Documentation ¶
Index ¶
- Constants
- Variables
- func CheckSignature(cert *Certificate, msg []byte, signature []byte) error
- func InitNodeStakingKeyPair(keyPath, certPath string) error
- func LoadTLSCertFromBytes(keyBytes, certBytes []byte) (*tls.Certificate, error)
- func LoadTLSCertFromFiles(keyPath, certPath string) (*tls.Certificate, error)
- func NewCertAndKeyBytes() ([]byte, []byte, error)
- func NewTLSCert() (*tls.Certificate, error)
- func ValidateCertificate(cert *Certificate) error
- type Certificate
Constants ¶
const (
MaxCertificateLen = 2 * units.KiB
)
Variables ¶
var ( ErrCertificateTooLarge = fmt.Errorf("staking: certificate length is greater than %d", MaxCertificateLen) ErrMalformedCertificate = errors.New("staking: malformed certificate") ErrMalformedTBSCertificate = errors.New("staking: malformed tbs certificate") ErrMalformedVersion = errors.New("staking: malformed version") ErrMalformedSerialNumber = errors.New("staking: malformed serial number") ErrMalformedSignatureAlgorithmIdentifier = errors.New("staking: malformed signature algorithm identifier") ErrMalformedIssuer = errors.New("staking: malformed issuer") ErrMalformedValidity = errors.New("staking: malformed validity") ErrMalformedSPKI = errors.New("staking: malformed spki") ErrMalformedPublicKeyAlgorithmIdentifier = errors.New("staking: malformed public key algorithm identifier") ErrMalformedSubjectPublicKey = errors.New("staking: malformed subject public key") ErrMalformedOID = errors.New("staking: malformed oid") ErrInvalidRSAPublicKey = errors.New("staking: invalid RSA public key") ErrInvalidRSAModulus = errors.New("staking: invalid RSA modulus") ErrInvalidRSAPublicExponent = errors.New("staking: invalid RSA public exponent") ErrRSAModulusNotPositive = errors.New("staking: RSA modulus is not a positive number") ErrUnsupportedRSAModulusBitLen = errors.New("staking: unsupported RSA modulus bitlen") ErrRSAModulusIsEven = errors.New("staking: RSA modulus is an even number") ErrUnsupportedRSAPublicExponent = errors.New("staking: unsupported RSA public exponent") ErrFailedUnmarshallingEllipticCurvePoint = errors.New("staking: failed to unmarshal elliptic curve point") ErrUnknownPublicKeyAlgorithm = errors.New("staking: unknown public key algorithm") )
var ( ErrUnsupportedAlgorithm = errors.New("staking: cannot verify signature: unsupported algorithm") ErrPublicKeyAlgoMismatch = errors.New("staking: signature algorithm specified different public key type") ErrInvalidECDSAPublicKey = errors.New("staking: invalid ECDSA public key") ErrECDSAVerificationFailure = errors.New("staking: ECDSA verification failure") )
Functions ¶
func CheckSignature ¶
func CheckSignature(cert *Certificate, msg []byte, signature []byte) error
CheckSignature verifies that the signature is a valid signature over signed from the certificate.
Ref: https://github.com/golang/go/blob/go1.19.12/src/crypto/x509/x509.go#L793-L797 Ref: https://github.com/golang/go/blob/go1.19.12/src/crypto/x509/x509.go#L816-L879
func InitNodeStakingKeyPair ¶
InitNodeStakingKeyPair generates a self-signed TLS key/cert pair to use in staking. The key and files will be placed at [keyPath] and [certPath], respectively. If there is already a file at [keyPath], returns nil.
func LoadTLSCertFromBytes ¶
func LoadTLSCertFromBytes(keyBytes, certBytes []byte) (*tls.Certificate, error)
func LoadTLSCertFromFiles ¶
func LoadTLSCertFromFiles(keyPath, certPath string) (*tls.Certificate, error)
func NewCertAndKeyBytes ¶
Creates a new staking private key / staking certificate pair. Returns the PEM byte representations of both.
func NewTLSCert ¶
func NewTLSCert() (*tls.Certificate, error)
func ValidateCertificate ¶
func ValidateCertificate(cert *Certificate) error
ValidateCertificate verifies that this certificate conforms to the required staking format assuming that it was already able to be parsed.
TODO: Remove after v1.11.x activates.
Types ¶
type Certificate ¶
type Certificate struct { Raw []byte PublicKey crypto.PublicKey // TODO: Remove after v1.11.x activates. SignatureAlgorithm x509.SignatureAlgorithm }
func CertificateFromX509 ¶
func CertificateFromX509(cert *x509.Certificate) *Certificate
CertificateFromX509 converts an x509 certificate into a staking certificate.
Invariant: The provided certificate must be a parseable into a staking certificate.
func ParseCertificate ¶
func ParseCertificate(der []byte) (*Certificate, error)
ParseCertificate parses a single certificate from the given ASN.1 DER data.
TODO: Remove after v1.11.x activates.
func ParseCertificatePermissive ¶
func ParseCertificatePermissive(bytes []byte) (*Certificate, error)
ParseCertificatePermissive parses a single certificate from the given ASN.1.
This function does not validate that the certificate is valid to be used against normal TLS implementations.
Ref: https://github.com/golang/go/blob/go1.19.12/src/crypto/x509/parser.go#L789-L968