librpki

package
v1.5.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2023 License: BSD-3-Clause Imports: 19 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	IpAddrBlock      = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 7}
	AutonomousSysIds = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 8}

	IpAddrBlockV2      = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 28}
	AutonomousSysIdsV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 29}
	IpAddrAndASIdent   = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 30}

	CertPolicy         = asn1.ObjectIdentifier{2, 5, 29, 32}
	ResourceCertPolicy = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 14, 2}
	CPS                = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1}

	SubjectInfoAccess   = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11}
	AuthorityInfoAccess = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}
	CAIssuer            = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2}
	SignedObject        = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 11}

	SubjectKeyIdentifier   = asn1.ObjectIdentifier{2, 5, 29, 14}
	AuthorityKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 35}

	CertRepository = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 5}
	CertRRDP       = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 13}
)
View Source 
var (
	ContentTypeOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3}
	MessageDigest  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4}
	SigningTime    = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5}
	SignedDataOID  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2}
	SHA256OID      = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	RSAOID         = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
)
View Source 
var (
	OidSignatureSHA256WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
	OidSerialNumber           = asn1.ObjectIdentifier{2, 5, 29, 20}
)
View Source 
var (
	SIAManifest = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 10}
	ManifestOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 26}
)
View Source 
var (
	DefaultDecoderConfig = &DecoderConfig{
		ValidateStrict: true,
	}
)
View Source 
var (
	RSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
)
View Source 
var (
	RoaOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 24}
)
View Source 
var (
	XMLOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 28}
)

Functions

func BER2DER 

func BER2DER(ber []byte) ([]byte, error)

BER2DER attempts to convert BER encoded data to DER encoding.

func BadFormatGroup 

func BadFormatGroup(data []byte) ([]byte, bool, error)

func BundleRSAPublicKey added in v1.2.0 

func BundleRSAPublicKey(key rsa.PublicKey) (asn1.BitString, error)

func CreateCRL added in v1.2.0 

func CreateCRL(c *x509.Certificate, rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time, sn *big.Int) (crlBytes []byte, err error)

https://tools.ietf.org/html/rfc6487#section-5

func DecodeASN 

func DecodeASN(data []byte) ([]ASNCertificateInformation, []ASNCertificateInformation, error)

func DecodeIP 

func DecodeIP(addrfamily []byte, addr asn1.BitString) (*net.IPNet, error)

func DecodeIPMinMax 

func DecodeIPMinMax(addrfamily []byte, addr asn1.BitString, max bool) (net.IP, error)

func DecodeKeyAuthority 

func DecodeKeyAuthority(data []byte) ([]byte, error)

https://tools.ietf.org/html/rfc5280#section-4.2.1.2

func DecodeKeyIdentifier 

func DecodeKeyIdentifier(data []byte) ([]byte, error)

func DecryptSignatureRSA 

func DecryptSignatureRSA(signature []byte, pubKey *rsa.PublicKey) ([]byte, error)

func DeleteLineEnd 

func DeleteLineEnd(line string) string

func EContentToEncap added in v1.2.0 

func EContentToEncap(econtent []byte) ([]byte, error)

Pass fullbytes of any EContent Do one for ROA and MFT

func EContentToEncapBF added in v1.2.0 

func EContentToEncapBF(econtent []byte, skipbf bool) ([]byte, error)

func EncodeASN added in v1.2.0 

func EncodeASN(nums []ASNCertificateInformation, rdi []ASNCertificateInformation) (*pkix.Extension, error)

func EncodeASNSeq added in v1.2.0 

func EncodeASNSeq(asns []ASNCertificateInformation) ([]asn1.RawValue, error)

https://tools.ietf.org/html/rfc6487

func EncodeIPAddressBlock added in v1.2.0 

func EncodeIPAddressBlock(ips []IPCertificateInformation) (*pkix.Extension, error)

func EncodeIPAddressBlockVersion added in v1.2.0 

func EncodeIPAddressBlockVersion(version byte, ips []IPCertificateInformation, safi byte, addSafi bool) ([]byte, error)

func EncodeInfoAccess added in v1.2.0 

func EncodeInfoAccess(authority bool, path string) (*pkix.Extension, error)

func EncodePolicyInformation added in v1.2.0 

func EncodePolicyInformation(cps string) (*pkix.Extension, error)

https://tools.ietf.org/html/rfc7318

func EncodeSIA added in v1.2.0 

func EncodeSIA(sias []*SIA) (*pkix.Extension, error)

func EncodeTAL added in v1.2.0 

func EncodeTAL(tal *RPKITAL) ([]byte, error)

func EncodeTALSize added in v1.2.0 

func EncodeTALSize(tal *RPKITAL, split int) ([]byte, error)

func EncryptSignatureRSA added in v1.2.0 

func EncryptSignatureRSA(rand io.Reader, signature []byte, privKey *rsa.PrivateKey) ([]byte, error)

func GetRangeIP 

func GetRangeIP(ipnet *net.IPNet) (error, net.IP, net.IP)

func GroupEntries added in v1.2.0 

func GroupEntries(entries []*ROAEntry) map[byte][]*ROAEntry

func GroupIPAddressBlock added in v1.2.0 

func GroupIPAddressBlock(ips []IPCertificateInformation) map[byte][]IPCertificateInformation

Put in ExtraExtensions https://tools.ietf.org/html/rfc3779

func HashPublicKey added in v1.2.0 

func HashPublicKey(key interface{}) ([]byte, error)

func HashRSAPublicKey added in v1.2.0 

func HashRSAPublicKey(key rsa.PublicKey) ([]byte, error)

func IPNetToBitString added in v1.2.0 

func IPNetToBitString(ipnet net.IPNet) asn1.BitString

func IPToBitString added in v1.2.0 

func IPToBitString(ip net.IP) asn1.BitString

func ManifestToEncap added in v1.2.0 

func ManifestToEncap(mft *Manifest) ([]byte, error)

func PrivateEncrypt added in v1.2.0 

func PrivateEncrypt(priv *rsa.PrivateKey, data []byte) (enc []byte, err error)

func ROAToEncap added in v1.2.0 

func ROAToEncap(roa *ROA) ([]byte, error)

func RSAPublicDecrypt added in v1.2.0 

func RSAPublicDecrypt(pubKey *rsa.PublicKey, data []byte) []byte

https://stackoverflow.com/questions/44852289/decrypt-with-public-key

func ValidateASNCertificateList 

func ValidateASNCertificateList(list []ASNCertificateInformation, parent *RPKICertificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)

func ValidateIPCertificateList 

func ValidateIPCertificateList(list []IPCertificateInformation, parent *RPKICertificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)

https://tools.ietf.org/html/rfc6487#section-7.2

func ValidateIPRoaCertificateList 

func ValidateIPRoaCertificateList(entries []*ROAEntry, cert *RPKICertificate) ([]*ROAEntry, []*ROAEntry, []*ROAEntry)

Types

type ASN 

type ASN struct {
	ASN int
}

func (*ASN) ASN1 added in v1.2.0 

func (a *ASN) ASN1() ([]byte, error)

func (*ASN) GetRange 

func (a *ASN) GetRange() (int, int, bool)

func (*ASN) IsASNInRange 

func (a *ASN) IsASNInRange(asn int) (bool, bool)

func (*ASN) String 

func (a *ASN) String() string

type ASNCertificateInformation 

type ASNCertificateInformation interface {
	GetRange() (int, int, bool)
	IsASNInRange(int) (bool, bool)
	String() string

	ASN1() ([]byte, error)
}

func DecodeASIdentifier 

func DecodeASIdentifier(data asn1.RawValue) ([]ASNCertificateInformation, error)

type ASNRange 

type ASNRange struct {
	Min int
	Max int
}

func (*ASNRange) ASN1 added in v1.2.0 

func (ar *ASNRange) ASN1() ([]byte, error)

func (*ASNRange) GetRange 

func (ar *ASNRange) GetRange() (int, int, bool)

func (*ASNRange) IsASNInRange 

func (ar *ASNRange) IsASNInRange(asn int) (bool, bool)

func (*ASNRange) String 

func (ar *ASNRange) String() string

type ASNull 

type ASNull struct {
}

func (*ASNull) ASN1 added in v1.2.0 

func (an *ASNull) ASN1() ([]byte, error)

func (*ASNull) GetRange 

func (an *ASNull) GetRange() (int, int, bool)

func (*ASNull) IsASNInRange 

func (an *ASNull) IsASNInRange(asn int) (bool, bool)

func (*ASNull) String 

func (an *ASNull) String() string

type Attribute 

type Attribute struct {
	AttrType  asn1.ObjectIdentifier
	AttrValue []asn1.RawValue `asn1:"set"`
}

type CMS 

type CMS struct {
	OID        asn1.ObjectIdentifier
	SignedData CmsSignedData `asn1:"explicit,tag:0"`
}

func DecodeCMS 

func DecodeCMS(data []byte) (*CMS, error)

func EncodeCMS added in v1.2.0 

func EncodeCMS(certificate []byte, encapContent interface{}, signingTime time.Time) (*CMS, error)

func (*CMS) AddCRLs added in v1.2.0 

func (cms *CMS) AddCRLs(crls []byte) error

func (*CMS) CheckSignaturesMatch added in v1.2.0 

func (cms *CMS) CheckSignaturesMatch() (bool, error)

Checks for an explicit NULL object in AlgorithmIdentifier for both CMS and EE certificate.

func (*CMS) GetRPKICertificate 

func (cms *CMS) GetRPKICertificate() (*RPKICertificate, error)

func (*CMS) GetSigningTime 

func (cms *CMS) GetSigningTime() (time.Time, error)

func (*CMS) Sign added in v1.2.0 

func (cms *CMS) Sign(rand io.Reader, ski []byte, encap []byte, priv interface{}, cert []byte) error

https://stackoverflow.com/questions/18011708/encrypt-message-with-rsa-private-key-as-in-openssls-rsa-private-encrypt

func (*CMS) Validate 

func (cms *CMS) Validate(encap []byte, cert *x509.Certificate) error

Won't validate if signedattributes is empty

type CRLAuthKeyId added in v1.2.0 

type CRLAuthKeyId struct {
	Id []byte `asn1:"optional,tag:0"`
}

type CmsSignedData 

type CmsSignedData struct {
	Version          int
	DigestAlgorithms []asn1.RawValue `asn1:"set"`
	EncapContentInfo asn1.RawValue
	Certificates     asn1.RawValue `asn1:"tag:0,optional"`
	CRLs             asn1.RawValue `asn1:"tag:1,optional"`
	SignerInfos      []SignerInfo  `asn1:"set"`
}

type DecoderConfig added in v1.2.0 

type DecoderConfig struct {
	ValidateStrict bool
}

func (*DecoderConfig) DecodeManifest added in v1.2.0 

func (cf *DecoderConfig) DecodeManifest(data []byte) (*RPKIManifest, error)

func (*DecoderConfig) DecodeROA added in v1.2.0 

func (cf *DecoderConfig) DecodeROA(data []byte) (*RPKIROA, error)

type File added in v1.2.0 

type File struct {
	Name string `asn1:"ia5"`
	Hash asn1.BitString
}

func (File) GetHash added in v1.2.0 

func (f File) GetHash() []byte

type IPAddressNull 

type IPAddressNull struct {
	Family uint8
}

func (*IPAddressNull) ASN1 added in v1.2.0 

func (ipan *IPAddressNull) ASN1() ([]byte, error)

func (*IPAddressNull) GetAfi 

func (ipan *IPAddressNull) GetAfi() uint8

func (*IPAddressNull) GetRange 

func (ipan *IPAddressNull) GetRange() (net.IP, net.IP, bool)

func (*IPAddressNull) IsIPInRange 

func (ipan *IPAddressNull) IsIPInRange(ip net.IP) (bool, bool)

func (*IPAddressNull) String 

func (ipan *IPAddressNull) String() string

type IPAddressRange 

type IPAddressRange struct {
	Min net.IP
	Max net.IP
}

func (*IPAddressRange) ASN1 added in v1.2.0 

func (ipr *IPAddressRange) ASN1() ([]byte, error)

func (*IPAddressRange) GetAfi 

func (ipr *IPAddressRange) GetAfi() uint8

func (*IPAddressRange) GetRange 

func (ipr *IPAddressRange) GetRange() (net.IP, net.IP, bool)

func (*IPAddressRange) IsIPInRange 

func (ipr *IPAddressRange) IsIPInRange(ip net.IP) (bool, bool)

func (*IPAddressRange) String 

func (ipr *IPAddressRange) String() string

type IPCertificateInformation 

type IPCertificateInformation interface {
	GetRange() (net.IP, net.IP, bool)
	IsIPInRange(net.IP) (bool, bool)
	String() string
	GetAfi() uint8

	ASN1() ([]byte, error)
}

func DecodeIPAddressBlock 

func DecodeIPAddressBlock(data []byte) ([]IPCertificateInformation, error)

type IPNet 

type IPNet struct {
	IPNet *net.IPNet
}

func (*IPNet) ASN1 added in v1.2.0 

func (ipn *IPNet) ASN1() ([]byte, error)

func (*IPNet) GetAfi 

func (ipn *IPNet) GetAfi() uint8

func (*IPNet) GetRange 

func (ipn *IPNet) GetRange() (net.IP, net.IP, bool)

func (*IPNet) IsIPInRange 

func (ipn *IPNet) IsIPInRange(ip net.IP) (bool, bool)

func (*IPNet) String 

func (ipn *IPNet) String() string

type Manifest 

type Manifest struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

func EncodeManifestContent added in v1.2.0 

func EncodeManifestContent(eContent ManifestContent) (*Manifest, error)

type ManifestContent 

type ManifestContent struct {
	ManifestNumber *big.Int
	ThisUpdate     time.Time `asn1:"generalized"`
	NextUpdate     time.Time `asn1:"generalized"`
	FileHashAlg    asn1.ObjectIdentifier
	FileList       []File
}

type ROA 

type ROA struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

func EncodeROAEntries added in v1.2.0 

func EncodeROAEntries(asn int, entries []*ROAEntry) (*ROA, error)

type ROAAddressFamily 

type ROAAddressFamily struct {
	AddressFamily []byte
	Addresses     []ROAIPAddresses
}

type ROAContent 

type ROAContent struct {
	ASID         int
	IpAddrBlocks []ROAAddressFamily
}

type ROAEntry added in v1.2.0 

type ROAEntry struct {
	IPNet     *net.IPNet
	MaxLength int
}

func ConvertROAEntries 

func ConvertROAEntries(roacontent ROAContent) ([]*ROAEntry, int, error)

func (*ROAEntry) Validate added in v1.2.0 

func (entry *ROAEntry) Validate() error

type ROAIPAddresses 

type ROAIPAddresses struct {
	Address   asn1.BitString
	MaxLength int `asn1:"optional,default:-1"`
}

type RPKICertificate added in v1.2.0 

type RPKICertificate struct {
	SubjectInformationAccess []SIA
	IPAddresses              []IPCertificateInformation
	ASNums                   []ASNCertificateInformation
	ASNRDI                   []ASNCertificateInformation

	Certificate *x509.Certificate
}

func DecodeCertificate 

func DecodeCertificate(data []byte) (*RPKICertificate, error)

func (*RPKICertificate) GetRRDPGeneralName added in v1.4.4 

func (cert *RPKICertificate) GetRRDPGeneralName() string

func (*RPKICertificate) GetRsyncGeneralName added in v1.4.4 

func (cert *RPKICertificate) GetRsyncGeneralName() string

func (*RPKICertificate) HasRRDP added in v1.4.4 

func (cert *RPKICertificate) HasRRDP() bool

func (*RPKICertificate) IsASRangeInCertificate added in v1.2.0 

func (cert *RPKICertificate) IsASRangeInCertificate(min int, max int) (bool, bool)

func (*RPKICertificate) IsIPRangeInCertificate added in v1.2.0 

func (cert *RPKICertificate) IsIPRangeInCertificate(min net.IP, max net.IP) (bool, bool)

func (*RPKICertificate) String added in v1.2.0 

func (cert *RPKICertificate) String() string

func (*RPKICertificate) Validate added in v1.2.0 

func (cert *RPKICertificate) Validate(parent *RPKICertificate) error

func (*RPKICertificate) ValidateASNCertificate added in v1.2.0 

func (cert *RPKICertificate) ValidateASNCertificate(parent *RPKICertificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)

func (*RPKICertificate) ValidateIPCertificate added in v1.2.0 

func (cert *RPKICertificate) ValidateIPCertificate(parent *RPKICertificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)

func (*RPKICertificate) ValidateTime added in v1.2.0 

func (cert *RPKICertificate) ValidateTime(comp time.Time) error

type RPKIManifest added in v1.2.0 

type RPKIManifest struct {
	Certificate        *RPKICertificate
	Content            ManifestContent
	BadFormat          bool
	InnerValid         bool
	InnerValidityError error
}

func DecodeManifest 

func DecodeManifest(data []byte) (*RPKIManifest, error)

type RPKIROA added in v1.2.0 

type RPKIROA struct {
	ASN         int
	Entries     []*ROAEntry
	Certificate *RPKICertificate
	BadFormat   bool
	SigningTime time.Time

	InnerValid         bool
	InnerValidityError error

	Valids      []*ROAEntry
	Invalids    []*ROAEntry
	CheckParent []*ROAEntry
}

func DecodeROA 

func DecodeROA(data []byte) (*RPKIROA, error)

func (*RPKIROA) ValidateEntries added in v1.2.0 

func (roa *RPKIROA) ValidateEntries() error

func (*RPKIROA) ValidateIPRoaCertificate added in v1.2.0 

func (roa *RPKIROA) ValidateIPRoaCertificate(cert *RPKICertificate) ([]*ROAEntry, []*ROAEntry, []*ROAEntry)

func (*RPKIROA) ValidateTime added in v1.2.0 

func (roa *RPKIROA) ValidateTime(comp time.Time) error

type RPKITAL added in v1.2.0 

type RPKITAL struct {
	URI       []string
	Algorithm x509.PublicKeyAlgorithm
	OID       asn1.ObjectIdentifier
	PublicKey interface{}
}

func CreateTAL added in v1.2.0 

func CreateTAL(uri []string, pubkey interface{}) (*RPKITAL, error)

func DecodeTAL 

func DecodeTAL(data []byte) (*RPKITAL, error)

func (*RPKITAL) CheckCertificate added in v1.2.0 

func (tal *RPKITAL) CheckCertificate(cert *x509.Certificate) bool

func (*RPKITAL) GetRsyncURI added in v1.2.0 

func (tal *RPKITAL) GetRsyncURI() string

Returns the rsync URL associated with the TAL certificate. If it does not exist (http only), return a made up URI

func (*RPKITAL) GetURI added in v1.2.0 

func (tal *RPKITAL) GetURI() string

func (*RPKITAL) HasRsync added in v1.2.0 

func (tal *RPKITAL) HasRsync() bool

type RPKIXML added in v1.2.0 

type RPKIXML struct {
	Content     []byte
	Certificate *RPKICertificate

	InnerValid         bool
	InnerValidityError error
}

func DecodeXML added in v1.2.0 

func DecodeXML(data []byte) (*RPKIXML, error)

type SIA 

type SIA struct {
	AccessMethod asn1.ObjectIdentifier
	GeneralName  []byte `asn1:"tag:6"`
}

func DecodeSubjectInformationAccess 

func DecodeSubjectInformationAccess(data []byte) ([]SIA, error)

func (*SIA) String 

func (sia *SIA) String() string

type SignatureDecoded 

type SignatureDecoded struct {
	Inner SignatureInner
	Hash  []byte
}

type SignatureInner 

type SignatureInner struct {
	OID  asn1.ObjectIdentifier
	Null asn1.RawValue
}

type SignedAttributesDigest 

type SignedAttributesDigest struct {
	SignedAttrs []Attribute `asn1:"set"`
}

type SignerInfo 

type SignerInfo struct {
	Version int
	Sid     asn1.RawValue // `asn1:"tag:0,implicit"`
	//Sid                asn1.RawValue `asn1:"tag:0,implicit"`
	DigestAlgorithms   []asn1.RawValue
	SignedAttrs        []Attribute `asn1:"optional,tag:0,implicit,set"`
	SignatureAlgorithm asn1.RawValue
	Signature          []byte
	UnsignedAttrs      asn1.RawValue `asn1:"optional,tag:1,implicit"`
}

type XML added in v1.2.0 

type XML struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

func EncodeXMLContent added in v1.2.0 

func EncodeXMLContent(content interface{}) (*XML, error)

func EncodeXMLData added in v1.2.0 

func EncodeXMLData(message []byte) (*XML, error)

type XMLContent added in v1.2.0 

type XMLContent struct {
	Message interface{}
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.