pkcs

package
v0.29.3-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2024 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package pkcs implements ciphers used by PKCS#7 & PKCS#8.

Index

Constants

This section is empty.

Variables

View Source 
var AES128CBC = &cbcBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  16,
		newBlock: aes.NewCipher,
		oid:      oidAES128CBC,
	},
	ivSize: aes.BlockSize,
}

AES128CBC is the 128-bit key AES cipher in CBC mode.

View Source 
var AES128GCM = &gcmBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  16,
		newBlock: aes.NewCipher,
		oid:      oidAES128GCM,
	},
	nonceSize: 12,
}

AES128GCM is the 128-bit key AES cipher in GCM mode.

View Source 
var AES192CBC = &cbcBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  24,
		newBlock: aes.NewCipher,
		oid:      oidAES192CBC,
	},
	ivSize: aes.BlockSize,
}

AES192CBC is the 192-bit key AES cipher in CBC mode.

View Source 
var AES192GCM = &gcmBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  24,
		newBlock: aes.NewCipher,
		oid:      oidAES192GCM,
	},
	nonceSize: 12,
}

AES192GCM is the 912-bit key AES cipher in GCM mode.

View Source 
var AES256CBC = &cbcBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  32,
		newBlock: aes.NewCipher,
		oid:      oidAES256CBC,
	},
	ivSize: aes.BlockSize,
}

AES256CBC is the 256-bit key AES cipher in CBC mode.

View Source 
var AES256GCM = &gcmBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  32,
		newBlock: aes.NewCipher,
		oid:      oidAES256GCM,
	},
	nonceSize: 12,
}

AES256GCM is the 256-bit key AES cipher in GCM mode.

View Source 
var DESCBC = &cbcBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  8,
		newBlock: des.NewCipher,
		oid:      oidDESCBC,
	},
	ivSize: des.BlockSize,
}
View Source 
var DefaultOpts = &PBES2Opts{
	Cipher: AES256CBC,
	KDFOpts: PBKDF2Opts{
		SaltSize:       16,
		IterationCount: 2048,
		HMACHash:       SHA256,
		pbkdfOID:       oidPKCS5PBKDF2,
	},
	pbesOID: oidPBES2,
}

DefaultOpts are the default options for encrypting a key if none are given. The defaults can be changed by the library user.

View Source 
var (
	ErrPBEDecryption = errors.New("pbes: decryption error, please verify the password and try again")
)
View Source 
var SM4 = &cbcBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  16,
		newBlock: sm4.NewCipher,
		oid:      oidSM4,
	},
	ivSize: sm4.BlockSize,
}

SM4 is the 128-bit key SM4 cipher in CBC mode, it's just for CFCA.

View Source 
var SM4CBC = &cbcBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  16,
		newBlock: sm4.NewCipher,
		oid:      oidSM4CBC,
	},
	ivSize: sm4.BlockSize,
}

SM4CBC is the 128-bit key SM4 cipher in CBC mode.

View Source 
var SM4ECB = &ecbBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  16,
		newBlock: sm4.NewCipher,
		oid:      oidSM4ECB,
	},
}

SM4ECB is the 128-bit key SM4 cipher in ECB mode.

View Source 
var SM4GCM = &gcmBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  16,
		newBlock: sm4.NewCipher,
		oid:      oidSM4GCM,
	},
	nonceSize: 12,
}

SM4GCM is the 128-bit key SM4 cipher in GCM mode.

View Source 
var TripleDESCBC = &cbcBlockCipher{
	baseBlockCipher: baseBlockCipher{
		keySize:  24,
		newBlock: des.NewTripleDESCipher,
		oid:      oidDESEDE3CBC,
	},
	ivSize: des.BlockSize,
}

TripleDESCBC is the 168-bit key 3DES cipher in CBC mode.

Functions

func IsPBES1 added in v0.28.0 

func IsPBES1(algorithm pkix.AlgorithmIdentifier) bool

func IsPBES2 added in v0.28.0 

func IsPBES2(algorithm pkix.AlgorithmIdentifier) bool

func IsSMPBES added in v0.28.0 

func IsSMPBES(algorithm pkix.AlgorithmIdentifier) bool

func RegisterCipher 

func RegisterCipher(oid asn1.ObjectIdentifier, cipher func() Cipher)

RegisterCipher registers a function that returns a new instance of the given cipher. This allows the library to support client-provided ciphers.

func RegisterKDF added in v0.28.0 

func RegisterKDF(oid asn1.ObjectIdentifier, params func() KDFParameters)

RegisterKDF registers a function that returns a new instance of the given KDF parameters. This allows the library to support client-provided KDFs.

Types

type Cipher 

type Cipher interface {
	// KeySize returns the key size of the cipher, in bytes.
	KeySize() int
	// Encrypt encrypts the key material. The returned AlgorithmIdentifier is
	// the algorithm identifier used for encryption including parameters.
	Encrypt(rand io.Reader, key, plaintext []byte) (*pkix.AlgorithmIdentifier, []byte, error)
	// Decrypt decrypts the key material. The parameters are the parameters from the
	// DER-encoded AlgorithmIdentifier's.
	Decrypt(key []byte, parameters *asn1.RawValue, ciphertext []byte) ([]byte, error)
	// OID returns the OID of the cipher specified.
	OID() asn1.ObjectIdentifier
}

Cipher represents a cipher for encrypting the key material which is used in PBES2.

func GetCipher 

func GetCipher(alg pkix.AlgorithmIdentifier) (Cipher, error)

GetCipher returns an instance of the cipher specified by the given algorithm identifier.

type Hash added in v0.28.0 

type Hash uint

Hash identifies a cryptographic hash function that is implemented in another package. 

const (
	SHA1 Hash = 1 + iota
	SHA224
	SHA256
	SHA384
	SHA512
	SHA512_224
	SHA512_256
	SM3
)

func (Hash) New added in v0.28.0 

func (h Hash) New() hash.Hash

New returns a new hash.Hash calculating the given hash function. New panics if the hash function is not linked into the binary.

type KDFOpts added in v0.28.0 

type KDFOpts interface {
	// DeriveKey derives a key of size bytes from the given password and salt.
	// It returns the key and the ASN.1-encodable parameters used.
	DeriveKey(password, salt []byte, size int) (key []byte, params KDFParameters, err error)
	// GetSaltSize returns the salt size specified.
	GetSaltSize() int
	// OID returns the OID of the KDF specified.
	OID() asn1.ObjectIdentifier
}

KDFOpts contains options for a key derivation function. An implementation of this interface must be specified when encrypting a PKCS#8 key.

type KDFParameters added in v0.28.0 

type KDFParameters interface {
	// DeriveKey derives a key of size bytes from the given password.
	// It uses the salt from the decoded parameters.
	DeriveKey(oidKDF asn1.ObjectIdentifier, password []byte, size int) (key []byte, err error)
	// KeyLength returns the length of the derived key from the params.
	KeyLength() int
}

KDFParameters contains parameters (salt, etc.) for a key deriviation function. It must be a ASN.1-decodable structure. An implementation of this interface is created when decoding an encrypted PKCS#8 key.

type PBES1 added in v0.28.0 

type PBES1 struct {
	Algorithm pkix.AlgorithmIdentifier
}

PBES1 implements the Password-Based Encryption Scheme 1.

func NewPbeWithMD2AndDESCBC added in v0.28.0 

func NewPbeWithMD2AndDESCBC(rand io.Reader, saltLen, iterations int) (*PBES1, error)

func NewPbeWithMD2AndRC2CBC added in v0.28.0 

func NewPbeWithMD2AndRC2CBC(rand io.Reader, saltLen, iterations int) (*PBES1, error)

func NewPbeWithMD5AndDESCBC added in v0.28.0 

func NewPbeWithMD5AndDESCBC(rand io.Reader, saltLen, iterations int) (*PBES1, error)

func NewPbeWithMD5AndRC2CBC added in v0.28.0 

func NewPbeWithMD5AndRC2CBC(rand io.Reader, saltLen, iterations int) (*PBES1, error)

func NewPbeWithSHA1AndDESCBC added in v0.28.0 

func NewPbeWithSHA1AndDESCBC(rand io.Reader, saltLen, iterations int) (*PBES1, error)

func NewPbeWithSHA1AndRC2CBC added in v0.28.0 

func NewPbeWithSHA1AndRC2CBC(rand io.Reader, saltLen, iterations int) (*PBES1, error)

func (*PBES1) Decrypt added in v0.28.0 

func (pbes1 *PBES1) Decrypt(password, ciphertext []byte) ([]byte, KDFParameters, error)

func (*PBES1) Encrypt added in v0.28.0 

func (pbes1 *PBES1) Encrypt(rand io.Reader, password, plaintext []byte) (*pkix.AlgorithmIdentifier, []byte, error)

type PBES2Opts added in v0.28.0 

type PBES2Opts struct {
	Cipher
	KDFOpts
	// contains filtered or unexported fields
}

PBES2Opts contains options for encrypting a key using PBES2.

func (*PBES2Opts) Encrypt added in v0.28.0 

func (opts *PBES2Opts) Encrypt(rand io.Reader, password, plaintext []byte) (*pkix.AlgorithmIdentifier, []byte, error)

Encrypt encrypts the given plaintext using the given password and the options specified.

type PBES2Params added in v0.28.0 

type PBES2Params struct {
	KeyDerivationFunc pkix.AlgorithmIdentifier
	EncryptionScheme  pkix.AlgorithmIdentifier
}

PBKDF2Opts contains algorithm identifiers and related parameters for PBKDF2 key derivation function. 

PBES2-params ::= SEQUENCE {
	keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
	encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
}

func (*PBES2Params) Decrypt added in v0.28.0 

func (pbes2Params *PBES2Params) Decrypt(password, ciphertext []byte) ([]byte, KDFParameters, error)

Decrypt decrypts the given ciphertext using the given password and the options specified.

type PBESEncrypter added in v0.28.0 

type PBESEncrypter interface {
	Encrypt(rand io.Reader, password, plaintext []byte) (*pkix.AlgorithmIdentifier, []byte, error)
}

func NewPBESEncrypter added in v0.28.0 

func NewPBESEncrypter(cipher Cipher, kdfOpts KDFOpts) PBESEncrypter

NewPBES2Encrypter returns a new PBES2Encrypter with the given cipher and KDF options.

func NewSMPBESEncrypter added in v0.28.0 

func NewSMPBESEncrypter(saltSize, iterationCount int) PBESEncrypter

NewSMPBESEncrypter returns a new SMPBESEncrypter (ShangMi PBES Encrypter) with the given salt size and iteration count.

func NewSMPBESEncrypterWithKDF added in v0.28.0 

func NewSMPBESEncrypterWithKDF(kdfOpts KDFOpts) PBESEncrypter

NewSMPBESEncrypterWithKDF returns a new SMPBESEncrypter (ShangMi PBES Encrypter) with the given KDF options.

type PBKDF2Opts added in v0.28.0 

type PBKDF2Opts struct {
	SaltSize       int
	IterationCount int
	HMACHash       Hash
	// contains filtered or unexported fields
}

PBKDF2Opts contains options for the PBKDF2 key derivation function.

func NewPBKDF2Opts added in v0.28.0 

func NewPBKDF2Opts(hash Hash, saltSize, iterationCount int) PBKDF2Opts

NewPBKDF2Opts returns a new PBKDF2Opts with the specified parameters.

func NewSMPBKDF2Opts added in v0.28.0 

func NewSMPBKDF2Opts(saltSize, iterationCount int) PBKDF2Opts

NewSMPBKDF2Opts returns a new PBKDF2Opts (ShangMi PBKDF) with the specified parameters.

func (PBKDF2Opts) DeriveKey added in v0.28.0 

func (p PBKDF2Opts) DeriveKey(password, salt []byte, size int) (
	key []byte, params KDFParameters, err error)

func (PBKDF2Opts) GetSaltSize added in v0.28.0 

func (p PBKDF2Opts) GetSaltSize() int

func (PBKDF2Opts) OID added in v0.28.0 

func (p PBKDF2Opts) OID() asn1.ObjectIdentifier

type ScryptOpts added in v0.28.0 

type ScryptOpts struct {
	SaltSize                 int
	CostParameter            int
	BlockSize                int
	ParallelizationParameter int
}

ScryptOpts contains options for the scrypt key derivation function.

func NewScryptOpts added in v0.28.0 

func NewScryptOpts(saltSize, costParameter, blockSize, parallelizationParameter int) ScryptOpts

NewScryptOpts returns a new ScryptOpts with the specified parameters.

func (ScryptOpts) DeriveKey added in v0.28.0 

func (p ScryptOpts) DeriveKey(password, salt []byte, size int) (
	key []byte, params KDFParameters, err error)

func (ScryptOpts) GetSaltSize added in v0.28.0 

func (p ScryptOpts) GetSaltSize() int

func (ScryptOpts) OID added in v0.28.0 

func (p ScryptOpts) OID() asn1.ObjectIdentifier

Source Files

View all Source files

Directories

Path Synopsis
internal
md2
Package md2 implements the MD2 hash algorithm as defined in RFC 1319.
 Package md2 implements the MD2 hash algorithm as defined in RFC 1319.
rc2
Package rc2 implements the RC2 cipher
 Package rc2 implements the RC2 cipher

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.