Documentation
¶
Overview ¶
Package protocol implemets parts of cryptographic message syntax RFC 5652. This package is mostly for handling of the asn1 sturctures of cms. For de/encryption and signing/verfiying use to package cms.
Index ¶
- Variables
- func ANSIx963KDF(sharedSecret, sharedInfo []byte, keyLen int, hash crypto.Hash) (key []byte, err error)
- func ECDHsharedSecret(curve elliptic.Curve, priv []byte, pubX, pubY *big.Int) []byte
- func IASstring(cert *x509.Certificate) (iasString string, err error)
- type ASN1Error
- type Attribute
- type Attributes
- type AuthEnvelopedData
- type CertificateChoices
- type ContentInfo
- type ECCCMSSharedInfo
- type EncapsulatedContentInfo
- type EncryptedContentInfo
- type EnvelopedData
- type IssuerAndSerialNumber
- type KEKIdentifier
- type KEKRecipientInfo
- type KeyAgreeRecipientIdentifier
- type KeyAgreeRecipientInfo
- type KeyTransRecipientInfo
- type OriginatorIdentifierOrKey
- type OriginatorPublicKey
- type OtherCertificateFormat
- type OtherKeyAttribute
- type OtherRecipientInfo
- type OtherRevocationInfoFormat
- type PasswordRecipientInfo
- type RSAESOAEPparams
- type RecipientEncryptedKey
- type RecipientIdentifier
- type RecipientInfo
- type RecipientKeyIdentifier
- type RevocationInfoChoice
- type SignedData
- func (sd *SignedData) AddCertificate(cert []byte) error
- func (sd *SignedData) AddSignerInfo(keypPair tls.Certificate, attrs []Attribute) (err error)
- func (sd *SignedData) ClearCertificates()
- func (sd *SignedData) ContentInfo() (ContentInfo, error)
- func (sd *SignedData) Verify(Opts x509.VerifyOptions, detached []byte) (chains [][][]*x509.Certificate, err error)
- func (sd *SignedData) X509Certificates() (map[string]*x509.Certificate, error)
- type SignerIdentifier
- type SignerInfo
- func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)
- func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)
- func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)
- func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)
- func (si SignerInfo) Hash() (crypto.Hash, error)
- func (si SignerInfo) SignedIdentifier() (*SignerIdentifier, error)
- func (si SignerInfo) X509SignatureAlgorithm() x509.SignatureAlgorithm
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrWrongType is returned by methods that make assumptions about types. // Helper methods are defined for accessing CHOICE and ANY feilds. These // helper methods get the value of the field, assuming it is of a given type. // This error is returned if that assumption is wrong and the field has a // different type. ErrWrongType = errors.New("cms/protocol: wrong choice or any type") // ErrNoCertificate is returned when a requested certificate cannot be found. ErrNoCertificate = errors.New("no certificate found") // ErrNoKeyFound is returned when a requested certificate cannot be found. ErrNoKeyFound = errors.New("no key for decryption found") // ErrUnsupported is returned when an unsupported type or version // is encountered. ErrUnsupported = ASN1Error{"unsupported type or version"} // ErrTrailingData is returned when extra data is found after parsing an ASN.1 // structure. ErrTrailingData = ASN1Error{"unexpected trailing data"} )
View Source
var ErrUnsupportedAlgorithm = errors.New("cms: cannot decrypt data: unsupported algorithm")
ErrUnsupportedAlgorithm is returned if the algorithm is unsupported.
Functions ¶
func ANSIx963KDF ¶
func ANSIx963KDF(sharedSecret, sharedInfo []byte, keyLen int, hash crypto.Hash) (key []byte, err error)
ANSIx963KDF implents ANSI X9.63 key derivation function
func ECDHsharedSecret ¶
ECDHsharedSecret computes shared secret with ephemeral static ECDH
Types ¶
type ASN1Error ¶
type ASN1Error struct {
Message string
}
ASN1Error is an error from parsing ASN.1 structures.
type Attribute ¶
type Attribute struct {
Type asn1.ObjectIdentifier
// This should be a SET OF ANY, but Go's asn1 parser can't handle slices of
// RawValues. Use value() to get an AnySet of the value.
RawValue []asn1.RawValue `asn1:"set"`
}
Attribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue }
AttributeValue ::= ANY
func NewAttribute ¶
func NewAttribute(attrType asn1.ObjectIdentifier, val interface{}) (attr Attribute, err error)
NewAttribute creates a single-value Attribute.
type Attributes ¶
type Attributes []Attribute
Attributes is a common Go type for SignedAttributes and UnsignedAttributes.
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
func (Attributes) GetOnlyAttributeValueBytes ¶
func (attrs Attributes) GetOnlyAttributeValueBytes(oid asn1.ObjectIdentifier) (rv asn1.RawValue, err error)
GetOnlyAttributeValueBytes gets an attribute value, returning an error if the attribute occurs multiple times or has multiple values.
func (Attributes) GetValues ¶
func (attrs Attributes) GetValues(oid asn1.ObjectIdentifier) ([][]asn1.RawValue, error)
GetValues retreives the attributes with the given OID. A nil value is returned if the OPTIONAL SET of Attributes is missing from the SignerInfo. An empty slice is returned if the specified attribute isn't in the set.
type AuthEnvelopedData ¶
type AuthEnvelopedData struct {
Version int
OriginatorInfo asn1.RawValue `asn1:"optional,tag:0"`
RawRecipientInfos []asn1.RawValue `asn1:"set,choice"`
AECI EncryptedContentInfo
AauthAttrs []Attribute `asn1:"set,optional,tag:1"`
MAC []byte
UnAauthAttrs []Attribute `asn1:"set,optional,tag:2"`
}
AuthEnvelopedData ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
RawRecipientInfos RecipientInfos,
authEncryptedContentInfo EncryptedContentInfo,
/ authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode, unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
https://tools.ietf.org/html/rfc5083##section-2.1
func NewAuthEnvelopedData ¶
func NewAuthEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo, mac []byte) (AuthEnvelopedData, error)
NewAuthEnvelopedData creates AuthEnvelopedData from an EncryptedContentInfo with mac and given RawRecipientInfos.
func (AuthEnvelopedData) ContentInfo ¶
func (ed AuthEnvelopedData) ContentInfo() (ContentInfo, error)
ContentInfo marshals AuthEnvelopedData and returns ContentInfo.
func (*AuthEnvelopedData) Decrypt ¶
func (ed *AuthEnvelopedData) Decrypt(keyPair []tls.Certificate) (plain []byte, err error)
Decrypt decrypts AuthEnvelopedData and returns the plaintext.
func (*AuthEnvelopedData) RecipientInfos ¶
func (ed *AuthEnvelopedData) RecipientInfos() []RecipientInfo
type CertificateChoices ¶
type CertificateChoices struct {
Cert x509.Certificate `asn1:"optional"`
V2AttrCert asn1.RawValue `asn1:"optional,tag:2"`
Other OtherCertificateFormat `asn1:"optional,tag:3"`
}
CertificateChoices ::= CHOICE {
certificate Certificate,
extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
v2AttrCert [2] IMPLICIT AttributeCertificateV2,
other [3] IMPLICIT OtherCertificateFormat }
type ContentInfo ¶
type ContentInfo struct {
ContentType asn1.ObjectIdentifier
Content asn1.RawValue `asn1:"explicit,tag:0"`
}
ContentInfo ::= SEQUENCE {
contentType ContentType,
content [0] EXPLICIT ANY DEFINED BY contentType }
ContentType ::= OBJECT IDENTIFIER
func ParseContentInfo ¶
func ParseContentInfo(der []byte) (ci ContentInfo, err error)
ParseContentInfo parses DER-encoded ASN.1 data and returns ContentInfo.
func (ContentInfo) AuthEnvelopedDataContent ¶
func (ci ContentInfo) AuthEnvelopedDataContent() (*AuthEnvelopedData, error)
AuthEnvelopedDataContent unmarshals ContentInfo and returns AuthEnvelopedData if content type is AuthEnvelopedData.
func (ContentInfo) Base64 ¶
func (ci ContentInfo) Base64() ([]byte, error)
Base64 encodes the DER-encoded ASN.1 data in base64 for use in S/MIME.
func (ContentInfo) DER ¶
func (ci ContentInfo) DER() ([]byte, error)
DER returns the DER-encoded ASN.1 data.
func (ContentInfo) EnvelopedDataContent ¶
func (ci ContentInfo) EnvelopedDataContent() (*EnvelopedData, error)
EnvelopedDataContent returns EnvelopedData if ContentType is EnvelopedData.
func (ContentInfo) SignedDataContent ¶
func (ci ContentInfo) SignedDataContent() (*SignedData, error)
SignedDataContent returns SignedData if ContentType is SignedData.
type ECCCMSSharedInfo ¶
type ECCCMSSharedInfo struct {
}
ECCCMSSharedInfo ECC-CMS-SharedInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier,
entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
suppPubInfo [2] EXPLICIT OCTET STRING }
type EncapsulatedContentInfo ¶
type EncapsulatedContentInfo struct {
EContentType asn1.ObjectIdentifier `` // ContentType ::= OBJECT IDENTIFIER
EContent []byte `asn1:"optional,explicit,tag:0"` //
}
EncapsulatedContentInfo ::= SEQUENCE {
eContentType ContentType,
eContent [0] EXPLICIT OCTET STRING OPTIONAL }
func NewDataEncapsulatedContentInfo ¶
func NewDataEncapsulatedContentInfo(data []byte) (EncapsulatedContentInfo, error)
NewDataEncapsulatedContentInfo creates a new EncapsulatedContentInfo of type id-data.
func NewEncapsulatedContentInfo ¶
func NewEncapsulatedContentInfo(contentType asn1.ObjectIdentifier, content []byte) (EncapsulatedContentInfo, error)
NewEncapsulatedContentInfo creates a new EncapsulatedContentInfo.
func (EncapsulatedContentInfo) IsTypeData ¶
func (eci EncapsulatedContentInfo) IsTypeData() bool
IsTypeData checks if the EContentType is id-data.
type EncryptedContentInfo ¶
type EncryptedContentInfo struct {
EContentType asn1.ObjectIdentifier
ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
EContent []byte `asn1:"optional,implicit,tag:0"`
}
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
func NewEncryptedContentInfo ¶
func NewEncryptedContentInfo(contentType asn1.ObjectIdentifier, contentEncryptionAlg asn1.ObjectIdentifier, content []byte) (eci EncryptedContentInfo, key, mac []byte, err error)
NewEncryptedContentInfo encrypts the conent with the contentEncryptionAlgorithm and retuns the EncryptedContentInfo, the key and the MAC.
type EnvelopedData ¶
type EnvelopedData struct {
Version int
OriginatorInfo asn1.RawValue `asn1:"optional,tag:0"`
RawRecipientInfos []asn1.RawValue `asn1:"set"`
ECI EncryptedContentInfo ``
UnprotectedAttrs []Attribute `asn1:"set,optional,tag:1"`
}
EnvelopedData ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
RawRecipientInfos RawRecipientInfos,
encryptedContentInfo EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
func NewEnvelopedData ¶
func NewEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo) (EnvelopedData, error)
NewEnvelopedData creates a new EnvelopedData from the given data.
func (EnvelopedData) ContentInfo ¶
func (ed EnvelopedData) ContentInfo() (ContentInfo, error)
ContentInfo returns new ContentInfo with ContentType EnvelopedData.
func (*EnvelopedData) Decrypt ¶
func (ed *EnvelopedData) Decrypt(keyPairs []tls.Certificate) (plain []byte, err error)
Decrypt decrypts the EnvelopedData with the given keyPair and retuns the plaintext.
func (*EnvelopedData) RecipientInfos ¶
func (ed *EnvelopedData) RecipientInfos() []RecipientInfo
type IssuerAndSerialNumber ¶
IssuerAndSerialNumber ::= SEQUENCE {
issuer Name,
serialNumber CertificateSerialNumber }
CertificateSerialNumber ::= INTEGER
func NewIssuerAndSerialNumber ¶
func NewIssuerAndSerialNumber(cert *x509.Certificate) (sid IssuerAndSerialNumber, err error)
NewIssuerAndSerialNumber creates a IssuerAndSerialNumber SID for the given cert.
func (*IssuerAndSerialNumber) Equal ¶
func (ias *IssuerAndSerialNumber) Equal(ias2 IssuerAndSerialNumber) bool
Equal returns true if ias and ias2 agree.
type KEKIdentifier ¶
type KEKIdentifier struct {
KeyIdentifier []byte
Date time.Time `asn1:"optional"`
Other OtherKeyAttribute `asn1:"optional"`
}
KEKIdentifier ::= SEQUENCE { keyIdentifier OCTET STRING, date GeneralizedTime OPTIONAL, other OtherKeyAttribute OPTIONAL }
type KEKRecipientInfo ¶
type KEKRecipientInfo struct {
Version int
KEKId KEKIdentifier
KeyEncryptionAlgorithm pkix.AlgorithmIdentifier
EncryptedKey []byte
}
KEKRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 4 kekid KEKIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey }
func (*KEKRecipientInfo) MarshalASN1RawValue ¶
func (kekRI *KEKRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)
type KeyAgreeRecipientIdentifier ¶
type KeyAgreeRecipientIdentifier struct {
IAS *IssuerAndSerialNumber `asn1:"optional"`
RKeyID *RecipientKeyIdentifier `asn1:"optional,tag:0"`
}
KeyAgreeRecipientIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
rKeyId [0] IMPLICIT RecipientKeyIdentifier }
type KeyAgreeRecipientInfo ¶
type KeyAgreeRecipientInfo struct {
Version int
//Originator OriginatorIdentifierOrKey `asn1:"explicit,choice,tag:0"`
RawOriginator asn1.RawValue `asn1:"explicit,choice,tag:0"`
UKM []byte `asn1:"explicit,optional,tag:1"`
KeyEncryptionAlgorithm pkix.AlgorithmIdentifier ``
RecipientEncryptedKeys []RecipientEncryptedKey `asn1:"sequence"` //RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
}
func (*KeyAgreeRecipientInfo) MarshalASN1RawValue ¶
func (kari *KeyAgreeRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)
type KeyTransRecipientInfo ¶
type KeyTransRecipientInfo struct {
Version int
RawRid asn1.RawValue
KeyEncryptionAlgorithm pkix.AlgorithmIdentifier
EncryptedKey []byte
}
func (*KeyTransRecipientInfo) MarshalASN1RawValue ¶
func (ktri *KeyTransRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)
type OriginatorIdentifierOrKey ¶
type OriginatorIdentifierOrKey struct {
IAS *IssuerAndSerialNumber
SKI []byte
OriginatorKey *OriginatorPublicKey
}
OriginatorIdentifierOrKey ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] ExtensionSubjectKeyIdentifier,
originatorKey [1] OriginatorPublicKey }
type OriginatorPublicKey ¶
type OriginatorPublicKey struct {
Algorithm pkix.AlgorithmIdentifier
PublicKey asn1.BitString
}
OriginatorPublicKey ::= SEQUENCE {
algorithm AlgorithmIdentifier,
publicKey BIT STRING
type OtherCertificateFormat ¶
type OtherCertificateFormat struct {
OtherCertFormat asn1.ObjectIdentifier
OtherCert asn1.RawValue
}
OtherCertificateFormat ::= SEQUENCE {
otherCertFormat OBJECT IDENTIFIER,
otherCert ANY DEFINED BY otherCertFormat }
type OtherKeyAttribute ¶
type OtherKeyAttribute struct {
KeyAttrID asn1.ObjectIdentifier
KeyAttr asn1.RawValue `asn1:"optional"`
}
OtherKeyAttribute ::= SEQUENCE {
keyAttrId OBJECT IDENTIFIER,
keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
type OtherRecipientInfo ¶
type OtherRecipientInfo struct {
OriType asn1.ObjectIdentifier
OriValue asn1.RawValue
}
OtherRecipientInfo ::= SEQUENCE { oriType OBJECT IDENTIFIER, oriValue ANY DEFINED BY oriType }
func (*OtherRecipientInfo) MarshalASN1RawValue ¶
func (oRI *OtherRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)
type OtherRevocationInfoFormat ¶
type OtherRevocationInfoFormat struct {
OtherRevInfoFormat asn1.ObjectIdentifier
OtherRevInfo asn1.RawValue
}
OtherRevocationInfoFormat ::= SEQUENCE {
otherRevInfoFormat OBJECT IDENTIFIER,
otherRevInfo ANY DEFINED BY otherRevInfoFormat }
type PasswordRecipientInfo ¶
type PasswordRecipientInfo struct {
Version int
KeyDerivationAlgorithm pkix.AlgorithmIdentifier `asn1:"optional"`
KeyEncryptionAlgorithm pkix.AlgorithmIdentifier
EncryptedKey []byte
}
PasswordRecipientInfo ::= SEQUENCE { version CMSVersion, -- Always set to 0 keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey }
func (*PasswordRecipientInfo) MarshalASN1RawValue ¶
func (pwRI *PasswordRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)
type RSAESOAEPparams ¶
type RSAESOAEPparams struct {
HashFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:0"`
MaskGenFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:1"`
PSourceFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:2"`
}
RSAESOAEPparams ::= SEQUENCE {
hashFunc [0] AlgorithmIdentifier DEFAULT sha1Identifier,
maskGenFunc [1] AlgorithmIdentifier DEFAULT mgf1SHA1Identifier,
pSourceFunc [2] AlgorithmIdentifier DEFAULT
pSpecifiedEmptyIdentifier }
type RecipientEncryptedKey ¶
type RecipientEncryptedKey struct {
//RID KeyAgreeRecipientIdentifier `asn1:"choice"`
RawRID asn1.RawValue
EncryptedKey []byte
}
RecipientEncryptedKey ::= SEQUENCE {
rid KeyAgreeRecipientIdentifier,
encryptedKey EncryptedKey }
type RecipientIdentifier ¶
type RecipientIdentifier struct {
IAS *IssuerAndSerialNumber
SKI []byte
}
RecipientIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] ExtensionSubjectKeyIdentifier }
type RecipientInfo ¶
type RecipientInfo interface {
MarshalASN1RawValue() (asn1.RawValue, error)
// contains filtered or unexported methods
}
func NewRecipientInfo ¶
func NewRecipientInfo(recipient *x509.Certificate, key []byte) (RecipientInfo, error)
NewRecipientInfo creates RecipientInfo for giben recipient and key.
func ParseRecipientInfo ¶
func ParseRecipientInfo(value asn1.RawValue) (RecipientInfo, error)
type RecipientKeyIdentifier ¶
type RecipientKeyIdentifier struct {
SubjectKeyIdentifier []byte //SubjectKeyIdentifier ::= OCTET STRING
Date time.Time `asn1:"optional"`
Other OtherKeyAttribute `asn1:"optional"`
}
RecipientKeyIdentifier ::= SEQUENCE {
subjectKeyIdentifier SubjectKeyIdentifier,
date GeneralizedTime OPTIONAL,
other OtherKeyAttribute OPTIONAL }
type RevocationInfoChoice ¶
type RevocationInfoChoice struct {
Crl pkix.CertificateList `asn1:"optional"`
Other OtherRevocationInfoFormat `asn1:"optional,tag:1"`
}
RevocationInfoChoice ::= CHOICE {
crl CertificateList,
other [1] IMPLICIT OtherRevocationInfoFormat }
type SignedData ¶
type SignedData struct {
Version int `` // CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
DigestAlgorithms []pkix.AlgorithmIdentifier `asn1:"set"` //DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier //DigestAlgorithmIdentifier ::= AlgorithmIdentifier
EncapContentInfo EncapsulatedContentInfo `` //
Certificates []asn1.RawValue `asn1:"optional,set,tag:0"` // CertificateSet ::= SET OF CertificateChoices
CRLs []RevocationInfoChoice `asn1:"optional,set,tag:1"` // RevocationInfoChoices ::= SET OF RevocationInfoChoice
SignerInfos []SignerInfo `asn1:"set"` // SignerInfos ::= SET OF SignerInfo
}
SignedData ::= SEQUENCE {
version CMSVersion,
digestAlgorithms DigestAlgorithmIdentifiers,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
signerInfos SignerInfos }
func NewSignedData ¶
func NewSignedData(eci EncapsulatedContentInfo) (*SignedData, error)
NewSignedData creates a new SignedData.
func (*SignedData) AddCertificate ¶
func (sd *SignedData) AddCertificate(cert []byte) error
AddCertificate adds a *x509.Certificate.
func (*SignedData) AddSignerInfo ¶
func (sd *SignedData) AddSignerInfo(keypPair tls.Certificate, attrs []Attribute) (err error)
AddSignerInfo adds a SignerInfo to the SignedData.
func (*SignedData) ClearCertificates ¶
func (sd *SignedData) ClearCertificates()
ClearCertificates removes all certificates.
func (*SignedData) ContentInfo ¶
func (sd *SignedData) ContentInfo() (ContentInfo, error)
ContentInfo returns the SignedData wrapped in a ContentInfo packet.
func (*SignedData) Verify ¶
func (sd *SignedData) Verify(Opts x509.VerifyOptions, detached []byte) (chains [][][]*x509.Certificate, err error)
Verify checks the signature
func (*SignedData) X509Certificates ¶
func (sd *SignedData) X509Certificates() (map[string]*x509.Certificate, error)
X509Certificates gets the certificates, assuming that they're X.509 encoded.
type SignerIdentifier ¶
type SignerIdentifier struct {
IAS IssuerAndSerialNumber `asn1:"optional"`
SKI []byte `asn1:"optional,tag:0"`
}
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] ExtensionSubjectKeyIdentifier }
func (SignerIdentifier) ToASN1RawValue ¶
func (sid SignerIdentifier) ToASN1RawValue() (asn1.RawValue, error)
type SignerInfo ¶
type SignerInfo struct {
Version int `` // CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
SID asn1.RawValue `` //
DigestAlgorithm pkix.AlgorithmIdentifier `` // DigestAlgorithmIdentifier ::= AlgorithmIdentifier
SignedAttrs []Attribute `asn1:"set,optional,tag:0"` // SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
SignatureAlgorithm pkix.AlgorithmIdentifier `` // SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
Signature []byte `` // SignatureValue ::= OCTET STRING
UnsignedAttrs []Attribute `asn1:"set,optional,tag:1"` // UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
}
SignerInfo ::= SEQUENCE {
version CMSVersion,
sid SignerIdentifier,
digestAlgorithm DigestAlgorithmIdentifier,
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
signatureAlgorithm SignatureAlgorithmIdentifier,
signature SignatureValue,
unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
func (SignerInfo) FindCertificate ¶
func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)
FindCertificate finds this SignerInfo's certificate in a slice of certificates.
func (SignerInfo) GetContentTypeAttribute ¶
func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)
GetContentTypeAttribute gets the signed ContentType attribute from the SignerInfo.
func (SignerInfo) GetMessageDigestAttribute ¶
func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)
GetMessageDigestAttribute gets the signed MessageDigest attribute from the SignerInfo.
func (SignerInfo) GetSigningTimeAttribute ¶
func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)
GetSigningTimeAttribute gets the signed SigningTime attribute from the SignerInfo.
func (SignerInfo) Hash ¶
func (si SignerInfo) Hash() (crypto.Hash, error)
Hash gets the crypto.Hash associated with this SignerInfo's DigestAlgorithm. 0 is returned for unrecognized algorithms.
func (SignerInfo) SignedIdentifier ¶
func (si SignerInfo) SignedIdentifier() (*SignerIdentifier, error)
version is the syntax version number. If the SignerIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 1. If the SignerIdentifier is subjectKeyIdentifier, then the version MUST be 3.
func (SignerInfo) X509SignatureAlgorithm ¶
func (si SignerInfo) X509SignatureAlgorithm() x509.SignatureAlgorithm
X509SignatureAlgorithm gets the x509.SignatureAlgorithm that should be used for verifying this SignerInfo's signature.
Source Files
¶
- asn1.go
- attribute.go
- authenvdata.go
- choice_kari_rid.go
- choice_orig_id_or_key.go
- choice_recipient_id.go
- contentinfo.go
- ecdh.go
- eci.go
- enci.go
- envelopeddata.go
- error.go
- issuerserialnumber.go
- pssoaep.go
- reciepientinfo.go
- recinfo_kari.go
- recinfo_kekri.go
- recinfo_ktri.go
- recinfo_ori.go
- recinfo_pwri.go
- signeddata.go
- signerinfo.go
Click to show internal directories.
Click to hide internal directories.