cms

package
v0.11.0-alpha.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package cms verifies signatures in Cryptographic Message Syntax (CMS) / PKCS7 defined in RFC 5652.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrSignerNotFound      = VerificationError{Message: "signer not found"}
	ErrCertificateNotFound = VerificationError{Message: "certificate not found"}
)

Verification errors

View Source 
var ErrAttributeNotFound = errors.New("attribute not found")

ErrAttributeNotFound is returned if attribute is not found in a given set.

View Source 
var ErrExpectSignedData = errors.New("cms: signed data expected")

ErrExpectSignedData is returned if wrong content is provided when signed data is expected.

Functions

This section is empty.

Types

type Attribute 

type Attribute struct {
	Type   asn1.ObjectIdentifier
	Values asn1.RawValue `asn1:"set"`
}
Attribute ::= SEQUENCE {
 attrType    OBJECT IDENTIFIER,
 attrValues  SET OF AttributeValue }

type Attributes 

type Attributes []Attribute

Attribute ::= SET SIZE (1..MAX) OF Attribute

func (Attributes) TryGet 

func (a Attributes) TryGet(identifier asn1.ObjectIdentifier, out interface{}) error

TryGet tries to find the attribute by the given identifier, parse and store the result in the value pointed to by out.

type ContentInfo 

type ContentInfo struct {
	ContentType asn1.ObjectIdentifier
	Content     asn1.RawValue `asn1:"explicit,tag:0"`
}
ContentInfo ::= SEQUENCE {
 contentType ContentType,
 content     [0] EXPLICIT ANY DEFINED BY contentType }

type EncapsulatedContentInfo 

type EncapsulatedContentInfo struct {
	ContentType asn1.ObjectIdentifier
	Content     []byte `asn1:"explicit,optional,tag:0"`
}
EncapsulatedContentInfo ::= SEQUENCE {
 eContentType    ContentType,
 eContent        [0] EXPLICIT OCTET STRING   OPTIONAL }

type IssuerAndSerialNumber 

type IssuerAndSerialNumber struct {
	Issuer       asn1.RawValue
	SerialNumber *big.Int
}
IssuerAndSerialNumber ::= SEQUENCE {
 issuer          Name,
 serialNumber    CertificateSerialNumber }

type ParsedSignedData 

type ParsedSignedData struct {
	Content      []byte
	ContentType  asn1.ObjectIdentifier
	Certificates []*x509.Certificate
	CRLs         []pkix.CertificateList
	Signers      []SignerInfo
}

ParsedSignedData is a parsed SignedData structure for golang friendly types.

func ParseSignedData 

func ParseSignedData(data []byte) (*ParsedSignedData, error)

ParseSignedData parses ASN.1 DER-encoded SignedData structure to golang friendly types.

func (*ParsedSignedData) Verify 

func (d *ParsedSignedData) Verify(opts x509.VerifyOptions) ([]*x509.Certificate, error)

Verify attempts to verify the content in the parsed signed data against the signer information. The `Intermediates` in the verify options will be ignored and re-contrusted using the certificates in the parsed signed data. If more than one signature is present, the successful validation of any signature implies that the content in the parsed signed data is valid. On successful verification, the list of signing certificates that successfully verify is returned. If all signatures fail to verify, the last error is returned. References: - RFC 5652 5 Signed-data Content Type - RFC 5652 5.4 Message Digest Calculation Process - RFC 5652 5.6 Signature Verification Process WARNING: this function doesn't do any revocation checking.

type SignedData 

type SignedData struct {
	Version                    int
	DigestAlgorithmIdentifiers []pkix.AlgorithmIdentifier `asn1:"set"`
	EncapsulatedContentInfo    EncapsulatedContentInfo
	Certificates               asn1.RawValue          `asn1:"optional,tag:0"`
	CRLs                       []pkix.CertificateList `asn1:"optional,tag:1"`
	SignerInfos                []SignerInfo           `asn1:"set"`
}
SignedData ::= SEQUENCE {
 version             CMSVersion,
 digestAlgorithms    DigestAlgorithmIdentifiers,
 encapContentInfo    EncapsulatedContentInfo,
 certificates        [0] IMPLICIT CertificateSet             OPTIONAL,
 crls                [1] IMPLICIT CertificateRevocationLists OPTIONAL,
 signerInfos         SignerInfos }

type SignerInfo 

type SignerInfo struct {
	Version            int
	SignerIdentifier   IssuerAndSerialNumber
	DigestAlgorithm    pkix.AlgorithmIdentifier
	SignedAttributes   Attributes `asn1:"optional,tag:0"`
	SignatureAlgorithm pkix.AlgorithmIdentifier
	Signature          []byte
	UnsignedAttributes Attributes `asn1:"optional,tag:1"`
}
SignerInfo ::= SEQUENCE {
 version             CMSVersion,
 sid                 SignerIdentifier,
 digestAlgorithm     DigestAlgorithmIdentifier,
 signedAttrs         [0] IMPLICIT SignedAttributes   OPTIONAL,
 signatureAlgorithm  SignatureAlgorithmIdentifier,
 signature           SignatureValue,
 unsignedAttrs       [1] IMPLICIT UnsignedAttributes OPTIONAL }

Only version 1 is supported. As defined in RFC 5652 5.3, SignerIdentifier is IssuerAndSerialNumber when version is 1.

type SyntaxError 

type SyntaxError struct {
	Message string
	Detail  error
}

SyntaxError indicates that the ASN.1 data is invalid.

func (SyntaxError) Error 

func (e SyntaxError) Error() string

Error returns error message.

func (SyntaxError) Unwrap 

func (e SyntaxError) Unwrap() error

Unwrap returns the internal error.

type VerificationError 

type VerificationError struct {
	Message string
	Detail  error
}

VerificationError indicates verification failures.

func (VerificationError) Error 

func (e VerificationError) Error() string

Error returns error message.

func (VerificationError) Unwrap 

func (e VerificationError) Unwrap() error

Unwrap returns the internal error.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.