crypto

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2019 License: MIT Imports: 14 Imported by: 5

Documentation

Overview

Package crypto implements "SigningMethods" and "EncryptionMethods"; that is, ways to sign and encrypt JWS and JWEs, respectively, as well as JWTs.

Index

Constants

This section is empty.

Variables

View Source
var (
	// SigningMethodES256 implements ES256.
	SigningMethodES256 = &SigningMethodECDSA{
		Name: "ES256",
		Hash: crypto.SHA256,
	}

	// SigningMethodES384 implements ES384.
	SigningMethodES384 = &SigningMethodECDSA{
		Name: "ES384",
		Hash: crypto.SHA384,
	}

	// SigningMethodES512 implements ES512.
	SigningMethodES512 = &SigningMethodECDSA{
		Name: "ES512",
		Hash: crypto.SHA512,
	}
)

Specific instances of EC SigningMethods.

View Source
var (
	ErrNotECPublicKey  = errors.New("Key is not a valid ECDSA public key")
	ErrNotECPrivateKey = errors.New("Key is not a valid ECDSA private key")
)

ECDSA parsing errors.

View Source
var (
	// SigningMethodHS256 implements HS256.
	SigningMethodHS256 = &SigningMethodHMAC{
		Name: "HS256",
		Hash: crypto.SHA256,
	}

	// SigningMethodHS384 implements HS384.
	SigningMethodHS384 = &SigningMethodHMAC{
		Name: "HS384",
		Hash: crypto.SHA384,
	}

	// SigningMethodHS512 implements HS512.
	SigningMethodHS512 = &SigningMethodHMAC{
		Name: "HS512",
		Hash: crypto.SHA512,
	}

	// ErrSignatureInvalid is returned when the provided signature is found
	// to be invalid.
	ErrSignatureInvalid = errors.New("signature is invalid")
)

Specific instances of HMAC-SHA SigningMethods.

View Source
var (
	// SigningMethodRS256 implements RS256.
	SigningMethodRS256 = &SigningMethodRSA{
		Name: "RS256",
		Hash: crypto.SHA256,
	}

	// SigningMethodRS384 implements RS384.
	SigningMethodRS384 = &SigningMethodRSA{
		Name: "RS384",
		Hash: crypto.SHA384,
	}

	// SigningMethodRS512 implements RS512.
	SigningMethodRS512 = &SigningMethodRSA{
		Name: "RS512",
		Hash: crypto.SHA512,
	}
)

Specific instances of RSA SigningMethods.

View Source
var (
	// SigningMethodPS256 implements PS256.
	SigningMethodPS256 = &SigningMethodRSAPSS{
		&SigningMethodRSA{
			Name: "PS256",
			Hash: crypto.SHA256,
		},
		&rsa.PSSOptions{
			SaltLength: rsa.PSSSaltLengthAuto,
			Hash:       crypto.SHA256,
		},
	}

	// SigningMethodPS384 implements PS384.
	SigningMethodPS384 = &SigningMethodRSAPSS{
		&SigningMethodRSA{
			Name: "PS384",
			Hash: crypto.SHA384,
		},
		&rsa.PSSOptions{
			SaltLength: rsa.PSSSaltLengthAuto,
			Hash:       crypto.SHA384,
		},
	}

	// SigningMethodPS512 implements PS512.
	SigningMethodPS512 = &SigningMethodRSAPSS{
		&SigningMethodRSA{
			Name: "PS512",
			Hash: crypto.SHA512,
		},
		&rsa.PSSOptions{
			SaltLength: rsa.PSSSaltLengthAuto,
			Hash:       crypto.SHA512,
		},
	}
)

Specific instances for RS/PS SigningMethods.

View Source
var (
	ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be PEM encoded PKCS1 or PKCS8 private key")
	ErrNotRSAPrivateKey    = errors.New("key is not a valid RSA private key")
	ErrNotRSAPublicKey     = errors.New("key is not a valid RSA public key")
)

Errors specific to rsa_utils.

View Source
var ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")

ErrECDSAVerification is missing from crypto/ecdsa compared to crypto/rsa

View Source
var (
	// ErrInvalidKey means the key argument passed to SigningMethod.Verify
	// was not the correct type.
	ErrInvalidKey = errors.New("key is invalid")
)
View Source
var Unsecured = &SigningMethodNone{
	Name: "none",
	Hash: crypto.Hash(0),
}

Unsecured is the default "none" algorithm.

Functions

func ParseECPrivateKeyFromPEM

func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error)

ParseECPrivateKeyFromPEM will parse a PEM encoded EC Private Key Structure.

func ParseECPublicKeyFromPEM

func ParseECPublicKeyFromPEM(key []byte) (*ecdsa.PublicKey, error)

ParseECPublicKeyFromPEM will parse a PEM encoded PKCS1 or PKCS8 public key

func ParseRSAPrivateKeyFromPEM

func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error)

ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key.

func ParseRSAPublicKeyFromPEM

func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error)

ParseRSAPublicKeyFromPEM parses PEM encoded PKCS1 or PKCS8 public key.

Types

type ECPoint

type ECPoint struct {
	R *big.Int
	S *big.Int
}

ECPoint is a marshalling structure for the EC points R and S.

type Signature

type Signature []byte

Signature is a JWS signature.

func (Signature) Base64

func (s Signature) Base64() ([]byte, error)

Base64 helps implements jose.Encoder for Signature.

func (Signature) MarshalJSON

func (s Signature) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for a signature.

func (*Signature) UnmarshalJSON

func (s *Signature) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler for signature.

type SigningMethod

type SigningMethod interface {
	// Alg describes the signing algorithm, and is used to uniquely
	// describe the specific crypto.SigningMethod.
	Alg() string

	// Verify accepts the raw content, the signature, and the key used
	// to sign the raw content, and returns any errors found while validating
	// the signature and content.
	Verify(raw []byte, sig Signature, key interface{}) error

	// Sign returns a Signature for the raw bytes, as well as any errors
	// that occurred during the signing.
	Sign(raw []byte, key interface{}) (Signature, error)

	// Used to cause quick panics when a crypto.SigningMethod whose form of hashing
	// isn't linked in the binary when you register a crypto.SigningMethod.
	// To spoof this, see "crypto.SigningMethodNone".
	Hasher() crypto.Hash
}

SigningMethod is an interface that provides a way to sign JWS tokens.

type SigningMethodECDSA

type SigningMethodECDSA struct {
	Name string
	Hash crypto.Hash
	// contains filtered or unexported fields
}

SigningMethodECDSA implements the ECDSA family of signing methods signing methods

func (*SigningMethodECDSA) Alg

func (m *SigningMethodECDSA) Alg() string

Alg returns the name of the SigningMethodECDSA instance.

func (*SigningMethodECDSA) Hasher

func (m *SigningMethodECDSA) Hasher() crypto.Hash

Hasher implements the Hasher method from SigningMethod.

func (*SigningMethodECDSA) MarshalJSON

func (m *SigningMethodECDSA) MarshalJSON() ([]byte, error)

MarshalJSON is in case somebody decides to place SigningMethodECDSA inside the Header, presumably because they (wrongly) decided it was a good idea to use the SigningMethod itself instead of the SigningMethod's Alg method. In order to keep things sane, marshalling this will simply return the JSON-compatible representation of m.Alg().

func (*SigningMethodECDSA) Sign

func (m *SigningMethodECDSA) Sign(data []byte, key interface{}) (Signature, error)

Sign implements the Sign method from SigningMethod. For this signing method, key must be an *ecdsa.PrivateKey.

func (*SigningMethodECDSA) Verify

func (m *SigningMethodECDSA) Verify(raw []byte, signature Signature, key interface{}) error

Verify implements the Verify method from SigningMethod. For this verify method, key must be an *ecdsa.PublicKey.

type SigningMethodHMAC

type SigningMethodHMAC struct {
	Name string
	Hash crypto.Hash
	// contains filtered or unexported fields
}

SigningMethodHMAC implements the HMAC-SHA family of SigningMethods.

func (*SigningMethodHMAC) Alg

func (m *SigningMethodHMAC) Alg() string

Alg implements the SigningMethod interface.

func (*SigningMethodHMAC) Hasher

func (m *SigningMethodHMAC) Hasher() crypto.Hash

Hasher implements the SigningMethod interface.

func (*SigningMethodHMAC) MarshalJSON

func (m *SigningMethodHMAC) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.

func (*SigningMethodHMAC) Sign

func (m *SigningMethodHMAC) Sign(data []byte, key interface{}) (Signature, error)

Sign implements the Sign method from SigningMethod for this signing method. Key must be a []byte.

func (*SigningMethodHMAC) Verify

func (m *SigningMethodHMAC) Verify(raw []byte, signature Signature, key interface{}) error

Verify implements the Verify method from SigningMethod. For this signing method, must be a []byte.

type SigningMethodNone

type SigningMethodNone struct {
	Name string
	Hash crypto.Hash
	// contains filtered or unexported fields
}

SigningMethodNone is the default "none" algorithm.

func (*SigningMethodNone) Alg

func (m *SigningMethodNone) Alg() string

Alg helps implement the SigningMethod interface.

func (*SigningMethodNone) Hasher

func (m *SigningMethodNone) Hasher() crypto.Hash

Hasher helps implement the SigningMethod interface.

func (*SigningMethodNone) MarshalJSON

func (m *SigningMethodNone) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.

func (*SigningMethodNone) Sign

func (_ *SigningMethodNone) Sign(_ []byte, _ interface{}) (Signature, error)

Sign helps implement the SigningMethod interface.

func (*SigningMethodNone) Verify

func (_ *SigningMethodNone) Verify(_ []byte, _ Signature, _ interface{}) error

Verify helps implement the SigningMethod interface.

type SigningMethodRSA

type SigningMethodRSA struct {
	Name string
	Hash crypto.Hash
	// contains filtered or unexported fields
}

SigningMethodRSA implements the RSA family of SigningMethods.

func (*SigningMethodRSA) Alg

func (m *SigningMethodRSA) Alg() string

Alg implements the SigningMethod interface.

func (*SigningMethodRSA) Hasher

func (m *SigningMethodRSA) Hasher() crypto.Hash

Hasher implements the SigningMethod interface.

func (*SigningMethodRSA) MarshalJSON

func (m *SigningMethodRSA) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.

func (*SigningMethodRSA) Sign

func (m *SigningMethodRSA) Sign(data []byte, key interface{}) (Signature, error)

Sign implements the Sign method from SigningMethod. For this signing method, must be an *rsa.PrivateKey structure.

func (*SigningMethodRSA) Verify

func (m *SigningMethodRSA) Verify(raw []byte, sig Signature, key interface{}) error

Verify implements the Verify method from SigningMethod. For this signing method, must be an *rsa.PublicKey.

type SigningMethodRSAPSS

type SigningMethodRSAPSS struct {
	*SigningMethodRSA
	Options *rsa.PSSOptions
}

SigningMethodRSAPSS implements the RSAPSS family of SigningMethods.

func (*SigningMethodRSAPSS) Hasher

func (m *SigningMethodRSAPSS) Hasher() crypto.Hash

Hasher implements the Hasher method from SigningMethod.

func (*SigningMethodRSAPSS) MarshalJSON

func (m *SigningMethodRSAPSS) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.

func (*SigningMethodRSAPSS) Sign

func (m *SigningMethodRSAPSS) Sign(raw []byte, key interface{}) (Signature, error)

Sign implements the Sign method from SigningMethod. For this signing method, key must be an *rsa.PrivateKey.

func (*SigningMethodRSAPSS) Verify

func (m *SigningMethodRSAPSS) Verify(raw []byte, signature Signature, key interface{}) error

Verify implements the Verify method from SigningMethod. For this verify method, key must be an *rsa.PublicKey.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL