xmlenc

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 14, 2022 License: BSD-2-Clause Imports: 18 Imported by: 0

Documentation

Overview

Package xmlenc is a partial implementation of the xmlenc standard as described in https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html. The purpose of this implementation is to support encrypted SAML assertions.

Index

Constants

This section is empty.

Variables

View Source
var (
	// SHA1 implements the SHA-1 digest method (which is considered insecure)
	SHA1 = digestMethod{
			// contains filtered or unexported fields
	}

	// SHA256 implements the SHA-256 digest method
	SHA256 = digestMethod{
			// contains filtered or unexported fields
	}

	// SHA512 implements the SHA-512 digest method
	SHA512 = digestMethod{
			// contains filtered or unexported fields
	}

	// RIPEMD160 implements the RIPEMD160 digest method
	RIPEMD160 = digestMethod{
				// contains filtered or unexported fields
	}
)
View Source
var ErrIncorrectTag = fmt.Errorf("tag must be an EncryptedType or EncryptedKey")

ErrIncorrectTag is returned when Decrypt is passed an element which is neither an EncryptedType nor an EncryptedKey

View Source
var RandReader = rand.Reader

RandReader is a thunk that allows test to replace the source of randomness used by this package. By default it is Reader from crypto/rand.

Functions

func Decrypt

func Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)

Decrypt decrypts the encrypted data using the provided key. If the data are encrypted using AES or 3DEC, then the key should be a []byte. If the data are encrypted with PKCS1v15 or RSA-OAEP-MGF1P then key should be a *rsa.PrivateKey.

func Fuzz

func Fuzz(data []byte) int

Fuzz is the go-fuzz fuzzing function

func RegisterDecrypter

func RegisterDecrypter(d Decrypter)

RegisterDecrypter registers the specified decrypter to that it can be used with Decrypt().

func RegisterDigestMethod

func RegisterDigestMethod(dm DigestMethod)

RegisterDigestMethod registers the specified digest method to that it can be used with Decrypt().

Types

type BlockCipher

type BlockCipher interface {
	Encrypter
	Decrypter
	KeySize() int
}

BlockCipher implements a cipher with a fixed size key like AES or 3DES.

var (
	// AES128CBC implements AES128-CBC symetric key mode for encryption and decryption
	AES128CBC BlockCipher = CBC{
				// contains filtered or unexported fields
	}

	// AES192CBC implements AES192-CBC symetric key mode for encryption and decryption
	AES192CBC BlockCipher = CBC{
				// contains filtered or unexported fields
	}

	// AES256CBC implements AES256-CBC symetric key mode for encryption and decryption
	AES256CBC BlockCipher = CBC{
				// contains filtered or unexported fields
	}

	// TripleDES implements 3DES in CBC mode for encryption and decryption
	TripleDES BlockCipher = CBC{
				// contains filtered or unexported fields
	}
)
var (
	// AES128GCM implements AES128-GCM mode for encryption and decryption
	AES128GCM BlockCipher = GCM{
		// contains filtered or unexported fields
	}
)

type CBC

type CBC struct {
	// contains filtered or unexported fields
}

CBC implements Decrypter and Encrypter for block ciphers in CBC mode

func (CBC) Algorithm

func (e CBC) Algorithm() string

Algorithm returns the name of the algorithm, as will be found in an xenc:EncryptionMethod element.

func (CBC) Decrypt

func (e CBC) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)

Decrypt decrypts an encrypted element with key. If the ciphertext contains an EncryptedKey element, then the type of `key` is determined by the registered Decryptor for the EncryptedKey element. Otherwise, `key` must be a []byte of length KeySize().

func (CBC) Encrypt

func (e CBC) Encrypt(key interface{}, plaintext []byte) (*etree.Element, error)

Encrypt encrypts plaintext with key, which should be a []byte of length KeySize(). It returns an xenc:EncryptedData element.

func (CBC) KeySize

func (e CBC) KeySize() int

KeySize returns the length of the key required.

type Decrypter

type Decrypter interface {
	Algorithm() string
	Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)
}

Decrypter is an interface that decrypts things. The Decrypt() method returns the plaintext version of the EncryptedData or EncryptedKey element passed.

You probably don't have to use this interface directly, instead you may call Decrypt() and it will examine the element to determine which Decrypter to use.

type DigestMethod

type DigestMethod interface {
	Algorithm() string
	Hash() hash.Hash
}

DigestMethod represents a digest method such as SHA1, etc.

type Encrypter

type Encrypter interface {
	Encrypt(key interface{}, plaintext []byte) (*etree.Element, error)
}

Encrypter is an interface that encrypts things. Given a plaintext it returns an XML EncryptedData or EncryptedKey element. The required type of `key` varies depending on the implementation.

type ErrAlgorithmNotImplemented

type ErrAlgorithmNotImplemented string

ErrAlgorithmNotImplemented is returned when encryption used is not supported.

func (ErrAlgorithmNotImplemented) Error

type ErrCannotFindRequiredElement

type ErrCannotFindRequiredElement string

ErrCannotFindRequiredElement is returned by Decrypt when a required element cannot be found.

func (ErrCannotFindRequiredElement) Error

type ErrIncorrectKeyLength

type ErrIncorrectKeyLength int

ErrIncorrectKeyLength is returned when the fixed length key is not of the required length.

func (ErrIncorrectKeyLength) Error

func (e ErrIncorrectKeyLength) Error() string

type ErrIncorrectKeyType

type ErrIncorrectKeyType string

ErrIncorrectKeyType is returned when the key is not the correct type

func (ErrIncorrectKeyType) Error

func (e ErrIncorrectKeyType) Error() string

type GCM added in v1.1.0

type GCM struct {
	// contains filtered or unexported fields
}

struct implements Decrypter and Encrypter for block ciphers in struct mode

func (GCM) Algorithm added in v1.1.0

func (e GCM) Algorithm() string

Algorithm returns the name of the algorithm, as will be found in an xenc:EncryptionMethod element.

func (GCM) Decrypt added in v1.1.0

func (e GCM) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)

Decrypt decrypts an encrypted element with key. If the ciphertext contains an EncryptedKey element, then the type of `key` is determined by the registered Decryptor for the EncryptedKey element. Otherwise, `key` must be a []byte of length KeySize().

func (GCM) Encrypt added in v1.1.0

func (e GCM) Encrypt(key interface{}, plaintext []byte) (*etree.Element, error)

func (GCM) KeySize added in v1.1.0

func (e GCM) KeySize() int

KeySize returns the length of the key required.

type RSA

type RSA struct {
	BlockCipher  BlockCipher
	DigestMethod DigestMethod // only for OAEP
	// contains filtered or unexported fields
}

RSA implements Encrypter and Decrypter using RSA public key encryption.

Use function like OAEP(), or PKCS1v15() to get an instance of this type ready to use.

func OAEP

func OAEP() RSA

OAEP returns a version of RSA that implements RSA in OAEP-MGF1P mode. By default the block cipher used is AES-256 CBC and the digest method is SHA-256. You can specify other ciphers and digest methods by assigning to BlockCipher or DigestMethod.

func PKCS1v15

func PKCS1v15() RSA

PKCS1v15 returns a version of RSA that implements RSA in PKCS1v15 mode. By default the block cipher used is AES-256 CBC. The DigestMethod field is ignored because PKCS1v15 does not use a digest function.

func (RSA) Algorithm

func (e RSA) Algorithm() string

Algorithm returns the name of the algorithm

func (RSA) Decrypt

func (e RSA) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)

Decrypt implements Decryptor. `key` must be an *rsa.PrivateKey.

func (RSA) Encrypt

func (e RSA) Encrypt(certificate interface{}, plaintext []byte) (*etree.Element, error)

Encrypt implements encrypter. certificate must be a []byte containing the ASN.1 bytes of certificate containing an RSA public key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL