Documentation
¶
Overview ¶
Package xmlenc is a partial implementation of the xmlenc standard as described in https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html. The purpose of this implementation is to support encrypted SAML assertions.
Index ¶
- Variables
- func Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)
- func Fuzz(data []byte) int
- func RegisterDecrypter(d Decrypter)
- func RegisterDigestMethod(dm DigestMethod)
- type BlockCipher
- type CBC
- type Decrypter
- type DigestMethod
- type Encrypter
- type ErrAlgorithmNotImplemented
- type ErrCannotFindRequiredElement
- type ErrIncorrectKeyLength
- type ErrIncorrectKeyType
- type GCM
- type RSA
Constants ¶
This section is empty.
Variables ¶
var ( // SHA1 implements the SHA-1 digest method (which is considered insecure) SHA1 = digestMethod{ // contains filtered or unexported fields } // SHA256 implements the SHA-256 digest method SHA256 = digestMethod{ // contains filtered or unexported fields } // SHA512 implements the SHA-512 digest method SHA512 = digestMethod{ // contains filtered or unexported fields } // RIPEMD160 implements the RIPEMD160 digest method RIPEMD160 = digestMethod{ // contains filtered or unexported fields } )
var ErrIncorrectTag = fmt.Errorf("tag must be an EncryptedType or EncryptedKey")
ErrIncorrectTag is returned when Decrypt is passed an element which is neither an EncryptedType nor an EncryptedKey
var RandReader = rand.Reader
RandReader is a thunk that allows test to replace the source of randomness used by this package. By default it is Reader from crypto/rand.
Functions ¶
func Decrypt ¶
Decrypt decrypts the encrypted data using the provided key. If the data are encrypted using AES or 3DEC, then the key should be a []byte. If the data are encrypted with PKCS1v15 or RSA-OAEP-MGF1P then key should be a *rsa.PrivateKey.
func RegisterDecrypter ¶
func RegisterDecrypter(d Decrypter)
RegisterDecrypter registers the specified decrypter to that it can be used with Decrypt().
func RegisterDigestMethod ¶
func RegisterDigestMethod(dm DigestMethod)
RegisterDigestMethod registers the specified digest method to that it can be used with Decrypt().
Types ¶
type BlockCipher ¶
BlockCipher implements a cipher with a fixed size key like AES or 3DES.
var ( // AES128CBC implements AES128-CBC symetric key mode for encryption and decryption AES128CBC BlockCipher = CBC{ // contains filtered or unexported fields } // AES192CBC implements AES192-CBC symetric key mode for encryption and decryption AES192CBC BlockCipher = CBC{ // contains filtered or unexported fields } // AES256CBC implements AES256-CBC symetric key mode for encryption and decryption AES256CBC BlockCipher = CBC{ // contains filtered or unexported fields } // TripleDES implements 3DES in CBC mode for encryption and decryption TripleDES BlockCipher = CBC{ // contains filtered or unexported fields } )
var ( // AES128GCM implements AES128-GCM mode for encryption and decryption AES128GCM BlockCipher = GCM{ // contains filtered or unexported fields } )
type CBC ¶
type CBC struct {
// contains filtered or unexported fields
}
CBC implements Decrypter and Encrypter for block ciphers in CBC mode
func (CBC) Algorithm ¶
Algorithm returns the name of the algorithm, as will be found in an xenc:EncryptionMethod element.
func (CBC) Decrypt ¶
Decrypt decrypts an encrypted element with key. If the ciphertext contains an EncryptedKey element, then the type of `key` is determined by the registered Decryptor for the EncryptedKey element. Otherwise, `key` must be a []byte of length KeySize().
type Decrypter ¶
type Decrypter interface {
Algorithm() string
Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error)
}
Decrypter is an interface that decrypts things. The Decrypt() method returns the plaintext version of the EncryptedData or EncryptedKey element passed.
You probably don't have to use this interface directly, instead you may call Decrypt() and it will examine the element to determine which Decrypter to use.
type DigestMethod ¶
DigestMethod represents a digest method such as SHA1, etc.
type Encrypter ¶
type Encrypter interface {
Encrypt(key interface{}, plaintext []byte, nonce []byte) (*etree.Element, error)
}
Encrypter is an interface that encrypts things. Given a plaintext it returns an XML EncryptedData or EncryptedKey element. The required type of `key` varies depending on the implementation.
type ErrAlgorithmNotImplemented ¶
type ErrAlgorithmNotImplemented string
ErrAlgorithmNotImplemented is returned when encryption used is not supported.
func (ErrAlgorithmNotImplemented) Error ¶
func (e ErrAlgorithmNotImplemented) Error() string
type ErrCannotFindRequiredElement ¶
type ErrCannotFindRequiredElement string
ErrCannotFindRequiredElement is returned by Decrypt when a required element cannot be found.
func (ErrCannotFindRequiredElement) Error ¶
func (e ErrCannotFindRequiredElement) Error() string
type ErrIncorrectKeyLength ¶
type ErrIncorrectKeyLength int
ErrIncorrectKeyLength is returned when the fixed length key is not of the required length.
func (ErrIncorrectKeyLength) Error ¶
func (e ErrIncorrectKeyLength) Error() string
type ErrIncorrectKeyType ¶
type ErrIncorrectKeyType string
ErrIncorrectKeyType is returned when the key is not the correct type
func (ErrIncorrectKeyType) Error ¶
func (e ErrIncorrectKeyType) Error() string
type GCM ¶
type GCM struct {
// contains filtered or unexported fields
}
GCM implements Decrypter and Encrypter for block ciphers in struct mode
func (GCM) Algorithm ¶
Algorithm returns the name of the algorithm, as will be found in an xenc:EncryptionMethod element.
func (GCM) Decrypt ¶
Decrypt decrypts an encrypted element with key. If the ciphertext contains an EncryptedKey element, then the type of `key` is determined by the registered Decryptor for the EncryptedKey element. Otherwise, `key` must be a []byte of length KeySize().
type RSA ¶
type RSA struct {
BlockCipher BlockCipher
DigestMethod DigestMethod // only for OAEP
// contains filtered or unexported fields
}
RSA implements Encrypter and Decrypter using RSA public key encryption.
Use function like OAEP(), or PKCS1v15() to get an instance of this type ready to use.
func OAEP ¶
func OAEP() RSA
OAEP returns a version of RSA that implements RSA in OAEP-MGF1P mode. By default the block cipher used is AES-256 CBC and the digest method is SHA-256. You can specify other ciphers and digest methods by assigning to BlockCipher or DigestMethod.
func PKCS1v15 ¶
func PKCS1v15() RSA
PKCS1v15 returns a version of RSA that implements RSA in PKCS1v15 mode. By default the block cipher used is AES-256 CBC. The DigestMethod field is ignored because PKCS1v15 does not use a digest function.
Source Files