cms

package module
v0.0.0-...-5cb6b84 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 6, 2018 License: MIT Imports: 10 Imported by: 0

README

cms for Go

Cryptographic Message Syntax (CMS) is a syntax used to digitally sign, digest, authenticate, or encrypt arbitrary message content. The Go library lets you create and interperit CMS messages.

Status

Current supported CMS content types are:

  • Signed Data Content Type

Digest algorithms supported:

  • SHA1 (strongly discouraged)
  • SHA256

Signature algorithms supported:

  • rsa

Install

go get github.com/hiddedorhout/cms

Example

A reference implementation can be found in cms_test.go

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// DataOID is the ASN.1 type ContentInfo for arbitrary octet strings
	DataOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 1}
	//SignedDataOID identifies the signed-data content type
	SignedDataOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 1}
	// SHA256OID identifies the SHA256 digest
	SHA256OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	// SHA1OID identifies the SHA1 digest
	SHA1OID = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
	// AttributeContentTypeOID identifies Content Type
	AttributeContentTypeOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3}
	// AttributeSigningTimeOID identifies Signing Time Attribute
	AttributeSigningTimeOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5}
	// AttributeMessageDigestOID identifies the message digest attribute
	AttributeMessageDigestOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4}
	// DigestAlgorithmSHA256WithRSAOID identifies the rsa sha256 signing algorithm
	DigestAlgorithmSHA256WithRSAOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
	// DigestAlgorithmSHA1WithRSAOID identifies the rsa sha1 signing algorithm
	DigestAlgorithmSHA1WithRSAOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
)

Functions

This section is empty.

Types

type Attribute 

type Attribute struct {
	AttrType   asn1.ObjectIdentifier
	AttrValues interface{} `asn1:"set"`
}

Attribute represents a key value pair. Value must be an ASN.1 marshalable octet string

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder is a type used to support the building of a CMS

func InitCMS 

func InitCMS(content []byte, detached bool) *Builder

InitCMS initializes a CMS builder

func (*Builder) AddSignature 

func (cmsbuilder *Builder) AddSignature(signerID string, signature []byte, unsignedAttributes []Attribute) error

AddSignature adds the created signature for a signer and possible unsigned attributes

func (*Builder) Build 

func (cmsbuilder *Builder) Build() (cms *[]byte, err error)

Build creates the CMS

func (*Builder) CreateTBS 

func (cmsbuilder *Builder) CreateTBS(signerID string) (tbs *[]byte, err error)

CreateTBS creates a To Be Signed byte array to sign for a signer

func (*Builder) NewSigner 

func (cmsbuilder *Builder) NewSigner(
	cert interface{},
	crls *pkix.CertificateList,
	digestAlgorithm crypto.Hash,
	signedAttributes []Attribute,
) (signerID *string, err error)

NewSigner adds a signer to the CMS and returns a signerID, which can be used to create a to be signed byte array and add a signature

type ContentInfo 

type ContentInfo struct {
	ContentType asn1.ObjectIdentifier
	Content     asn1.RawValue `asn1:"explicit,tag:0"`
}

ContentInfo encapsulates the content type and the content of the CMS. The CMS associates a content type identifier with a content. The syntax MUST have ASN.1 type ContentInfo

type EncapsulatedContentInfo 

type EncapsulatedContentInfo struct {
	EcontentType asn1.ObjectIdentifier
	Econtent     []byte `asn1:"explicit,optional,tag:0"`
}

EncapsulatedContentInfo represents the content

type SignedData 

type SignedData struct {
	Version          int                        `ans1:"default:1"`
	DigestAlgorithms []pkix.AlgorithmIdentifier `asn1:"set"`
	EncapContentInfo EncapsulatedContentInfo    `asn1:"sequence"`
	Certificates     rawCertificates            `asn1:"implicit,optional,tag:0"`
	Crls             []pkix.CertificateList     `asn1:"implicit,optional,tag:1"`
	SignerInfos      []SignerInfo               `asn1:"set"`
}

SignedData type consists of a content of any type and zero or more signature values. Any number of signers in parallel can sign any type of content.

type Signer 

type Signer struct {
	Cert               *x509.Certificate
	CRLs               *pkix.CertificateList
	DigestAlgorithm    pkix.AlgorithmIdentifier
	ContentDigest      []byte
	SignedAttributes   []Attribute
	UnsignedAttributes []Attribute
	SignatureAlgorithm pkix.AlgorithmIdentifier
	Signature          []byte
}

Signer is a type to describe a signer

type SignerInfo 

type SignerInfo struct {
	Version            int `asn1:"default:1"`
	Sid                issuerAndSerialNumber
	DigestAlgorithm    pkix.AlgorithmIdentifier
	SignedAttributes   []Attribute `asn1:"optional,tag:0,set"`
	SignatureAlgorithm pkix.AlgorithmIdentifier
	Signature          []byte
	UnsignedAttributes []Attribute `asn1:"optional,tag:1"`
}

SignerInfo is a collection of per-signer information

type Values 

type Values struct {
	// contains filtered or unexported fields
}

Values is a type to unmarshal cms

func ParseCMS 

func ParseCMS(rawCMS []byte) (cms *Values, err error)

ParseCMS takes a raw CMS and parses it to a CMS object

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.