"`
KeyCompressionType Enum `kmip:"KEY_COMPRESSION_TYPE"`
KeyWrappingSpec KeyWrappingSpecification `kmip:"KEY_WRAPPING_SPECIFICATION"`
}
GetRequest is a Get Request Payload
type GetResponse ¶
type GetResponse struct {
ObjectType Enum `kmip:"OBJECT_TYPE,required"`
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
// Response might contain one of SymmetricKey, Certificate, ...
SymmetricKey SymmetricKey `kmip:"SYMMETRIC_KEY"`
PrivateKey PrivateKey `kmip:"PRIVATE_KEY"`
PublicKey PublicKey `kmip:"PUBLIC_KEY"`
}
GetResponse is a Get Response Payload
type Handler ¶
type Handler func(req *RequestContext, item *RequestBatchItem) (resp interface{}, err error)
Handler processes specific KMIP operation
type KeyBlock ¶
type KeyBlock struct {
Tag `kmip:"KEY_BLOCK"`
FormatType Enum `kmip:"KEY_FORMAT_TYPE,required"`
CompressionType Enum `kmip:"KEY_COMPRESSION_TYPE"`
Value KeyValue `kmip:"KEY_VALUE,required"`
CryptographicAlgorithm Enum `kmip:"CRYPTOGRAPHIC_ALGORITHM"`
CryptographicLength int32 `kmip:"CRYPTOGRAPHIC_LENGTH"`
WrappingData KeyWrappingData `kmip:"KEY_WRAPPING_SPECIFICATION"`
}
KeyBlock is a Key Block Object Structure
type KeyValue ¶
type KeyValue struct {
Tag `kmip:"KEY_VALUE"`
// TODO: might be structure if wrapping is used
KeyMaterial []byte `kmip:"KEY_MATERIAL"`
Attributes Attributes `kmip:"ATTRIBUTE"`
}
KeyValue is a Key Value Object Structure
type KeyWrappingData ¶
type KeyWrappingData struct {
Tag `kmip:"KEY_WRAPPING_DATA"`
WrappingMethod Enum `kmip:"WRAPPING_METHOD,required"`
EncryptionKeyInformation EncryptionKeyInformation `kmip:"ENCRYPTION_KEY_INFORMATION"`
MACSignatureKeyInformation MACSignatureKeyInformation `kmip:"MAC_SIGNATURE_KEY_INFORMATION"`
MACSignature []byte `kmip:"MAC_SIGNATURE"`
IVCounterNonce []byte `kmip:"IV_COUNTER_NONCE"`
EncodingOption Enum `kmip:"ENCODING_OPTION"`
}
KeyWrappingData is a Key Wrapping Data Object Structure
type KeyWrappingSpecification ¶
type KeyWrappingSpecification struct {
Tag `kmip:"KEY_WRAPPING_SPECIFICATION"`
WrappingMethod Enum `kmip:"WRAPPING_METHOD,required"`
EncryptionKeyInformation EncryptionKeyInformation `kmip:"ENCRYPTION_KEY_INFORMATION"`
MACSignatureKeyInformation MACSignatureKeyInformation `kmip:"MAC_SIGNATURE_KEY_INFORMATION"`
AttributeName []string `kmip:"ATTRIBUTE_NAME"`
EncodingOption Enum `kmip:"ENCODING_OPTION"`
}
KeyWrappingSpecification is a Key Wrapping Specification Object
type LocateRequest ¶
type LocateRequest struct {
MaximumItems int32 `kmip:"MAXIMUM_ITEMS"`
OffsetItems int32 `kmip:"OFFSET_ITEMS"`
StorageStatusMask int32 `kmip:"STORAGE_STATUS_MASK"`
ObjectGroupMember Enum `kmip:"OBJECT_GROUP_MEMBER"`
Attributes Attributes `kmip:"ATTRIBUTE"`
}
LocateRequest is a Locate Request Payload
type LocateResponse ¶
type LocateResponse struct {
LocatedItems int32 `kmip:"LOCATED_ITEMS"`
UniqueIdentifiers []string `kmip:"UNIQUE_IDENTIFIER"`
}
LocateResponse is a Locate Response Payload
type MACSignatureKeyInformation ¶
type MACSignatureKeyInformation struct {
Tag `kmip:"MAC_SIGNATURE_KEY_INFORMATION"`
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
CryptoParams CryptoParams `kmip:"CRYPTOGRAPHIC_PARAMETERS"`
}
MACSignatureKeyInformation is a MAC/Signature Key Information Object Structure
type MessageExtension ¶
type MessageExtension struct {
Tag `kmip:"MESSAGE_EXTENSION"`
VendorIdentification string `kmip:"VENDOR_IDENTIFICATION,required"`
CriticalityIndicator bool `kmip:"CRITICALITY_INDICATOR,required"`
VendorExtension interface{} `kmip:"-,skip"`
}
MessageExtension is a Message Extension structure in a Batch Item
type Name ¶
type Name struct {
Tag `kmip:"NAME"`
Value string `kmip:"NAME_VALUE,required"`
Type Enum `kmip:"NAME_TYPE,required"`
}
Name is a Name Attribute Structure
type Nonce ¶
type Nonce struct {
Tag `kmip:"NONCE"`
NonceID []byte `kmip:"NONCE_ID,required"`
NonceValue []byte `kmip:"NONCE_VALUE,required"`
}
Nonce object is a structure used by the server to send a random value to the client
type PrivateKey ¶
PrivateKey is a Managed Cryptographic Object that is a private key
type ProtocolVersion ¶
type ProtocolVersion struct {
Tag `kmip:"PROTOCOL_VERSION"`
Major int32 `kmip:"PROTOCOL_VERSION_MAJOR"`
Minor int32 `kmip:"PROTOCOL_VERSION_MINOR"`
}
ProtocolVersion is a Protocol Version structure
type QueryRequest ¶
type QueryRequest struct {
QueryFunctions []Enum `kmip:"QUERY_FUNCTION,required"`
}
QueryRequest is a Query Request Payload
type QueryResponse ¶
type QueryResponse struct {
Operations []Enum `kmip:"OPERATION"`
ObjectTypes []Enum `kmip:"OBJECT_TYPE"`
VendorIdentification string `kmip:"VENDOR_IDENTIFICATION"`
}
QueryResponse is a Query Response Payload
type RegisterRequest ¶
type RegisterRequest struct {
ObjectType Enum `kmip:"OBJECT_TYPE,required"`
TemplateAttribute TemplateAttribute `kmip:"TEMPLATE_ATTRIBUTE,required"`
// Request might contain one of SymmetricKey, Certificate, ...
SymmetricKey SymmetricKey `kmip:"SYMMETRIC_KEY"`
PrivateKey PrivateKey `kmip:"PRIVATE_KEY"`
PublicKey PublicKey `kmip:"PUBLIC_KEY"`
}
RegisterRequest is a Register Request Payload
type RegisterResponse ¶
type RegisterResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
TemplateAttribute TemplateAttribute `kmip:"TEMPLATE_ATTRIBUTE"`
}
RegisterResponse is a Register Response Payload
type Request ¶
type Request struct {
Tag `kmip:"REQUEST_MESSAGE"`
Header RequestHeader `kmip:"REQUEST_HEADER,required"`
BatchItems []RequestBatchItem `kmip:"REQUEST_BATCH_ITEM,required"`
}
Request is a Request Message Structure
type RequestBatchItem ¶
type RequestBatchItem struct {
Tag `kmip:"REQUEST_BATCH_ITEM"`
Operation Enum `kmip:"OPERATION,required"`
UniqueID []byte `kmip:"UNIQUE_BATCH_ITEM_ID"`
RequestPayload interface{} `kmip:"REQUEST_PAYLOAD,required"`
MessageExtension MessageExtension `kmip:"MESSAGE_EXTENSION"`
}
RequestBatchItem is a Request Batch Item Structure
func (*RequestBatchItem) BuildFieldValue ¶
func (bi *RequestBatchItem) BuildFieldValue(name string) (v interface{}, err error)
BuildFieldValue builds value for RequestPayload based on Operation
type RequestContext ¶
type RequestContext struct {
SessionContext
// RequestAuth captures result of request authentication
RequestAuth interface{}
}
RequestContext covers batch of requests
type RequestHeader ¶
type RequestHeader struct {
Tag `kmip:"REQUEST_HEADER"`
Version ProtocolVersion `kmip:"PROTOCOL_VERSION,required"`
MaxResponseSize int32 `kmip:"MAXIMUM_RESPONSE_SIZE"`
ClientCorrelationValue string `kmip:"CLIENT_CORRELATION_VALUE"`
ServerCorrelationValue string `kmip:"SERVER_CORRELATION_VALUE"`
AsynchronousIndicator bool `kmip:"ASYNCHRONOUS_INDICATOR"`
AttestationCapableIndicator bool `kmip:"ATTESTATION_CAPABLE_INDICATOR"`
AttestationType []Enum `kmip:"ATTESTATION_TYPE"`
Authentication Authentication `kmip:"AUTHENTICATION"`
BatchErrorContinuationOption Enum `kmip:"BATCH_ERROR_CONTINUATION_OPTION"`
BatchOrderOption bool `kmip:"BATCH_ORDER_OPTION"`
TimeStamp time.Time `kmip:"TIME_STAMP"`
BatchCount int32 `kmip:"BATCH_COUNT,required"`
}
RequestHeader is a Request Header Structure
type Response ¶
type Response struct {
Tag `kmip:"RESPONSE_MESSAGE"`
Header ResponseHeader `kmip:"RESPONSE_HEADER,required"`
BatchItems []ResponseBatchItem `kmip:"RESPONSE_BATCH_ITEM,required"`
}
Response is a Response Message Structure
type ResponseBatchItem ¶
type ResponseBatchItem struct {
Operation Enum `kmip:"OPERATION,required"`
UniqueID []byte `kmip:"UNIQUE_BATCH_ITEM_ID"`
ResultStatus Enum `kmip:"RESULT_STATUS,required"`
ResultReason Enum `kmip:"RESULT_REASON"`
ResultMessage string `kmip:"RESULT_MESSAGE"`
AsyncronousCorrelationValue []byte `kmip:"ASYNCHRONOUS_CORRELATION_VALUE"`
ResponsePayload interface{} `kmip:"RESPONSE_PAYLOAD"`
MessageExtension MessageExtension `kmip:"MESSAGE_EXTENSION"`
}
ResponseBatchItem is a Response Batch Item Structure
func (*ResponseBatchItem) BuildFieldValue ¶
func (bi *ResponseBatchItem) BuildFieldValue(name string) (v interface{}, err error)
BuildFieldValue builds value for ResponsePayload based on Operation
type ResponseHeader ¶
type ResponseHeader struct {
Tag `kmip:"RESPONSE_HEADER"`
Version ProtocolVersion `kmip:"PROTOCOL_VERSION,required"`
TimeStamp time.Time `kmip:"TIME_STAMP,required"`
Nonce Nonce `kmip:"NONCE"`
AttestationType []Enum `kmip:"ATTESTATION_TYPE"`
ClientCorrelationValue string `kmip:"CLIENT_CORRELATION_VALUE"`
ServerCorrelationValue string `kmip:"SERVER_CORRELATION_VALUE"`
BatchCount int32 `kmip:"BATCH_COUNT,required"`
}
ResponseHeader is a Response Header Structure
type RevocationReason ¶
type RevocationReason struct {
Tag `kmip:"REVOCATION_REASON"`
RevocationReasonCode Enum `kmip:"REVOCATION_REASON_CODE"`
RevocationMessage string `kmip:"REVOCATION_REASON"`
}
RevocationReason is a Revocation Reason structure
type RevokeRequest ¶
type RevokeRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
RevocationReason RevocationReason `kmip:"REVOCATION_REASON,required"`
CompromiseDate time.Time `kmip:"COMPROMISE_DATE"`
}
RevokeRequest is a Revoke Request Payload
type RevokeResponse ¶
type RevokeResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
}
RevokeResponse is a Revoke Response Payload
type Server ¶
type Server struct {
// Listen address
Addr string
// TLS Configuration for the server
TLSConfig *tls.Config
// Log destination (if not set, log is discarded)
Log *log.Logger
// Supported version of KMIP, in the order of the preference
//
// If not set, defaults to DefaultSupportedVersions
SupportedVersions []ProtocolVersion
// Network read & write timeouts
//
// If set to zero, timeouts are not enforced
ReadTimeout time.Duration
WriteTimeout time.Duration
// SessionAuthHandler is called after TLS handshake
//
// This handler might additionally verify client TLS cert or perform
// any other kind of auth (say, by soure address)
SessionAuthHandler func(conn net.Conn) (sessionAuth interface{}, err error)
// RequestAuthHandler is called for any request which has Authentication field set
//
// Value returned from RequestAuthHandler is stored as RequestContext.RequestAuth, which
// can be used to authorize each batch item in the request
RequestAuthHandler func(sesssion *SessionContext, auth *Authentication) (requestAuth interface{}, err error)
// contains filtered or unexported fields
}
Server implements core KMIP server
func (*Server) Handle ¶
Handle register handler for operation
Server provides default handler for DISCOVER_VERSIONS operation, any other operation should be specifically enabled via Handle
func (*Server) ListenAndServe ¶
ListenAndServe creates TLS listening socket and calls Serve
Channel initializedCh will be closed when listener is initialized (or fails to be initialized)
type SessionContext ¶
type SessionContext struct {
// Unique session identificator
SessionID string
// Additional opaque data related to connection auth, as returned by Server.SessionAuthHandler
SessionAuth interface{}
}
SessionContext is initialized for each connection
type SignRequest ¶
type SignRequest struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER"`
CryptoParams CryptoParams `kmip:"CRYPTOGRAPHIC_PARAMETERS"`
Data []byte `kmip:"DATA"`
CorrelationValue []byte `kmip:"CORRELATION_VALUE"`
InitIndicator bool `kmip:"INIT_INDICATOR"`
FinalIndicator bool `kmip:"FINAL_INDICATOR"`
}
SignRequest is a Sign Request Payload
type SignResponse ¶
type SignResponse struct {
UniqueIdentifier string `kmip:"UNIQUE_IDENTIFIER,required"`
SignatureData []byte `kmip:"SIGNATURE_DATA"`
CorrelationValue []byte `kmip:"CORRELATION_VALUE"`
}
SignResponse is a Sign Response Payload
type SymmetricKey ¶
type SymmetricKey struct {
Tag `kmip:"SYMMETRIC_KEY"`
KeyBlock KeyBlock `kmip:"KEY_BLOCK,required"`
}
SymmetricKey is a Managed Cryptographic Object that is a symmetric key
type Tag ¶
type Tag uint32
Tag is a number that designates the specific Protocol Field or Object that the TTLV object represents
const ( // Internal ANY_TAG Tag = 0xffffff // KMIP 1.0 ACTIVATION_DATE Tag = 0x420001 APPLICATION_DATA Tag = 0x420002 APPLICATION_NAMESPACE Tag = 0x420003 APPLICATION_SPECIFIC_INFORMATION Tag = 0x420004 ARCHIVE_DATE Tag = 0x420005 ASYNCHRONOUS_CORRELATION_VALUE Tag = 0x420006 ASYNCHRONOUS_INDICATOR Tag = 0x420007 ATTRIBUTE Tag = 0x420008 ATTRIBUTE_INDEX Tag = 0x420009 // Designated '(Reserved)' in KMIP 2.0 ATTRIBUTE_NAME Tag = 0x42000A ATTRIBUTE_VALUE Tag = 0x42000B AUTHENTICATION Tag = 0x42000C BATCH_COUNT Tag = 0x42000D BATCH_ERROR_CONTINUATION_OPTION Tag = 0x42000E BATCH_ITEM Tag = 0x42000F BATCH_ORDER_OPTION Tag = 0x420010 BLOCK_CIPHER_MODE Tag = 0x420011 CANCELLATION_RESULT Tag = 0x420012 CERTIFICATE Tag = 0x420013 CERTIFICATE_IDENTIFIER Tag = 0x420014 // Deprecated, designated '(Reserved)' in KMIP 2.0 CERTIFICATE_ISSUER Tag = 0x420015 // Deprecated, designated '(Reserved)' in KMIP 2.0 CERTIFICATE_ISSUER_ALTERNATIVE_NAME Tag = 0x420016 // Deprecated, designated '(Reserved)' in KMIP 2.0 CERTIFICATE_ISSUER_DISTINGUISHED_NAME Tag = 0x420017 // Deprecated, designated '(Reserved)' in KMIP 2.0 CERTIFICATE_REQUEST Tag = 0x420018 CERTIFICATE_REQUEST_TYPE Tag = 0x420019 CERTIFICATE_SUBJECT Tag = 0x42001A // Deprecated, designated '(Reserved)' in KMIP 2.0 CERTIFICATE_SUBJECT_ALTERNATIVE_NAME Tag = 0x42001B // Deprecated, designated '(Reserved)' in KMIP 2.0 CERTIFICATE_SUBJECT_DISTINGUISHED_NAME Tag = 0x42001C // Deprecated, designated '(Reserved)' in KMIP 2.0 CERTIFICATE_TYPE Tag = 0x42001D CERTIFICATE_VALUE Tag = 0x42001E COMMON_TEMPLATE_ATTRIBUTE Tag = 0x42001F // Designated '(Reserved)' in KMIP 2.0 COMPROMISE_DATE Tag = 0x420020 COMPROMISE_OCCURRENCE_DATE Tag = 0x420021 CONTACT_INFORMATION Tag = 0x420022 CREDENTIAL Tag = 0x420023 CREDENTIAL_TYPE Tag = 0x420024 CREDENTIAL_VALUE Tag = 0x420025 CRITICALITY_INDICATOR Tag = 0x420026 CRT_COEFFICIENT Tag = 0x420027 CRYPTOGRAPHIC_ALGORITHM Tag = 0x420028 CRYPTOGRAPHIC_DOMAIN_PARAMETERS Tag = 0x420029 CRYPTOGRAPHIC_LENGTH Tag = 0x42002A CRYPTOGRAPHIC_PARAMETERS Tag = 0x42002B CRYPTOGRAPHIC_USAGE_MASK Tag = 0x42002C CUSTOM_ATTRIBUTE Tag = 0x42002D // Designated '(Reserved)' in KMIP 2.0 D Tag = 0x42002E DEACTIVATION_DATE Tag = 0x42002F DERIVATION_DATA Tag = 0x420030 DERIVATION_METHOD Tag = 0x420031 DERIVATION_PARAMETERS Tag = 0x420032 DESTROY_DATE Tag = 0x420033 DIGEST Tag = 0x420034 DIGEST_VALUE Tag = 0x420035 ENCRYPTION_KEY_INFORMATION Tag = 0x420036 G Tag = 0x420037 HASHING_ALGORITHM Tag = 0x420038 INITIAL_DATE Tag = 0x420039 INITIALIZATION_VECTOR Tag = 0x42003A ISSUER Tag = 0x42003B // Deprecated, designated '(Reserved)' in KMIP 2.0 ITERATION_COUNT Tag = 0x42003C IV_COUNTER_NONCE Tag = 0x42003D J Tag = 0x42003E KEY Tag = 0x42003F KEY_BLOCK Tag = 0x420040 KEY_COMPRESSION_TYPE Tag = 0x420041 KEY_FORMAT_TYPE Tag = 0x420042 KEY_MATERIAL Tag = 0x420043 KEY_PART_IDENTIFIER Tag = 0x420044 KEY_VALUE Tag = 0x420045 KEY_WRAPPING_DATA Tag = 0x420046 KEY_WRAPPING_SPECIFICATION Tag = 0x420047 LAST_CHANGE_DATE Tag = 0x420048 LEASE_TIME Tag = 0x420049 LINK Tag = 0x42004A LINK_TYPE Tag = 0x42004B LINKED_OBJECT_IDENTIFIER Tag = 0x42004C MAC_SIGNATURE Tag = 0x42004D MAC_SIGNATURE_KEY_INFORMATION Tag = 0x42004E MAXIMUM_ITEMS Tag = 0x42004F MAXIMUM_RESPONSE_SIZE Tag = 0x420050 MESSAGE_EXTENSION Tag = 0x420051 MODULUS Tag = 0x420052 NAME Tag = 0x420053 NAME_TYPE Tag = 0x420054 NAME_VALUE Tag = 0x420055 OBJECT_GROUP Tag = 0x420056 OBJECT_TYPE Tag = 0x420057 OFFSET Tag = 0x420058 OPAQUE_DATA_TYPE Tag = 0x420059 OPAQUE_DATA_VALUE Tag = 0x42005A OPAQUE_OBJECT Tag = 0x42005B OPERATION Tag = 0x42005C OPERATION_POLICY_NAME Tag = 0x42005D // Designated '(Reserved)' in KMIP 2.0 P Tag = 0x42005E PADDING_METHOD Tag = 0x42005F PRIME_EXPONENT_P Tag = 0x420060 PRIME_EXPONENT_Q Tag = 0x420061 PRIME_FIELD_SIZE Tag = 0x420062 PRIVATE_EXPONENT Tag = 0x420063 PRIVATE_KEY Tag = 0x420064 PRIVATE_KEY_TEMPLATE_ATTRIBUTE Tag = 0x420065 // Designated '(Reserved)' in KMIP 2.0 PRIVATE_KEY_UNIQUE_IDENTIFIER Tag = 0x420066 PROCESS_START_DATE Tag = 0x420067 PROTECT_STOP_DATE Tag = 0x420068 PROTOCOL_VERSION Tag = 0x420069 PROTOCOL_VERSION_MAJOR Tag = 0x42006A PROTOCOL_VERSION_MINOR Tag = 0x42006B PUBLIC_EXPONENT Tag = 0x42006C PUBLIC_KEY Tag = 0x42006D PUBLIC_KEY_TEMPLATE_ATTRIBUTE Tag = 0x42006E // Designated '(Reserved)' in KMIP 2.0 PUBLIC_KEY_UNIQUE_IDENTIFIER Tag = 0x42006F PUT_FUNCTION Tag = 0x420070 Q Tag = 0x420071 Q_STRING Tag = 0x420072 QLENGTH Tag = 0x420073 QUERY_FUNCTION Tag = 0x420074 RECOMMENDED_CURVE Tag = 0x420075 REPLACED_UNIQUE_IDENTIFIER Tag = 0x420076 REQUEST_BATCH_ITEM Tag = 0x42000F REQUEST_HEADER Tag = 0x420077 REQUEST_MESSAGE Tag = 0x420078 REQUEST_PAYLOAD Tag = 0x420079 RESPONSE_BATCH_ITEM Tag = 0x42000F RESPONSE_HEADER Tag = 0x42007A RESPONSE_MESSAGE Tag = 0x42007B RESPONSE_PAYLOAD Tag = 0x42007C RESULT_MESSAGE Tag = 0x42007D RESULT_REASON Tag = 0x42007E RESULT_STATUS Tag = 0x42007F REVOCATION_MESSAGE Tag = 0x420080 REVOCATION_REASON Tag = 0x420081 REVOCATION_REASON_CODE Tag = 0x420082 KEY_ROLE_TYPE Tag = 0x420083 SALT Tag = 0x420084 SECRET_DATA Tag = 0x420085 SECRET_DATA_TYPE Tag = 0x420086 SERIAL_NUMBER Tag = 0x420087 // Deprecated, designated '(Reserved)' in KMIP 2.0 SERVER_INFORMATION Tag = 0x420088 SPLIT_KEY Tag = 0x420089 SPLIT_KEY_METHOD Tag = 0x42008A SPLIT_KEY_PARTS Tag = 0x42008B SPLIT_KEY_THRESHOLD Tag = 0x42008C STATE Tag = 0x42008D STORAGE_STATUS_MASK Tag = 0x42008E SYMMETRIC_KEY Tag = 0x42008F TEMPLATE Tag = 0x420090 // Designated '(Reserved)' in KMIP 2.0 TEMPLATE_ATTRIBUTE Tag = 0x420091 // Designated '(Reserved)' in KMIP 2.0 TIME_STAMP Tag = 0x420092 UNIQUE_BATCH_ITEM_ID Tag = 0x420093 UNIQUE_IDENTIFIER Tag = 0x420094 USAGE_LIMITS Tag = 0x420095 USAGE_LIMITS_COUNT Tag = 0x420096 USAGE_LIMITS_TOTAL Tag = 0x420097 USAGE_LIMITS_UNIT Tag = 0x420098 USERNAME Tag = 0x420099 VALIDITY_DATE Tag = 0x42009A VALIDITY_INDICATOR Tag = 0x42009B VENDOR_EXTENSION Tag = 0x42009C VENDOR_IDENTIFICATION Tag = 0x42009D WRAPPING_METHOD Tag = 0x42009E X Tag = 0x42009F Y Tag = 0x4200A0 PASSWORD Tag = 0x4200A1 // KMIP 1.1 DEVICE_IDENTIFIER Tag = 0x4200A2 ENCODING_OPTION Tag = 0x4200A3 EXTENSION_INFORMATION Tag = 0x4200A4 EXTENSION_NAME Tag = 0x4200A5 EXTENSION_TAG Tag = 0x4200A6 EXTENSION_TYPE Tag = 0x4200A7 FRESH Tag = 0x4200A8 MACHINE_IDENTIFIER Tag = 0x4200A9 MEDIA_IDENTIFIER Tag = 0x4200AA NETWORK_IDENTIFIER Tag = 0x4200AB OBJECT_GROUP_MEMBER Tag = 0x4200AC CERTIFICATE_LENGTH Tag = 0x4200AD DIGITAL_SIGNATURE_ALGORITHM Tag = 0x4200AE CERTIFICATE_SERIAL_NUMBER Tag = 0x4200AF DEVICE_SERIAL_NUMBER Tag = 0x4200B0 ISSUER_ALTERNATIVE_NAME Tag = 0x4200B1 ISSUER_DISTINGUISHED_NAME Tag = 0x4200B2 SUBJECT_ALTERNATIVE_NAME Tag = 0x4200B3 SUBJECT_DISTINGUISHED_NAME Tag = 0x4200B4 X_509_CERTIFICATE_IDENTIFIER Tag = 0x4200B5 X_509_CERTIFICATE_ISSUER Tag = 0x4200B6 X_509_CERTIFICATE_SUBJECT Tag = 0x4200B7 // KMIP 1.2 KEY_VALUE_LOCATION Tag = 0x4200B8 KEY_VALUE_LOCATION_VALUE Tag = 0x4200B9 KEY_VALUE_LOCATION_TYPE Tag = 0x4200BA KEY_VALUE_PRESENT Tag = 0x4200BB ORIGINAL_CREATION_DATE Tag = 0x4200BC PGP_KEY Tag = 0x4200BD PGP_KEY_VERSION Tag = 0x4200BE ALTERNATIVE_NAME Tag = 0x4200BF ALTERNATIVE_NAME_VALUE Tag = 0x4200C0 ALTERNATIVE_NAME_TYPE Tag = 0x4200C1 DATA Tag = 0x4200C2 SIGNATURE_DATA Tag = 0x4200C3 DATA_LENGTH Tag = 0x4200C4 RANDOM_IV Tag = 0x4200C5 MAC_DATA Tag = 0x4200C6 ATTESTATION_TYPE Tag = 0x4200C7 NONCE Tag = 0x4200C8 NONCE_ID Tag = 0x4200C9 NONCE_VALUE Tag = 0x4200CA ATTESTATION_MEASUREMENT Tag = 0x4200CB ATTESTATION_ASSERTION Tag = 0x4200CC IV_LENGTH Tag = 0x4200CD TAG_LENGTH Tag = 0x4200CE FIXED_FIELD_LENGTH Tag = 0x4200CF COUNTER_LENGTH Tag = 0x4200D0 INITIAL_COUNTER_VALUE Tag = 0x4200D1 INVOCATION_FIELD_LENGTH Tag = 0x4200D2 ATTESTATION_CAPABLE_INDICATOR Tag = 0x4200D3 // KMIP 1.3 OFFSET_ITEMS Tag = 0x4200D4 LOCATED_ITEMS Tag = 0x4200D5 CORRELATION_VALUE Tag = 0x4200D6 INIT_INDICATOR Tag = 0x4200D7 FINAL_INDICATOR Tag = 0x4200D8 RNG_PARAMETERS Tag = 0x4200D9 RNG_ALGORITHM Tag = 0x4200DA DRBG_ALGORITHM Tag = 0x4200DB FIPS186_VARIATION Tag = 0x4200DC PREDICTION_RESISTANCE Tag = 0x4200DD RANDOM_NUMBER_GENERATOR Tag = 0x4200DE VALIDATION_INFORMATION Tag = 0x4200DF VALIDATION_AUTHORITY_TYPE Tag = 0x4200E0 VALIDATION_AUTHORITY_COUNTRY Tag = 0x4200E1 VALIDATION_AUTHORITY_URI Tag = 0x4200E2 VALIDATION_VERSION_MAJOR Tag = 0x4200E3 VALIDATION_VERSION_MINOR Tag = 0x4200E4 VALIDATION_TYPE Tag = 0x4200E5 VALIDATION_LEVEL Tag = 0x4200E6 VALIDATION_CERTIFICATE_IDENTIFIER Tag = 0x4200E7 VALIDATION_CERTIFICATE_URI Tag = 0x4200E8 VALIDATION_VENDOR_URI Tag = 0x4200E9 VALIDATION_PROFILE Tag = 0x4200EA PROFILE_INFORMATION Tag = 0x4200EB PROFILE_NAME Tag = 0x4200EC SERVER_URI Tag = 0x4200ED SERVER_PORT Tag = 0x4200EE STREAMING_CAPABILITY Tag = 0x4200EF ASYNCHRONOUS_CAPABILITY Tag = 0x4200F0 ATTESTATION_CAPABILITY Tag = 0x4200F1 UNWRAP_MODE Tag = 0x4200F2 DESTROY_ACTION Tag = 0x4200F3 SHREDDING_ALGORITHM Tag = 0x4200F4 RNG_MODE Tag = 0x4200F5 CLIENT_REGISTRATION_METHOD Tag = 0x4200F6 CAPABILITY_INFORMATION Tag = 0x4200F7 // KMIP 1.4 KEY_WRAP_TYPE Tag = 0x4200F8 BATCH_UNDO_CAPABILITY Tag = 0x4200F9 BATCH_CONTINUE_CAPABILITY Tag = 0x4200FA PKCS12_FRIENDLY_NAME Tag = 0x4200FB DESCRIPTION Tag = 0x4200FC COMMENT Tag = 0x4200FD AUTHENTICATED_ENCRYPTION_ADDITIONAL_DATA Tag = 0x4200FE AUTHENTICATED_ENCRYPTION_TAG Tag = 0x4200FF SALT_LENGTH Tag = 0x420100 MASK_GENERATOR Tag = 0x420101 MASK_GENERATOR_HASHING_ALGORITHM Tag = 0x420102 P_SOURCE Tag = 0x420103 TRAILER_FIELD Tag = 0x420104 CLIENT_CORRELATION_VALUE Tag = 0x420105 SERVER_CORRELATION_VALUE Tag = 0x420106 DIGESTED_DATA Tag = 0x420107 CERTIFICATE_SUBJECT_CN Tag = 0x420108 CERTIFICATE_SUBJECT_O Tag = 0x420109 CERTIFICATE_SUBJECT_OU Tag = 0x42010A CERTIFICATE_SUBJECT_EMAIL Tag = 0x42010B CERTIFICATE_SUBJECT_C Tag = 0x42010C CERTIFICATE_SUBJECT_ST Tag = 0x42010D CERTIFICATE_SUBJECT_L Tag = 0x42010E CERTIFICATE_SUBJECT_UID Tag = 0x42010F CERTIFICATE_SUBJECT_SERIAL_NUMBER Tag = 0x420110 CERTIFICATE_SUBJECT_TITLE Tag = 0x420111 CERTIFICATE_SUBJECT_DC Tag = 0x420112 CERTIFICATE_SUBJECT_DN_QUALIFIER Tag = 0x420113 CERTIFICATE_ISSUER_CN Tag = 0x420114 CERTIFICATE_ISSUER_O Tag = 0x420115 CERTIFICATE_ISSUER_OU Tag = 0x420116 CERTIFICATE_ISSUER_EMAIL Tag = 0x420117 CERTIFICATE_ISSUER_C Tag = 0x420118 CERTIFICATE_ISSUER_ST Tag = 0x420119 CERTIFICATE_ISSUER_L Tag = 0x42011A CERTIFICATE_ISSUER_UID Tag = 0x42011B CERTIFICATE_ISSUER_SERIAL_NUMBER Tag = 0x42011C CERTIFICATE_ISSUER_TITLE Tag = 0x42011D CERTIFICATE_ISSUER_DC Tag = 0x42011E CERTIFICATE_ISSUER_DN_QUALIFIER Tag = 0x42011F SENSITIVE Tag = 0x420120 ALWAYS_SENSITIVE Tag = 0x420121 EXTRACTABLE Tag = 0x420122 NEVER_EXTRACTABLE Tag = 0x420123 REPLACE_EXISTING Tag = 0x420124 // KMIP 2.0 ATTRIBUTES Tag = 0x420125 COMMON_ATTRIBUTES Tag = 0x420126 PRIVATE_KEY_ATTRIBUTES Tag = 0x420127 PUBLIC_KEY_ATTRIBUTES Tag = 0x420128 EXTENSION_ENUMERATION Tag = 0x420129 EXTENSION_ATTRIBUTE Tag = 0x42012A EXTENSION_PARENT_STRUCTURE_TAG Tag = 0x42012B EXTENSION_DESCRIPTION Tag = 0x42012C SERVER_NAME Tag = 0x42012D SERVER_SERIAL_NUMBER Tag = 0x42012E SERVER_VERSION Tag = 0x42012F SERVER_LOAD Tag = 0x420130 PRODUCT_NAME Tag = 0x420131 BUILD_LEVEL Tag = 0x420132 BUILD_DATE Tag = 0x420133 CLUSTER_INFO Tag = 0x420134 ALTERNATE_FAILOVER_ENDPOINTS Tag = 0x420135 SHORT_UNIQUE_IDENTIFIER Tag = 0x420136 RESERVED Tag = 0x420137 TAG Tag = 0x420138 CERTIFICATE_REQUEST_UNIQUE_IDENTIFIER Tag = 0x420139 NIST_KEY_TYPE Tag = 0x42013A ATTRIBUTE_REFERENCE Tag = 0x42013B CURRENT_ATTRIBUTE Tag = 0x42013C NEW_ATTRIBUTE Tag = 0x42013D // 0x42013E is designated '(Reserved)' in KMIP 2.0 // 0x42013F is designated '(Reserved)' in KMIP 2.0 CERTIFICATE_REQUEST_VALUE Tag = 0x420140 LOG_MESSAGE Tag = 0x420141 PROFILE_VERSION Tag = 0x420142 PROFILE_VERSION_MAJOR Tag = 0x420143 PROFILE_VERSION_MINOR Tag = 0x420144 PROTECTION_LEVEL Tag = 0x420145 PROTECTION_PERIOD Tag = 0x420146 QUANTUM_SAFE Tag = 0x420147 QUANTUM_SAFE_CAPABILITY Tag = 0x420148 TICKET Tag = 0x420149 TICKET_TYPE Tag = 0x42014A TICKET_VALUE Tag = 0x42014B REQUEST_COUNT Tag = 0x42014C RIGHTS Tag = 0x42014D OBJECTS Tag = 0x42014E OPERATIONS Tag = 0x42014F RIGHT Tag = 0x420150 ENDPOINT_ROLE Tag = 0x420151 DEFAULTS_INFORMATION Tag = 0x420152 OBJECT_DEFAULTS Tag = 0x420153 EPHEMERAL Tag = 0x420154 SERVER_HASHED_PASSWORD Tag = 0x420155 ONE_TIME_PASSWORD Tag = 0x420156 HASHED_PASSWORD Tag = 0x420157 ADJUSTMENT_TYPE Tag = 0x420158 PKCS11_INTERFACE Tag = 0x420159 PKCS11_FUNCTION Tag = 0x42015A PKCS11_INPUT_PARAMETERS Tag = 0x42015B PKCS11_OUTPUT_PARAMETERS Tag = 0x42015C PKCS11_RETURN_CODE Tag = 0x42015D PROTECTION_STORAGE_MASK Tag = 0x42015E PROTECTION_STORAGE_MASKS Tag = 0x42015F INTEROP_FUNCTION Tag = 0x420160 INTEROP_IDENTIFIER Tag = 0x420161 ADJUSTMENT_VALUE Tag = 0x420162 )
KMIP Tags
type TemplateAttribute ¶
type TemplateAttribute struct {
Tag `kmip:"TEMPLATE_ATTRIBUTE"`
Name Name `kmip:"NAME"`
Attributes Attributes `kmip:"ATTRIBUTE"`
}
TemplateAttribute is a Template-Attribute Object Structure
Source Files
Click to show internal directories.
Click to hide internal directories.