core: github.com/katzenpost/core/crypto/cert Index | Files

package cert

import "github.com/katzenpost/core/crypto/cert"

Package cert provides a cryptographic certicate library.

Index

Package Files

cert.go

Constants

const (
    // CertVersion is the certificate format version.
    CertVersion = 0
)

Variables

var (

    // ErrImpossibleDecode is an impossible decoding error.
    ErrImpossibleDecode = errors.New("impossible to decode")

    // ErrImpossibleEncode is an impossible encoding error.
    ErrImpossibleEncode = errors.New("impossible to encode")

    // ErrImpossibleOutOfMemory is an impossible out of memory error.
    ErrImpossibleOutOfMemory = errors.New("impossible out of memory failure")

    // ErrBadSignature indicates that the given signature does not sign the certificate.
    ErrBadSignature = errors.New("signature does not sign certificate")

    // ErrDuplicateSignature indicates that the given signature is already present in the certificate.
    ErrDuplicateSignature = errors.New("signature must not be duplicate")

    // ErrInvalidCertified indicates that the certified field is invalid
    ErrInvalidCertified = errors.New("invalid certified field of certificate")

    // ErrKeyTypeMismatch indicates that the given signer's key type is different than the signatures present already.
    ErrKeyTypeMismatch = errors.New("certificate key type mismatch")

    // ErrInvalidKeyType indicates that the given signer's key type is different than the signatures present already.
    ErrInvalidKeyType = errors.New("invalid certificate key type")

    // ErrVersionMismatch indicates that the given certificate is the wrong format version.
    ErrVersionMismatch = errors.New("certificate expired")

    // ErrCertificateExpired indicates that the given certificate has expired.
    ErrCertificateExpired = errors.New("certificate expired")

    // ErrIdentitySignatureNotFound indicates that for the given signer identity there was no signature present in the certificate.
    ErrIdentitySignatureNotFound = errors.New("failure to find signature associated with the given identity")

    // ErrInvalidThreshold indicated the given threshold cannot be used.
    ErrInvalidThreshold = errors.New("threshold must be equal or less than the number of verifiers")

    // ErrThresholdNotMet indicates that there were not enough valid signatures to meet the threshold.
    ErrThresholdNotMet = errors.New("threshold failure")
)

func AddSignature Uses

func AddSignature(verifier Verifier, signature Signature, rawCert []byte) ([]byte, error)

AddSignature adds the signature to the certificate if the verifier can verify the signature signs the certificate.

func GetCertified Uses

func GetCertified(rawCert []byte) ([]byte, error)

GetCertified returns the certified data.

func Sign Uses

func Sign(signer Signer, data []byte, expiration int64) ([]byte, error)

Sign uses the given Signer to create a certificate which certifies the given data.

func SignMulti Uses

func SignMulti(signer Signer, rawCert []byte) ([]byte, error)

SignMulti uses the given signer to create a signature and appends it to the certificate and returns it.

func Verify Uses

func Verify(verifier Verifier, rawCert []byte) ([]byte, error)

Verify is used to verify one of the signatures attached to the certificate. It returns the certified data if the signature is valid.

func VerifyAll Uses

func VerifyAll(verifiers []Verifier, rawCert []byte) ([]byte, error)

VerifyAll returns the certified data if all of the given verifiers can verify the certificate. Otherwise nil is returned along with an error.

func VerifyThreshold Uses

func VerifyThreshold(verifiers []Verifier, threshold int, rawCert []byte) ([]byte, []Verifier, []Verifier, error)

VerifyThreshold returns the certified data, the succeeded verifiers and the failed verifiers if at least a threshold number of verifiers can verify the certificate. Otherwise nil is returned along with an error.

type Signature Uses

type Signature struct {
    // Identity is the identity of the signer.
    Identity []byte
    // Payload is the actual signature value.
    Payload []byte
}

Signature is a cryptographic signature which has an associated signer ID.

func GetSignature Uses

func GetSignature(identity []byte, rawCert []byte) (*Signature, error)

GetSignature returns a signature that signs the certificate if it matches with the given identity.

func GetSignatures Uses

func GetSignatures(rawCert []byte) ([]Signature, error)

GetSignatures returns all the signatures.

type Signer Uses

type Signer interface {
    // Sign signs the message and returns the signature.
    Sign(msg []byte) []byte

    // Identity returns the Signer identity.
    Identity() []byte

    // KeyType returns the key type string.
    KeyType() string
}

Signer signs messages.

type Verifier Uses

type Verifier interface {
    // Verify verifies a signature.
    Verify(sig, msg []byte) bool

    // Identity returns the Verifier identity.
    Identity() []byte
}

Verifier is used to verify signatures.

Package cert imports 6 packages (graph) and is imported by 3 packages. Updated 2018-10-18. Refresh now. Tools for package owners.