Documentation ¶
Index ¶
- func ServerCertificateValidator(base *tls.Config, verbose bool) *tls.Config
- func SignCSR(csr *x509.CertificateRequest, signingBundle *MultiKeyCertBundle) ([]byte, error)
- func ValidateMultiKeyCSR(csr *x509.CertificateRequest) (*x509.CertificateRequest, error)
- func ValidateMultiKeyDERCSR(derCSR []byte) (*x509.CertificateRequest, error)
- type MultiKeyCertBundle
- type PQKeyBundle
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ServerCertificateValidator ¶
ServerCertificateValidator returns a tls.Config which validates post-quantum signatures on all verified chains (i.e., chains which have had their legacy signatures verified), based on the given base config. The returned value is an augmented clone of the base; base is not modified
func SignCSR ¶
func SignCSR(csr *x509.CertificateRequest, signingBundle *MultiKeyCertBundle) ([]byte, error)
SignCSR takes a parsed certificate request, validates it and signs it using both legacy and post-quantum signatures
func ValidateMultiKeyCSR ¶
func ValidateMultiKeyCSR(csr *x509.CertificateRequest) (*x509.CertificateRequest, error)
ValidateMultiKeyCSR validates that the pq key and signature extensions are present and valid in the given CSR. Returns the same CSR on success.
func ValidateMultiKeyDERCSR ¶
func ValidateMultiKeyDERCSR(derCSR []byte) (*x509.CertificateRequest, error)
ValidateMultiKeyCSR parses the given DER encoded CSR, and then validates that the pq key and signature extensions are present and valid. Returns the parsed csr on success.
Types ¶
type MultiKeyCertBundle ¶
type MultiKeyCertBundle struct { ParsedCert *x509.Certificate CertPEM string CertDER []byte LegacyPublicKey crypto.PublicKey PQPublicKey []byte PQKeyBundle }
MultiKeyCertBundle wraps a certificate along with its keys, both post-quantum and legacy.
func GenerateMultiKeyRootCert ¶
func GenerateMultiKeyRootCert() (*MultiKeyCertBundle, error)
GenerateMultiKeyRootCert creates a new root certificate with a Ed25519 legacy signature and a falcon-1024 post-quantum signature
func (*MultiKeyCertBundle) OQSSignature ¶
func (m *MultiKeyCertBundle) OQSSignature() (*oqs.Signature, error)
OQSSignature returns a OQS signature object which can be used for signing, based on the key embedded in the bundle.
type PQKeyBundle ¶
type PQKeyBundle struct { LegacyPrivateKey *ecdsa.PrivateKey PQPrivateKey []byte }
PQKeyBundle holds both a legacy and post-quantum key
func GenerateMultiKeyCSR ¶
func GenerateMultiKeyCSR(commonName string, dnsNames []string) ([]byte, PQKeyBundle, error)
GenerateMultiKeyCSR creates an ecdsa/pq multi-key CSR, returning the DER-encoded CSR and the generated keys
func (*PQKeyBundle) LegacyKeyPEM ¶
func (p *PQKeyBundle) LegacyKeyPEM() ([]byte, error)
LegacyKeyPEM returns the legacy key, encoded in PEM format