autograph: go.mozilla.org/autograph/signer/contentsignaturepki Index | Files

package contentsignaturepki

import "go.mozilla.org/autograph/signer/contentsignaturepki"

Index

Package Files

contentsignature.go signature.go upload.go x509.go

Constants

const (
    // Type of this signer is 'contentsignaturepki'
    Type = "contentsignaturepki"

    // P256ECDSA defines an ecdsa content signature on the P-256 curve
    P256ECDSA = "p256ecdsa"

    // P256ECDSABYTESIZE defines the bytes length of a P256ECDSA signature
    P256ECDSABYTESIZE = 64

    // P384ECDSA defines an ecdsa content signature on the P-384 curve
    P384ECDSA = "p384ecdsa"

    // P384ECDSABYTESIZE defines the bytes length of a P384ECDSA signature
    P384ECDSABYTESIZE = 96

    // SignaturePrefix is a string preprended to data prior to signing
    SignaturePrefix = "Content-Signature:\x00"

    // CSNameSpace is a string that contains the namespace on which
    // content signature certificates are issued
    CSNameSpace = ".content-signature.mozilla.org"
)

func GetX5U Uses

func GetX5U(x5u string) (certs []*x509.Certificate, err error)

GetX5U retrieves a chain of certs from upload location, parses and verifies it, then returns the slice of parsed certificates.

func MakeTemplatedHash Uses

func MakeTemplatedHash(data []byte, curvename string) (alg string, out []byte)

MakeTemplatedHash returns the templated sha384 of the input data. The template adds the string "Content-Signature:\x00" before the input data prior to calculating the sha384.

The name of the hash function is returned, followed by the hash bytes

func Verify Uses

func Verify(x5u, signature string, input []byte) error

Verify takes the location of a cert chain (x5u), a signature in its raw base64_url format and input data. It then performs a verification of the signature on the input data using the end-entity certificate of the chain, and returns an error if it fails, or nil on success.

type ContentSignature Uses

type ContentSignature struct {
    R, S     *big.Int // fields must be exported for ASN.1 marshalling
    HashName string
    Mode     string
    X5U      string
    ID       string
    Len      int
    Finished bool
}

ContentSignature contains the parsed representation of a signature

func Unmarshal Uses

func Unmarshal(signature string) (sig *ContentSignature, err error)

Unmarshal parses a base64 url encoded content signature and returns it into a ContentSignature structure that can be verified.

Note this function does not set the X5U value of a signature.

func (*ContentSignature) Marshal Uses

func (sig *ContentSignature) Marshal() (str string, err error)

Marshal returns the R||S signature is encoded in base64 URL safe, following DL/ECSSA format spec from IEEE Std 1363-2000.

func (*ContentSignature) String Uses

func (sig *ContentSignature) String() string

func (*ContentSignature) VerifyData Uses

func (sig *ContentSignature) VerifyData(input []byte, pubKey *ecdsa.PublicKey) bool

VerifyData verifies a signatures on its raw, untemplated, input using a public key

func (*ContentSignature) VerifyHash Uses

func (sig *ContentSignature) VerifyHash(hash []byte, pubKey *ecdsa.PublicKey) bool

VerifyHash verifies a signature on its templated hash using a public key

type ContentSigner Uses

type ContentSigner struct {
    signer.Configuration
    IssuerPrivKey, IssuerPubKey string
    // contains filtered or unexported fields
}

ContentSigner implements an issuer of content signatures

func New Uses

func New(conf signer.Configuration) (s *ContentSigner, err error)

New initializes a ContentSigner using a signer configuration

func (*ContentSigner) Config Uses

func (s *ContentSigner) Config() signer.Configuration

Config returns the configuration of the current signer

func (*ContentSigner) GetDefaultOptions Uses

func (s *ContentSigner) GetDefaultOptions() interface{}

GetDefaultOptions returns nil because this signer has no option

func (*ContentSigner) SignData Uses

func (s *ContentSigner) SignData(input []byte, options interface{}) (signer.Signature, error)

SignData takes input data, templates it, hashes it and signs it. The returned signature is of type ContentSignature and ready to be Marshalled.

func (*ContentSigner) SignHash Uses

func (s *ContentSigner) SignHash(input []byte, options interface{}) (signer.Signature, error)

SignHash takes an input hash and returns a signature. It assumes the input data has already been hashed with something like sha384

Package contentsignaturepki imports 29 packages (graph) and is imported by 2 packages. Updated 2019-09-14. Refresh now. Tools for package owners.