asn1

package
v0.0.0-...-982e07a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2023 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package asn1 contains descriptions of ASN.1 data structures used by Keystore.

Index

Constants

View Source 
const (
	KeyRingVersion2 = 2
)

Common Version constants:

View Source 
const NoKey = -1

NoKey indicates absence of key, such as for current key indication.

Variables

View Source 
var (
	ErrExtraData = fmt.Errorf("unexpected extra ASN.1 data")
)

Errors returned by ASN.1 processing:

View Source 
var (
	// http://oid-info.com/get/2.16.840.1.101.3.4.2.1
	Sha256OID = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 2, 1})
)

Miscellaneous ASN.1 constants:

Functions

This section is empty.

Types

type ContentType 

type ContentType asn1.Enumerated

ContentType identifies "Data" field of SignedContainer objects. 

const (
	TypeKeyRing ContentType = iota + 1
	TypeKeyDirectory
	TypeDirectKeyDirectory
	TypeEncryptedKeys
)

Common ContentType constants:

type DirectKeyDirectory 

type DirectKeyDirectory struct {
	Name     LikelyUTF8String
	KeyRings []KeyRing            `asn1:"set,optional,tag:1"`
	Children []DirectKeyDirectory `asn1:"set,optional,tag:2"`
}

DirectKeyDirectory contains key rings or other key directories. It has a name by which it can be referred to. Child key rings and directories are contained as immediate objects.

type EncryptedKeys 

type EncryptedKeys struct {
	KeyRings []KeyRing `asn1:"set"`
}

EncryptedKeys is a set of key rings. It is typically used for backup purposes or to transfer keys between machines. SignedContainer actually contains an OCTET STRING with DER serialization of this object encrypted with Themis Secure Cell.

func UnmarshalEncryptedKeys 

func UnmarshalEncryptedKeys(data []byte) (*EncryptedKeys, error)

UnmarshalEncryptedKeys constructs EncryptedKeys from serialized representation.

func (*EncryptedKeys) Marshal 

func (keys *EncryptedKeys) Marshal() ([]byte, error)

Marshal into bytes.

type Key 

type Key struct {
	Seqnum     int
	State      KeyState
	ValidSince time.Time `asn1:"utc"`
	ValidUntil time.Time `asn1:"utc"`
	Data       []KeyData `asn1:"set"`
}

Key stored in the keystore. The key is identified by its content and can have multiple representations. It also has some metadata pertaining to its usage restrictions.

type KeyData 

type KeyData struct {
	Format       KeyFormat
	PublicKey    PublicKey    `asn1:"optional,tag:1"`
	PrivateKey   PrivateKey   `asn1:"optional,tag:2"`
	SymmetricKey SymmetricKey `asn1:"optional,tag:3"`
}

KeyData in a particular format.

type KeyDirectory 

type KeyDirectory struct {
	Name     LikelyUTF8String
	KeyRings []KeyRingReference      `asn1:"set,optional,tag:1"`
	Children []KeyDirectoryReference `asn1:"set,optional,tag:2"`
}

KeyDirectory contains key rings or other key directories. It has a name by which it can be referred to.

func UnmarshalKeyDirectory 

func UnmarshalKeyDirectory(data []byte) (*KeyDirectory, error)

UnmarshalKeyDirectory constructs a KeyDirectory from serialized representation.

type KeyDirectoryReference 

type KeyDirectoryReference struct {
	Name       LikelyUTF8String
	Signatures []Signature `asn1:"set"`
}

KeyDirectoryReference to a child subdirectory, not included into KeyDirectory object directly. However it can be located in some external memory using its name and the current directory path. Signature are also provided for integrity validation. The directory should be packed in SignedContainer.

type KeyFormat 

type KeyFormat asn1.Enumerated

KeyFormat describes format of KeyData. 

const (
	ThemisKeyPairFormat KeyFormat = iota + 1

	ThemisSymmetricKeyFormat
)

Supported key formats:

type KeyRing 

type KeyRing struct {
	Purpose LikelyUTF8String
	Keys    []Key
	Current int
}

KeyRing holds multiple versions of a key used for the same purpose. Keys are usually ordered from oldest to newest, with new keys added to the back of the sequence. One key in a key ring may be designated as 'current'.

func UnmarshalKeyRing 

func UnmarshalKeyRing(data []byte) (*KeyRing, error)

UnmarshalKeyRing constructs a KeyRing from serialized representation.

func (*KeyRing) KeyWithSeqnum 

func (r *KeyRing) KeyWithSeqnum(seqnum int) (*Key, int)

KeyWithSeqnum returns a reference to and index of the key with given seqnum. Returns nil and asn1.NoKey if the key ring contains no such key.

type KeyRingReference 

type KeyRingReference struct {
	Name       LikelyUTF8String
	Signatures []Signature `asn1:"set"`
}

KeyRingReference to a child key ring, not included into KeyDirectory object directly. However it can be located in some external memory using its name and the current directory path. Signatures are also provided for integrity validation. The key ring should be packed in SignedContainer.

type KeyState 

type KeyState asn1.Enumerated

KeyState describes current state of the key. 

const (
	KeyPreActive KeyState = iota + 1
	KeyActive
	KeySuspended
	KeyDeactivated
	KeyCompromised
	KeyDestroyed
)

Possible KeyState values:

type LikelyUTF8String 

type LikelyUTF8String []byte

LikelyUTF8String is used where human-readable UTF-8 is expected, but arbitrary bytes have to be actually allowed.

type PrivateKey 

type PrivateKey []byte

PrivateKey which is stored encrypted.

type PublicKey 

type PublicKey []byte

PublicKey whish is stored in plaintext.

type Signature 

type Signature struct {
	Algorithm asn1.ObjectIdentifier
	Signature []byte
}

Signature for SignedContainer. A container can have multiple signatures made with different algorithms, enabling future-proofing, extensibility, and collision resistance. Signatures are computed for the "Payload" of SignedContainer, usually with HMAC keyed by the keystore master key. The signing algorithm is indicated by the "Algorithm" field.

type SignedContainer 

type SignedContainer struct {
	Payload    SignedPayload
	Signatures []Signature `asn1:"set"`
}

SignedContainer for a signed object. Every exported object of the keystore is packed into a SignedContainer for storage. For example, file-based key store keeps a file for each key directory. Every file contains a SignedContainer with "ContentType" equal to 'TypeKeyDirectory' and a KeyDirectory stored in its "Data" field.

func (*SignedContainer) Marshal 

func (container *SignedContainer) Marshal() ([]byte, error)

Marshal into bytes.

type SignedPayload 

type SignedPayload struct {
	ContentType  ContentType
	Version      int
	LastModified time.Time `asn1:"utc"`
	Data         interface{}
}

SignedPayload contains payload for SignedContainer before marshaling.

func (*SignedPayload) Marshal 

func (payload *SignedPayload) Marshal() ([]byte, error)

Marshal into bytes.

type SymmetricKey 

type SymmetricKey []byte

SymmetricKey which is stored encrypted.

type VerifiedContainer 

type VerifiedContainer struct {
	Payload    VerifiedPayload
	Signatures []Signature `asn1:"set"`
}

VerifiedContainer is an unmarshaled form of SignedContainer.

func UnmarshalVerifiedContainer 

func UnmarshalVerifiedContainer(data []byte) (*VerifiedContainer, error)

UnmarshalVerifiedContainer constructs a VerifiedContainer from serialized representation.

type VerifiedPayload 

type VerifiedPayload struct {
	RawContent   asn1.RawContent
	ContentType  ContentType
	Version      int
	LastModified time.Time `asn1:"utc"`
	Data         asn1.RawValue
}

VerifiedPayload contains payload of VerifiedContainer after unmarshaling.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.