cms

package
v0.0.0-...-5248474 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2024 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package cms implements the 'Cryptographic Message Syntax' (CMS) as described in RFC-5652.

Support is also provided for X509 (RFC-5652)

This package provides basic support for CMS/X509 to support MRTD use-cases.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func VerifySignature 

func VerifySignature(pubKeyInfo []byte, digestAlg asn1.ObjectIdentifier, digest []byte, sigAlg asn1.ObjectIdentifier, sig []byte) error

Types

type AlgorithmIdentifier 

type AlgorithmIdentifier struct {
	Algorithm  asn1.ObjectIdentifier
	Parameters asn1.RawValue `asn1:"optional"`
}

func (AlgorithmIdentifier) DetermineDigestAlgFromSigAlg 

func (signature AlgorithmIdentifier) DetermineDigestAlgFromSigAlg() (*asn1.ObjectIdentifier, error)

determines the digest algorithm from the provided signature algorithm e.g. OidSha512WithRSAEncryption -> OidHashAlgorithmSHA512

type Attribute 

type Attribute struct {
	Raw    asn1.RawContent
	Type   asn1.ObjectIdentifier
	Values asn1.RawValue
}

type AttributeList 

type AttributeList []Attribute

func (AttributeList) GetByOID 

func (attributes AttributeList) GetByOID(oid asn1.ObjectIdentifier) *Attribute

returns: nil if no matching attribute found

func (AttributeList) GetSetOfAsnBytes 

func (attributes AttributeList) GetSetOfAsnBytes() []byte

gets the ASN1 encoded attribute data wrapped in a parent 'SET OF' (0x31) tag NB builds using the 'Raw' field, so any changes to the low-level fields will not be reflected

type AuthorityKeyIdentifier 

type AuthorityKeyIdentifier struct {
	KeyIdentifier             []byte          `asn1:"optional,implicit,tag:0"`
	AuthorityCertIssuer       asn1.RawContent `asn1:"optional,implicit,tag:1"`
	AuthorityCertSerialNumber asn1.RawContent `asn1:"optional,implicit,tag:2"`
}

type CertPool 

type CertPool struct {
	// contains filtered or unexported fields
}

func CscaCertPool 

func CscaCertPool() *CertPool

func NewCertPool 

func NewCertPool() *CertPool

func (*CertPool) Add 

func (certPool *CertPool) Add(data []byte)

func (*CertPool) GetBySki 

func (certPool *CertPool) GetBySki(ski []byte) []Certificate

TODO - probably needs to be more than just SKI (i.e. country?)

type Certificate 

type Certificate struct {
	Raw                asn1.RawContent
	TbsCertificate     TBSCertificate
	SignatureAlgorithm AlgorithmIdentifier
	SignatureValue     asn1.BitString
}

func ParseCertificate 

func ParseCertificate(data []byte) (*Certificate, error)

func (*Certificate) Verify 

func (cert *Certificate) Verify(certPool *CertPool) (certChain [][]byte, err error)

type CscaMasterList 

type CscaMasterList struct {
	Version int
	Certs   []CscaMasterListCert `asn1:"set"`
}

type CscaMasterListCert 

type CscaMasterListCert struct {
	Cert asn1.RawContent
}

type ECSpecifiedDomain 

type ECSpecifiedDomain struct {
	Raw      asn1.RawContent
	Version  int
	FieldId  cryptoutils.ECField
	Curve    cryptoutils.ECCurve
	Base     []byte
	Order    *big.Int
	Cofactor *big.Int
	Hash     asn1.ObjectIdentifier `asn1:"optional"`
}

TODO - looks like this is the inner part of SubjectPublicKeyInfo (used by ActiveAuth/PassiveAuth)

  • maybe we can generalise this code and use the get function to get the key we require

func ParseECSpecifiedDomain 

func ParseECSpecifiedDomain(algIdentifier *AlgorithmIdentifier) (out *ECSpecifiedDomain, err error)

parse ecPublicKey ASN1 object (aka EC Specified Domain) TODO - this looks like SubjectPublicKeyInfo... also required in SOD... this is just specific to EC.. or at least the curve part of it

func (ECSpecifiedDomain) GetEcCurve 

func (specDomain ECSpecifiedDomain) GetEcCurve() (*elliptic.Curve, error)

type EncapContentInfo 

type EncapContentInfo struct {
	Raw          asn1.RawContent
	EContentType asn1.ObjectIdentifier ``
	EContent     []byte                `asn1:"explicit,tag:0"` // e.g. LDSSecurityObject / SecurityInfos
}

type Extension 

type Extension struct {
	Raw       asn1.RawContent
	ObjectId  asn1.ObjectIdentifier
	Critical  asn1.Flag `asn1:"optional,default:false"`
	ExtnValue asn1.RawValue
}

type Extensions 

type Extensions []Extension

func (Extensions) GetAuthorityKeyIdentifier 

func (extensions Extensions) GetAuthorityKeyIdentifier() *AuthorityKeyIdentifier

func (Extensions) GetSubjectKeyIdentifier 

func (extensions Extensions) GetSubjectKeyIdentifier() *SubjectKeyIdentifier

type IssuerAndSerial 

type IssuerAndSerial struct {
	IssuerName   asn1.RawValue
	SerialNumber *big.Int
}

type RsaSsaPssParams 

type RsaSsaPssParams struct {
	HashAlgorithm    AlgorithmIdentifier `asn1:"explicit,tag:0"`
	MaskGenAlgorithm AlgorithmIdentifier `asn1:"explicit,tag:1"`
	SaltLength       *big.Int            `asn1:"explicit,optional,tag:2"`
	TrailerField     *big.Int            `asn1:"explicit,optional,tag:3"`
}

type SignedData 

type SignedData struct {
	Oid asn1.ObjectIdentifier ``
	SD2 SignedData2           `asn1:"explicit,tag:0"`
}

func ParseSignedData 

func ParseSignedData(data []byte) (*SignedData, error)

type SignedData2 

type SignedData2 struct {
	Version          int
	DigestAlgorithms []AlgorithmIdentifier `asn1:"set"`
	Content          EncapContentInfo      ``
	Certificates     asn1.RawValue         `asn1:"optional,tag:0"`
	CRLs             []asn1.RawValue       `asn1:"optional,set,tag:1"`
	SignerInfos      []SignerInfo          `asn1:"set"`
}

func (*SignedData2) Verify 

func (sd *SignedData2) Verify(certPool *CertPool) (certChain [][]byte, err error)

type SignerInfo 

type SignerInfo struct {
	Raw                       asn1.RawContent
	Version                   int                 `asn1:"default:1"`
	IssuerAndSerialNumber     IssuerAndSerial     `asn1:"optional"` // optional for DE masterlist
	DigestAlgorithm           AlgorithmIdentifier `asn1:"optional"` // optional for DE masterlist
	AuthenticatedAttributes   AttributeList       `asn1:"optional,tag:0"`
	DigestEncryptionAlgorithm AlgorithmIdentifier `asn1:"optional"` // optional for DE masterlist
	EncryptedDigest           []byte              `asn1:"optional"` // optional for DE masterlist
	UnauthenticatedAttributes AttributeList       `asn1:"optional,tag:1"`
}

type SubjectKeyIdentifier 

type SubjectKeyIdentifier []byte

type SubjectPublicKeyInfo 

type SubjectPublicKeyInfo struct {
	Algorithm        AlgorithmIdentifier
	SubjectPublicKey asn1.BitString
}

func Asn1decodeSubjectPublicKeyInfo 

func Asn1decodeSubjectPublicKeyInfo(data []byte) SubjectPublicKeyInfo

func (*SubjectPublicKeyInfo) GetEcCurveAndPubKey 

func (subPubKeyInfo *SubjectPublicKeyInfo) GetEcCurveAndPubKey() (curve *elliptic.Curve, pubKey *cryptoutils.EcPoint)

func (*SubjectPublicKeyInfo) GetRsaPubKey 

func (subPubKeyInfo *SubjectPublicKeyInfo) GetRsaPubKey() *cryptoutils.RsaPublicKey

type TBSCertificate 

type TBSCertificate struct {
	Raw                  asn1.RawContent
	Version              int `asn1:"explicit,default:1,tag:0"`
	SerialNumber         *big.Int
	Signature            AlgorithmIdentifier
	Issuer               asn1.RawValue
	Validity             Validity
	Subject              asn1.RawValue
	SubjectPublicKeyInfo asn1.RawValue
	IssuerUniqueId       asn1.BitString `asn1:"implicit,optional,tag:1"`
	SubjectUniqueId      asn1.BitString `asn1:"implicit,optional,tag:2"`
	Extensions           Extensions     `asn1:"explicit,optional,tag:3"`
}

type Validity 

type Validity struct {
	NotBefore asn1.RawValue
	NotAfter  asn1.RawValue
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.