Documentation ¶
Index ¶
- Constants
- Variables
- func AEStoEncryptedPEM(raw []byte, pwd []byte) ([]byte, error)
- func AEStoPEM(raw []byte) []byte
- func CBCDecrypt(key, src []byte) ([]byte, error)
- func CBCEncrypt(key, s []byte) ([]byte, error)
- func CBCPKCS7Decrypt(key, src []byte) ([]byte, error)
- func CBCPKCS7Encrypt(key, src []byte) ([]byte, error)
- func CheckCertAgainRoot(x509Cert *x509.Certificate, certPool *x509.CertPool) ([][]*x509.Certificate, error)
- func CheckCertAgainstSKAndRoot(x509Cert *x509.Certificate, privateKey interface{}, certPool *x509.CertPool) error
- func CheckCertPKAgainstSK(x509Cert *x509.Certificate, privateKey interface{}) error
- func DERCertToPEM(der []byte) []byte
- func DERToPrivateKey(der []byte) (key interface{}, err error)
- func DERToPublicKey(derBytes []byte) (pub interface{}, err error)
- func DERToX509Certificate(asn1Data []byte) (*x509.Certificate, error)
- func ECDSASign(signKey interface{}, msg []byte) ([]byte, error)
- func ECDSASignDirect(signKey interface{}, msg []byte) (*big.Int, *big.Int, error)
- func ECDSAVerify(verKey interface{}, msg, signature []byte) (bool, error)
- func GenAESKey() ([]byte, error)
- func GetCriticalExtension(cert *x509.Certificate, oid asn1.ObjectIdentifier) ([]byte, error)
- func GetDefaultCurve() elliptic.Curve
- func GetDefaultHash() func() hash.Hash
- func GetHashAlgorithm() string
- func GetRandomBytes(len int) ([]byte, error)
- func GetRandomNonce() ([]byte, error)
- func HMAC(key, x []byte) []byte
- func HMACAESTruncated(key, x []byte) []byte
- func HMACTruncated(key, x []byte, truncation int) []byte
- func Hash(msg []byte) []byte
- func InitSecurityLevel(algorithm string, level int) (err error)
- func NewECDSAKey() (*ecdsa.PrivateKey, error)
- func NewHash() hash.Hash
- func NewSelfSignedCert() ([]byte, interface{}, error)
- func PEMtoAES(raw []byte, pwd []byte) ([]byte, error)
- func PEMtoCertificate(raw []byte) (*x509.Certificate, error)
- func PEMtoCertificateAndDER(raw []byte) (*x509.Certificate, []byte, error)
- func PEMtoDER(raw []byte) ([]byte, error)
- func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error)
- func PEMtoPublicKey(raw []byte, pwd []byte) (interface{}, error)
- func PKCS7Padding(src []byte) []byte
- func PKCS7UnPadding(src []byte) ([]byte, error)
- func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error)
- func PrivateKeyToEncryptedPEM(privateKey interface{}, pwd []byte) ([]byte, error)
- func PrivateKeyToPEM(privateKey interface{}, pwd []byte) ([]byte, error)
- func PublicKeyToEncryptedPEM(publicKey interface{}, pwd []byte) ([]byte, error)
- func PublicKeyToPEM(publicKey interface{}, pwd []byte) ([]byte, error)
- func SetSecurityLevel(algorithm string, level int) (err error)
- func VerifySignCapability(tempSK interface{}, certPK interface{}) error
- type AsymmetricCipher
- type AsymmetricCipherParameters
- type AsymmetricCipherSPI
- type CipherParameters
- type ECDSASignature
- type KeyGenerator
- type KeyGeneratorParameters
- type KeySerializer
- type Parameters
- type PrivateKey
- type PublicKey
- type SecretKey
- type StreamCipher
- type StreamCipherSPI
Constants ¶
const ( // AESKeyLength is the default AES key length AESKeyLength = 32 // NonceSize is the default NonceSize NonceSize = 24 )
Variables ¶
var ( // ErrEncryption Error during encryption ErrEncryption = errors.New("Error during encryption.") // ErrDecryption Error during decryption ErrDecryption = errors.New("Error during decryption.") // ErrInvalidSecretKeyType Invalid Secret Key type ErrInvalidSecretKeyType = errors.New("Invalid Secret Key type.") // ErrInvalidPublicKeyType Invalid Public Key type ErrInvalidPublicKeyType = errors.New("Invalid Public Key type.") // ErrInvalidKeyParameter Invalid Key Parameter ErrInvalidKeyParameter = errors.New("Invalid Key Parameter.") // ErrInvalidNilKeyParameter Invalid Nil Key Parameter ErrInvalidNilKeyParameter = errors.New("Invalid Nil Key Parameter.") // ErrInvalidKeyGeneratorParameter Invalid Key Generator Parameter ErrInvalidKeyGeneratorParameter = errors.New("Invalid Key Generator Parameter.") )
var ( // TCertEncTCertIndex oid for TCertIndex TCertEncTCertIndex = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 7} // TCertEncEnrollmentID is the ASN1 object identifier of the TCert index. TCertEncEnrollmentID = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 8} // TCertEncAttributesBase is the base ASN1 object identifier for attributes. // When generating an extension to include the attribute an index will be // appended to this Object Identifier. TCertEncAttributesBase = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6} // TCertAttributesHeaders is the ASN1 object identifier of attributes header. TCertAttributesHeaders = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 9} )
Functions ¶
func AEStoEncryptedPEM ¶
AEStoEncryptedPEM encapsulates an AES key in the encrypted PEM format
func CBCDecrypt ¶
CBCDecrypt decrypts using CBC mode
func CBCPKCS7Decrypt ¶
CBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding
func CBCPKCS7Encrypt ¶
CBCPKCS7Encrypt combines CBC encryption and PKCS7 padding
func CheckCertAgainRoot ¶
func CheckCertAgainRoot(x509Cert *x509.Certificate, certPool *x509.CertPool) ([][]*x509.Certificate, error)
CheckCertAgainRoot check the validity of the passed certificate against the passed certPool
func CheckCertAgainstSKAndRoot ¶
func CheckCertAgainstSKAndRoot(x509Cert *x509.Certificate, privateKey interface{}, certPool *x509.CertPool) error
CheckCertAgainstSKAndRoot checks the passed certificate against the passed secretkey and certPool
func CheckCertPKAgainstSK ¶
func CheckCertPKAgainstSK(x509Cert *x509.Certificate, privateKey interface{}) error
CheckCertPKAgainstSK checks certificate's publickey against the passed secret key
func DERToPrivateKey ¶
DERToPrivateKey unmarshals a der to private key
func DERToPublicKey ¶
DERToPublicKey unmarshals a der to public key
func DERToX509Certificate ¶
func DERToX509Certificate(asn1Data []byte) (*x509.Certificate, error)
DERToX509Certificate converts der to x509
func ECDSASignDirect ¶
ECDSASignDirect signs
func ECDSAVerify ¶
ECDSAVerify verifies
func GenAESKey ¶
GenAESKey returns a random AES key of length AESKeyLength
func GetCriticalExtension ¶
func GetCriticalExtension(cert *x509.Certificate, oid asn1.ObjectIdentifier) ([]byte, error)
GetCriticalExtension returns a requested critical extension. It also remove it from the list of unhandled critical extensions
func GetDefaultCurve ¶
GetDefaultCurve returns the default elliptic curve used by the crypto layer
func GetDefaultHash ¶
GetDefaultHash returns the default hash function used by the crypto layer
func GetHashAlgorithm ¶
func GetHashAlgorithm() string
GetHashAlgorithm return the default hash algorithm
func GetRandomBytes ¶
GetRandomBytes returns len random looking bytes
func GetRandomNonce ¶
GetRandomNonce returns a random byte array of length NonceSize
func HMACAESTruncated ¶
HMACAESTruncated hmacs x using key key and truncate to AESKeyLength
func HMACTruncated ¶
HMACTruncated hmacs x using key key and truncate to truncation
func InitSecurityLevel ¶
InitSecurityLevel initialize the crypto layer at the given security level
func NewECDSAKey ¶
func NewECDSAKey() (*ecdsa.PrivateKey, error)
NewECDSAKey generates a new ECDSA Key
func NewSelfSignedCert ¶
NewSelfSignedCert create a self signed certificate
func PEMtoAES ¶
PEMtoAES extracts from the PEM an AES key
func PEMtoCertificate ¶
func PEMtoCertificate(raw []byte) (*x509.Certificate, error)
PEMtoCertificate converts pem to x509
func PEMtoCertificateAndDER ¶
func PEMtoCertificateAndDER(raw []byte) (*x509.Certificate, []byte, error)
PEMtoCertificateAndDER converts pem to x509 and der
func PEMtoPrivateKey ¶
PEMtoPrivateKey unmarshals a pem to private key
func PEMtoPublicKey ¶
PEMtoPublicKey unmarshals a pem to public key
func PKCS7Padding ¶
PKCS7Padding pads as prescribed by the PKCS7 standard
func PKCS7UnPadding ¶
PKCS7UnPadding unpads as prescribed by the PKCS7 standard
func PrivateKeyToDER ¶
func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error)
PrivateKeyToDER marshals a private key to der
func PrivateKeyToEncryptedPEM ¶
PrivateKeyToEncryptedPEM converts a private key to an encrypted PEM
func PrivateKeyToPEM ¶
PrivateKeyToPEM converts a private key to PEM
func PublicKeyToEncryptedPEM ¶
PublicKeyToEncryptedPEM converts a public key to encrypted pem
func PublicKeyToPEM ¶
PublicKeyToPEM marshals a public key to the pem forma
func SetSecurityLevel ¶
SetSecurityLevel sets the security configuration with the hash length and the algorithm
Types ¶
type AsymmetricCipher ¶
type AsymmetricCipher interface { // Init initializes this cipher with the passed parameters Init(params AsymmetricCipherParameters) error // Process processes the byte array given in input Process(msg []byte) ([]byte, error) }
AsymmetricCipher defines an asymmetric cipher
type AsymmetricCipherParameters ¶
type AsymmetricCipherParameters interface { CipherParameters // IsPublic returns true if the parameters are public, false otherwise. IsPublic() bool }
AsymmetricCipherParameters is common interface to represent asymmetric cipher parameters
type AsymmetricCipherSPI ¶
type AsymmetricCipherSPI interface { // NewAsymmetricCipherFromPrivateKey creates a new AsymmetricCipher for decryption from a secret key NewAsymmetricCipherFromPrivateKey(priv PrivateKey) (AsymmetricCipher, error) // NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a public key NewAsymmetricCipherFromPublicKey(pub PublicKey) (AsymmetricCipher, error) // NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a serialized public key NewAsymmetricCipherFromSerializedPublicKey(pub []byte) (AsymmetricCipher, error) // NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a serialized public key NewAsymmetricCipherFromSerializedPrivateKey(priv []byte) (AsymmetricCipher, error) // NewPrivateKey creates a new private key rand and default parameters NewDefaultPrivateKey(rand io.Reader) (PrivateKey, error) // NewPrivateKey creates a new private key from (rand, params) NewPrivateKey(rand io.Reader, params interface{}) (PrivateKey, error) // NewPublicKey creates a new public key from (rand, params) NewPublicKey(rand io.Reader, params interface{}) (PublicKey, error) // SerializePrivateKey serializes a private key SerializePrivateKey(priv PrivateKey) ([]byte, error) // DeserializePrivateKey deserializes to a private key DeserializePrivateKey(bytes []byte) (PrivateKey, error) // SerializePrivateKey serializes a private key SerializePublicKey(pub PublicKey) ([]byte, error) // DeserializePrivateKey deserializes to a private key DeserializePublicKey(bytes []byte) (PublicKey, error) }
AsymmetricCipherSPI is a Service Provider Interface for AsymmetricCipher
type CipherParameters ¶
type CipherParameters interface { Parameters }
CipherParameters is common interface to represent cipher parameters
type ECDSASignature ¶
ECDSASignature represents an ECDSA signature
type KeyGenerator ¶
type KeyGenerator interface { // Init initializes this generated using the passed parameters Init(params KeyGeneratorParameters) error // GenerateKey generates a new private key GenerateKey() (PrivateKey, error) }
KeyGenerator defines a key generator
type KeyGeneratorParameters ¶
type KeyGeneratorParameters interface { Parameters }
KeyGeneratorParameters is common interface to represent key generation parameters
type KeySerializer ¶
type KeySerializer interface { // ToBytes converts a key to bytes ToBytes(key interface{}) ([]byte, error) // ToBytes converts bytes to a key FromBytes([]byte) (interface{}, error) }
KeySerializer defines a key serializer/deserializer
type Parameters ¶
type Parameters interface { // GetRand returns the random generated associated to this parameters GetRand() io.Reader }
Parameters is common interface for all the parameters
type PrivateKey ¶
type PrivateKey interface { AsymmetricCipherParameters // GetPublicKey returns the associated public key GetPublicKey() PublicKey }
PrivateKey is common interface to represent private asymmetric cipher parameters
type PublicKey ¶
type PublicKey interface { AsymmetricCipherParameters }
PublicKey is common interface to represent public asymmetric cipher parameters
type StreamCipher ¶
type StreamCipher interface { // Init initializes this cipher with the passed parameters Init(forEncryption bool, params CipherParameters) error // Process processes the byte array given in input Process(msg []byte) ([]byte, error) }
StreamCipher defines a stream cipher
type StreamCipherSPI ¶
type StreamCipherSPI interface { GenerateKey() (SecretKey, error) GenerateKeyAndSerialize() (SecretKey, []byte, error) NewSecretKey(rand io.Reader, params interface{}) (SecretKey, error) // NewStreamCipherForEncryptionFromKey creates a new StreamCipher for encryption from a secret key NewStreamCipherForEncryptionFromKey(secret SecretKey) (StreamCipher, error) // NewStreamCipherForEncryptionFromSerializedKey creates a new StreamCipher for encryption from a serialized key NewStreamCipherForEncryptionFromSerializedKey(secret []byte) (StreamCipher, error) // NewStreamCipherForDecryptionFromKey creates a new StreamCipher for decryption from a secret key NewStreamCipherForDecryptionFromKey(secret SecretKey) (StreamCipher, error) // NewStreamCipherForDecryptionFromKey creates a new StreamCipher for decryption from a serialized key NewStreamCipherForDecryptionFromSerializedKey(secret []byte) (StreamCipher, error) // SerializePrivateKey serializes a private key SerializeSecretKey(secret SecretKey) ([]byte, error) // DeserializePrivateKey deserializes to a private key DeserializeSecretKey(bytes []byte) (SecretKey, error) }
StreamCipherSPI is a Service Provider Interface for StreamCipher