Documentation
¶
Index ¶
- Constants
- Variables
- func NewObjectIdentifier(oid string) (oi asn1.ObjectIdentifier, err error)
- type AlgType
- type HashAlgorithmInfo
- type Info
- type PublicKeyAlgorithmInfo
- func (h PublicKeyAlgorithmInfo) Algorithm() x509.PublicKeyAlgorithm
- func (h PublicKeyAlgorithmInfo) Name() string
- func (h PublicKeyAlgorithmInfo) OID() asn1.ObjectIdentifier
- func (h PublicKeyAlgorithmInfo) Registration() string
- func (h PublicKeyAlgorithmInfo) String() string
- func (h PublicKeyAlgorithmInfo) Type() AlgType
- type SignatureAlgorithmInfo
- func SignatureAlgorithmByKeyAndHash(pkey interface{}, hash crypto.Hash) (*SignatureAlgorithmInfo, error)
- func SignatureAlgorithmByName(name string) (SignatureAlgorithmInfo, error)
- func SignatureAlgorithmByOID(oid string) (*SignatureAlgorithmInfo, error)
- func SignatureAlgorithmByX509(sig x509.SignatureAlgorithm) *SignatureAlgorithmInfo
- func (h SignatureAlgorithmInfo) HashFunc() crypto.Hash
- func (h SignatureAlgorithmInfo) Name() string
- func (h SignatureAlgorithmInfo) OID() asn1.ObjectIdentifier
- func (h SignatureAlgorithmInfo) Registration() string
- func (h SignatureAlgorithmInfo) String() string
- func (h SignatureAlgorithmInfo) Type() AlgType
Constants ¶
const ( // AlgUnknown specifies unknow algorithm AlgUnknown = iota // AlgHash specifies hash AlgHash // AlgPubKey specifies public key AlgPubKey // AlgSig specifies signature AlgSig )
Variables ¶
var ( Data = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 1} SignedData = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2} TSTInfo = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 4} )
Content type OIDs
var ( AttributeContentType = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3} AttributeMessageDigest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4} AttributeSigningTime = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5} AttributeTimeStampToken = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 2, 14} )
Attribute OIDs
var ( SignatureAlgorithmRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} SignatureAlgorithmECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1} )
Signature Algorithm OIDs
var ( DigestAlgorithmSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26} DigestAlgorithmMD5 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5} DigestAlgorithmSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} DigestAlgorithmSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} DigestAlgorithmSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} DigestAlgorithmSHA3x224 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 7} )
Digest Algorithm OIDs
var AlgNameToInfo = map[string]Info{ "RSA": RSA, "ECDSA": ECDSA, "SHA1": SHA1, "SHA256": SHA256, "SHA384": SHA384, "SHA512": SHA512, "SHA3x224": SHA3x224, "SHA3-224": SHA3x224, "SHA3x256": SHA3x256, "SHA3-256": SHA3x256, "SHA3x384": SHA3x384, "SHA3-384": SHA3x384, "SHA3x512": SHA3x512, "SHA3-512": SHA3x512, "SHAKE128": SHAKE128, "SHAKE-128": SHAKE128, "SHAKE256": SHAKE256, "SHAKE-256": SHAKE256, "RSAWithSHA1": RSAWithSHA1, "RSA-SHA1": RSAWithSHA1, "RSA_SHA1": RSAWithSHA1, "RSAWithSHA256": RSAWithSHA256, "RSA-SHA256": RSAWithSHA256, "RSA_SHA256": RSAWithSHA256, "RSAWithSHA384": RSAWithSHA384, "RSA-SHA384": RSAWithSHA384, "RSA_SHA384": RSAWithSHA384, "RSAWithSHA512": RSAWithSHA512, "RSA-SHA512": RSAWithSHA512, "RSA_SHA512": RSAWithSHA512, "ECDSAWithSHA1": ECDSAWithSHA1, "ECDSA-SHA1": ECDSAWithSHA1, "ECDSA_SHA1": ECDSAWithSHA1, "ECDSAWithSHA256": ECDSAWithSHA256, "ECDSA-SHA256": ECDSAWithSHA256, "ECDSA_SHA256": ECDSAWithSHA256, "ECDSAWithSHA384": ECDSAWithSHA384, "ECDSA-SHA384": ECDSAWithSHA384, "ECDSA_SHA384": ECDSAWithSHA384, "ECDSAWithSHA512": ECDSAWithSHA512, "ECDSA-SHA512": ECDSAWithSHA512, "ECDSA_SHA512": ECDSAWithSHA512, }
AlgNameToInfo provides mapping from algorith name to Info
var DigestAlgorithmToHash = map[string]crypto.Hash{ DigestAlgorithmSHA1.String(): crypto.SHA1, DigestAlgorithmMD5.String(): crypto.MD5, DigestAlgorithmSHA256.String(): crypto.SHA256, DigestAlgorithmSHA384.String(): crypto.SHA384, DigestAlgorithmSHA512.String(): crypto.SHA512, }
DigestAlgorithmToHash maps digest OIDs to crypto.Hash values.
var ECDSA = PublicKeyAlgorithmInfo{ // contains filtered or unexported fields }
ECDSA specifies RFC 3279, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure
var ECDSAWithSHA1 = SignatureAlgorithmInfo{ X509: x509.ECDSAWithSHA1, PublicKeyAlgorithm: &ECDSA, HashAlgorithm: &SHA1, // contains filtered or unexported fields }
ECDSAWithSHA1 described in RFC 3279 2.2.3 ECDSA Signature Algorithm
var ECDSAWithSHA256 = SignatureAlgorithmInfo{ X509: x509.ECDSAWithSHA256, PublicKeyAlgorithm: &ECDSA, HashAlgorithm: &SHA256, // contains filtered or unexported fields }
ECDSAWithSHA256 described in RFC 5758 3.2 ECDSA Signature Algorithm
var ECDSAWithSHA384 = SignatureAlgorithmInfo{ X509: x509.ECDSAWithSHA384, PublicKeyAlgorithm: &ECDSA, HashAlgorithm: &SHA384, // contains filtered or unexported fields }
ECDSAWithSHA384 described in RFC 5758 3.2 ECDSA Signature Algorithm
var ECDSAWithSHA512 = SignatureAlgorithmInfo{ X509: x509.ECDSAWithSHA512, PublicKeyAlgorithm: &ECDSA, HashAlgorithm: &SHA512, // contains filtered or unexported fields }
ECDSAWithSHA512 described in RFC 5758 3.2 ECDSA Signature Algorithm
var HashToDigestAlgorithm = map[crypto.Hash]asn1.ObjectIdentifier{ crypto.SHA1: DigestAlgorithmSHA1, crypto.MD5: DigestAlgorithmMD5, crypto.SHA256: DigestAlgorithmSHA256, crypto.SHA384: DigestAlgorithmSHA384, crypto.SHA512: DigestAlgorithmSHA512, }
HashToDigestAlgorithm maps crypto.Hash values to digest OIDs.
var OIDStrToInfo = map[string]Info{ "1.2.840.113549.1.1.1": RSA, "1.2.840.10045.2.1": ECDSA, "1.3.14.3.2.26": SHA1, "2.16.840.1.101.3.4.2.1": SHA256, "2.16.840.1.101.3.4.2.2": SHA384, "2.16.840.1.101.3.4.2.3": SHA512, "2.16.840.1.101.3.4.2.7": SHA3x224, "2.16.840.1.101.3.4.2.8": SHA3x256, "2.16.840.1.101.3.4.2.9": SHA3x384, "2.16.840.1.101.3.4.2.10": SHA3x512, "2.16.840.1.101.3.4.2.11": SHAKE128, "2.16.840.1.101.3.4.2.12": SHAKE256, "1.2.840.113549.1.1.5": RSAWithSHA1, "1.2.840.113549.1.1.11": RSAWithSHA256, "1.2.840.113549.1.1.12": RSAWithSHA384, "1.2.840.113549.1.1.13": RSAWithSHA512, "1.2.840.10045.4.1": ECDSAWithSHA1, "1.2.840.10045.4.3.2": ECDSAWithSHA256, "1.2.840.10045.4.3.3": ECDSAWithSHA384, "1.2.840.10045.4.3.4": ECDSAWithSHA512, }
OIDStrToInfo provides mapping from OID string to Info
var PublicKeyAlgorithmToSignatureAlgorithm = map[x509.PublicKeyAlgorithm]pkix.AlgorithmIdentifier{ x509.RSA: {Algorithm: SignatureAlgorithmRSA}, x509.ECDSA: {Algorithm: SignatureAlgorithmECDSA}, }
PublicKeyAlgorithmToSignatureAlgorithm maps certificate public key algorithms to CMS signature algorithms.
var RSA = PublicKeyAlgorithmInfo{ // contains filtered or unexported fields }
RSA specifies RFC 3279, 2.3 Public Key Algorithm info
var RSAWithSHA1 = SignatureAlgorithmInfo{ X509: x509.SHA1WithRSA, PublicKeyAlgorithm: &RSA, HashAlgorithm: &SHA1, // contains filtered or unexported fields }
RSAWithSHA1 described in RFC 3279 2.2.1 RSA Signature Algorithms
var RSAWithSHA256 = SignatureAlgorithmInfo{ X509: x509.SHA256WithRSA, PublicKeyAlgorithm: &RSA, HashAlgorithm: &SHA256, // contains filtered or unexported fields }
RSAWithSHA256 described in RFC 4055 5 PKCS #1 Version 1.5
var RSAWithSHA384 = SignatureAlgorithmInfo{ X509: x509.SHA384WithRSA, PublicKeyAlgorithm: &RSA, HashAlgorithm: &SHA384, // contains filtered or unexported fields }
RSAWithSHA384 described in RFC 4055 5 PKCS #1 Version 1.5
var RSAWithSHA512 = SignatureAlgorithmInfo{ X509: x509.SHA512WithRSA, PublicKeyAlgorithm: &RSA, HashAlgorithm: &SHA512, // contains filtered or unexported fields }
RSAWithSHA512 described in RFC 4055 5 PKCS #1 Version 1.5
var SHA1 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA1 described in RFC 3370, Cryptographic Message Syntax (CMS) Algorithms
var SHA256 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA256 described in RFC 3560, Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
var SHA384 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA384 described in RFC 3560, Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
var SHA3x224 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA3x224 described in RFC for SHA-3 is pending
var SHA3x256 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA3x256 described in RFC for SHA-3 is pending
var SHA3x384 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA3x384 described in RFC for SHA-3 is pending
var SHA3x512 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA3x512 described in RFC for SHA-3 is pending
var SHA512 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHA512 described in RFC 3560, Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
var SHAKE128 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHAKE128 described in RFC for SHA-3 is pending
var SHAKE256 = HashAlgorithmInfo{ // contains filtered or unexported fields }
SHAKE256 described in RFC for SHA-3 is pending
var SignatureAlgorithmToDigestAlgorithm = map[x509.SignatureAlgorithm]asn1.ObjectIdentifier{ x509.SHA1WithRSA: DigestAlgorithmSHA1, x509.MD5WithRSA: DigestAlgorithmMD5, x509.SHA256WithRSA: DigestAlgorithmSHA256, x509.SHA384WithRSA: DigestAlgorithmSHA384, x509.SHA512WithRSA: DigestAlgorithmSHA512, x509.ECDSAWithSHA1: DigestAlgorithmSHA1, x509.ECDSAWithSHA256: DigestAlgorithmSHA256, x509.ECDSAWithSHA384: DigestAlgorithmSHA384, x509.ECDSAWithSHA512: DigestAlgorithmSHA512, }
SignatureAlgorithmToDigestAlgorithm maps x509.SignatureAlgorithm to digestAlgorithm OIDs.
var SignatureAlgorithmToSignatureAlgorithm = map[x509.SignatureAlgorithm]asn1.ObjectIdentifier{ x509.SHA1WithRSA: SignatureAlgorithmRSA, x509.MD5WithRSA: SignatureAlgorithmRSA, x509.SHA256WithRSA: SignatureAlgorithmRSA, x509.SHA384WithRSA: SignatureAlgorithmRSA, x509.SHA512WithRSA: SignatureAlgorithmRSA, x509.ECDSAWithSHA1: SignatureAlgorithmECDSA, x509.ECDSAWithSHA256: SignatureAlgorithmECDSA, x509.ECDSAWithSHA384: SignatureAlgorithmECDSA, x509.ECDSAWithSHA512: SignatureAlgorithmECDSA, }
SignatureAlgorithmToSignatureAlgorithm maps x509.SignatureAlgorithm to signatureAlgorithm OIDs.
var SignatureAlgorithms = map[string]map[string]x509.SignatureAlgorithm{ SignatureAlgorithmRSA.String(): { DigestAlgorithmSHA1.String(): x509.SHA1WithRSA, DigestAlgorithmMD5.String(): x509.MD5WithRSA, DigestAlgorithmSHA256.String(): x509.SHA256WithRSA, DigestAlgorithmSHA384.String(): x509.SHA384WithRSA, DigestAlgorithmSHA512.String(): x509.SHA512WithRSA, }, SignatureAlgorithmECDSA.String(): { DigestAlgorithmSHA1.String(): x509.ECDSAWithSHA1, DigestAlgorithmSHA256.String(): x509.ECDSAWithSHA256, DigestAlgorithmSHA384.String(): x509.ECDSAWithSHA384, DigestAlgorithmSHA512.String(): x509.ECDSAWithSHA512, }, }
SignatureAlgorithms maps digest and signature OIDs to x509.SignatureAlgorithm values.
var (
SubjectKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 14}
)
X509 extensions
Functions ¶
func NewObjectIdentifier ¶
func NewObjectIdentifier(oid string) (oi asn1.ObjectIdentifier, err error)
NewObjectIdentifier creates an object identifier from it's string representation. Supports ASN.1 notation and dot notation. OID-IRI notation is not supported.
Types ¶
type HashAlgorithmInfo ¶
type HashAlgorithmInfo struct {
// contains filtered or unexported fields
}
HashAlgorithmInfo provides OID info for Hash algorithms
func HashAlgorithmByCrypto ¶
func HashAlgorithmByCrypto(hash crypto.Hash) *HashAlgorithmInfo
HashAlgorithmByCrypto returns an algorithm by crypto identifier
func HashAlgorithmByName ¶
func HashAlgorithmByName(name string) (*HashAlgorithmInfo, error)
HashAlgorithmByName returns an algorithm by name
func HashAlgorithmByOID ¶
func HashAlgorithmByOID(oid string) (*HashAlgorithmInfo, error)
HashAlgorithmByOID returns an algorithm by OID
func HashAlgorithmForPublicKey ¶
func HashAlgorithmForPublicKey(pub crypto.PublicKey) *HashAlgorithmInfo
HashAlgorithmForPublicKey returns a suitable hash algorithm for public key
func (HashAlgorithmInfo) HashFunc ¶
func (h HashAlgorithmInfo) HashFunc() crypto.Hash
HashFunc allows HashAlgorithmInfo to satisfry the crypto.SignerOpts interface for signing digests. You can use a cryptoid.HashAlgorithm directly when using a crypto.Signer interface to sign digests.
func (HashAlgorithmInfo) Name ¶
func (h HashAlgorithmInfo) Name() string
Name is friendly name of the OID: SHA1, etc
func (HashAlgorithmInfo) OID ¶
func (h HashAlgorithmInfo) OID() asn1.ObjectIdentifier
OID is ASN1 ObjectIdentifier
func (HashAlgorithmInfo) Registration ¶
func (h HashAlgorithmInfo) Registration() string
Registration returns official registration info in "{iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}" format
func (HashAlgorithmInfo) String ¶
func (h HashAlgorithmInfo) String() string
String returns string representation of OID: "1.2.840.113549.1"
func (HashAlgorithmInfo) Type ¶
func (h HashAlgorithmInfo) Type() AlgType
Type specifies OID algorithm type for Hash
type Info ¶
type Info interface {
// Name is friendly name of the OID: SHA1, etc
Name() string
// Type returns AlgType
Type() AlgType
// OID is ASN1 ObjectIdentifier
OID() asn1.ObjectIdentifier
// Registration returns official registration info in
// "{iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}" format
Registration() string
// String returns string representation of OID: "1.2.840.113549.1"
String() string
}
Info provides basic OID info: friendly name, OID and registration string
type PublicKeyAlgorithmInfo ¶
type PublicKeyAlgorithmInfo struct {
// contains filtered or unexported fields
}
PublicKeyAlgorithmInfo provides OID info for Public Key algorithms
func PublicKeyAlgorithmByName ¶
func PublicKeyAlgorithmByName(name string) (*PublicKeyAlgorithmInfo, error)
PublicKeyAlgorithmByName returns an algorithm by name
func PublicKeyAlgorithmByOID ¶
func PublicKeyAlgorithmByOID(oid string) (*PublicKeyAlgorithmInfo, error)
PublicKeyAlgorithmByOID returns an algorithm by OID
func SignatureAlgorithmByKey ¶
func SignatureAlgorithmByKey(pkey interface{}) (*PublicKeyAlgorithmInfo, error)
SignatureAlgorithmByKey returns an algorithm by key
func (PublicKeyAlgorithmInfo) Algorithm ¶
func (h PublicKeyAlgorithmInfo) Algorithm() x509.PublicKeyAlgorithm
Algorithm returns x509.PublicKeyAlgorithm
func (PublicKeyAlgorithmInfo) Name ¶
func (h PublicKeyAlgorithmInfo) Name() string
Name is friendly name of the OID: SHA1, etc
func (PublicKeyAlgorithmInfo) OID ¶
func (h PublicKeyAlgorithmInfo) OID() asn1.ObjectIdentifier
OID is ASN1 ObjectIdentifier
func (PublicKeyAlgorithmInfo) Registration ¶
func (h PublicKeyAlgorithmInfo) Registration() string
Registration returns official registration info in "{iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}" format
func (PublicKeyAlgorithmInfo) String ¶
func (h PublicKeyAlgorithmInfo) String() string
String returns string representation of OID: "1.2.840.113549.1"
func (PublicKeyAlgorithmInfo) Type ¶
func (h PublicKeyAlgorithmInfo) Type() AlgType
Type specifies OID algorithm type for PubKey
type SignatureAlgorithmInfo ¶
type SignatureAlgorithmInfo struct {
X509 x509.SignatureAlgorithm
PublicKeyAlgorithm *PublicKeyAlgorithmInfo
HashAlgorithm *HashAlgorithmInfo
// contains filtered or unexported fields
}
SignatureAlgorithmInfo provides OID info for Signature algorithms
func SignatureAlgorithmByKeyAndHash ¶
func SignatureAlgorithmByKeyAndHash(pkey interface{}, hash crypto.Hash) (*SignatureAlgorithmInfo, error)
SignatureAlgorithmByKeyAndHash returns an algorithm by key and Hash
func SignatureAlgorithmByName ¶
func SignatureAlgorithmByName(name string) (SignatureAlgorithmInfo, error)
SignatureAlgorithmByName returns an algorithm by name
func SignatureAlgorithmByOID ¶
func SignatureAlgorithmByOID(oid string) (*SignatureAlgorithmInfo, error)
SignatureAlgorithmByOID returns an algorithm by OID
func SignatureAlgorithmByX509 ¶
func SignatureAlgorithmByX509(sig x509.SignatureAlgorithm) *SignatureAlgorithmInfo
SignatureAlgorithmByX509 returns an algorithm by X509 identifier
func (SignatureAlgorithmInfo) HashFunc ¶
func (h SignatureAlgorithmInfo) HashFunc() crypto.Hash
HashFunc allows SignatureAlgorithmInfo to satisfry the crypto.SignerOpts interface for signing digests. You can use a cryptoid.HashAlgorithm directly when using a crypto.Signer interface to sign digests.
func (SignatureAlgorithmInfo) Name ¶
func (h SignatureAlgorithmInfo) Name() string
Name is friendly name of the OID: SHA1, etc
func (SignatureAlgorithmInfo) OID ¶
func (h SignatureAlgorithmInfo) OID() asn1.ObjectIdentifier
OID is ASN1 ObjectIdentifier
func (SignatureAlgorithmInfo) Registration ¶
func (h SignatureAlgorithmInfo) Registration() string
Registration returns official registration info in "{iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}" format
func (SignatureAlgorithmInfo) String ¶
func (h SignatureAlgorithmInfo) String() string
String returns string representation of OID: "1.2.840.113549.1"
func (SignatureAlgorithmInfo) Type ¶
func (h SignatureAlgorithmInfo) Type() AlgType
Type specifies OID algorithm type for Sig
Source Files