protocol

package
v0.0.0-...-e666832 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 2, 2023 License: MIT, MIT, MIT Imports: 23 Imported by: 0

Documentation

Overview

Package protocol implemets parts of cryptographic message syntax RFC 5652. This package is mostly for handling of the asn1 sturctures of cms. For de/encryption and signing/verfiying use to package cms.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrWrongType is returned by methods that make assumptions about types.
	// Helper methods are defined for accessing CHOICE and  ANY feilds. These
	// helper methods get the value of the field, assuming it is of a given type.
	// This error is returned if that assumption is wrong and the field has a
	// different type.
	ErrWrongType = errors.New("cms/protocol: wrong choice or any type")

	// ErrNoCertificate is returned when a requested certificate cannot be found.
	ErrNoCertificate = errors.New("no certificate found")

	// ErrNoKeyFound is returned when a requested certificate cannot be found.
	ErrNoKeyFound = errors.New("no key for decryption found")

	// ErrUnsupported is returned when an unsupported type or version
	// is encountered.
	ErrUnsupported = ASN1Error{"unsupported type or version"}

	// ErrTrailingData is returned when extra data is found after parsing an ASN.1
	// structure.
	ErrTrailingData = ASN1Error{"unexpected trailing data"}
)
View Source 
var ErrUnsupportedAlgorithm = errors.New("cms: cannot decrypt data: unsupported algorithm")

ErrUnsupportedAlgorithm is returned if the algorithm is unsupported.

Functions

func ANSIx963KDF 

func ANSIx963KDF(sharedSecret, sharedInfo []byte, keyLen int, hash crypto.Hash) (key []byte, err error)

ANSIx963KDF implents ANSI X9.63 key derivation function

func ECDHsharedSecret 

func ECDHsharedSecret(curve elliptic.Curve, priv []byte, pubX, pubY *big.Int) []byte

ECDHsharedSecret computes shared secret with ephemeral static ECDH

func IASstring 

func IASstring(cert *x509.Certificate) (iasString string, err error)

IASstring retuns the ias of the cert as hex encoded string.

Types

type ASN1Error 

type ASN1Error struct {
	Message string
}

ASN1Error is an error from parsing ASN.1 structures.

func (ASN1Error) Error 

func (err ASN1Error) Error() string

Error implements the error interface.

type Attribute 

type Attribute struct {
	Type asn1.ObjectIdentifier

	// This should be a SET OF ANY, but Go's asn1 parser can't handle slices of
	// RawValues. Use value() to get an AnySet of the value.
	RawValue []asn1.RawValue `asn1:"set"`
}
Attribute ::= SEQUENCE {
  attrType OBJECT IDENTIFIER,
  attrValues SET OF AttributeValue }

AttributeValue ::= ANY

func NewAttribute 

func NewAttribute(attrType asn1.ObjectIdentifier, val interface{}) (attr Attribute, err error)

NewAttribute creates a single-value Attribute.

type Attributes 

type Attributes []Attribute

Attributes is a common Go type for SignedAttributes and UnsignedAttributes.

SignedAttributes ::= SET SIZE (1..MAX) OF Attribute

UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute

func (Attributes) GetOnlyAttributeValueBytes 

func (attrs Attributes) GetOnlyAttributeValueBytes(oid asn1.ObjectIdentifier) (rv asn1.RawValue, err error)

GetOnlyAttributeValueBytes gets an attribute value, returning an error if the attribute occurs multiple times or has multiple values.

func (Attributes) GetValues 

func (attrs Attributes) GetValues(oid asn1.ObjectIdentifier) ([][]asn1.RawValue, error)

GetValues retreives the attributes with the given OID. A nil value is returned if the OPTIONAL SET of Attributes is missing from the SignerInfo. An empty slice is returned if the specified attribute isn't in the set.

type AuthEnvelopedData 

type AuthEnvelopedData struct {
	Version           int
	OriginatorInfo    asn1.RawValue   `asn1:"optional,tag:0"`
	RawRecipientInfos []asn1.RawValue `asn1:"set,choice"`
	AECI              EncryptedContentInfo
	AauthAttrs        []Attribute `asn1:"set,optional,tag:1"`
	MAC               []byte
	UnAauthAttrs      []Attribute `asn1:"set,optional,tag:2"`
}
AuthEnvelopedData ::= SEQUENCE {
	version CMSVersion,
	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
	RawRecipientInfos RecipientInfos,
	authEncryptedContentInfo EncryptedContentInfo,

/ authAttrs [1] IMPLICIT AuthAttributes OPTIONAL, 

mac MessageAuthenticationCode,
unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }

https://tools.ietf.org/html/rfc5083##section-2.1

func NewAuthEnvelopedData 

func NewAuthEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo, mac []byte) (AuthEnvelopedData, error)

NewAuthEnvelopedData creates AuthEnvelopedData from an EncryptedContentInfo with mac and given RawRecipientInfos.

func (AuthEnvelopedData) ContentInfo 

func (ed AuthEnvelopedData) ContentInfo() (ContentInfo, error)

ContentInfo marshals AuthEnvelopedData and returns ContentInfo.

func (*AuthEnvelopedData) Decrypt 

func (ed *AuthEnvelopedData) Decrypt(keyPair []tls.Certificate) (plain []byte, err error)

Decrypt decrypts AuthEnvelopedData and returns the plaintext.

func (*AuthEnvelopedData) RecipientInfos 

func (ed *AuthEnvelopedData) RecipientInfos() []RecipientInfo

type CertificateChoices 

type CertificateChoices struct {
	Cert       x509.Certificate       `asn1:"optional"`
	V2AttrCert asn1.RawValue          `asn1:"optional,tag:2"`
	Other      OtherCertificateFormat `asn1:"optional,tag:3"`
}
CertificateChoices ::= CHOICE {
  certificate Certificate,
  extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
  v1AttrCert [1] IMPLICIT AttributeCertificateV1,       -- Obsolete
  v2AttrCert [2] IMPLICIT AttributeCertificateV2,
  other [3] IMPLICIT OtherCertificateFormat }

type ContentInfo 

type ContentInfo struct {
	ContentType asn1.ObjectIdentifier
	Content     asn1.RawValue `asn1:"explicit,tag:0"`
}
ContentInfo ::= SEQUENCE {
  contentType ContentType,
  content [0] EXPLICIT ANY DEFINED BY contentType }

ContentType ::= OBJECT IDENTIFIER

func ParseContentInfo 

func ParseContentInfo(der []byte) (ci ContentInfo, err error)

ParseContentInfo parses DER-encoded ASN.1 data and returns ContentInfo.

func (ContentInfo) AuthEnvelopedDataContent 

func (ci ContentInfo) AuthEnvelopedDataContent() (*AuthEnvelopedData, error)

AuthEnvelopedDataContent unmarshals ContentInfo and returns AuthEnvelopedData if content type is AuthEnvelopedData.

func (ContentInfo) Base64 

func (ci ContentInfo) Base64() ([]byte, error)

Base64 encodes the DER-encoded ASN.1 data in base64 for use in S/MIME.

func (ContentInfo) DER 

func (ci ContentInfo) DER() ([]byte, error)

DER returns the DER-encoded ASN.1 data.

func (ContentInfo) EnvelopedDataContent 

func (ci ContentInfo) EnvelopedDataContent() (*EnvelopedData, error)

EnvelopedDataContent returns EnvelopedData if ContentType is EnvelopedData.

func (ContentInfo) SignedDataContent 

func (ci ContentInfo) SignedDataContent() (*SignedData, error)

SignedDataContent returns SignedData if ContentType is SignedData.

type ECCCMSSharedInfo 

type ECCCMSSharedInfo struct {
	KeyInfo     pkix.AlgorithmIdentifier
	EntityUInfo []byte `asn1:"optional,explicit,tag:0"`
	SuppPubInfo []byte `asn1:"explicit,tag:2"`
}
ECCCMSSharedInfo ECC-CMS-SharedInfo ::= SEQUENCE {
	keyInfo         AlgorithmIdentifier,
	entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
	suppPubInfo [2] EXPLICIT OCTET STRING  }

type EncapsulatedContentInfo 

type EncapsulatedContentInfo struct {
	EContentType asn1.ObjectIdentifier ``                               // ContentType ::= OBJECT IDENTIFIER
	EContent     []byte                `asn1:"optional,explicit,tag:0"` //
}
EncapsulatedContentInfo ::= SEQUENCE {
  eContentType ContentType,
  eContent [0] EXPLICIT OCTET STRING OPTIONAL }

func NewDataEncapsulatedContentInfo 

func NewDataEncapsulatedContentInfo(data []byte) (EncapsulatedContentInfo, error)

NewDataEncapsulatedContentInfo creates a new EncapsulatedContentInfo of type id-data.

func NewEncapsulatedContentInfo 

func NewEncapsulatedContentInfo(contentType asn1.ObjectIdentifier, content []byte) (EncapsulatedContentInfo, error)

NewEncapsulatedContentInfo creates a new EncapsulatedContentInfo.

func (EncapsulatedContentInfo) IsTypeData 

func (eci EncapsulatedContentInfo) IsTypeData() bool

IsTypeData checks if the EContentType is id-data.

type EncryptedContentInfo 

type EncryptedContentInfo struct {
	EContentType               asn1.ObjectIdentifier
	ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
	EContent                   []byte `asn1:"optional,implicit,tag:0"`
}
EncryptedContentInfo ::= SEQUENCE {
	contentType ContentType,
	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
	encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }

func NewEncryptedContentInfo 

func NewEncryptedContentInfo(contentType asn1.ObjectIdentifier, contentEncryptionAlg asn1.ObjectIdentifier, content []byte) (eci EncryptedContentInfo, key, mac []byte, err error)

NewEncryptedContentInfo encrypts the conent with the contentEncryptionAlgorithm and retuns the EncryptedContentInfo, the key and the MAC.

type EnvelopedData 

type EnvelopedData struct {
	Version           int
	OriginatorInfo    asn1.RawValue        `asn1:"optional,tag:0"`
	RawRecipientInfos []asn1.RawValue      `asn1:"set"`
	ECI               EncryptedContentInfo ``
	UnprotectedAttrs  []Attribute          `asn1:"set,optional,tag:1"`
}
EnvelopedData ::= SEQUENCE {
	version CMSVersion,
	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
	RawRecipientInfos RawRecipientInfos,
	encryptedContentInfo EncryptedContentInfo,
	unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }

func NewEnvelopedData 

func NewEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo) (EnvelopedData, error)

NewEnvelopedData creates a new EnvelopedData from the given data.

func (EnvelopedData) ContentInfo 

func (ed EnvelopedData) ContentInfo() (ContentInfo, error)

ContentInfo returns new ContentInfo with ContentType EnvelopedData.

func (*EnvelopedData) Decrypt 

func (ed *EnvelopedData) Decrypt(keyPairs []tls.Certificate) (plain []byte, err error)

Decrypt decrypts the EnvelopedData with the given keyPair and retuns the plaintext.

func (*EnvelopedData) RecipientInfos 

func (ed *EnvelopedData) RecipientInfos() []RecipientInfo

type IssuerAndSerialNumber 

type IssuerAndSerialNumber struct {
	Issuer       asn1.RawValue
	SerialNumber *big.Int
}
IssuerAndSerialNumber ::= SEQUENCE {
	issuer Name,
	serialNumber CertificateSerialNumber }

CertificateSerialNumber ::= INTEGER

func NewIssuerAndSerialNumber 

func NewIssuerAndSerialNumber(cert *x509.Certificate) (sid IssuerAndSerialNumber, err error)

NewIssuerAndSerialNumber creates a IssuerAndSerialNumber SID for the given cert.

func (*IssuerAndSerialNumber) Equal 

func (ias *IssuerAndSerialNumber) Equal(ias2 IssuerAndSerialNumber) bool

Equal returns true if ias and ias2 agree.

func (*IssuerAndSerialNumber) RawValue 

func (ias *IssuerAndSerialNumber) RawValue() (rv asn1.RawValue, err error)

RawValue returns the RawValue of the IssuerAndSerialNumber.

type KEKIdentifier 

type KEKIdentifier struct {
	KeyIdentifier []byte
	Date          time.Time         `asn1:"optional"`
	Other         OtherKeyAttribute `asn1:"optional"`
}

KEKIdentifier ::= SEQUENCE { keyIdentifier OCTET STRING, date GeneralizedTime OPTIONAL, other OtherKeyAttribute OPTIONAL }

type KEKRecipientInfo 

type KEKRecipientInfo struct {
	Version                int
	KEKId                  KEKIdentifier
	KeyEncryptionAlgorithm pkix.AlgorithmIdentifier
	EncryptedKey           []byte
}

KEKRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 4 kekid KEKIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey }

func (*KEKRecipientInfo) MarshalASN1RawValue 

func (kekRI *KEKRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)

type KeyAgreeRecipientIdentifier 

type KeyAgreeRecipientIdentifier struct {
	IAS    *IssuerAndSerialNumber  `asn1:"optional"`
	RKeyID *RecipientKeyIdentifier `asn1:"optional,tag:0"`
}
KeyAgreeRecipientIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	rKeyId [0] IMPLICIT RecipientKeyIdentifier }

func (*KeyAgreeRecipientIdentifier) Marshal 

func (rId *KeyAgreeRecipientIdentifier) Marshal() (asn1.RawValue, error)

func (*KeyAgreeRecipientIdentifier) Unmarshal 

func (rId *KeyAgreeRecipientIdentifier) Unmarshal(value asn1.RawValue) error

type KeyAgreeRecipientInfo 

type KeyAgreeRecipientInfo struct {
	Version int
	//Originator             OriginatorIdentifierOrKey `asn1:"explicit,choice,tag:0"`
	RawOriginator          asn1.RawValue            `asn1:"explicit,choice,tag:0"`
	UKM                    []byte                   `asn1:"explicit,optional,tag:1"`
	KeyEncryptionAlgorithm pkix.AlgorithmIdentifier ``
	RecipientEncryptedKeys []RecipientEncryptedKey  `asn1:"sequence"` //RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
}

func (*KeyAgreeRecipientInfo) MarshalASN1RawValue 

func (kari *KeyAgreeRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)

type KeyTransRecipientInfo 

type KeyTransRecipientInfo struct {
	Version                int
	RawRid                 asn1.RawValue
	KeyEncryptionAlgorithm pkix.AlgorithmIdentifier
	EncryptedKey           []byte
}

func (*KeyTransRecipientInfo) MarshalASN1RawValue 

func (ktri *KeyTransRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)

type OriginatorIdentifierOrKey 

type OriginatorIdentifierOrKey struct {
	IAS           *IssuerAndSerialNumber
	SKI           []byte
	OriginatorKey *OriginatorPublicKey
}
OriginatorIdentifierOrKey ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] ExtensionSubjectKeyIdentifier,
	originatorKey [1] OriginatorPublicKey }

func (*OriginatorIdentifierOrKey) Marshal 

func (oriId *OriginatorIdentifierOrKey) Marshal() (asn1.RawValue, error)

func (*OriginatorIdentifierOrKey) Unmarshal 

func (oriId *OriginatorIdentifierOrKey) Unmarshal(value asn1.RawValue) error

type OriginatorPublicKey 

type OriginatorPublicKey struct {
	Algorithm pkix.AlgorithmIdentifier
	PublicKey asn1.BitString
}
OriginatorPublicKey ::= SEQUENCE {
	algorithm AlgorithmIdentifier,
	publicKey BIT STRING

type OtherCertificateFormat 

type OtherCertificateFormat struct {
	OtherCertFormat asn1.ObjectIdentifier
	OtherCert       asn1.RawValue
}
OtherCertificateFormat ::= SEQUENCE {
  otherCertFormat OBJECT IDENTIFIER,
  otherCert ANY DEFINED BY otherCertFormat }

type OtherKeyAttribute 

type OtherKeyAttribute struct {
	KeyAttrID asn1.ObjectIdentifier
	KeyAttr   asn1.RawValue `asn1:"optional"`
}
OtherKeyAttribute ::= SEQUENCE {
	keyAttrId OBJECT IDENTIFIER,
	keyAttr ANY DEFINED BY keyAttrId OPTIONAL }

type OtherRecipientInfo 

type OtherRecipientInfo struct {
	OriType  asn1.ObjectIdentifier
	OriValue asn1.RawValue
}

OtherRecipientInfo ::= SEQUENCE { oriType OBJECT IDENTIFIER, oriValue ANY DEFINED BY oriType }

func (*OtherRecipientInfo) MarshalASN1RawValue 

func (oRI *OtherRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)

type OtherRevocationInfoFormat 

type OtherRevocationInfoFormat struct {
	OtherRevInfoFormat asn1.ObjectIdentifier
	OtherRevInfo       asn1.RawValue
}
OtherRevocationInfoFormat ::= SEQUENCE {
  otherRevInfoFormat OBJECT IDENTIFIER,
  otherRevInfo ANY DEFINED BY otherRevInfoFormat }

type PasswordRecipientInfo 

type PasswordRecipientInfo struct {
	Version                int
	KeyDerivationAlgorithm pkix.AlgorithmIdentifier `asn1:"optional"`
	KeyEncryptionAlgorithm pkix.AlgorithmIdentifier
	EncryptedKey           []byte
}

PasswordRecipientInfo ::= SEQUENCE { version CMSVersion, -- Always set to 0 keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey }

func (*PasswordRecipientInfo) MarshalASN1RawValue 

func (pwRI *PasswordRecipientInfo) MarshalASN1RawValue() (asn1.RawValue, error)

type RSAESOAEPparams 

type RSAESOAEPparams struct {
	HashFunc    pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:0"`
	MaskGenFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:1"`
	PSourceFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:2"`
}
RSAESOAEPparams  ::=  SEQUENCE  {
	hashFunc    [0] AlgorithmIdentifier DEFAULT sha1Identifier,
	maskGenFunc [1] AlgorithmIdentifier DEFAULT mgf1SHA1Identifier,
	pSourceFunc [2] AlgorithmIdentifier DEFAULT
						pSpecifiedEmptyIdentifier  }

type RecipientEncryptedKey 

type RecipientEncryptedKey struct {
	//RID          KeyAgreeRecipientIdentifier `asn1:"choice"`
	RawRID       asn1.RawValue
	EncryptedKey []byte
}
RecipientEncryptedKey ::= SEQUENCE {
	rid KeyAgreeRecipientIdentifier,
	encryptedKey EncryptedKey }

type RecipientIdentifier 

type RecipientIdentifier struct {
	IAS *IssuerAndSerialNumber
	SKI []byte
}
RecipientIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] ExtensionSubjectKeyIdentifier }

func (*RecipientIdentifier) Marshal 

func (rId *RecipientIdentifier) Marshal() (asn1.RawValue, error)

func (*RecipientIdentifier) Unmarshal 

func (rId *RecipientIdentifier) Unmarshal(value asn1.RawValue) error

type RecipientInfo 

type RecipientInfo interface {
	MarshalASN1RawValue() (asn1.RawValue, error)
	// contains filtered or unexported methods
}

func NewRecipientInfo 

func NewRecipientInfo(recipient *x509.Certificate, key []byte) (RecipientInfo, error)

NewRecipientInfo creates RecipientInfo for giben recipient and key.

func ParseRecipientInfo 

func ParseRecipientInfo(value asn1.RawValue) (RecipientInfo, error)

type RecipientKeyIdentifier 

type RecipientKeyIdentifier struct {
	SubjectKeyIdentifier []byte            //SubjectKeyIdentifier ::= OCTET STRING
	Date                 time.Time         `asn1:"optional"`
	Other                OtherKeyAttribute `asn1:"optional"`
}
RecipientKeyIdentifier ::= SEQUENCE {
	subjectKeyIdentifier SubjectKeyIdentifier,
	date GeneralizedTime OPTIONAL,
	other OtherKeyAttribute OPTIONAL }

type RevocationInfoChoice 

type RevocationInfoChoice struct {
	Crl   pkix.CertificateList      `asn1:"optional"`
	Other OtherRevocationInfoFormat `asn1:"optional,tag:1"`
}
RevocationInfoChoice ::= CHOICE {
  crl CertificateList,
  other [1] IMPLICIT OtherRevocationInfoFormat }

type SignedData 

type SignedData struct {
	Version          int                        ``                          // CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
	DigestAlgorithms []pkix.AlgorithmIdentifier `asn1:"set"`                //DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier //DigestAlgorithmIdentifier ::= AlgorithmIdentifier
	EncapContentInfo EncapsulatedContentInfo    ``                          //
	Certificates     []asn1.RawValue            `asn1:"optional,set,tag:0"` // CertificateSet ::= SET OF CertificateChoices
	CRLs             []RevocationInfoChoice     `asn1:"optional,set,tag:1"` // RevocationInfoChoices ::= SET OF RevocationInfoChoice
	SignerInfos      []SignerInfo               `asn1:"set"`                // SignerInfos ::= SET OF SignerInfo
}
SignedData ::= SEQUENCE {
  version CMSVersion,
  digestAlgorithms DigestAlgorithmIdentifiers,
  encapContentInfo EncapsulatedContentInfo,
  certificates [0] IMPLICIT CertificateSet OPTIONAL,
  crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
  signerInfos SignerInfos }

func NewSignedData 

func NewSignedData(eci EncapsulatedContentInfo) (*SignedData, error)

NewSignedData creates a new SignedData.

func (*SignedData) AddCertificate 

func (sd *SignedData) AddCertificate(cert []byte) error

AddCertificate adds a *x509.Certificate.

func (*SignedData) AddSignerInfo 

func (sd *SignedData) AddSignerInfo(keypPair tls.Certificate, attrs []Attribute) (err error)

AddSignerInfo adds a SignerInfo to the SignedData.

func (*SignedData) ClearCertificates 

func (sd *SignedData) ClearCertificates()

ClearCertificates removes all certificates.

func (*SignedData) ContentInfo 

func (sd *SignedData) ContentInfo() (ContentInfo, error)

ContentInfo returns the SignedData wrapped in a ContentInfo packet.

func (*SignedData) Verify 

func (sd *SignedData) Verify(Opts x509.VerifyOptions, detached []byte) (chains [][][]*x509.Certificate, err error)

Verify checks the signature

func (*SignedData) X509Certificates 

func (sd *SignedData) X509Certificates() (map[string]*x509.Certificate, error)

X509Certificates gets the certificates, assuming that they're X.509 encoded.

type SignerIdentifier 

type SignerIdentifier struct {
	IAS IssuerAndSerialNumber `asn1:"optional"`
	SKI []byte                `asn1:"optional,tag:0"`
}
SignerIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] ExtensionSubjectKeyIdentifier }

func (SignerIdentifier) ToASN1RawValue 

func (sid SignerIdentifier) ToASN1RawValue() (asn1.RawValue, error)

type SignerInfo 

type SignerInfo struct {
	Version            int                      ``                          // CMSVersion ::= INTEGER    { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
	SID                asn1.RawValue            ``                          //
	DigestAlgorithm    pkix.AlgorithmIdentifier ``                          // DigestAlgorithmIdentifier ::= AlgorithmIdentifier
	SignedAttrs        []Attribute              `asn1:"set,optional,tag:0"` // SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
	SignatureAlgorithm pkix.AlgorithmIdentifier ``                          // SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
	Signature          []byte                   ``                          // SignatureValue ::= OCTET STRING
	UnsignedAttrs      []Attribute              `asn1:"set,optional,tag:1"` // UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
}
SignerInfo ::= SEQUENCE {
  version CMSVersion,
  sid SignerIdentifier,
  digestAlgorithm DigestAlgorithmIdentifier,
  signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
  signatureAlgorithm SignatureAlgorithmIdentifier,
  signature SignatureValue,
  unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }

func (SignerInfo) FindCertificate 

func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)

FindCertificate finds this SignerInfo's certificate in a slice of certificates.

func (SignerInfo) GetContentTypeAttribute 

func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)

GetContentTypeAttribute gets the signed ContentType attribute from the SignerInfo.

func (SignerInfo) GetMessageDigestAttribute 

func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)

GetMessageDigestAttribute gets the signed MessageDigest attribute from the SignerInfo.

func (SignerInfo) GetSigningTimeAttribute 

func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)

GetSigningTimeAttribute gets the signed SigningTime attribute from the SignerInfo.

func (SignerInfo) Hash 

func (si SignerInfo) Hash() (crypto.Hash, error)

Hash gets the crypto.Hash associated with this SignerInfo's DigestAlgorithm. 0 is returned for unrecognized algorithms.

func (SignerInfo) SignedIdentifier 

func (si SignerInfo) SignedIdentifier() (*SignerIdentifier, error)

version is the syntax version number. If the SignerIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 1. If the SignerIdentifier is subjectKeyIdentifier, then the version MUST be 3.

func (SignerInfo) X509SignatureAlgorithm 

func (si SignerInfo) X509SignatureAlgorithm() x509.SignatureAlgorithm

X509SignatureAlgorithm gets the x509.SignatureAlgorithm that should be used for verifying this SignerInfo's signature.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.