kmip

type AttestationCredentialValue ¶

type AttestationCredentialValue struct {
	Nonce                  Nonce
	AttestationType        ttlv.AttestationType
	AttestationMeasurement []byte `ttlv:",omitempty"`
	AttestationAssertion   []byte `ttlv:",omitempty"`
}

AttestationCredentialValue 2.1.2 Table 6

If the Credential Type in the Credential is Attestation, then Credential Value is a structure as shown in Table 6. The Nonce Value is obtained from the key management server in a Nonce Object. The Attestation Credential Object can contain a measurement from the client or an assertion from a third party if the server is not capable or willing to verify the attestation data from the client. Neither type of attestation data (Attestation Measurement or Attestation Assertion) is necessary to allow the server to accept either. However, the client SHALL provide attestation data in either the Attestation Measurement or Attestation Assertion fields.

type Attribute ¶

type Attribute struct {
	AttributeName  string
	AttributeIndex int `ttlv:",omitempty"`
	AttributeValue interface{}
}

Attribute 2.1.1 Table 2

An Attribute object is a structure (see Table 2) used for sending and receiving Managed Object attributes. The Attribute Name is a text-string that is used to identify the attribute. The Attribute Index is an index number assigned by the key management server. The Attribute Index is used to identify the particular instance. Attribute Indices SHALL start with 0. The Attribute Index of an attribute SHALL NOT change when other instances are added or deleted. Single-instance Attributes (attributes which an object MAY only have at most one instance thereof) SHALL have an Attribute Index of 0. The Attribute Value is either a primitive data type or structured object, depending on the attribute.

When an Attribute structure is used to specify or return a particular instance of an Attribute and the Attribute Index is not specified it SHALL be assumed to be 0.

func (a *Attribute) UnmarshalTTLV(d *ttlv.Decoder, ttlvV ttlv.TTLV) error

type Attributes ¶

type Attributes struct {
	Attributes []Attribute
}

type Authentication ¶

type Authentication struct {
	Credential []Credential
}

type Certificate ¶

type Certificate struct {
	CertificateType  ttlv.CertificateType
	CertificateValue []byte
}

type CommonTemplateAttribute ¶

type CommonTemplateAttribute TemplateAttribute

CommonTemplateAttribute 2.1.8 Table 29

See TemplateAttribute.

type CreateHandler ¶

type CreateHandler struct {
	Create func(ctx context.Context, payload *CreateRequestPayload) (*CreateResponsePayload, error)
}

func (h *CreateHandler) HandleItem(ctx context.Context, req *Request) (*ResponseBatchItem, error)

type CreateRequestPayload ¶

type CreateRequestPayload struct {
	ObjectType        ttlv.ObjectType
	TemplateAttribute TemplateAttribute
}

CreateRequestPayload 4.1 Table 163

TemplateAttribute MUST include CryptographicAlgorithm (3.4) and CryptographicUsageMask (3.19).

type CreateResponsePayload ¶

type CreateResponsePayload struct {
	ObjectType        ttlv.ObjectType
	UniqueIdentifier  string
	TemplateAttribute *TemplateAttribute
}

CreateResponsePayload 4.1 Table 164

type Credential ¶

type Credential struct {
	CredentialType  ttlv.CredentialType
	CredentialValue interface{}
}

Credential 2.1.2 Table 3

A Credential is a structure (see Table 3) used for client identification purposes and is not managed by the key management system (e.g., user id/password pairs, Kerberos tokens, etc.). It MAY be used for authentication purposes as indicated in [KMIP-Prof].

TODO: add an unmarshal impl to Credential to handle decoding the right kind of credential based on the credential type value

type CryptographicParameters ¶

type CryptographicParameters struct {
	BlockCipherMode           ttlv.BlockCipherMode           `ttlv:",omitempty"`
	PaddingMethod             ttlv.PaddingMethod             `ttlv:",omitempty"`
	HashingAlgorithm          ttlv.HashingAlgorithm          `ttlv:",omitempty"`
	KeyRoleType               ttlv.KeyRoleType               `ttlv:",omitempty"`
	DigitalSignatureAlgorithm ttlv.DigitalSignatureAlgorithm `ttlv:",omitempty"`
	CryptographicAlgorithm    ttlv.CryptographicAlgorithm    `ttlv:",omitempty"`
	RandomIV                  bool                           `ttlv:",omitempty"`
	IVLength                  int                            `ttlv:",omitempty"`
	TagLength                 int                            `ttlv:",omitempty"`
	FixedFieldLength          int                            `ttlv:",omitempty"`
	InvocationFieldLength     int                            `ttlv:",omitempty"`
	CounterLength             int                            `ttlv:",omitempty"`
	InitialCounterValue       int                            `ttlv:",omitempty"`
	SaltLength                int                            `ttlv:",omitempty"`
	MaskGenerator             ttlv.MaskGenerator             `ttlv:",omitempty" default:"1"` // defaults to MGF1
	MaskHashingAlgorithm      ttlv.HashingAlgorithm          `ttlv:",omitempty" default:"4"` // defaults to SHA-1
	PSource                   []byte                         `ttlv:",omitempty"`
	TrailerField              int                            `ttlv:",omitempty"`
}

Cryptographic Parameters 3.6 Table 65

The Cryptographic Parameters attribute is a structure (see Table 65) that contains a set of OPTIONAL fields that describe certain cryptographic parameters to be used when performing cryptographic operations using the object. Specific fields MAY pertain only to certain types of Managed Cryptographic Objects. The Cryptographic Parameters attribute of a Certificate object identifies the cryptographic parameters of the public key contained within the Certificate.

The Cryptographic Algorithm is also used to specify the parameters for cryptographic operations. For operations involving digital signatures, either the Digital Signature Algorithm can be specified or the Cryptographic Algorithm and Hashing Algorithm combination can be specified.

Random IV can be used to request that the KMIP server generate an appropriate IV for a cryptographic operation that uses an IV. The generated Random IV is returned in the response to the cryptographic operation.

IV Length is the length of the Initialization Vector in bits. This parameter SHALL be provided when the specified Block Cipher Mode supports variable IV lengths such as CTR or GCM.

Tag Length is the length of the authentication tag in bytes. This parameter SHALL be provided when the Block Cipher Mode is GCM or CCM.

The IV used with counter modes of operation (e.g., CTR and GCM) cannot repeat for a given cryptographic key. To prevent an IV/key reuse, the IV is often constructed of three parts: a fixed field, an invocation field, and a counter as described in [SP800-38A] and [SP800-38D]. The Fixed Field Length is the length of the fixed field portion of the IV in bits. The Invocation Field Length is the length of the invocation field portion of the IV in bits. The Counter Length is the length of the counter portion of the IV in bits.

Initial Counter Value is the starting counter value for CTR mode (for [RFC3686] it is 1).

type DeviceCredentialValue ¶

type DeviceCredentialValue struct {
	DeviceSerialNumber string `ttlv:",omitempty"`
	Password           string `ttlv:",omitempty"`
	DeviceIdentifier   string `ttlv:",omitempty"`
	NetworkIdentifier  string `ttlv:",omitempty"`
	MachineIdentifier  string `ttlv:",omitempty"`
	MediaIdentifier    string `ttlv:",omitempty"`
}

DeviceCredentialValue 2.1.2 Table 5

If the Credential Type in the Credential is Device, then Credential Value is a structure as shown in Table 5. One or a combination of the Device Serial Number, Network Identifier, Machine Identifier, and Media Identifier SHALL be unique. Server implementations MAY enforce policies on uniqueness for individual fields. A shared secret or password MAY also be used to authenticate the client. The client SHALL provide at least one field.

type DiscoverVersionsHandler ¶

type DiscoverVersionsHandler struct {
	SupportedVersions []ProtocolVersion
}

func (h *DiscoverVersionsHandler) HandleItem(ctx context.Context, req *Request) (item *ResponseBatchItem, err error)

type DiscoverVersionsRequestPayload ¶

type DiscoverVersionsRequestPayload struct {
	ProtocolVersion []ProtocolVersion
}

type DiscoverVersionsResponsePayload ¶

type DiscoverVersionsResponsePayload struct {
	ProtocolVersion []ProtocolVersion
}

type EncryptionKeyInformation ¶

type EncryptionKeyInformation struct {
	UniqueIdentifier        string
	CryptographicParameters *CryptographicParameters
}

EncryptionKeyInformation 2.1.5 Table 10

type ErrorHandler ¶

type ErrorHandler interface {
	HandleError(err error) *ResponseBatchItem
}

type ErrorHandlerFunc ¶

type ErrorHandlerFunc func(err error) *ResponseBatchItem

func (f ErrorHandlerFunc) HandleError(err error) *ResponseBatchItem

type ItemHandler ¶

type ItemHandler interface {
	HandleItem(ctx context.Context, req *Request) (item *ResponseBatchItem, err error)
}

type ItemHandlerFunc ¶

type ItemHandlerFunc func(context.Context, *Request) (*ResponseBatchItem, error)

func (f ItemHandlerFunc) HandleItem(ctx context.Context, req *Request) (item *ResponseBatchItem, err error)

type KeyBlock ¶

type KeyBlock struct {
	KeyFormatType      ttlv.KeyFormatType
	KeyCompressionType ttlv.KeyCompressionType `ttlv:",omitempty"`
	// KeyValue should be either []byte or KeyValue
	KeyValue               interface{}                 `ttlv:",omitempty"` // should be either a []byte or KeyValue
	CryptographicAlgorithm ttlv.CryptographicAlgorithm `ttlv:",omitempty"`
	CryptographicLength    int                         `ttlv:",omitempty"`
	KeyWrappingData        *KeyWrappingData
}

KeyBlock 2.1.3 Table 7

A Key Block object is a structure (see Table 7) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains a Key Value of one of the following Key Format Types:

· Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes. · Opaque – This is an encoded key for which the encoding is unknown to the key management system.

It is encoded as a string of bytes.

· PKCS1 – This is an encoded private key, expressed as a DER-encoded ASN.1 PKCS#1 object. · PKCS8 – This is an encoded private key, expressed as a DER-encoded ASN.1 PKCS#8 object, supporting both

the RSAPrivateKey syntax and EncryptedPrivateKey.

· X.509 – This is an encoded object, expressed as a DER-encoded ASN.1 X.509 object. · ECPrivateKey – This is an ASN.1 encoded elliptic curve private key. · Several Transparent Key types – These are algorithm-specific structures containing defined values

for the various key types, as defined in Section 2.1.7.

· Extensions – These are vendor-specific extensions to allow for proprietary or legacy key formats.

The Key Block MAY contain the Key Compression Type, which indicates the format of the elliptic curve public key. By default, the public key is uncompressed.

The Key Block also has the Cryptographic Algorithm and the Cryptographic Length of the key contained in the Key Value field. Some example values are:

· RSA keys are typically 1024, 2048 or 3072 bits in length. · 3DES keys are typically from 112 to 192 bits (depending upon key length and the presence of parity bits). · AES keys are 128, 192 or 256 bits in length.

The Key Block SHALL contain a Key Wrapping Data structure if the key in the Key Value field is wrapped (i.e., encrypted, or MACed/signed, or both).

TODO: Unmarshaler impl which unmarshals correct KeyValue type.

type KeyValue ¶

type KeyValue struct {
	// KeyMaterial should be []byte, one of the Transparent*Key structs, or a custom struct if KeyFormatType is
	// an extension.
	KeyMaterial interface{}
	Attribute   []Attribute
}

KeyValue 2.1.4 Table 8

The Key Value is used only inside a Key Block and is either a Byte String or a structure (see Table 8):

· The Key Value structure contains the key material, either as a byte string or as a Transparent Key

structure (see Section 2.1.7), and OPTIONAL attribute information that is associated and encapsulated
with the key material. This attribute information differs from the attributes associated with Managed
Objects, and is obtained via the Get Attributes operation, only by the fact that it is encapsulated with
(and possibly wrapped with) the key material itself.

· The Key Value Byte String is either the wrapped TTLV-encoded (see Section 9.1) Key Value structure, or

the wrapped un-encoded value of the Byte String Key Material field.

TODO: Unmarshaler impl which unmarshals correct KeyMaterial type.

type KeyWrappingData ¶

type KeyWrappingData struct {
	WrappingMethod             ttlv.WrappingMethod
	EncryptionKeyInformation   *EncryptionKeyInformation
	MACSignatureKeyInformation *MACSignatureKeyInformation
	MACSignature               []byte
	IVCounterNonce             []byte
	EncodingOption             ttlv.EncodingOption `ttlv:",omitempty" default:"TTLVEncoding"`
}

KeyWrappingData 2.1.5 Table 9

The Key Block MAY also supply OPTIONAL information about a cryptographic key wrapping mechanism used to wrap the Key Value. This consists of a Key Wrapping Data structure (see Table 9). It is only used inside a Key Block.

This structure contains fields for:

· A Wrapping Method, which indicates the method used to wrap the Key Value. · Encryption Key Information, which contains the Unique Identifier (see 3.1) value of the encryption key

and associated cryptographic parameters.

· MAC/Signature Key Information, which contains the Unique Identifier value of the MAC/signature key

and associated cryptographic parameters.

· A MAC/Signature, which contains a MAC or signature of the Key Value. · An IV/Counter/Nonce, if REQUIRED by the wrapping method. · An Encoding Option, specifying the encoding of the Key Material within the Key Value structure of the

Key Block that has been wrapped. If No Encoding is specified, then the Key Value structure SHALL NOT contain
any attributes.

If wrapping is used, then the whole Key Value structure is wrapped unless otherwise specified by the Wrapping Method. The algorithms used for wrapping are given by the Cryptographic Algorithm attributes of the encryption key and/or MAC/signature key; the block-cipher mode, padding method, and hashing algorithm used for wrapping are given by the Cryptographic Parameters in the Encryption Key Information and/or MAC/Signature Key Information, or, if not present, from the Cryptographic Parameters attribute of the respective key(s). Either the Encryption Key Information or the MAC/Signature Key Information (or both) in the Key Wrapping Data structure SHALL be specified.

The following wrapping methods are currently defined:

· Encrypt only (i.e., encryption using a symmetric key or public key, or authenticated encryption algorithms that use a single key). · MAC/sign only (i.e., either MACing the Key Value with a symmetric key, or signing the Key Value with a private key). · Encrypt then MAC/sign. · MAC/sign then encrypt. · TR-31. · Extensions.

The following encoding options are currently defined:

· No Encoding (i.e., the wrapped un-encoded value of the Byte String Key Material field in the Key Value structure). · TTLV Encoding (i.e., the wrapped TTLV-encoded Key Value structure).

type MACSignatureKeyInformation ¶

type MACSignatureKeyInformation struct {
	UniqueIdentifier        string
	CryptographicParameters *CryptographicParameters
}

MACSignatureKeyInformation 2.1.5 Table 11

type MessageExtension ¶

type MessageExtension struct {
	VendorIdentification string
	CriticalityIndicator bool
	VendorExtension      interface{}
}

type MessageHandler ¶

type MessageHandler interface {
	HandleMessage(ctx context.Context, req *Request, resp *Response)
}

type MessageHandlerFunc ¶

type MessageHandlerFunc func(context.Context, *Request, *Response)

func (f MessageHandlerFunc) HandleMessage(ctx context.Context, req *Request, resp *Response)

type Name ¶

type Name struct {
	NameValue string
	NameType  ttlv.NameType
}

Name 3.2 Table 57

The Name attribute is a structure (see Table 57) used to identify and locate an object. This attribute is assigned by the client, and the Name Value is intended to be in a form that humans are able to interpret. The key management system MAY specify rules by which the client creates valid names. Clients are informed of such rules by a mechanism that is not specified by this standard. Names SHALL be unique within a given key management domain, but are NOT REQUIRED to be globally unique.

type Nonce ¶

type Nonce struct {
	NonceID    []byte
	NonceValue []byte
}

type OpaqueObject ¶

type OpaqueObject struct {
	OpaqueDataType  ttlv.OpaqueDataType
	OpaqueDataValue []byte
}

type OperationMux ¶

type OperationMux struct {
	ErrorHandler ErrorHandler
	// contains filtered or unexported fields
}

func (m *OperationMux) Handle(op ttlv.Operation, handler ItemHandler)

func (m *OperationMux) HandleMessage(ctx context.Context, req *Request, resp *Response)

type PGPKey ¶

type PGPKey struct {
	PGPKeyVersion int
	KeyBlock      KeyBlock
}

type PrivateKey ¶

type PrivateKey struct {
	KeyBlock KeyBlock
}

type PrivateKeyTemplateAttribute ¶

type PrivateKeyTemplateAttribute TemplateAttribute

PrivateKeyTemplateAttribute 2.1.8 Table 29

See TemplateAttribute.

type ProtocolHandler ¶

type ProtocolHandler interface {
	ServeKMIP(ctx context.Context, req *Request, resp ResponseWriter)
}

type ProtocolHandlerFunc ¶

type ProtocolHandlerFunc func(context.Context, *Request, ResponseWriter)

func (f ProtocolHandlerFunc) ServeKMIP(ctx context.Context, r *Request, w ResponseWriter)

type ProtocolVersion ¶

type ProtocolVersion struct {
	ProtocolVersionMajor int
	ProtocolVersionMinor int
}

type PublicKey ¶

type PublicKey struct {
	KeyBlock KeyBlock
}

type PublicKeyTemplateAttribute ¶

type PublicKeyTemplateAttribute TemplateAttribute

PublicKeyTemplateAttribute 2.1.8 Table 29

See TemplateAttribute.

type RegisterHandler ¶

type RegisterHandler struct {
	SkipValidation bool
	RegisterFunc   func(context.Context, *RegisterRequestPayload) (*RegisterResponsePayload, error)
}

func (h *RegisterHandler) HandleItem(ctx context.Context, req *Request) (item *ResponseBatchItem, err error)

type RegisterRequestPayload ¶

type RegisterRequestPayload struct {
	ObjectType        ttlv.ObjectType
	TemplateAttribute TemplateAttribute
	Certificate       *Certificate
	SymmetricKey      *SymmetricKey
	PrivateKey        *PrivateKey
	PublicKey         *PublicKey
	SplitKey          *SplitKey
	Template          *Template
	SecretData        *SecretData
	OpaqueObject      *OpaqueObject
}

type RegisterResponsePayload ¶

type RegisterResponsePayload struct {
	UniqueIdentifier  string
	TemplateAttribute TemplateAttribute
}

type Request ¶

type Request struct {
	TTLV                ttlv.TTLV
	Message             *RequestMessage
	CurrentItem         *RequestBatchItem
	DisallowExtraValues bool

	TLS        *tls.ConnectionState
	RemoteAddr string
	LocalAddr  string

	IDPlaceholder string
	// contains filtered or unexported fields
}

func (r *Request) DecodePayload(v interface{}) error

func (r *Request) Unmarshal(ttlv ttlv.TTLV, into interface{}) error

type RequestBatchItem ¶

type RequestBatchItem struct {
	Operation         ttlv.Operation
	UniqueBatchItemID []byte `ttlv:",omitempty"`
	RequestPayload    interface{}
	MessageExtension  *MessageExtension `ttlv:",omitempty"`
}

type RequestHeader ¶

type RequestHeader struct {
	ProtocolVersion              ProtocolVersion
	MaximumResponseSize          int    `ttlv:",omitempty"`
	ClientCorrelationValue       string `ttlv:",omitempty"`
	ServerCorrelationValue       string `ttlv:",omitempty"`
	AsynchronousIndicator        bool   `ttlv:",omitempty"`
	AttestationCapableIndicator  bool   `ttlv:",omitempty"`
	AttestationType              []ttlv.AttestationType
	Authentication               *Authentication
	BatchErrorContinuationOption ttlv.BatchErrorContinuationOption `ttlv:",omitempty"`
	BatchOrderOption             bool                              `ttlv:",omitempty"`
	TimeStamp                    *time.Time
	BatchCount                   int
}

type RequestMessage ¶

type RequestMessage struct {
	RequestHeader RequestHeader
	BatchItem     []RequestBatchItem
}

type Response ¶

type Response struct {
	ResponseMessage
	// contains filtered or unexported fields
}

func (r *Response) Bytes() []byte

type ResponseBatchItem ¶

type ResponseBatchItem struct {
	Operation                    ttlv.Operation `ttlv:",omitempty"`
	UniqueBatchItemID            []byte         `ttlv:",omitempty"`
	ResultStatus                 ttlv.ResultStatus
	ResultReason                 ttlv.ResultReason `ttlv:",omitempty"`
	ResultMessage                string            `ttlv:",omitempty"`
	AsynchronousCorrelationValue []byte            `ttlv:",omitempty"`
	ResponsePayload              interface{}       `ttlv:",omitempty"`
	MessageExtension             *MessageExtension
}

type ResponseHeader ¶

type ResponseHeader struct {
	ProtocolVersion        ProtocolVersion
	TimeStamp              time.Time
	Nonce                  *Nonce
	AttestationType        []ttlv.AttestationType
	ClientCorrelationValue string `ttlv:",omitempty"`
	ServerCorrelationValue string `ttlv:",omitempty"`
	BatchCount             int
}

type ResponseMessage ¶

type ResponseMessage struct {
	ResponseHeader ResponseHeader
	BatchItem      []ResponseBatchItem
}

type ResponseWriter ¶

type ResponseWriter interface {
	io.Writer
}

type SecretData ¶

type SecretData struct {
	SecretDataType ttlv.SecretDataType
	KeyBlock       KeyBlock
}

type Server ¶

type Server struct {
	Handler ProtocolHandler

	// ErrorLog specifies an optional logger for errors accepting
	// connections, unexpected behavior from handlers, and
	// underlying FileSystem errors.
	// If nil, logging is done via the log package's standard logger.
	ErrorLog *log.Logger
	// contains filtered or unexported fields
}

func (srv *Server) Close() error

func (srv *Server) Serve(l net.Listener) error

func (srv *Server) Shutdown(ctx context.Context) error

type SplitKey ¶

type SplitKey struct {
	SplitKeyParts     int
	KeyPartIdentifier int
	SplitKeyThreshold int
	SplitKeyMethod    ttlv.SplitKeyMethod
	PrimeFieldSize    *big.Int `ttlv:",omitempty"`
	KeyBlock          KeyBlock
}

type StandardProtocolHandler ¶

type StandardProtocolHandler struct {
	ProtocolVersion ProtocolVersion
	MessageHandler  MessageHandler
	LogTraffic      bool
}

func (h *StandardProtocolHandler) ServeKMIP(ctx context.Context, req *Request, writer ResponseWriter)

type SymmetricKey ¶

type SymmetricKey struct {
	KeyBlock KeyBlock
}

type Template ¶

type Template struct {
	Attribute []Attribute
}

type TemplateAttribute ¶

type TemplateAttribute struct {
	Name       []Name
	Attributes map[string]map[int]interface{}
}

func (t *TemplateAttribute) Add(a Attribute)

func (t TemplateAttribute) Delete(a Attribute) interface{}

func (t *TemplateAttribute) Get(s string, idx int) interface{}

func (t *TemplateAttribute) GetAll(s string) map[int]interface{}

func (t *TemplateAttribute) GetAllTag(tag ttlv.Tag) map[int]interface{}

func (t *TemplateAttribute) GetTag(tag ttlv.Tag, idx int) interface{}

func (t *TemplateAttribute) MarshalTTLV(e *ttlv.Encoder, tag ttlv.Tag) error

func (t TemplateAttribute) Set(a Attribute) interface{}

func (t TemplateAttribute) Set2(name string, val interface{}, idx int) interface{}

func (t *TemplateAttribute) UnmarshalTTLV(d *ttlv.Decoder, ttlv ttlv.TTLV) error

type TransparentDHPrivateKey ¶

type TransparentDHPrivateKey struct {
	P *big.Int `validate:"required"`
	Q *big.Int
	G *big.Int `validate:"required"`
	J *big.Int
	X *big.Int `validate:"required"`
}

TransparentDHPrivateKey 2.1.7.6 Table 19

If the Key Format Type in the Key Block is Transparent DH Private Key, then Key Material is a structure as shown in Table 19.

type TransparentDHPublicKey ¶

type TransparentDHPublicKey struct {
	P *big.Int `validate:"required"`
	Q *big.Int
	G *big.Int `validate:"required"`
	J *big.Int
	Y *big.Int `validate:"required"`
}

TransparentDHPublicKey 2.1.7.7 Table 20

If the Key Format Type in the Key Block is Transparent DH Public Key, then Key Material is a structure as shown in Table 20.

P, G, and Y are required.

type TransparentDSAPrivateKey ¶

type TransparentDSAPrivateKey struct {
	// TODO: should these be pointers?  big package deals entirely with pointers, but these are not optional values.
	P *big.Int `validate:"required"`
	Q *big.Int `validate:"required"`
	G *big.Int `validate:"required"`
	X *big.Int `validate:"required"`
}

TransparentDSAPrivateKey 2.1.7.2 Table 15

If the Key Format Type in the Key Block is Transparent DSA Private Key, then Key Material is a structure as shown in Table 15.

type TransparentDSAPublicKey ¶

type TransparentDSAPublicKey struct {
	P *big.Int `validate:"required"`
	Q *big.Int `validate:"required"`
	G *big.Int `validate:"required"`
	Y *big.Int `validate:"required"`
}

TransparentDSAPublicKey 2.1.7.3 Table 16

If the Key Format Type in the Key Block is Transparent DSA Public Key, then Key Material is a structure as shown in Table 16.

type TransparentECDHPrivateKey ¶

type TransparentECDHPrivateKey TransparentECPrivateKey

TransparentECDHPrivateKey 2.1.7.10 Table 23

The Transparent ECDH Private Key structure is deprecated as of version 1.3 of this specification and MAY be removed from subsequent versions of the specification. The Transparent EC Private Key structure SHOULD be used as a replacement.

If the Key Format Type in the Key Block is Transparent ECDH Private Key, then Key Material is a structure as shown in Table 23.

type TransparentECDHPublicKey ¶

type TransparentECDHPublicKey TransparentECPublicKey

TransparentECDHPublicKey 2.1.7.11 Table 24

The Transparent ECDH Public Key structure is deprecated as of version 1.3 of this specification and MAY be removed from subsequent versions of the specification. The Transparent EC Public Key structure SHOULD be used as a replacement.

If the Key Format Type in the Key Block is Transparent ECDH Public Key, then Key Material is a structure as shown in Table 24.

type TransparentECDSAPrivateKey ¶

type TransparentECDSAPrivateKey struct {
	RecommendedCurve ttlv.RecommendedCurve
	D                *big.Int `validate:"required"`
}

TransparentECDSAPrivateKey 2.1.7.8 Table 21

The Transparent ECDSA Private Key structure is deprecated as of version 1.3 of this specification and MAY be removed from subsequent versions of the specification. The Transparent EC Private Key structure SHOULD be used as a replacement.

If the Key Format Type in the Key Block is Transparent ECDSA Private Key, then Key Material is a structure as shown in Table 21.

type TransparentECDSAPublicKey ¶

type TransparentECDSAPublicKey struct {
	RecommendedCurve ttlv.RecommendedCurve
	QString          []byte `validate:"required"`
}

TransparentECDSAPublicKey 2.1.7.9 Table 22

The Transparent ECDSA Public Key structure is deprecated as of version 1.3 of this specification and MAY be removed from subsequent versions of the specification. The Transparent EC Public Key structure SHOULD be used as a replacement.

If the Key Format Type in the Key Block is Transparent ECDSA Public Key, then Key Material is a structure as shown in Table 22.

type TransparentECMQVPrivateKey ¶

type TransparentECMQVPrivateKey TransparentECPrivateKey

TransparentECMQVPrivateKey 2.1.7.12 Table 25

The Transparent ECMQV Private Key structure is deprecated as of version 1.3 of this specification and MAY be removed from subsequent versions of the specification. The Transparent EC Private Key structure SHOULD be used as a replacement.

If the Key Format Type in the Key Block is Transparent ECMQV Private Key, then Key Material is a structure as shown in Table 25.

type TransparentECMQVPublicKey ¶

type TransparentECMQVPublicKey TransparentECPublicKey

TransparentECMQVPublicKey 2.1.7.13 Table 26

The Transparent ECMQV Public Key structure is deprecated as of version 1.3 of this specification and MAY be removed from subsequent versions of the specification. The Transparent EC Public Key structure SHOULD be used as a replacement.

If the Key Format Type in the Key Block is Transparent ECMQV Public Key, then Key Material is a structure as shown in Table 26.

type TransparentECPrivateKey ¶

type TransparentECPrivateKey struct {
	RecommendedCurve ttlv.RecommendedCurve
	D                *big.Int `validate:"required"`
}

TransparentECPrivateKey 2.1.7.14 Table 27

If the Key Format Type in the Key Block is Transparent EC Private Key, then Key Material is a structure as shown in Table 27.

type TransparentECPublicKey ¶

type TransparentECPublicKey struct {
	RecommendedCurve ttlv.RecommendedCurve
	QString          []byte `validate:"required"`
}

TransparentECPublicKey 2.1.7.15 Table 28

If the Key Format Type in the Key Block is Transparent EC Public Key, then Key Material is a structure as shown in Table 28.

type TransparentRSAPrivateKey ¶

type TransparentRSAPrivateKey struct {
	Modulus                         *big.Int `validate:"required"`
	PrivateExponent, PublicExponent *big.Int
	P, Q                            *big.Int
	PrimeExponentP, PrimeExponentQ  *big.Int
	CRTCoefficient                  *big.Int
}

TransparentRSAPrivateKey 2.1.7.4 Table 17

If the Key Format Type in the Key Block is Transparent RSA Private Key, then Key Material is a structure as shown in Table 17.

One of the following SHALL be present (refer to [PKCS#1]):

· Private Exponent, · P and Q (the first two prime factors of Modulus), or · Prime Exponent P and Prime Exponent Q.

type TransparentRSAPublicKey ¶

type TransparentRSAPublicKey struct {
	Modulus        *big.Int `validate:"required"`
	PublicExponent *big.Int `validate:"required"`
}

TransparentRSAPublicKey 2.1.7.5 Table 18

If the Key Format Type in the Key Block is Transparent RSA Public Key, then Key Material is a structure as shown in Table 18.

type TransparentSymmetricKey ¶

type TransparentSymmetricKey struct {
	Key []byte `validate:"required"`
}

TransparentSymmetricKey 2.1.7.1 Table 14

If the Key Format Type in the Key Block is Transparent Symmetric Key, then Key Material is a structure as shown in Table 14.

type UsernameAndPasswordCredentialValue ¶

type UsernameAndPasswordCredentialValue struct {
	Username string
	Password string `ttlv:",omitempty"`
}

UsernameAndPasswordCredentialValue 2.1.2 Table 4

If the Credential Type in the Credential is Username and Password, then Credential Value is a structure as shown in Table 4. The Username field identifies the client, and the Password field is a secret that authenticates the client.