Documentation
¶
Overview ¶
Package cert provides a cryptographic certicate library.
Index ¶
- Constants
- Variables
- func AddSignature(verifier sign.PublicKey, signature Signature, rawCert []byte) ([]byte, error)
- func GetCertified(rawCert []byte) ([]byte, error)
- func Sign(signer sign.PrivateKey, verifier sign.PublicKey, data []byte, ...) ([]byte, error)
- func SignMulti(signer sign.PrivateKey, verifier sign.PublicKey, rawCert []byte) ([]byte, error)
- func Verify(verifier sign.PublicKey, rawCert []byte) ([]byte, error)
- func VerifyAll(verifiers []sign.PublicKey, rawCert []byte) ([]byte, error)
- func VerifyThreshold(verifiers []sign.PublicKey, threshold int, rawCert []byte) ([]byte, []sign.PublicKey, []sign.PublicKey, error)
- type Certificate
- type Signature
Constants ¶
const (
// CertVersion is the certificate format version.
CertVersion = 0
)
Variables ¶
var ( // ErrImpossibleDecode is an impossible decoding error. ErrImpossibleDecode = errors.New("impossible to decode") // ErrImpossibleEncode is an impossible encoding error. ErrImpossibleEncode = errors.New("impossible to encode") // ErrImpossibleOutOfMemory is an impossible out of memory error. ErrImpossibleOutOfMemory = errors.New("impossible out of memory failure") // ErrBadSignature indicates that the given signature does not sign the certificate. ErrBadSignature = errors.New("signature does not sign certificate") // ErrDuplicateSignature indicates that the given signature is already present in the certificate. ErrDuplicateSignature = errors.New("signature must not be duplicate") // ErrInvalidCertified indicates that the certified field is invalid ErrInvalidCertified = errors.New("invalid certified field of certificate") // ErrKeyTypeMismatch indicates that the given signer's key type is different than the signatures present already. ErrKeyTypeMismatch = errors.New("certificate key type mismatch") // ErrInvalidKeyType indicates that the given signer's key type is different than the signatures present already. ErrInvalidKeyType = errors.New("invalid certificate key type") // ErrVersionMismatch indicates that the given certificate is the wrong format version. ErrVersionMismatch = errors.New("certificate version mismatch") // ErrCertificateExpired indicates that the given certificate has expired. ErrCertificateExpired = errors.New("certificate expired") // ErrIdentitySignatureNotFound indicates that for the given signer identity there was no signature present in the certificate. ErrIdentitySignatureNotFound = errors.New("failure to find signature associated with the given identity") // ErrInvalidThreshold indicated the given threshold cannot be used. ErrInvalidThreshold = errors.New("threshold must be equal or less than the number of verifiers") // ErrThresholdNotMet indicates that there were not enough valid signatures to meet the threshold. ErrThresholdNotMet = errors.New("threshold failure") )
Functions ¶
func AddSignature ¶
AddSignature adds the signature to the certificate if the verifier can verify the signature signs the certificate.
func GetCertified ¶
GetCertified returns the certified data.
func Sign ¶
func Sign(signer sign.PrivateKey, verifier sign.PublicKey, data []byte, expiration uint64) ([]byte, error)
Sign uses the given Signer to create a certificate which certifies the given data.
func SignMulti ¶
SignMulti uses the given signer to create a signature and appends it to the certificate and returns it.
func Verify ¶
Verify is used to verify one of the signatures attached to the certificate. It returns the certified data if the signature is valid.
func VerifyAll ¶
VerifyAll returns the certified data if all of the given verifiers can verify the certificate. Otherwise nil is returned along with an error.
func VerifyThreshold ¶
func VerifyThreshold(verifiers []sign.PublicKey, threshold int, rawCert []byte) ([]byte, []sign.PublicKey, []sign.PublicKey, error)
VerifyThreshold returns the certified data, the succeeded verifiers and the failed verifiers if at least a threshold number of verifiers can verify the certificate. Otherwise nil is returned along with an error.
Types ¶
type Certificate ¶
type Certificate struct {
// Version is the certificate format version.
Version uint32
// Expiration is katzenpost epoch id of the expiration,
// where if set to `epoch` then at `epoch-1` the
// certificate is valid and at `epoch` or `epoch+n`
// the certificate is not valid.
Expiration uint64
// KeyType indicates the type of key
// that is certified by this certificate.
KeyType string
// Certified is the data that is certified by
// this certificate.
Certified []byte
// Signatures is a map PublicKeySum256 -> {PublicKeySum256, Payload}
// where PublicKeySum256 is the signer's public key and Payload is
// a signature over Certificate.message() (canonical encoding of
// the previous fields of the Certificate)
Signatures map[[32]byte]Signature
}
Certificate structure for serializing certificates.
func (*Certificate) Marshal ¶
func (c *Certificate) Marshal() ([]byte, error)
type Signature ¶
type Signature struct {
// PublicKeySum256 is the 256 bit hash of the public key.
PublicKeySum256 [32]byte
// Payload is the actual signature value.
Payload []byte
}
Signature is a cryptographic signature which has an associated signer ID.
func GetSignature ¶
GetSignature returns a signature that signs the certificate if it matches with the given identity.
func GetSignatures ¶
GetSignatures returns all the signatures.
Source Files