primitives

package
v0.0.0-...-00d340d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 22, 2019 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AESKeyLength is the default AES key length
	AESKeyLength = 32

	// NonceSize is the default NonceSize
	NonceSize = 24
)

Variables

View Source
var (
	// ErrEncryption Error during encryption
	ErrEncryption = errors.New("Error during encryption.")

	// ErrDecryption Error during decryption
	ErrDecryption = errors.New("Error during decryption.")

	// ErrInvalidSecretKeyType Invalid Secret Key type
	ErrInvalidSecretKeyType = errors.New("Invalid Secret Key type.")

	// ErrInvalidPublicKeyType Invalid Public Key type
	ErrInvalidPublicKeyType = errors.New("Invalid Public Key type.")

	// ErrInvalidKeyParameter Invalid Key Parameter
	ErrInvalidKeyParameter = errors.New("Invalid Key Parameter.")

	// ErrInvalidNilKeyParameter Invalid Nil Key Parameter
	ErrInvalidNilKeyParameter = errors.New("Invalid Nil Key Parameter.")

	// ErrInvalidKeyGeneratorParameter Invalid Key Generator Parameter
	ErrInvalidKeyGeneratorParameter = errors.New("Invalid Key Generator Parameter.")
)
View Source
var (
	// TCertEncTCertIndex oid for TCertIndex
	TCertEncTCertIndex = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 7}

	// TCertEncEnrollmentID is the ASN1 object identifier of the TCert index.
	TCertEncEnrollmentID = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 8}

	// TCertEncAttributesBase is the base ASN1 object identifier for attributes.
	// When generating an extension to include the attribute an index will be
	// appended to this Object Identifier.
	TCertEncAttributesBase = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6}

	// TCertAttributesHeaders is the ASN1 object identifier of attributes header.
	TCertAttributesHeaders = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 9}
)

Functions

func AEStoEncryptedPEM

func AEStoEncryptedPEM(raw []byte, pwd []byte) ([]byte, error)

AEStoEncryptedPEM encapsulates an AES key in the encrypted PEM format

func AEStoPEM

func AEStoPEM(raw []byte) []byte

AEStoPEM encapsulates an AES key in the PEM format

func CBCDecrypt

func CBCDecrypt(key, src []byte) ([]byte, error)

CBCDecrypt decrypts using CBC mode

func CBCEncrypt

func CBCEncrypt(key, s []byte) ([]byte, error)

CBCEncrypt encrypts using CBC mode

func CBCPKCS7Decrypt

func CBCPKCS7Decrypt(key, src []byte) ([]byte, error)

CBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding

func CBCPKCS7Encrypt

func CBCPKCS7Encrypt(key, src []byte) ([]byte, error)

CBCPKCS7Encrypt combines CBC encryption and PKCS7 padding

func CheckCertAgainRoot

func CheckCertAgainRoot(x509Cert *x509.Certificate, certPool *x509.CertPool) ([][]*x509.Certificate, error)

CheckCertAgainRoot check the validity of the passed certificate against the passed certPool

func CheckCertAgainstSKAndRoot

func CheckCertAgainstSKAndRoot(x509Cert *x509.Certificate, privateKey interface{}, certPool *x509.CertPool) error

CheckCertAgainstSKAndRoot checks the passed certificate against the passed secretkey and certPool

func CheckCertPKAgainstSK

func CheckCertPKAgainstSK(x509Cert *x509.Certificate, privateKey interface{}) error

CheckCertPKAgainstSK checks certificate's publickey against the passed secret key

func DERCertToPEM

func DERCertToPEM(der []byte) []byte

DERCertToPEM converts der to pem

func DERToPrivateKey

func DERToPrivateKey(der []byte) (key interface{}, err error)

DERToPrivateKey unmarshals a der to private key

func DERToPublicKey

func DERToPublicKey(derBytes []byte) (pub interface{}, err error)

DERToPublicKey unmarshals a der to public key

func DERToX509Certificate

func DERToX509Certificate(asn1Data []byte) (*x509.Certificate, error)

DERToX509Certificate converts der to x509

func ECDSASign

func ECDSASign(signKey interface{}, msg []byte) ([]byte, error)

ECDSASign signs

func ECDSASignDirect

func ECDSASignDirect(signKey interface{}, msg []byte) (*big.Int, *big.Int, error)

ECDSASignDirect signs

func ECDSAVerify

func ECDSAVerify(verKey interface{}, msg, signature []byte) (bool, error)

ECDSAVerify verifies

func GenAESKey

func GenAESKey() ([]byte, error)

GenAESKey returns a random AES key of length AESKeyLength

func GetCriticalExtension

func GetCriticalExtension(cert *x509.Certificate, oid asn1.ObjectIdentifier) ([]byte, error)

GetCriticalExtension returns a requested critical extension. It also remove it from the list of unhandled critical extensions

func GetDefaultCurve

func GetDefaultCurve() elliptic.Curve

GetDefaultCurve returns the default elliptic curve used by the crypto layer

func GetDefaultHash

func GetDefaultHash() func() hash.Hash

GetDefaultHash returns the default hash function used by the crypto layer

func GetHashAlgorithm

func GetHashAlgorithm() string

GetHashAlgorithm return the default hash algorithm

func GetRandomBytes

func GetRandomBytes(len int) ([]byte, error)

GetRandomBytes returns len random looking bytes

func GetRandomNonce

func GetRandomNonce() ([]byte, error)

GetRandomNonce returns a random byte array of length NonceSize

func HMAC

func HMAC(key, x []byte) []byte

HMAC hmacs x using key key

func HMACAESTruncated

func HMACAESTruncated(key, x []byte) []byte

HMACAESTruncated hmacs x using key key and truncate to AESKeyLength

func HMACTruncated

func HMACTruncated(key, x []byte, truncation int) []byte

HMACTruncated hmacs x using key key and truncate to truncation

func Hash

func Hash(msg []byte) []byte

Hash hashes the msh using the predefined hash function

func InitSecurityLevel

func InitSecurityLevel(algorithm string, level int) (err error)

InitSecurityLevel initialize the crypto layer at the given security level

func NewECDSAKey

func NewECDSAKey() (*ecdsa.PrivateKey, error)

NewECDSAKey generates a new ECDSA Key

func NewHash

func NewHash() hash.Hash

NewHash returns a new hash function

func NewSelfSignedCert

func NewSelfSignedCert() ([]byte, interface{}, error)

NewSelfSignedCert create a self signed certificate

func PEMtoAES

func PEMtoAES(raw []byte, pwd []byte) ([]byte, error)

PEMtoAES extracts from the PEM an AES key

func PEMtoCertificate

func PEMtoCertificate(raw []byte) (*x509.Certificate, error)

PEMtoCertificate converts pem to x509

func PEMtoCertificateAndDER

func PEMtoCertificateAndDER(raw []byte) (*x509.Certificate, []byte, error)

PEMtoCertificateAndDER converts pem to x509 and der

func PEMtoDER

func PEMtoDER(raw []byte) ([]byte, error)

PEMtoDER converts pem to der

func PEMtoPrivateKey

func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error)

PEMtoPrivateKey unmarshals a pem to private key

func PEMtoPublicKey

func PEMtoPublicKey(raw []byte, pwd []byte) (interface{}, error)

PEMtoPublicKey unmarshals a pem to public key

func PKCS7Padding

func PKCS7Padding(src []byte) []byte

PKCS7Padding pads as prescribed by the PKCS7 standard

func PKCS7UnPadding

func PKCS7UnPadding(src []byte) ([]byte, error)

PKCS7UnPadding unpads as prescribed by the PKCS7 standard

func PrivateKeyToDER

func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error)

PrivateKeyToDER marshals a private key to der

func PrivateKeyToEncryptedPEM

func PrivateKeyToEncryptedPEM(privateKey interface{}, pwd []byte) ([]byte, error)

PrivateKeyToEncryptedPEM converts a private key to an encrypted PEM

func PrivateKeyToPEM

func PrivateKeyToPEM(privateKey interface{}, pwd []byte) ([]byte, error)

PrivateKeyToPEM converts a private key to PEM

func PublicKeyToEncryptedPEM

func PublicKeyToEncryptedPEM(publicKey interface{}, pwd []byte) ([]byte, error)

PublicKeyToEncryptedPEM converts a public key to encrypted pem

func PublicKeyToPEM

func PublicKeyToPEM(publicKey interface{}, pwd []byte) ([]byte, error)

PublicKeyToPEM marshals a public key to the pem forma

func SetSecurityLevel

func SetSecurityLevel(algorithm string, level int) (err error)

SetSecurityLevel sets the security configuration with the hash length and the algorithm

func VerifySignCapability

func VerifySignCapability(tempSK interface{}, certPK interface{}) error

VerifySignCapability tests signing capabilities

Types

type AsymmetricCipher

type AsymmetricCipher interface {
	// Init initializes this cipher with the passed parameters
	Init(params AsymmetricCipherParameters) error

	// Process processes the byte array given in input
	Process(msg []byte) ([]byte, error)
}

AsymmetricCipher defines an asymmetric cipher

type AsymmetricCipherParameters

type AsymmetricCipherParameters interface {
	CipherParameters

	// IsPublic returns true if the parameters are public, false otherwise.
	IsPublic() bool
}

AsymmetricCipherParameters is common interface to represent asymmetric cipher parameters

type AsymmetricCipherSPI

type AsymmetricCipherSPI interface {

	// NewAsymmetricCipherFromPrivateKey creates a new AsymmetricCipher for decryption from a secret key
	NewAsymmetricCipherFromPrivateKey(priv PrivateKey) (AsymmetricCipher, error)

	// NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a public key
	NewAsymmetricCipherFromPublicKey(pub PublicKey) (AsymmetricCipher, error)

	// NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a serialized public key
	NewAsymmetricCipherFromSerializedPublicKey(pub []byte) (AsymmetricCipher, error)

	// NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a serialized public key
	NewAsymmetricCipherFromSerializedPrivateKey(priv []byte) (AsymmetricCipher, error)

	// NewPrivateKey creates a new private key rand and default parameters
	NewDefaultPrivateKey(rand io.Reader) (PrivateKey, error)

	// NewPrivateKey creates a new private key from (rand, params)
	NewPrivateKey(rand io.Reader, params interface{}) (PrivateKey, error)

	// NewPublicKey creates a new public key from (rand, params)
	NewPublicKey(rand io.Reader, params interface{}) (PublicKey, error)

	// SerializePrivateKey serializes a private key
	SerializePrivateKey(priv PrivateKey) ([]byte, error)

	// DeserializePrivateKey deserializes to a private key
	DeserializePrivateKey(bytes []byte) (PrivateKey, error)

	// SerializePrivateKey serializes a private key
	SerializePublicKey(pub PublicKey) ([]byte, error)

	// DeserializePrivateKey deserializes to a private key
	DeserializePublicKey(bytes []byte) (PublicKey, error)
}

AsymmetricCipherSPI is a Service Provider Interface for AsymmetricCipher

type CipherParameters

type CipherParameters interface {
	Parameters
}

CipherParameters is common interface to represent cipher parameters

type ECDSASignature

type ECDSASignature struct {
	R, S *big.Int
}

ECDSASignature represents an ECDSA signature

type KeyGenerator

type KeyGenerator interface {
	// Init initializes this generated using the passed parameters
	Init(params KeyGeneratorParameters) error

	// GenerateKey generates a new private key
	GenerateKey() (PrivateKey, error)
}

KeyGenerator defines a key generator

type KeyGeneratorParameters

type KeyGeneratorParameters interface {
	Parameters
}

KeyGeneratorParameters is common interface to represent key generation parameters

type KeySerializer

type KeySerializer interface {
	// ToBytes converts a key to bytes
	ToBytes(key interface{}) ([]byte, error)

	// ToBytes converts bytes to a key
	FromBytes([]byte) (interface{}, error)
}

KeySerializer defines a key serializer/deserializer

type Parameters

type Parameters interface {

	// GetRand returns the random generated associated to this parameters
	GetRand() io.Reader
}

Parameters is common interface for all the parameters

type PrivateKey

type PrivateKey interface {
	AsymmetricCipherParameters

	// GetPublicKey returns the associated public key
	GetPublicKey() PublicKey
}

PrivateKey is common interface to represent private asymmetric cipher parameters

type PublicKey

type PublicKey interface {
	AsymmetricCipherParameters
}

PublicKey is common interface to represent public asymmetric cipher parameters

type SecretKey

type SecretKey interface {
	CipherParameters
}

SecretKey defines a symmetric key

type StreamCipher

type StreamCipher interface {
	// Init initializes this cipher with the passed parameters
	Init(forEncryption bool, params CipherParameters) error

	// Process processes the byte array given in input
	Process(msg []byte) ([]byte, error)
}

StreamCipher defines a stream cipher

type StreamCipherSPI

type StreamCipherSPI interface {
	GenerateKey() (SecretKey, error)

	GenerateKeyAndSerialize() (SecretKey, []byte, error)

	NewSecretKey(rand io.Reader, params interface{}) (SecretKey, error)

	// NewStreamCipherForEncryptionFromKey creates a new StreamCipher for encryption from a secret key
	NewStreamCipherForEncryptionFromKey(secret SecretKey) (StreamCipher, error)

	// NewStreamCipherForEncryptionFromSerializedKey creates a new StreamCipher for encryption from a serialized key
	NewStreamCipherForEncryptionFromSerializedKey(secret []byte) (StreamCipher, error)

	// NewStreamCipherForDecryptionFromKey creates a new StreamCipher for decryption from a secret key
	NewStreamCipherForDecryptionFromKey(secret SecretKey) (StreamCipher, error)

	// NewStreamCipherForDecryptionFromKey creates a new StreamCipher for decryption from a serialized key
	NewStreamCipherForDecryptionFromSerializedKey(secret []byte) (StreamCipher, error)

	// SerializePrivateKey serializes a private key
	SerializeSecretKey(secret SecretKey) ([]byte, error)

	// DeserializePrivateKey deserializes to a private key
	DeserializeSecretKey(bytes []byte) (SecretKey, error)
}

StreamCipherSPI is a Service Provider Interface for StreamCipher

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL