primitives

package
v0.6.0-preview Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 15, 2016 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AESKeyLength is the default AES key length
	AESKeyLength = 32

	// NonceSize is the default NonceSize
	NonceSize = 24
)

Variables

View Source 
var (
	// ErrEncryption Error during encryption
	ErrEncryption = errors.New("Error during encryption.")

	// ErrDecryption Error during decryption
	ErrDecryption = errors.New("Error during decryption.")

	// ErrInvalidSecretKeyType Invalid Secret Key type
	ErrInvalidSecretKeyType = errors.New("Invalid Secret Key type.")

	// ErrInvalidPublicKeyType Invalid Public Key type
	ErrInvalidPublicKeyType = errors.New("Invalid Public Key type.")

	// ErrInvalidKeyParameter Invalid Key Parameter
	ErrInvalidKeyParameter = errors.New("Invalid Key Parameter.")

	// ErrInvalidNilKeyParameter Invalid Nil Key Parameter
	ErrInvalidNilKeyParameter = errors.New("Invalid Nil Key Parameter.")

	// ErrInvalidKeyGeneratorParameter Invalid Key Generator Parameter
	ErrInvalidKeyGeneratorParameter = errors.New("Invalid Key Generator Parameter.")
)
View Source 
var (
	// TCertEncTCertIndex oid for TCertIndex
	TCertEncTCertIndex = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 7}

	// TCertEncEnrollmentID is the ASN1 object identifier of the TCert index.
	TCertEncEnrollmentID = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 8}

	// TCertEncAttributesBase is the base ASN1 object identifier for attributes.
	// When generating an extension to include the attribute an index will be
	// appended to this Object Identifier.
	TCertEncAttributesBase = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6}

	// TCertAttributesHeaders is the ASN1 object identifier of attributes header.
	TCertAttributesHeaders = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 9}
)

Functions

func AEStoEncryptedPEM 

func AEStoEncryptedPEM(raw []byte, pwd []byte) ([]byte, error)

AEStoEncryptedPEM encapsulates an AES key in the encrypted PEM format

func AEStoPEM 

func AEStoPEM(raw []byte) []byte

AEStoPEM encapsulates an AES key in the PEM format

func CBCDecrypt 

func CBCDecrypt(key, src []byte) ([]byte, error)

CBCDecrypt decrypts using CBC mode

func CBCEncrypt 

func CBCEncrypt(key, s []byte) ([]byte, error)

CBCEncrypt encrypts using CBC mode

func CBCPKCS7Decrypt 

func CBCPKCS7Decrypt(key, src []byte) ([]byte, error)

CBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding

func CBCPKCS7Encrypt 

func CBCPKCS7Encrypt(key, src []byte) ([]byte, error)

CBCPKCS7Encrypt combines CBC encryption and PKCS7 padding

func CheckCertAgainRoot 

func CheckCertAgainRoot(x509Cert *x509.Certificate, certPool *x509.CertPool) ([][]*x509.Certificate, error)

CheckCertAgainRoot check the validity of the passed certificate against the passed certPool

func CheckCertAgainstSKAndRoot 

func CheckCertAgainstSKAndRoot(x509Cert *x509.Certificate, privateKey interface{}, certPool *x509.CertPool) error

CheckCertAgainstSKAndRoot checks the passed certificate against the passed secretkey and certPool

func CheckCertPKAgainstSK 

func CheckCertPKAgainstSK(x509Cert *x509.Certificate, privateKey interface{}) error

CheckCertPKAgainstSK checks certificate's publickey against the passed secret key

func DERCertToPEM 

func DERCertToPEM(der []byte) []byte

DERCertToPEM converts der to pem

func DERToPrivateKey 

func DERToPrivateKey(der []byte) (key interface{}, err error)

DERToPrivateKey unmarshals a der to private key

func DERToPublicKey 

func DERToPublicKey(derBytes []byte) (pub interface{}, err error)

DERToPublicKey unmarshals a der to public key

func DERToX509Certificate 

func DERToX509Certificate(asn1Data []byte) (*x509.Certificate, error)

DERToX509Certificate converts der to x509

func ECDSASign 

func ECDSASign(signKey interface{}, msg []byte) ([]byte, error)

ECDSASign signs

func ECDSASignDirect 

func ECDSASignDirect(signKey interface{}, msg []byte) (*big.Int, *big.Int, error)

ECDSASignDirect signs

func ECDSAVerify 

func ECDSAVerify(verKey interface{}, msg, signature []byte) (bool, error)

ECDSAVerify verifies

func GenAESKey 

func GenAESKey() ([]byte, error)

GenAESKey returns a random AES key of length AESKeyLength

func GetCriticalExtension 

func GetCriticalExtension(cert *x509.Certificate, oid asn1.ObjectIdentifier) ([]byte, error)

GetCriticalExtension returns a requested critical extension. It also remove it from the list of unhandled critical extensions

func GetDefaultCurve 

func GetDefaultCurve() elliptic.Curve

GetDefaultCurve returns the default elliptic curve used by the crypto layer

func GetDefaultHash 

func GetDefaultHash() func() hash.Hash

GetDefaultHash returns the default hash function used by the crypto layer

func GetHashAlgorithm 

func GetHashAlgorithm() string

GetHashAlgorithm return the default hash algorithm

func GetRandomBytes 

func GetRandomBytes(len int) ([]byte, error)

GetRandomBytes returns len random looking bytes

func GetRandomNonce 

func GetRandomNonce() ([]byte, error)

GetRandomNonce returns a random byte array of length NonceSize

func HMAC 

func HMAC(key, x []byte) []byte

HMAC hmacs x using key key

func HMACAESTruncated 

func HMACAESTruncated(key, x []byte) []byte

HMACAESTruncated hmacs x using key key and truncate to AESKeyLength

func HMACTruncated 

func HMACTruncated(key, x []byte, truncation int) []byte

HMACTruncated hmacs x using key key and truncate to truncation

func Hash 

func Hash(msg []byte) []byte

Hash hashes the msh using the predefined hash function

func InitSecurityLevel 

func InitSecurityLevel(algorithm string, level int) (err error)

InitSecurityLevel initialize the crypto layer at the given security level

func NewECDSAKey 

func NewECDSAKey() (*ecdsa.PrivateKey, error)

NewECDSAKey generates a new ECDSA Key

func NewHash 

func NewHash() hash.Hash

NewHash returns a new hash function

func NewSelfSignedCert 

func NewSelfSignedCert() ([]byte, interface{}, error)

NewSelfSignedCert create a self signed certificate

func PEMtoAES 

func PEMtoAES(raw []byte, pwd []byte) ([]byte, error)

PEMtoAES extracts from the PEM an AES key

func PEMtoCertificate 

func PEMtoCertificate(raw []byte) (*x509.Certificate, error)

PEMtoCertificate converts pem to x509

func PEMtoCertificateAndDER 

func PEMtoCertificateAndDER(raw []byte) (*x509.Certificate, []byte, error)

PEMtoCertificateAndDER converts pem to x509 and der

func PEMtoDER 

func PEMtoDER(raw []byte) ([]byte, error)

PEMtoDER converts pem to der

func PEMtoPrivateKey 

func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error)

PEMtoPrivateKey unmarshals a pem to private key

func PEMtoPublicKey 

func PEMtoPublicKey(raw []byte, pwd []byte) (interface{}, error)

PEMtoPublicKey unmarshals a pem to public key

func PKCS7Padding 

func PKCS7Padding(src []byte) []byte

PKCS7Padding pads as prescribed by the PKCS7 standard

func PKCS7UnPadding 

func PKCS7UnPadding(src []byte) ([]byte, error)

PKCS7UnPadding unpads as prescribed by the PKCS7 standard

func PrivateKeyToDER 

func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error)

PrivateKeyToDER marshals a private key to der

func PrivateKeyToEncryptedPEM 

func PrivateKeyToEncryptedPEM(privateKey interface{}, pwd []byte) ([]byte, error)

PrivateKeyToEncryptedPEM converts a private key to an encrypted PEM

func PrivateKeyToPEM 

func PrivateKeyToPEM(privateKey interface{}, pwd []byte) ([]byte, error)

PrivateKeyToPEM converts a private key to PEM

func PublicKeyToEncryptedPEM 

func PublicKeyToEncryptedPEM(publicKey interface{}, pwd []byte) ([]byte, error)

PublicKeyToEncryptedPEM converts a public key to encrypted pem

func PublicKeyToPEM 

func PublicKeyToPEM(publicKey interface{}, pwd []byte) ([]byte, error)

PublicKeyToPEM marshals a public key to the pem forma

func SetSecurityLevel 

func SetSecurityLevel(algorithm string, level int) (err error)

SetSecurityLevel sets the security configuration with the hash length and the algorithm

func VerifySignCapability 

func VerifySignCapability(tempSK interface{}, certPK interface{}) error

VerifySignCapability tests signing capabilities

Types

type AsymmetricCipher 

type AsymmetricCipher interface {
	// Init initializes this cipher with the passed parameters
	Init(params AsymmetricCipherParameters) error

	// Process processes the byte array given in input
	Process(msg []byte) ([]byte, error)
}

AsymmetricCipher defines an asymmetric cipher

type AsymmetricCipherParameters 

type AsymmetricCipherParameters interface {
	CipherParameters

	// IsPublic returns true if the parameters are public, false otherwise.
	IsPublic() bool
}

AsymmetricCipherParameters is common interface to represent asymmetric cipher parameters

type AsymmetricCipherSPI 

type AsymmetricCipherSPI interface {

	// NewAsymmetricCipherFromPrivateKey creates a new AsymmetricCipher for decryption from a secret key
	NewAsymmetricCipherFromPrivateKey(priv PrivateKey) (AsymmetricCipher, error)

	// NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a public key
	NewAsymmetricCipherFromPublicKey(pub PublicKey) (AsymmetricCipher, error)

	// NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a serialized public key
	NewAsymmetricCipherFromSerializedPublicKey(pub []byte) (AsymmetricCipher, error)

	// NewAsymmetricCipherFromPublicKey creates a new AsymmetricCipher for encryption from a serialized public key
	NewAsymmetricCipherFromSerializedPrivateKey(priv []byte) (AsymmetricCipher, error)

	// NewPrivateKey creates a new private key rand and default parameters
	NewDefaultPrivateKey(rand io.Reader) (PrivateKey, error)

	// NewPrivateKey creates a new private key from (rand, params)
	NewPrivateKey(rand io.Reader, params interface{}) (PrivateKey, error)

	// NewPublicKey creates a new public key from (rand, params)
	NewPublicKey(rand io.Reader, params interface{}) (PublicKey, error)

	// SerializePrivateKey serializes a private key
	SerializePrivateKey(priv PrivateKey) ([]byte, error)

	// DeserializePrivateKey deserializes to a private key
	DeserializePrivateKey(bytes []byte) (PrivateKey, error)

	// SerializePrivateKey serializes a private key
	SerializePublicKey(pub PublicKey) ([]byte, error)

	// DeserializePrivateKey deserializes to a private key
	DeserializePublicKey(bytes []byte) (PublicKey, error)
}

AsymmetricCipherSPI is a Service Provider Interface for AsymmetricCipher

type CipherParameters 

type CipherParameters interface {
	Parameters
}

CipherParameters is common interface to represent cipher parameters

type ECDSASignature 

type ECDSASignature struct {
	R, S *big.Int
}

ECDSASignature represents an ECDSA signature

type KeyGenerator 

type KeyGenerator interface {
	// Init initializes this generated using the passed parameters
	Init(params KeyGeneratorParameters) error

	// GenerateKey generates a new private key
	GenerateKey() (PrivateKey, error)
}

KeyGenerator defines a key generator

type KeyGeneratorParameters 

type KeyGeneratorParameters interface {
	Parameters
}

KeyGeneratorParameters is common interface to represent key generation parameters

type KeySerializer 

type KeySerializer interface {
	// ToBytes converts a key to bytes
	ToBytes(key interface{}) ([]byte, error)

	// ToBytes converts bytes to a key
	FromBytes([]byte) (interface{}, error)
}

KeySerializer defines a key serializer/deserializer

type Parameters 

type Parameters interface {

	// GetRand returns the random generated associated to this parameters
	GetRand() io.Reader
}

Parameters is common interface for all the parameters

type PrivateKey 

type PrivateKey interface {
	AsymmetricCipherParameters

	// GetPublicKey returns the associated public key
	GetPublicKey() PublicKey
}

PrivateKey is common interface to represent private asymmetric cipher parameters

type PublicKey 

type PublicKey interface {
	AsymmetricCipherParameters
}

PublicKey is common interface to represent public asymmetric cipher parameters

type SecretKey 

type SecretKey interface {
	CipherParameters
}

SecretKey defines a symmetric key

type StreamCipher 

type StreamCipher interface {
	// Init initializes this cipher with the passed parameters
	Init(forEncryption bool, params CipherParameters) error

	// Process processes the byte array given in input
	Process(msg []byte) ([]byte, error)
}

StreamCipher defines a stream cipher

type StreamCipherSPI 

type StreamCipherSPI interface {
	GenerateKey() (SecretKey, error)

	GenerateKeyAndSerialize() (SecretKey, []byte, error)

	NewSecretKey(rand io.Reader, params interface{}) (SecretKey, error)

	// NewStreamCipherForEncryptionFromKey creates a new StreamCipher for encryption from a secret key
	NewStreamCipherForEncryptionFromKey(secret SecretKey) (StreamCipher, error)

	// NewStreamCipherForEncryptionFromSerializedKey creates a new StreamCipher for encryption from a serialized key
	NewStreamCipherForEncryptionFromSerializedKey(secret []byte) (StreamCipher, error)

	// NewStreamCipherForDecryptionFromKey creates a new StreamCipher for decryption from a secret key
	NewStreamCipherForDecryptionFromKey(secret SecretKey) (StreamCipher, error)

	// NewStreamCipherForDecryptionFromKey creates a new StreamCipher for decryption from a serialized key
	NewStreamCipherForDecryptionFromSerializedKey(secret []byte) (StreamCipher, error)

	// SerializePrivateKey serializes a private key
	SerializeSecretKey(secret SecretKey) ([]byte, error)

	// DeserializePrivateKey deserializes to a private key
	DeserializeSecretKey(bytes []byte) (SecretKey, error)
}

StreamCipherSPI is a Service Provider Interface for StreamCipher

Source Files

  • aes.go
  • crypto.go
  • ecdsa.go
  • elliptic.go
  • hash.go
  • init.go
  • keys.go
  • random.go
  • x509.go

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.