Documentation ¶
Overview ¶
Package protocol implements low level CMS types, parsing and generation.
Index ¶
- Variables
- func BER2DER(ber []byte) ([]byte, error)
- func NewIssuerAndSerialNumber(cert *x509.Certificate) (rv asn1.RawValue, err error)
- type ASN1Error
- type AnySet
- type Attribute
- type Attributes
- func (attrs Attributes) GetOnlyAttributeValueBytes(oid asn1.ObjectIdentifier) (rv asn1.RawValue, err error)
- func (attrs Attributes) GetValues(oid asn1.ObjectIdentifier) ([]AnySet, error)
- func (attrs Attributes) HasAttribute(oid asn1.ObjectIdentifier) bool
- func (attrs Attributes) MarshaledForSigning() ([]byte, error)
- func (attrs Attributes) MarshaledForVerification() ([]byte, error)
- type ContentInfo
- type EncapsulatedContentInfo
- type IssuerAndSerialNumber
- type SignedData
- func (sd *SignedData) AddCertificate(cert *x509.Certificate) error
- func (sd *SignedData) AddSignerInfo(chain []*x509.Certificate, signer crypto.Signer) error
- func (sd *SignedData) ClearCertificates()
- func (sd *SignedData) ContentInfo() (ContentInfo, error)
- func (sd *SignedData) ContentInfoDER() ([]byte, error)
- func (sd *SignedData) X509Certificates() ([]*x509.Certificate, error)
- type SignerInfo
- func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)
- func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)
- func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)
- func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)
- func (si SignerInfo) Hash() (crypto.Hash, error)
- func (si SignerInfo) X509SignatureAlgorithm() x509.SignatureAlgorithm
Constants ¶
This section is empty.
Variables ¶
var ( // ErrWrongType is returned by methods that make assumptions about types. // Helper methods are defined for accessing CHOICE and ANY feilds. These // helper methods get the value of the field, assuming it is of a given type. // This error is returned if that assumption is wrong and the field has a // different type. ErrWrongType = errors.New("cms/protocol: wrong choice or any type") // ErrNoCertificate is returned when a requested certificate cannot be found. ErrNoCertificate = errors.New("no certificate found") // ErrUnsupported is returned when an unsupported type or version // is encountered. ErrUnsupported = ASN1Error{"unsupported type or version"} // ErrTrailingData is returned when extra data is found after parsing an ASN.1 // structure. ErrTrailingData = ASN1Error{"unexpected trailing data"} )
Functions ¶
func NewIssuerAndSerialNumber ¶
func NewIssuerAndSerialNumber(cert *x509.Certificate) (rv asn1.RawValue, err error)
NewIssuerAndSerialNumber creates a IssuerAndSerialNumber SID for the given cert.
Types ¶
type ASN1Error ¶
type ASN1Error struct {
Message string
}
ASN1Error is an error from parsing ASN.1 structures.
type AnySet ¶
AnySet is a helper for dealing with SET OF ANY types.
func DecodeAnySet ¶
DecodeAnySet manually decodes a SET OF ANY type, since Go's parser can't handle them.
type Attribute ¶
type Attribute struct { Type asn1.ObjectIdentifier // This should be a SET OF ANY, but Go's asn1 parser can't handle slices of // RawValues. Use value() to get an AnySet of the value. RawValue asn1.RawValue }
Attribute ::= SEQUENCE { attrType OBJECT IDENTIFIER, attrValues SET OF AttributeValue }
AttributeValue ::= ANY
func NewAttribute ¶
func NewAttribute(typ asn1.ObjectIdentifier, val interface{}) (attr Attribute, err error)
NewAttribute creates a single-value Attribute.
type Attributes ¶
type Attributes []Attribute
Attributes is a common Go type for SignedAttributes and UnsignedAttributes.
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
func (Attributes) GetOnlyAttributeValueBytes ¶
func (attrs Attributes) GetOnlyAttributeValueBytes(oid asn1.ObjectIdentifier) (rv asn1.RawValue, err error)
GetOnlyAttributeValueBytes gets an attribute value, returning an error if the attribute occurs multiple times or has multiple values.
func (Attributes) GetValues ¶
func (attrs Attributes) GetValues(oid asn1.ObjectIdentifier) ([]AnySet, error)
GetValues retreives the attributes with the given OID. A nil value is returned if the OPTIONAL SET of Attributes is missing from the SignerInfo. An empty slice is returned if the specified attribute isn't in the set.
func (Attributes) HasAttribute ¶
func (attrs Attributes) HasAttribute(oid asn1.ObjectIdentifier) bool
HasAttribute checks if an attribute is present.
func (Attributes) MarshaledForSigning ¶
func (attrs Attributes) MarshaledForSigning() ([]byte, error)
MarshaledForSigning DER encodes the Attributes as needed for signing SignedAttributes. RFC5652 explains this encoding:
A separate encoding of the signedAttrs field is performed for message digest calculation. The IMPLICIT [0] tag in the signedAttrs is not used for the DER encoding, rather an EXPLICIT SET OF tag is used. That is, the DER encoding of the EXPLICIT SET OF tag, rather than of the IMPLICIT [0] tag, MUST be included in the message digest calculation along with the length and content octets of the SignedAttributes value.
func (Attributes) MarshaledForVerification ¶
func (attrs Attributes) MarshaledForVerification() ([]byte, error)
MarshaledForVerification DER encodes the Attributes as needed for verification of SignedAttributes. This is done differently than MarshaledForSigning because when verifying attributes, we need to use the received order.
type ContentInfo ¶
type ContentInfo struct { ContentType asn1.ObjectIdentifier Content asn1.RawValue `asn1:"explicit,tag:0"` }
ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY DEFINED BY contentType }
ContentType ::= OBJECT IDENTIFIER
func ParseContentInfo ¶
func ParseContentInfo(ber []byte) (ci ContentInfo, err error)
ParseContentInfo parses a top-level ContentInfo type from BER encoded data.
func (ContentInfo) SignedDataContent ¶
func (ci ContentInfo) SignedDataContent() (*SignedData, error)
SignedDataContent gets the content assuming contentType is signedData.
type EncapsulatedContentInfo ¶
type EncapsulatedContentInfo struct { EContentType asn1.ObjectIdentifier EContent asn1.RawValue `asn1:"optional,explicit,tag:0"` }
EncapsulatedContentInfo ::= SEQUENCE { eContentType ContentType, eContent [0] EXPLICIT OCTET STRING OPTIONAL }
ContentType ::= OBJECT IDENTIFIER
func NewDataEncapsulatedContentInfo ¶
func NewDataEncapsulatedContentInfo(data []byte) (EncapsulatedContentInfo, error)
NewDataEncapsulatedContentInfo creates a new EncapsulatedContentInfo of type id-data.
func NewEncapsulatedContentInfo ¶
func NewEncapsulatedContentInfo(contentType asn1.ObjectIdentifier, content []byte) (EncapsulatedContentInfo, error)
NewEncapsulatedContentInfo creates a new EncapsulatedContentInfo.
func (EncapsulatedContentInfo) DataEContent ¶
func (eci EncapsulatedContentInfo) DataEContent() ([]byte, error)
DataEContent gets the EContent assuming EContentType is data.
func (EncapsulatedContentInfo) EContentValue ¶
func (eci EncapsulatedContentInfo) EContentValue() ([]byte, error)
EContentValue gets the OCTET STRING EContent value without tag or length. This is what the message digest is calculated over. A nil byte slice is returned if the OPTIONAL eContent field is missing.
func (EncapsulatedContentInfo) IsTypeData ¶
func (eci EncapsulatedContentInfo) IsTypeData() bool
IsTypeData checks if the EContentType is id-data.
type IssuerAndSerialNumber ¶
IssuerAndSerialNumber ::= SEQUENCE { issuer Name, serialNumber CertificateSerialNumber }
CertificateSerialNumber ::= INTEGER
type SignedData ¶
type SignedData struct { Version int DigestAlgorithms []pkix.AlgorithmIdentifier `asn1:"set"` EncapContentInfo EncapsulatedContentInfo Certificates []asn1.RawValue `asn1:"optional,set,tag:0"` CRLs []asn1.RawValue `asn1:"optional,set,tag:1"` SignerInfos []SignerInfo `asn1:"set"` }
SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, signerInfos SignerInfos }
CMSVersion ::= INTEGER
{ v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
CertificateSet ::= SET OF CertificateChoices
CertificateChoices ::= CHOICE { certificate Certificate, extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete v2AttrCert [2] IMPLICIT AttributeCertificateV2, other [3] IMPLICIT OtherCertificateFormat }
OtherCertificateFormat ::= SEQUENCE { otherCertFormat OBJECT IDENTIFIER, otherCert ANY DEFINED BY otherCertFormat }
RevocationInfoChoices ::= SET OF RevocationInfoChoice
RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat }
OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat }
SignerInfos ::= SET OF SignerInfo
func NewSignedData ¶
func NewSignedData(eci EncapsulatedContentInfo) (*SignedData, error)
NewSignedData creates a new SignedData.
func (*SignedData) AddCertificate ¶
func (sd *SignedData) AddCertificate(cert *x509.Certificate) error
AddCertificate adds a *x509.Certificate.
func (*SignedData) AddSignerInfo ¶
func (sd *SignedData) AddSignerInfo(chain []*x509.Certificate, signer crypto.Signer) error
AddSignerInfo adds a SignerInfo to the SignedData.
func (*SignedData) ClearCertificates ¶
func (sd *SignedData) ClearCertificates()
ClearCertificates removes all certificates.
func (*SignedData) ContentInfo ¶
func (sd *SignedData) ContentInfo() (ContentInfo, error)
ContentInfo returns the SignedData wrapped in a ContentInfo packet.
func (*SignedData) ContentInfoDER ¶
func (sd *SignedData) ContentInfoDER() ([]byte, error)
ContentInfoDER returns the SignedData wrapped in a ContentInfo packet and DER encoded.
func (*SignedData) X509Certificates ¶
func (sd *SignedData) X509Certificates() ([]*x509.Certificate, error)
X509Certificates gets the certificates, assuming that they're X.509 encoded.
type SignerInfo ¶
type SignerInfo struct { Version int SID asn1.RawValue DigestAlgorithm pkix.AlgorithmIdentifier SignedAttrs Attributes `asn1:"optional,tag:0"` SignatureAlgorithm pkix.AlgorithmIdentifier Signature []byte UnsignedAttrs Attributes `asn1:"set,optional,tag:1"` }
SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
CMSVersion ::= INTEGER
{ v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier }
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
SignatureValue ::= OCTET STRING
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
func (SignerInfo) FindCertificate ¶
func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)
FindCertificate finds this SignerInfo's certificate in a slice of certificates.
func (SignerInfo) GetContentTypeAttribute ¶
func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)
GetContentTypeAttribute gets the signed ContentType attribute from the SignerInfo.
func (SignerInfo) GetMessageDigestAttribute ¶
func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)
GetMessageDigestAttribute gets the signed MessageDigest attribute from the SignerInfo.
func (SignerInfo) GetSigningTimeAttribute ¶
func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)
GetSigningTimeAttribute gets the signed SigningTime attribute from the SignerInfo.
func (SignerInfo) Hash ¶
func (si SignerInfo) Hash() (crypto.Hash, error)
Hash gets the crypto.Hash associated with this SignerInfo's DigestAlgorithm. 0 is returned for unrecognized algorithms.
func (SignerInfo) X509SignatureAlgorithm ¶
func (si SignerInfo) X509SignatureAlgorithm() x509.SignatureAlgorithm
X509SignatureAlgorithm gets the x509.SignatureAlgorithm that should be used for verifying this SignerInfo's signature.