Documentation ¶
Index ¶
- func ComputeDigest(rawMessage io.Reader, hashFunc crypto.Hash, supportedHashFuncs []crypto.Hash) ([]byte, crypto.Hash, error)
- func Digest(r io.Reader, hash crypto.Hash) ([]byte, error)
- func DigestBytes(data []byte, hash crypto.Hash) ([]byte, error)
- func DirhHashSha256(files []string, open func(string) (io.ReadCloser, error)) (string, error)
- func GeneratePublicKeyID(pub interface{}, hash crypto.Hash) (string, error)
- func HashFromString(name string) (crypto.Hash, error)
- func HashToString(h crypto.Hash) (string, error)
- func HexEncode(src []byte) []byte
- func PublicPemBytes(pub interface{}) ([]byte, error)
- func TryParseCertificate(data []byte) (*x509.Certificate, error)
- func TryParseKeyFromReader(r io.Reader) (interface{}, error)
- func TryParsePEMBlock(block *pem.Block) (interface{}, error)
- func UnmarshalPEMToPublicKey(pemBytes []byte) (crypto.PublicKey, error)
- type DigestSet
- func CalculateDigestSet(r io.Reader, digestValues []DigestValue) (DigestSet, error)
- func CalculateDigestSetFromBytes(data []byte, hashes []DigestValue) (DigestSet, error)
- func CalculateDigestSetFromDir(dir string, hashes []DigestValue) (DigestSet, error)
- func CalculateDigestSetFromFile(path string, hashes []DigestValue) (DigestSet, error)
- func NewDigestSet(digestsByName map[string]string) (DigestSet, error)
- type DigestValue
- type ECDSASigner
- type ECDSAVerifier
- type ED25519Signer
- type ED25519Verifier
- type ErrInvalidCertificate
- type ErrInvalidPemBlock
- type ErrInvalidSigner
- type ErrUnsupportedHash
- type ErrUnsupportedKeyType
- type ErrUnsupportedPEM
- type ErrVerifyFailed
- type KeyIdentifier
- type PEMType
- type RSASigner
- type RSAVerifier
- type Signer
- type SignerOption
- type TrustBundler
- type Verifier
- type VerifierOption
- type X509Signer
- func (s *X509Signer) Certificate() *x509.Certificate
- func (s *X509Signer) Intermediates() []*x509.Certificate
- func (s *X509Signer) KeyID() (string, error)
- func (s *X509Signer) Roots() []*x509.Certificate
- func (s *X509Signer) Sign(r io.Reader) ([]byte, error)
- func (s *X509Signer) Verifier() (Verifier, error)
- type X509Verifier
- func (v *X509Verifier) BelongsToRoot(root *x509.Certificate) error
- func (v *X509Verifier) Bytes() ([]byte, error)
- func (v *X509Verifier) Certificate() *x509.Certificate
- func (v *X509Verifier) Intermediates() []*x509.Certificate
- func (v *X509Verifier) KeyID() (string, error)
- func (v *X509Verifier) Roots() []*x509.Certificate
- func (v *X509Verifier) Verify(body io.Reader, sig []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ComputeDigest ¶ added in v0.3.0
func ComputeDigest(rawMessage io.Reader, hashFunc crypto.Hash, supportedHashFuncs []crypto.Hash) ([]byte, crypto.Hash, error)
ComputeDigest calculates the digest value for the specified message using the supplied hash function
func DirhHashSha256 ¶ added in v0.7.0
DirHashSha256 is the "h1:" directory hash function, using SHA-256.
DirHashSha256 returns a SHA-256 hash of a summary prepared as if by the Unix command:
sha256sum $(find . -type f | sort) | sha256sum
More precisely, the hashed summary contains a single line for each file in the list, ordered by sort.Strings applied to the file names, where each line consists of the hexadecimal SHA-256 hash of the file content, two spaces (U+0020), the file name, and a newline (U+000A).
File names with newlines (U+000A) are disallowed.
func GeneratePublicKeyID ¶
func PublicPemBytes ¶
func TryParseCertificate ¶
func TryParseCertificate(data []byte) (*x509.Certificate, error)
func TryParseKeyFromReader ¶
func TryParsePEMBlock ¶
Types ¶
type DigestSet ¶
type DigestSet map[DigestValue]string
func CalculateDigestSet ¶
func CalculateDigestSet(r io.Reader, digestValues []DigestValue) (DigestSet, error)
func CalculateDigestSetFromBytes ¶
func CalculateDigestSetFromBytes(data []byte, hashes []DigestValue) (DigestSet, error)
func CalculateDigestSetFromDir ¶ added in v0.7.0
func CalculateDigestSetFromDir(dir string, hashes []DigestValue) (DigestSet, error)
func CalculateDigestSetFromFile ¶
func CalculateDigestSetFromFile(path string, hashes []DigestValue) (DigestSet, error)
func (*DigestSet) Equal ¶
Equal returns true if every digest for hash functions both artifacts have in common are equal. If the two artifacts don't have any digests from common hash functions, equal will return false. If any digest from common hash functions differ between the two artifacts, equal will return false.
func (DigestSet) MarshalJSON ¶
func (*DigestSet) UnmarshalJSON ¶
type DigestValue ¶
func (DigestValue) New ¶ added in v0.2.3
func (dv DigestValue) New() hash.Hash
type ECDSASigner ¶
type ECDSASigner struct {
// contains filtered or unexported fields
}
func NewECDSASigner ¶
func NewECDSASigner(priv *ecdsa.PrivateKey, hash crypto.Hash) *ECDSASigner
func (*ECDSASigner) KeyID ¶
func (s *ECDSASigner) KeyID() (string, error)
func (*ECDSASigner) Verifier ¶
func (s *ECDSASigner) Verifier() (Verifier, error)
type ECDSAVerifier ¶
type ECDSAVerifier struct {
// contains filtered or unexported fields
}
func NewECDSAVerifier ¶
func NewECDSAVerifier(pub *ecdsa.PublicKey, hash crypto.Hash) *ECDSAVerifier
func (*ECDSAVerifier) Bytes ¶
func (v *ECDSAVerifier) Bytes() ([]byte, error)
func (*ECDSAVerifier) KeyID ¶
func (v *ECDSAVerifier) KeyID() (string, error)
type ED25519Signer ¶
type ED25519Signer struct {
// contains filtered or unexported fields
}
func NewED25519Signer ¶
func NewED25519Signer(priv ed25519.PrivateKey) *ED25519Signer
func (*ED25519Signer) KeyID ¶
func (s *ED25519Signer) KeyID() (string, error)
func (*ED25519Signer) Verifier ¶
func (s *ED25519Signer) Verifier() (Verifier, error)
type ED25519Verifier ¶
type ED25519Verifier struct {
// contains filtered or unexported fields
}
func NewED25519Verifier ¶
func NewED25519Verifier(pub ed25519.PublicKey) *ED25519Verifier
func (*ED25519Verifier) Bytes ¶
func (v *ED25519Verifier) Bytes() ([]byte, error)
func (*ED25519Verifier) KeyID ¶
func (v *ED25519Verifier) KeyID() (string, error)
type ErrInvalidCertificate ¶
type ErrInvalidCertificate struct{}
func (ErrInvalidCertificate) Error ¶
func (e ErrInvalidCertificate) Error() string
type ErrInvalidPemBlock ¶
type ErrInvalidPemBlock struct{}
func (ErrInvalidPemBlock) Error ¶
func (e ErrInvalidPemBlock) Error() string
type ErrInvalidSigner ¶
type ErrInvalidSigner struct{}
func (ErrInvalidSigner) Error ¶
func (e ErrInvalidSigner) Error() string
type ErrUnsupportedHash ¶
type ErrUnsupportedHash string
func (ErrUnsupportedHash) Error ¶
func (e ErrUnsupportedHash) Error() string
type ErrUnsupportedKeyType ¶
type ErrUnsupportedKeyType struct {
// contains filtered or unexported fields
}
func (ErrUnsupportedKeyType) Error ¶
func (e ErrUnsupportedKeyType) Error() string
type ErrUnsupportedPEM ¶
type ErrUnsupportedPEM struct {
// contains filtered or unexported fields
}
func (ErrUnsupportedPEM) Error ¶
func (e ErrUnsupportedPEM) Error() string
type ErrVerifyFailed ¶
type ErrVerifyFailed struct{}
func (ErrVerifyFailed) Error ¶
func (e ErrVerifyFailed) Error() string
type KeyIdentifier ¶
type PEMType ¶ added in v0.3.0
type PEMType string
PEMType is a specific type for string constants used during PEM encoding and decoding
type RSASigner ¶
type RSASigner struct {
// contains filtered or unexported fields
}
func NewRSASigner ¶
func NewRSASigner(priv *rsa.PrivateKey, hash crypto.Hash) *RSASigner
type RSAVerifier ¶
type RSAVerifier struct {
// contains filtered or unexported fields
}
func NewRSAVerifier ¶
func NewRSAVerifier(pub *rsa.PublicKey, hash crypto.Hash) *RSAVerifier
func (*RSAVerifier) Bytes ¶
func (v *RSAVerifier) Bytes() ([]byte, error)
func (*RSAVerifier) KeyID ¶
func (v *RSAVerifier) KeyID() (string, error)
type Signer ¶
type Signer interface { KeyIdentifier Sign(r io.Reader) ([]byte, error) Verifier() (Verifier, error) }
func NewSigner ¶
func NewSigner(priv interface{}, opts ...SignerOption) (Signer, error)
func NewSignerFromReader ¶
func NewSignerFromReader(r io.Reader, opts ...SignerOption) (Signer, error)
type SignerOption ¶
type SignerOption func(*signerOptions)
func SignWithCertificate ¶
func SignWithCertificate(cert *x509.Certificate) SignerOption
func SignWithHash ¶
func SignWithHash(h crypto.Hash) SignerOption
func SignWithIntermediates ¶
func SignWithIntermediates(intermediates []*x509.Certificate) SignerOption
func SignWithRoots ¶
func SignWithRoots(roots []*x509.Certificate) SignerOption
type TrustBundler ¶
type TrustBundler interface { Certificate() *x509.Certificate Intermediates() []*x509.Certificate Roots() []*x509.Certificate }
type Verifier ¶
type Verifier interface { KeyIdentifier Verify(body io.Reader, sig []byte) error Bytes() ([]byte, error) }
func NewVerifier ¶
func NewVerifier(pub interface{}, opts ...VerifierOption) (Verifier, error)
func NewVerifierFromReader ¶
func NewVerifierFromReader(r io.Reader, opts ...VerifierOption) (Verifier, error)
type VerifierOption ¶
type VerifierOption func(*verifierOptions)
func VerifyWithHash ¶
func VerifyWithHash(h crypto.Hash) VerifierOption
func VerifyWithIntermediates ¶
func VerifyWithIntermediates(intermediates []*x509.Certificate) VerifierOption
func VerifyWithRoots ¶
func VerifyWithRoots(roots []*x509.Certificate) VerifierOption
func VerifyWithTrustedTime ¶
func VerifyWithTrustedTime(t time.Time) VerifierOption
type X509Signer ¶
type X509Signer struct {
// contains filtered or unexported fields
}
func NewX509Signer ¶
func NewX509Signer(signer Signer, cert *x509.Certificate, intermediates, roots []*x509.Certificate) (*X509Signer, error)
func (*X509Signer) Certificate ¶
func (s *X509Signer) Certificate() *x509.Certificate
func (*X509Signer) Intermediates ¶
func (s *X509Signer) Intermediates() []*x509.Certificate
func (*X509Signer) KeyID ¶
func (s *X509Signer) KeyID() (string, error)
func (*X509Signer) Roots ¶
func (s *X509Signer) Roots() []*x509.Certificate
func (*X509Signer) Verifier ¶
func (s *X509Signer) Verifier() (Verifier, error)
type X509Verifier ¶
type X509Verifier struct {
// contains filtered or unexported fields
}
func NewX509Verifier ¶
func NewX509Verifier(cert *x509.Certificate, intermediates, roots []*x509.Certificate, trustedTime time.Time) (*X509Verifier, error)
func (*X509Verifier) BelongsToRoot ¶
func (v *X509Verifier) BelongsToRoot(root *x509.Certificate) error
func (*X509Verifier) Bytes ¶
func (v *X509Verifier) Bytes() ([]byte, error)
func (*X509Verifier) Certificate ¶
func (v *X509Verifier) Certificate() *x509.Certificate
func (*X509Verifier) Intermediates ¶
func (v *X509Verifier) Intermediates() []*x509.Certificate
func (*X509Verifier) KeyID ¶
func (v *X509Verifier) KeyID() (string, error)
func (*X509Verifier) Roots ¶
func (v *X509Verifier) Roots() []*x509.Certificate