Documentation ¶
Index ¶
- Constants
- Variables
- func CheckSignature(cert *Certificate, msg []byte, signature []byte) error
- func InitNodeStakingKeyPair(keyPath, certPath string) error
- func LoadTLSCertFromBytes(keyBytes, certBytes []byte) (*tls.Certificate, error)
- func LoadTLSCertFromFiles(keyPath, certPath string) (*tls.Certificate, error)
- func NewCertAndKeyBytes() ([]byte, []byte, error)
- func NewTLSCert() (*tls.Certificate, error)
- func ValidateCertificate(cert *Certificate) error
- type Certificate
Constants ¶
const ( MaxCertificateLen = 16 * units.KiB MaxRSAKeyByteLen = units.KiB MaxRSAKeyBitLen = 8 * MaxRSAKeyByteLen )
MaxRSAKeyBitLen is the maximum RSA key size in bits that we are willing to parse.
https://github.com/golang/go/blob/go1.19.12/src/crypto/tls/handshake_client.go#L860-L862
Variables ¶
var ( ErrCertificateTooLarge = fmt.Errorf("staking: certificate length is greater than %d", MaxCertificateLen) ErrUnsupportedAlgorithm = errors.New("staking: cannot verify signature: unsupported algorithm") ErrPublicKeyAlgoMismatch = errors.New("staking: signature algorithm specified different public key type") ErrInvalidRSAPublicKey = errors.New("staking: invalid RSA public key") ErrInvalidECDSAPublicKey = errors.New("staking: invalid ECDSA public key") ErrECDSAVerificationFailure = errors.New("staking: ECDSA verification failure") ErrED25519VerificationFailure = errors.New("staking: Ed25519 verification failure") )
Functions ¶
func CheckSignature ¶
func CheckSignature(cert *Certificate, msg []byte, signature []byte) error
CheckSignature verifies that the signature is a valid signature over signed from the certificate.
Ref: https://github.com/golang/go/blob/go1.19.12/src/crypto/x509/x509.go#L793-L797 Ref: https://github.com/golang/go/blob/go1.19.12/src/crypto/x509/x509.go#L816-L879
func InitNodeStakingKeyPair ¶
InitNodeStakingKeyPair generates a self-signed TLS key/cert pair to use in staking. The key and files will be placed at [keyPath] and [certPath], respectively. If there is already a file at [keyPath], returns nil.
func LoadTLSCertFromBytes ¶
func LoadTLSCertFromBytes(keyBytes, certBytes []byte) (*tls.Certificate, error)
func LoadTLSCertFromFiles ¶
func LoadTLSCertFromFiles(keyPath, certPath string) (*tls.Certificate, error)
func NewCertAndKeyBytes ¶
Creates a new staking private key / staking certificate pair. Returns the PEM byte representations of both.
func NewTLSCert ¶
func NewTLSCert() (*tls.Certificate, error)
func ValidateCertificate ¶
func ValidateCertificate(cert *Certificate) error
ValidateCertificate verifies that this certificate conforms to the required staking format assuming that it was already able to be parsed.
Types ¶
type Certificate ¶
type Certificate struct { Raw []byte PublicKey any SignatureAlgorithm x509.SignatureAlgorithm }
func CertificateFromX509 ¶
func CertificateFromX509(cert *x509.Certificate) *Certificate
CertificateFromX509 converts an x509 certificate into a staking certificate.
Invariant: The provided certificate must be a parseable into a staking certificate.
func ParseCertificate ¶
func ParseCertificate(der []byte) (*Certificate, error)
ParseCertificate parses a single certificate from the given ASN.1 DER data.