x509pop

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2020 License: Apache-2.0 Imports: 14 Imported by: 3

Documentation

Index

Constants

View Source
const (

	// PluginName for X.509 Proof of Possession
	PluginName = "x509pop"
)

Variables

View Source
var DefaultAgentPathTemplate = template.Must(template.New("agent-svid").Parse("{{ .PluginName }}/{{ .Fingerprint }}"))

DefaultAgentPathTemplate is the default text/template

Functions

func Fingerprint

func Fingerprint(cert *x509.Certificate) string

func MakeSpiffeID

func MakeSpiffeID(trustDomain string, agentPathTemplate *template.Template, cert *x509.Certificate) (string, error)

MakeSpiffeID creates a SPIFFE ID from X.509 Certificate data.

func VerifyChallengeResponse

func VerifyChallengeResponse(publicKey interface{}, challenge *Challenge, response *Response) error

func VerifyECDSASignatureResponse

func VerifyECDSASignatureResponse(publicKey *ecdsa.PublicKey, challenge *ECDSASignatureChallenge, response *ECDSASignatureResponse) error

func VerifyRSASignatureResponse

func VerifyRSASignatureResponse(publicKey *rsa.PublicKey, challenge *RSASignatureChallenge, response *RSASignatureResponse) error

Types

type AttestationData

type AttestationData struct {
	// DER encoded x509 certificate chain leading back to the trusted root. The
	// leaf certificate comes first.
	Certificates [][]byte `json:"certificates"`
}

type Challenge

type Challenge struct {
	RSASignature   *RSASignatureChallenge   `json:"rsa_signature"`
	ECDSASignature *ECDSASignatureChallenge `json:"ecdsa_signature"`
}

func GenerateChallenge

func GenerateChallenge(cert *x509.Certificate) (*Challenge, error)

type ECDSASignatureChallenge

type ECDSASignatureChallenge struct {
	// Nonce is the nonce generated by the challenger.
	Nonce []byte `json:"nonce"`
}

func GenerateECDSASignatureChallenge

func GenerateECDSASignatureChallenge() (*ECDSASignatureChallenge, error)

type ECDSASignatureResponse

type ECDSASignatureResponse struct {
	// Nonce is the nonce generated by the responder.
	Nonce []byte `json:"nonce"`

	// R value of the ECDSA signature of the combined challenger and responder
	// nonces.
	R []byte `json:"r"`

	// S value of the ECDSA signature of the combined challenger and responder
	// nonces.
	S []byte `json:"s"`
}

func CalculateECDSASignatureResponse

func CalculateECDSASignatureResponse(privateKey *ecdsa.PrivateKey, challenge *ECDSASignatureChallenge) (*ECDSASignatureResponse, error)

type RSASignatureChallenge

type RSASignatureChallenge struct {
	// Nonce is the nonce generated by the challenger.
	Nonce []byte `json:"nonce"`
}

func GenerateRSASignatureChallenge

func GenerateRSASignatureChallenge() (*RSASignatureChallenge, error)

type RSASignatureResponse

type RSASignatureResponse struct {
	// Nonce is the nonce generated by the responder.
	Nonce []byte `json:"nonce"`

	// Signature is the RSA signature of the combined challenger and responder
	// nonces.
	Signature []byte `json:"signature"`
}

func CalculateRSASignatureResponse

func CalculateRSASignatureResponse(privateKey *rsa.PrivateKey, challenge *RSASignatureChallenge) (*RSASignatureResponse, error)

type Response

type Response struct {
	RSASignature   *RSASignatureResponse   `json:"rsa_signature"`
	ECDSASignature *ECDSASignatureResponse `json:"ecdsa_signature"`
}

func CalculateResponse

func CalculateResponse(privateKey interface{}, challenge *Challenge) (*Response, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL