signatures

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2025 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SHA256 = "sha256"
)

Variables

View Source 
var HashFunctions = map[string]crypto.Hash{
	SHA256: crypto.SHA256,
}

Functions

func AddDigestsToComponentDescriptor 

func AddDigestsToComponentDescriptor(ctx context.Context, cd *cdv2.ComponentDescriptor,
	compRefResolver func(context.Context, cdv2.ComponentDescriptor, cdv2.ComponentReference) (*cdv2.DigestSpec, error),
	resResolver func(context.Context, cdv2.ComponentDescriptor, cdv2.Resource) (*cdv2.DigestSpec, error)) error

AddDigestsToComponentDescriptor adds digest to componentReferences and resources as returned in the resolver functions. If a digest already exists, a mismatch against the resolved digest will return an error.

func GetSignatureByName 

func GetSignatureByName(cd *cdv2.ComponentDescriptor, signatureName string) (*cdv2.Signature, error)

GetSignatureByName returns the Signature (Digest and SigantureSpec) matching the given name

func GetSignaturePEMBlocks 

func GetSignaturePEMBlocks(pemData []byte) ([]*pem.Block, error)

GetSignaturePEMBlocks returns all signature pem blocks from a list of pem blocks

func HashForComponentDescriptor 

func HashForComponentDescriptor(cd cdv2.ComponentDescriptor, hash Hasher) (*cdv2.DigestSpec, error)

HashForComponentDescriptor return the hash for the component-descriptor, if it is normaliseable (= componentReferences and resources contain digest field)

func SignComponentDescriptor 

func SignComponentDescriptor(cd *cdv2.ComponentDescriptor, signer Signer, hasher Hasher, signatureName string) error

SignComponentDescriptor signs the given component-descriptor with the signer. The component-descriptor has to contain digests for componentReferences and resources.

func VerifySignedComponentDescriptor 

func VerifySignedComponentDescriptor(cd *cdv2.ComponentDescriptor, verifier Verifier, signatureName string) error

VerifySignedComponentDescriptor verifies the signature (selected by signatureName) and hash of the component-descriptor (as specified in the signature). Does NOT resolve resources or referenced component-descriptors. Returns error if verification fails.

Types

type Entry 

type Entry map[string]interface{}

Entry is used for normalisation and has to contain one key

type Hasher 

type Hasher struct {
	HashFunction  hash.Hash
	AlgorithmName string
}

Hasher encapsulates a hash.Hash interface with an algorithm name.

func HasherForName 

func HasherForName(algorithmName string) (*Hasher, error)

HasherForName creates a Hasher instance for the algorithmName.

type RSASigner 

type RSASigner struct {
	// contains filtered or unexported fields
}

RSASigner is a signatures.Signer compatible struct to sign with RSASSA-PKCS1-V1_5.

func CreateRSASignerFromKeyFile 

func CreateRSASignerFromKeyFile(pathToPrivateKey, mediaType string) (*RSASigner, error)

CreateRSASignerFromKeyFile creates an Instance of RSASigner with the given private key. The private key has to be in the PKCS #1, ASN.1 DER form, see x509.ParsePKCS1PrivateKey. mediaType defines the format of the signature that is saved to the component descriptor.

func (RSASigner) Sign 

func (s RSASigner) Sign(componentDescriptor cdv2.ComponentDescriptor, digest cdv2.DigestSpec) (*cdv2.SignatureSpec, error)

Sign returns the signature for the data for the component descriptor.

type RSAVerifier 

type RSAVerifier struct {
	// contains filtered or unexported fields
}

RSAVerifier is a signatures.Verifier compatible struct to verify RSASSA-PKCS1-V1_5 signatures.

func CreateRSAVerifier 

func CreateRSAVerifier(publicKey *rsa.PublicKey) (*RSAVerifier, error)

CreateRSAVerifier creates an instance of RsaVerifier from a given rsa public key.

func CreateRSAVerifierFromKeyFile 

func CreateRSAVerifierFromKeyFile(pathToPublicKey string) (*RSAVerifier, error)

CreateRSAVerifierFromKeyFile creates an instance of RsaVerifier from a rsa public key file. The private key has to be in the PKIX, ASN.1 DER form, see x509.ParsePKIXPublicKey.

func (RSAVerifier) Verify 

func (v RSAVerifier) Verify(componentDescriptor cdv2.ComponentDescriptor, signature cdv2.Signature) error

Verify checks the signature, returns an error on verification failure

type ResourceDigester 

type ResourceDigester interface {
	DigestForResource(ctx context.Context, componentDescriptor cdv2.ComponentDescriptor, resource cdv2.Resource, hasher Hasher) (*cdv2.DigestSpec, error)
}

type Signer 

type Signer interface {
	// Sign returns the signature for the data for the component-descriptor
	Sign(componentDescriptor cdv2.ComponentDescriptor, digest cdv2.DigestSpec) (*cdv2.SignatureSpec, error)
}

Signer interface is used to implement different signing algorithms. Each Signer should have a matching Verifier.

type Verifier 

type Verifier interface {
	// Verify checks the signature, returns an error on verification failure
	Verify(componentDescriptor cdv2.ComponentDescriptor, signature cdv2.Signature) error
}

Verifier interface is used to implement different verification algorithms. Each Verifier should have a matching Signer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.