pkcs7

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2023 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	OIDData                   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 1}
	OIDSignedData             = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2}
	OIDEnvelopedData          = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 3}
	OIDSignedEnvelopedData    = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 4}
	OIDDigestData             = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 5}
	OIDEncryptedData          = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 6}
	OIDAttributeContentType   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3}
	OIDAttributeMessageDigest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4}
	OIDAttributeSigningTime   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5}

	OIDDigestAlgorithmSHA1   = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
	OIDDigestAlgorithmSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	OIDDigestAlgorithmSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
	OIDDigestAlgorithmSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}

	OIDDigestAlgorithmDSA     = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}
	OIDDigestAlgorithmDSASHA1 = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 3}

	OIDDigestAlgorithmECDSASHA1   = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 1}
	OIDDigestAlgorithmECDSASHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2}
	OIDDigestAlgorithmECDSASHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3}
	OIDDigestAlgorithmECDSASHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4}

	OIDEncryptionAlgorithmRSA       = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
	OIDEncryptionAlgorithmRSASHA1   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
	OIDEncryptionAlgorithmRSASHA256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
	OIDEncryptionAlgorithmRSASHA384 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12}
	OIDEncryptionAlgorithmRSASHA512 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13}

	OIDEncryptionAlgorithmECDSAP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
	OIDEncryptionAlgorithmECDSAP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
	OIDEncryptionAlgorithmECDSAP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
)
View Source 
var (
	SM2OIDData                = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 2, 1}
	SM2OIDSignedData          = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 2, 2}
	SM2OIDEnvelopedData       = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 2, 3}
	SM2OIDSignedEnvelopedData = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 2, 4}
	SM2OIDEncryptedData       = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 2, 5}

	OIDDigestAlgorithmSM3           = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 401}
	OIDDigestAlgorithmSM2SM3        = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 501}
	OIDDigestEncryptionAlgorithmSM2 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 301, 1}

	OIDKeyEncryptionAlgorithmSM2 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 301, 3}

	SM9OIDData                = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 4, 1}
	SM9OIDSignedData          = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 4, 2}
	SM9OIDEnvelopedData       = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 4, 3}
	SM9OIDSignedEnvelopedData = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 4, 4}
	SM9OIDEncryptedData       = asn1.ObjectIdentifier{1, 2, 156, 10197, 6, 1, 4, 4, 5}

	OIDDigestAlgorithmSM9SM3 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 502}

	OIDDigestEncryptionAlgorithmSM9 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302, 1}

	OIDKeyEncryptionAlgorithmSM9 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302, 3}
)
View Source 
var ErrNotEncryptedContent = errors.New("pkcs7: content data is NOT a decryptAble data type")
View Source 
var ErrPSKNotProvided = errors.New("pkcs7: cannot encrypt content: PSK not provided")
View Source 
var ErrUnsupportedAlgorithm = errors.New("pkcs7: cannot decrypt data: only RSA, SM2, DES, DES-EDE3, AES and SM4 supported")
View Source 
var ErrUnsupportedContentType = errors.New("pkcs7: cannot parse data: unimplemented content type")
View Source 
var ErrUnsupportedEncryptionAlgorithm = errors.New("pkcs7: cannot encrypt content: only DES-CBC, AES-CBC, AES-GCM, SM4-CBC and SM4-GCM supported")

Functions

func DegenerateCertificate 

func DegenerateCertificate(cert []byte) ([]byte, error)

func Encrypt 

func Encrypt(cipher pkcs.Cipher, content []byte, recipients []*smx509.Certificate) ([]byte, error)

func EncryptSM 

func EncryptSM(cipher pkcs.Cipher, content []byte, recipients []*smx509.Certificate) ([]byte, error)

func EncryptSMUsingPSK 

func EncryptSMUsingPSK(cipher pkcs.Cipher, content []byte, key []byte) ([]byte, error)

func EncryptUsingPSK 

func EncryptUsingPSK(cipher pkcs.Cipher, content []byte, key []byte) ([]byte, error)

Types

type Attribute 

type Attribute struct {
	Type  asn1.ObjectIdentifier
	Value interface{}
}

type MessageDigestMismatchError 

type MessageDigestMismatchError struct {
	ExpectedDigest []byte
	ActualDigest   []byte
}

func (*MessageDigestMismatchError) Error 

func (err *MessageDigestMismatchError) Error() string

type PKCS7 

type PKCS7 struct {
	Content      []byte
	Certificates []*smx509.Certificate
	CRLs         []x509.RevocationList
	Signers      []signerInfo
	// contains filtered or unexported fields
}

func Parse 

func Parse(data []byte) (p7 *PKCS7, err error)

func (*PKCS7) Decrypt 

func (p7 *PKCS7) Decrypt(cert *smx509.Certificate, pkey crypto.PrivateKey) ([]byte, error)

func (*PKCS7) DecryptAndVerify 

func (p7 *PKCS7) DecryptAndVerify(cert *smx509.Certificate, pkey crypto.PrivateKey, verifyFunc VerifyFunc) ([]byte, error)

func (*PKCS7) DecryptAndVerifyOnlyOne 

func (p7 *PKCS7) DecryptAndVerifyOnlyOne(pkey crypto.PrivateKey, verifyFunc VerifyFunc) ([]byte, error)

func (*PKCS7) DecryptUsingPSK 

func (p7 *PKCS7) DecryptUsingPSK(key []byte) ([]byte, error)

func (*PKCS7) GetOnlySigner 

func (p7 *PKCS7) GetOnlySigner() *smx509.Certificate

func (*PKCS7) UnmarshalSignedAttribute 

func (p7 *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error

func (*PKCS7) Verify 

func (p7 *PKCS7) Verify() (err error)

func (*PKCS7) VerifyWithChain 

func (p7 *PKCS7) VerifyWithChain(truststore *smx509.CertPool) (err error)

func (*PKCS7) VerifyWithChainAtTime 

func (p7 *PKCS7) VerifyWithChainAtTime(truststore *smx509.CertPool, currentTime *time.Time) (err error)

type SignedAndEnvelopedData 

type SignedAndEnvelopedData struct {
	// contains filtered or unexported fields
}

func NewSMSignedAndEnvelopedData 

func NewSMSignedAndEnvelopedData(data []byte, cipher pkcs.Cipher) (*SignedAndEnvelopedData, error)

func NewSignedAndEnvelopedData 

func NewSignedAndEnvelopedData(data []byte, cipher pkcs.Cipher) (*SignedAndEnvelopedData, error)

func (*SignedAndEnvelopedData) AddCertificate 

func (saed *SignedAndEnvelopedData) AddCertificate(cert *smx509.Certificate)

func (*SignedAndEnvelopedData) AddRecipient 

func (saed *SignedAndEnvelopedData) AddRecipient(recipient *smx509.Certificate) error

func (*SignedAndEnvelopedData) AddSigner 

func (saed *SignedAndEnvelopedData) AddSigner(ee *smx509.Certificate, pkey crypto.PrivateKey) error

func (*SignedAndEnvelopedData) AddSignerChain 

func (saed *SignedAndEnvelopedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.PrivateKey, parents []*smx509.Certificate) error

func (*SignedAndEnvelopedData) Finish 

func (saed *SignedAndEnvelopedData) Finish() ([]byte, error)

func (*SignedAndEnvelopedData) SetDigestAlgorithm 

func (saed *SignedAndEnvelopedData) SetDigestAlgorithm(d asn1.ObjectIdentifier)

type SignedData 

type SignedData struct {
	// contains filtered or unexported fields
}

func NewSMSignedData 

func NewSMSignedData(data []byte) (*SignedData, error)

func NewSignedData 

func NewSignedData(data []byte) (*SignedData, error)

func (*SignedData) AddCertificate 

func (sd *SignedData) AddCertificate(cert *smx509.Certificate)

func (*SignedData) AddSigner 

func (sd *SignedData) AddSigner(ee *smx509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error

func (*SignedData) AddSignerChain 

func (sd *SignedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.PrivateKey, parents []*smx509.Certificate, config SignerInfoConfig) error

func (*SignedData) Detach 

func (sd *SignedData) Detach()

func (*SignedData) Finish 

func (sd *SignedData) Finish() ([]byte, error)

func (*SignedData) GetSignedData 

func (sd *SignedData) GetSignedData() *signedData

func (*SignedData) RemoveAuthenticatedAttributes 

func (sd *SignedData) RemoveAuthenticatedAttributes()

func (*SignedData) RemoveUnauthenticatedAttributes 

func (sd *SignedData) RemoveUnauthenticatedAttributes()

func (*SignedData) SetDigestAlgorithm 

func (sd *SignedData) SetDigestAlgorithm(d asn1.ObjectIdentifier)

func (*SignedData) SetEncryptionAlgorithm 

func (sd *SignedData) SetEncryptionAlgorithm(d asn1.ObjectIdentifier)

func (*SignedData) SignWithoutAttr 

func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error

type SignerInfoConfig 

type SignerInfoConfig struct {
	ExtraSignedAttributes   []Attribute
	ExtraUnsignedAttributes []Attribute
	SkipCertificates        bool
}

type VerifyFunc 

type VerifyFunc func() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.