librpki

package
v1.2.0-pre Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 29, 2020 License: BSD-3-Clause Imports: 19 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	IpAddrBlock      = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 7}
	AutonomousSysIds = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 8}

	IpAddrBlockV2      = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 28}
	AutonomousSysIdsV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 29}
	IpAddrAndASIdent   = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 30}

	CertPolicy         = asn1.ObjectIdentifier{2, 5, 29, 32}
	ResourceCertPolicy = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 14, 2}
	CPS                = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1}

	SubjectInfoAccess   = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11}
	AuthorityInfoAccess = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}
	CAIssuer            = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2}
	SignedObject        = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 11}

	SubjectKeyIdentifier   = asn1.ObjectIdentifier{2, 5, 29, 14}
	AuthorityKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 35}

	CertRepository = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 5}
	CertRRDP       = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 13}
)
View Source 
var (
	ContentTypeOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3}
	MessageDigest  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4}
	SigningTime    = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5}
	SignedDataOID  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2}
	SHA256OID      = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	RSAOID         = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
)
View Source 
var (
	OidSignatureSHA256WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
	OidSerialNumber           = asn1.ObjectIdentifier{2, 5, 29, 20}
)
View Source 
var (
	SIAManifest = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 10}
	ManifestOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 26}
)
View Source 
var (
	RSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
)
View Source 
var (
	RoaOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 24}
)
View Source 
var (
	XMLOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 28}
)

Functions

func BER2DER 

func BER2DER(ber []byte) ([]byte, error)

BER2DER attempts to convert BER encoded data to DER encoding.

func BadFormatGroup 

func BadFormatGroup(data []byte) ([]byte, bool, error)

func BundleRSAPublicKey added in v1.2.0 

func BundleRSAPublicKey(key rsa.PublicKey) (asn1.BitString, error)

func CreateCRL added in v1.2.0 

func CreateCRL(c *x509.Certificate, rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time, sn *big.Int) (crlBytes []byte, err error)

https://tools.ietf.org/html/rfc6487#section-5

func DecodeASN 

func DecodeASN(data []byte) ([]ASNCertificateInformation, []ASNCertificateInformation, error)

func DecodeIP 

func DecodeIP(addrfamily []byte, addr asn1.BitString) (*net.IPNet, error)

func DecodeIPMinMax 

func DecodeIPMinMax(addrfamily []byte, addr asn1.BitString, max bool) (net.IP, error)

func DecodeKeyAuthority 

func DecodeKeyAuthority(data []byte) ([]byte, error)

https://tools.ietf.org/html/rfc5280#section-4.2.1.2

func DecodeKeyIdentifier 

func DecodeKeyIdentifier(data []byte) ([]byte, error)

func DecryptSignatureRSA 

func DecryptSignatureRSA(signature []byte, pubKey *rsa.PublicKey) ([]byte, error)

func DeleteLineEnd 

func DeleteLineEnd(line string) string

func EContentToEncap added in v1.2.0 

func EContentToEncap(econtent []byte) ([]byte, error)

Pass fullbytes of any EContent Do one for ROA and MFT

func EContentToEncapBF added in v1.2.0 

func EContentToEncapBF(econtent []byte, skipbf bool) ([]byte, error)

func EncodeASN added in v1.2.0 

func EncodeASN(nums []ASNCertificateInformation, rdi []ASNCertificateInformation) (*pkix.Extension, error)

func EncodeASNSeq added in v1.2.0 

func EncodeASNSeq(asns []ASNCertificateInformation) ([]asn1.RawValue, error)

https://tools.ietf.org/html/rfc6487

func EncodeIPAddressBlock added in v1.2.0 

func EncodeIPAddressBlock(ips []IPCertificateInformation) (*pkix.Extension, error)

func EncodeIPAddressBlockVersion added in v1.2.0 

func EncodeIPAddressBlockVersion(version byte, ips []IPCertificateInformation, safi byte, addSafi bool) ([]byte, error)

func EncodeInfoAccess added in v1.2.0 

func EncodeInfoAccess(authority bool, path string) (*pkix.Extension, error)

func EncodePolicyInformation added in v1.2.0 

func EncodePolicyInformation(cps string) (*pkix.Extension, error)

https://tools.ietf.org/html/rfc7318

func EncodeSIA added in v1.2.0 

func EncodeSIA(sias []*SIA) (*pkix.Extension, error)

func EncodeTAL added in v1.2.0 

func EncodeTAL(tal *RPKI_TAL) ([]byte, error)

func EncodeTALSize added in v1.2.0 

func EncodeTALSize(tal *RPKI_TAL, split int) ([]byte, error)

func EncryptSignatureRSA added in v1.2.0 

func EncryptSignatureRSA(rand io.Reader, signature []byte, privKey *rsa.PrivateKey) ([]byte, error)

func GetRangeIP 

func GetRangeIP(ipnet *net.IPNet) (net.IP, net.IP)

func GroupEntries added in v1.2.0 

func GroupEntries(entries []*ROA_Entry) map[byte][]*ROA_Entry

func GroupIPAddressBlock added in v1.2.0 

func GroupIPAddressBlock(ips []IPCertificateInformation) map[byte][]IPCertificateInformation

Put in ExtraExtensions https://tools.ietf.org/html/rfc3779

func HashPublicKey added in v1.2.0 

func HashPublicKey(key interface{}) ([]byte, error)

func HashRSAPublicKey added in v1.2.0 

func HashRSAPublicKey(key rsa.PublicKey) ([]byte, error)

func IPNetToBitString added in v1.2.0 

func IPNetToBitString(ipnet net.IPNet) asn1.BitString

func IPToBitString added in v1.2.0 

func IPToBitString(ip net.IP) asn1.BitString

func ManifestToEncap added in v1.2.0 

func ManifestToEncap(mft *Manifest) ([]byte, error)

func PrivateEncrypt added in v1.2.0 

func PrivateEncrypt(priv *rsa.PrivateKey, data []byte) (enc []byte, err error)

func ROAToEncap added in v1.2.0 

func ROAToEncap(roa *ROA) ([]byte, error)

func RSA_public_decrypt 

func RSA_public_decrypt(pubKey *rsa.PublicKey, data []byte) []byte

https://stackoverflow.com/questions/44852289/decrypt-with-public-key

func ValidateASNCertificateList 

func ValidateASNCertificateList(list []ASNCertificateInformation, parent *RPKI_Certificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)

func ValidateIPCertificateList 

func ValidateIPCertificateList(list []IPCertificateInformation, parent *RPKI_Certificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)

https://tools.ietf.org/html/rfc6487#section-7.2

func ValidateIPRoaCertificateList 

func ValidateIPRoaCertificateList(entries []*ROA_Entry, cert *RPKI_Certificate) ([]*ROA_Entry, []*ROA_Entry, []*ROA_Entry)

Types

type ASN 

type ASN struct {
	ASN int
}

func (*ASN) ASN1 added in v1.2.0 

func (a *ASN) ASN1() ([]byte, error)

func (*ASN) GetRange 

func (a *ASN) GetRange() (int, int, bool)

func (*ASN) IsASNInRange 

func (a *ASN) IsASNInRange(asn int) (bool, bool)

func (*ASN) String 

func (a *ASN) String() string

type ASNCertificateInformation 

type ASNCertificateInformation interface {
	GetRange() (int, int, bool)
	IsASNInRange(int) (bool, bool)
	String() string

	ASN1() ([]byte, error)
}

func DecodeASIdentifier 

func DecodeASIdentifier(data asn1.RawValue) ([]ASNCertificateInformation, error)

type ASNRange 

type ASNRange struct {
	Min int
	Max int
}

func (*ASNRange) ASN1 added in v1.2.0 

func (ar *ASNRange) ASN1() ([]byte, error)

func (*ASNRange) GetRange 

func (ar *ASNRange) GetRange() (int, int, bool)

func (*ASNRange) IsASNInRange 

func (ar *ASNRange) IsASNInRange(asn int) (bool, bool)

func (*ASNRange) String 

func (ar *ASNRange) String() string

type ASNull 

type ASNull struct {
}

func (*ASNull) ASN1 added in v1.2.0 

func (an *ASNull) ASN1() ([]byte, error)

func (*ASNull) GetRange 

func (an *ASNull) GetRange() (int, int, bool)

func (*ASNull) IsASNInRange 

func (an *ASNull) IsASNInRange(asn int) (bool, bool)

func (*ASNull) String 

func (an *ASNull) String() string

type Attribute 

type Attribute struct {
	AttrType  asn1.ObjectIdentifier
	AttrValue []asn1.RawValue `asn1:"set"`
}

type CMS 

type CMS struct {
	OID        asn1.ObjectIdentifier
	SignedData CmsSignedData `asn1:"explicit,tag:0"`
}

func DecodeCMS 

func DecodeCMS(data []byte) (*CMS, error)

func EncodeCMS added in v1.2.0 

func EncodeCMS(certificate []byte, encapContent interface{}, signingTime time.Time) (*CMS, error)

func (*CMS) AddCRLs added in v1.2.0 

func (cms *CMS) AddCRLs(crls []byte) error

func (*CMS) GetRPKICertificate 

func (cms *CMS) GetRPKICertificate() (*RPKI_Certificate, error)

func (*CMS) GetSigningTime 

func (cms *CMS) GetSigningTime() (time.Time, error)

func (*CMS) Sign added in v1.2.0 

func (cms *CMS) Sign(rand io.Reader, ski []byte, encap []byte, priv interface{}, cert []byte) error

https://stackoverflow.com/questions/18011708/encrypt-message-with-rsa-private-key-as-in-openssls-rsa-private-encrypt

func (*CMS) Validate 

func (cms *CMS) Validate(encap []byte, cert *x509.Certificate) error

Won't validate if signedattributes is empty

type CRLAuthKeyId added in v1.2.0 

type CRLAuthKeyId struct {
	Id []byte `asn1:"optional,tag:0"`
}

type CmsSignedData 

type CmsSignedData struct {
	Version          int
	DigestAlgorithms []asn1.RawValue `asn1:"set"`
	EncapContentInfo asn1.RawValue
	Certificates     asn1.RawValue `asn1:"tag:0,optional"`
	CRLs             asn1.RawValue `asn1:"tag:1,optional"`
	SignerInfos      []SignerInfo  `asn1:"set"`
}

type FileList 

type FileList struct {
	File string `asn1:"ia5"`
	Hash asn1.BitString
}

type IPAddressNull 

type IPAddressNull struct {
	Family uint8
}

func (*IPAddressNull) ASN1 added in v1.2.0 

func (ipan *IPAddressNull) ASN1() ([]byte, error)

func (*IPAddressNull) GetAfi 

func (ipan *IPAddressNull) GetAfi() uint8

func (*IPAddressNull) GetRange 

func (ipan *IPAddressNull) GetRange() (net.IP, net.IP, bool)

func (*IPAddressNull) IsIPInRange 

func (ipan *IPAddressNull) IsIPInRange(ip net.IP) (bool, bool)

func (*IPAddressNull) String 

func (ipan *IPAddressNull) String() string

type IPAddressRange 

type IPAddressRange struct {
	Min net.IP
	Max net.IP
}

func (*IPAddressRange) ASN1 added in v1.2.0 

func (ipr *IPAddressRange) ASN1() ([]byte, error)

func (*IPAddressRange) GetAfi 

func (ipr *IPAddressRange) GetAfi() uint8

func (*IPAddressRange) GetRange 

func (ipr *IPAddressRange) GetRange() (net.IP, net.IP, bool)

func (*IPAddressRange) IsIPInRange 

func (ipr *IPAddressRange) IsIPInRange(ip net.IP) (bool, bool)

func (*IPAddressRange) String 

func (ipr *IPAddressRange) String() string

type IPCertificateInformation 

type IPCertificateInformation interface {
	GetRange() (net.IP, net.IP, bool)
	IsIPInRange(net.IP) (bool, bool)
	String() string
	GetAfi() uint8

	ASN1() ([]byte, error)
}

func DecodeIPAddressBlock 

func DecodeIPAddressBlock(data []byte) ([]IPCertificateInformation, error)

type IPNet 

type IPNet struct {
	IPNet *net.IPNet
}

func (*IPNet) ASN1 added in v1.2.0 

func (ipn *IPNet) ASN1() ([]byte, error)

func (*IPNet) GetAfi 

func (ipn *IPNet) GetAfi() uint8

func (*IPNet) GetRange 

func (ipn *IPNet) GetRange() (net.IP, net.IP, bool)

func (*IPNet) IsIPInRange 

func (ipn *IPNet) IsIPInRange(ip net.IP) (bool, bool)

func (*IPNet) String 

func (ipn *IPNet) String() string

type Manifest 

type Manifest struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

func EncodeManifestContent added in v1.2.0 

func EncodeManifestContent(eContent ManifestContent) (*Manifest, error)

type ManifestContent 

type ManifestContent struct {
	ManifestNumber *big.Int
	ThisUpdate     time.Time `asn1:"generalized"`
	NextUpdate     time.Time `asn1:"generalized"`
	FileHashAlg    asn1.ObjectIdentifier
	FileList       []FileList
}

type ROA 

type ROA struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

func EncodeROAEntries added in v1.2.0 

func EncodeROAEntries(asn int, entries []*ROA_Entry) (*ROA, error)

type ROAAddressFamily 

type ROAAddressFamily struct {
	AddressFamily []byte
	Addresses     []ROAIPAddresses
}

type ROAContent 

type ROAContent struct {
	ASID         int
	IpAddrBlocks []ROAAddressFamily
}

type ROAIPAddresses 

type ROAIPAddresses struct {
	Address   asn1.BitString
	MaxLength int `asn1:"optional,default:-1"`
}

type ROA_Entry 

type ROA_Entry struct {
	IPNet     *net.IPNet
	MaxLength int
}

func ConvertROAEntries 

func ConvertROAEntries(roacontent ROAContent) ([]*ROA_Entry, int, error)

func (*ROA_Entry) Validate 

func (entry *ROA_Entry) Validate() error

type RPKI_Certificate 

type RPKI_Certificate struct {
	SubjectInformationAccess []SIA
	IPAddresses              []IPCertificateInformation
	ASNums                   []ASNCertificateInformation
	ASNRDI                   []ASNCertificateInformation

	Certificate *x509.Certificate
}

func DecodeCertificate 

func DecodeCertificate(data []byte) (*RPKI_Certificate, error)

func (*RPKI_Certificate) IsASRangeInCertificate 

func (cert *RPKI_Certificate) IsASRangeInCertificate(min int, max int) (bool, bool)

func (*RPKI_Certificate) IsIPRangeInCertificate 

func (cert *RPKI_Certificate) IsIPRangeInCertificate(min net.IP, max net.IP) (bool, bool)

func (*RPKI_Certificate) String 

func (cert *RPKI_Certificate) String() string

func (*RPKI_Certificate) Validate 

func (cert *RPKI_Certificate) Validate(parent *RPKI_Certificate) error

func (*RPKI_Certificate) ValidateASNCertificate 

func (cert *RPKI_Certificate) ValidateASNCertificate(parent *RPKI_Certificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)

func (*RPKI_Certificate) ValidateIPCertificate 

func (cert *RPKI_Certificate) ValidateIPCertificate(parent *RPKI_Certificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)

func (*RPKI_Certificate) ValidateTime 

func (cert *RPKI_Certificate) ValidateTime(comp time.Time) error

type RPKI_Manifest 

type RPKI_Manifest struct {
	Certificate        *RPKI_Certificate
	Content            ManifestContent
	BadFormat          bool
	InnerValid         bool
	InnerValidityError error
}

func DecodeManifest 

func DecodeManifest(data []byte) (*RPKI_Manifest, error)

type RPKI_ROA 

type RPKI_ROA struct {
	ASN         int
	Entries     []*ROA_Entry
	Certificate *RPKI_Certificate
	BadFormat   bool
	SigningTime time.Time

	InnerValid         bool
	InnerValidityError error

	Valids      []*ROA_Entry
	Invalids    []*ROA_Entry
	CheckParent []*ROA_Entry
}

func DecodeROA 

func DecodeROA(data []byte) (*RPKI_ROA, error)

func (*RPKI_ROA) ValidateEntries 

func (roa *RPKI_ROA) ValidateEntries() error

func (*RPKI_ROA) ValidateIPRoaCertificate 

func (roa *RPKI_ROA) ValidateIPRoaCertificate(cert *RPKI_Certificate) ([]*ROA_Entry, []*ROA_Entry, []*ROA_Entry)

func (*RPKI_ROA) ValidateTime 

func (roa *RPKI_ROA) ValidateTime(comp time.Time) error

type RPKI_TAL 

type RPKI_TAL struct {
	URI       []string
	Algorithm x509.PublicKeyAlgorithm
	OID       asn1.ObjectIdentifier
	PublicKey interface{}
}

func CreateTAL added in v1.2.0 

func CreateTAL(uri []string, pubkey interface{}) (*RPKI_TAL, error)

func DecodeTAL 

func DecodeTAL(data []byte) (*RPKI_TAL, error)

func (*RPKI_TAL) CheckCertificate 

func (tal *RPKI_TAL) CheckCertificate(cert *x509.Certificate) bool

func (*RPKI_TAL) GetRsyncURI 

func (tal *RPKI_TAL) GetRsyncURI() string

Returns the rsync URL associated with the TAL certificate. If it does not exist (http only), return a made up URI

func (*RPKI_TAL) GetURI 

func (tal *RPKI_TAL) GetURI() string

func (*RPKI_TAL) HasRsync 

func (tal *RPKI_TAL) HasRsync() bool

type RPKI_XML 

type RPKI_XML struct {
	Content     []byte
	Certificate *RPKI_Certificate

	InnerValid         bool
	InnerValidityError error
}

func DecodeXML added in v1.2.0 

func DecodeXML(data []byte) (*RPKI_XML, error)

type SIA 

type SIA struct {
	AccessMethod asn1.ObjectIdentifier
	GeneralName  []byte `asn1:"tag:6"`
}

func DecodeSubjectInformationAccess 

func DecodeSubjectInformationAccess(data []byte) ([]SIA, error)

func (*SIA) String 

func (sia *SIA) String() string

type SignatureDecoded 

type SignatureDecoded struct {
	Inner SignatureInner
	Hash  []byte
}

type SignatureInner 

type SignatureInner struct {
	OID  asn1.ObjectIdentifier
	Null asn1.RawValue
}

type SignedAttributesDigest 

type SignedAttributesDigest struct {
	SignedAttrs []Attribute `asn1:"set"`
}

type SignerInfo 

type SignerInfo struct {
	Version int
	Sid     asn1.RawValue // `asn1:"tag:0,implicit"`
	//Sid                asn1.RawValue `asn1:"tag:0,implicit"`
	DigestAlgorithms   []asn1.RawValue
	SignedAttrs        []Attribute `asn1:"optional,tag:0,implicit,set"`
	SignatureAlgorithm asn1.RawValue
	Signature          []byte
	UnsignedAttrs      asn1.RawValue `asn1:"optional,tag:1,implicit"`
}

type XML added in v1.2.0 

type XML struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

func EncodeXMLContent added in v1.2.0 

func EncodeXMLContent(content interface{}) (*XML, error)

func EncodeXMLData added in v1.2.0 

func EncodeXMLData(message []byte) (*XML, error)

type XMLContent added in v1.2.0 

type XMLContent struct {
	Message interface{}
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.