cryptoutil

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 21 Imported by: 7

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ComputeDigest added in v0.3.0

func ComputeDigest(rawMessage io.Reader, hashFunc crypto.Hash, supportedHashFuncs []crypto.Hash) ([]byte, crypto.Hash, error)

ComputeDigest calculates the digest value for the specified message using the supplied hash function

func Digest

func Digest(r io.Reader, hash crypto.Hash) ([]byte, error)

func DigestBytes

func DigestBytes(data []byte, hash crypto.Hash) ([]byte, error)

func DirhHashSha256 added in v0.7.0

func DirhHashSha256(files []string, open func(string) (io.ReadCloser, error)) (string, error)

DirHashSha256 is the "h1:" directory hash function, using SHA-256.

DirHashSha256 returns a SHA-256 hash of a summary prepared as if by the Unix command:

sha256sum $(find . -type f | sort) | sha256sum

More precisely, the hashed summary contains a single line for each file in the list, ordered by sort.Strings applied to the file names, where each line consists of the hexadecimal SHA-256 hash of the file content, two spaces (U+0020), the file name, and a newline (U+000A).

File names with newlines (U+000A) are disallowed.

func GeneratePublicKeyID

func GeneratePublicKeyID(pub interface{}, hash crypto.Hash) (string, error)

func HashFromString

func HashFromString(name string) (crypto.Hash, error)

func HashToString

func HashToString(h crypto.Hash) (string, error)

func HexEncode

func HexEncode(src []byte) []byte

func PublicPemBytes

func PublicPemBytes(pub interface{}) ([]byte, error)

func TryParseCertificate

func TryParseCertificate(data []byte) (*x509.Certificate, error)

func TryParseKeyFromReader

func TryParseKeyFromReader(r io.Reader) (interface{}, error)

func TryParsePEMBlock

func TryParsePEMBlock(block *pem.Block) (interface{}, error)

func UnmarshalPEMToPublicKey added in v0.3.0

func UnmarshalPEMToPublicKey(pemBytes []byte) (crypto.PublicKey, error)

UnmarshalPEMToPublicKey converts a PEM-encoded byte slice into a crypto.PublicKey

Types

type DigestSet

type DigestSet map[DigestValue]string

func CalculateDigestSet

func CalculateDigestSet(r io.Reader, digestValues []DigestValue) (DigestSet, error)

func CalculateDigestSetFromBytes

func CalculateDigestSetFromBytes(data []byte, hashes []DigestValue) (DigestSet, error)

func CalculateDigestSetFromDir added in v0.7.0

func CalculateDigestSetFromDir(dir string, hashes []DigestValue) (DigestSet, error)

func CalculateDigestSetFromFile

func CalculateDigestSetFromFile(path string, hashes []DigestValue) (DigestSet, error)

func NewDigestSet

func NewDigestSet(digestsByName map[string]string) (DigestSet, error)

func (*DigestSet) Equal

func (ds *DigestSet) Equal(second DigestSet) bool

Equal returns true if every digest for hash functions both artifacts have in common are equal. If the two artifacts don't have any digests from common hash functions, equal will return false. If any digest from common hash functions differ between the two artifacts, equal will return false.

func (DigestSet) MarshalJSON

func (ds DigestSet) MarshalJSON() ([]byte, error)

func (*DigestSet) ToNameMap

func (ds *DigestSet) ToNameMap() (map[string]string, error)

func (*DigestSet) UnmarshalJSON

func (ds *DigestSet) UnmarshalJSON(data []byte) error

type DigestValue

type DigestValue struct {
	crypto.Hash
	GitOID  bool
	DirHash bool
}

func (DigestValue) New added in v0.2.3

func (dv DigestValue) New() hash.Hash

type ECDSASigner

type ECDSASigner struct {
	// contains filtered or unexported fields
}

func NewECDSASigner

func NewECDSASigner(priv *ecdsa.PrivateKey, hash crypto.Hash) *ECDSASigner

func (*ECDSASigner) KeyID

func (s *ECDSASigner) KeyID() (string, error)

func (*ECDSASigner) Sign

func (s *ECDSASigner) Sign(r io.Reader) ([]byte, error)

func (*ECDSASigner) Verifier

func (s *ECDSASigner) Verifier() (Verifier, error)

type ECDSAVerifier

type ECDSAVerifier struct {
	// contains filtered or unexported fields
}

func NewECDSAVerifier

func NewECDSAVerifier(pub *ecdsa.PublicKey, hash crypto.Hash) *ECDSAVerifier

func (*ECDSAVerifier) Bytes

func (v *ECDSAVerifier) Bytes() ([]byte, error)

func (*ECDSAVerifier) KeyID

func (v *ECDSAVerifier) KeyID() (string, error)

func (*ECDSAVerifier) Verify

func (v *ECDSAVerifier) Verify(data io.Reader, sig []byte) error

type ED25519Signer

type ED25519Signer struct {
	// contains filtered or unexported fields
}

func NewED25519Signer

func NewED25519Signer(priv ed25519.PrivateKey) *ED25519Signer

func (*ED25519Signer) KeyID

func (s *ED25519Signer) KeyID() (string, error)

func (*ED25519Signer) Sign

func (s *ED25519Signer) Sign(r io.Reader) ([]byte, error)

func (*ED25519Signer) Verifier

func (s *ED25519Signer) Verifier() (Verifier, error)

type ED25519Verifier

type ED25519Verifier struct {
	// contains filtered or unexported fields
}

func NewED25519Verifier

func NewED25519Verifier(pub ed25519.PublicKey) *ED25519Verifier

func (*ED25519Verifier) Bytes

func (v *ED25519Verifier) Bytes() ([]byte, error)

func (*ED25519Verifier) KeyID

func (v *ED25519Verifier) KeyID() (string, error)

func (*ED25519Verifier) Verify

func (v *ED25519Verifier) Verify(r io.Reader, sig []byte) error

type ErrInvalidCertificate

type ErrInvalidCertificate struct{}

func (ErrInvalidCertificate) Error

func (e ErrInvalidCertificate) Error() string

type ErrInvalidPemBlock

type ErrInvalidPemBlock struct{}

func (ErrInvalidPemBlock) Error

func (e ErrInvalidPemBlock) Error() string

type ErrInvalidSigner

type ErrInvalidSigner struct{}

func (ErrInvalidSigner) Error

func (e ErrInvalidSigner) Error() string

type ErrUnsupportedHash

type ErrUnsupportedHash string

func (ErrUnsupportedHash) Error

func (e ErrUnsupportedHash) Error() string

type ErrUnsupportedKeyType

type ErrUnsupportedKeyType struct {
	// contains filtered or unexported fields
}

func (ErrUnsupportedKeyType) Error

func (e ErrUnsupportedKeyType) Error() string

type ErrUnsupportedPEM

type ErrUnsupportedPEM struct {
	// contains filtered or unexported fields
}

func (ErrUnsupportedPEM) Error

func (e ErrUnsupportedPEM) Error() string

type ErrVerifyFailed

type ErrVerifyFailed struct{}

func (ErrVerifyFailed) Error

func (e ErrVerifyFailed) Error() string

type KeyIdentifier

type KeyIdentifier interface {
	KeyID() (string, error)
}

type PEMType added in v0.3.0

type PEMType string

PEMType is a specific type for string constants used during PEM encoding and decoding

const (
	// PublicKeyPEMType is the string "PUBLIC KEY" to be used during PEM encoding and decoding
	PublicKeyPEMType PEMType = "PUBLIC KEY"
	// PKCS1PublicKeyPEMType is the string "RSA PUBLIC KEY" used to parse PKCS#1-encoded public keys
	PKCS1PublicKeyPEMType PEMType = "RSA PUBLIC KEY"
)

type RSASigner

type RSASigner struct {
	// contains filtered or unexported fields
}

func NewRSASigner

func NewRSASigner(priv *rsa.PrivateKey, hash crypto.Hash) *RSASigner

func (*RSASigner) KeyID

func (s *RSASigner) KeyID() (string, error)

func (*RSASigner) Sign

func (s *RSASigner) Sign(r io.Reader) ([]byte, error)

func (*RSASigner) Verifier

func (s *RSASigner) Verifier() (Verifier, error)

type RSAVerifier

type RSAVerifier struct {
	// contains filtered or unexported fields
}

func NewRSAVerifier

func NewRSAVerifier(pub *rsa.PublicKey, hash crypto.Hash) *RSAVerifier

func (*RSAVerifier) Bytes

func (v *RSAVerifier) Bytes() ([]byte, error)

func (*RSAVerifier) KeyID

func (v *RSAVerifier) KeyID() (string, error)

func (*RSAVerifier) Verify

func (v *RSAVerifier) Verify(data io.Reader, sig []byte) error

type Signer

type Signer interface {
	KeyIdentifier
	Sign(r io.Reader) ([]byte, error)
	Verifier() (Verifier, error)
}

func NewSigner

func NewSigner(priv interface{}, opts ...SignerOption) (Signer, error)

func NewSignerFromReader

func NewSignerFromReader(r io.Reader, opts ...SignerOption) (Signer, error)

type SignerOption

type SignerOption func(*signerOptions)

func SignWithCertificate

func SignWithCertificate(cert *x509.Certificate) SignerOption

func SignWithHash

func SignWithHash(h crypto.Hash) SignerOption

func SignWithIntermediates

func SignWithIntermediates(intermediates []*x509.Certificate) SignerOption

func SignWithRoots

func SignWithRoots(roots []*x509.Certificate) SignerOption

type TrustBundler

type TrustBundler interface {
	Certificate() *x509.Certificate
	Intermediates() []*x509.Certificate
	Roots() []*x509.Certificate
}

type Verifier

type Verifier interface {
	KeyIdentifier
	Verify(body io.Reader, sig []byte) error
	Bytes() ([]byte, error)
}

func NewVerifier

func NewVerifier(pub interface{}, opts ...VerifierOption) (Verifier, error)

func NewVerifierFromReader

func NewVerifierFromReader(r io.Reader, opts ...VerifierOption) (Verifier, error)

type VerifierOption

type VerifierOption func(*verifierOptions)

func VerifyWithHash

func VerifyWithHash(h crypto.Hash) VerifierOption

func VerifyWithIntermediates

func VerifyWithIntermediates(intermediates []*x509.Certificate) VerifierOption

func VerifyWithRoots

func VerifyWithRoots(roots []*x509.Certificate) VerifierOption

func VerifyWithTrustedTime

func VerifyWithTrustedTime(t time.Time) VerifierOption

type X509Signer

type X509Signer struct {
	// contains filtered or unexported fields
}

func NewX509Signer

func NewX509Signer(signer Signer, cert *x509.Certificate, intermediates, roots []*x509.Certificate) (*X509Signer, error)

func (*X509Signer) Certificate

func (s *X509Signer) Certificate() *x509.Certificate

func (*X509Signer) Intermediates

func (s *X509Signer) Intermediates() []*x509.Certificate

func (*X509Signer) KeyID

func (s *X509Signer) KeyID() (string, error)

func (*X509Signer) Roots

func (s *X509Signer) Roots() []*x509.Certificate

func (*X509Signer) Sign

func (s *X509Signer) Sign(r io.Reader) ([]byte, error)

func (*X509Signer) Verifier

func (s *X509Signer) Verifier() (Verifier, error)

type X509Verifier

type X509Verifier struct {
	// contains filtered or unexported fields
}

func NewX509Verifier

func NewX509Verifier(cert *x509.Certificate, intermediates, roots []*x509.Certificate, trustedTime time.Time) (*X509Verifier, error)

func (*X509Verifier) BelongsToRoot

func (v *X509Verifier) BelongsToRoot(root *x509.Certificate) error

func (*X509Verifier) Bytes

func (v *X509Verifier) Bytes() ([]byte, error)

func (*X509Verifier) Certificate

func (v *X509Verifier) Certificate() *x509.Certificate

func (*X509Verifier) Intermediates

func (v *X509Verifier) Intermediates() []*x509.Certificate

func (*X509Verifier) KeyID

func (v *X509Verifier) KeyID() (string, error)

func (*X509Verifier) Roots

func (v *X509Verifier) Roots() []*x509.Certificate

func (*X509Verifier) Verify

func (v *X509Verifier) Verify(body io.Reader, sig []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL