forked from phayes/cryptoid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcryptoid.go
341 lines (301 loc) · 11.9 KB
/
cryptoid.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
package cryptoid
import (
"crypto"
"crypto/x509"
"encoding/asn1"
"errors"
"strconv"
"strings"
)
type PublicKeyAlgorithm struct {
Name string
OID asn1.ObjectIdentifier
OIDString string
}
type HashAlgorithm struct {
Name string
OID asn1.ObjectIdentifier
OIDString string
Hash crypto.Hash
}
// HashFunc allows HashAlgorithm to satisfry the
// crypto.SignerOpts interface for signing digests.
// You can use a cryptoid.HashAlgorithm directly when
// using a crypto.Signer interface to sign digests.
func (h HashAlgorithm) HashFunc() crypto.Hash {
return h.Hash
}
type SignatureAlgorithm struct {
Name string
OID asn1.ObjectIdentifier
OIDString string
X509 x509.SignatureAlgorithm
PublicKeyAlgorithm PublicKeyAlgorithm
HashAlgorithm HashAlgorithm
}
// NewObjectIdentifier creates an object identifier from it's string representation.
// Supports ASN.1 notation and dot notation. OID-IRI notation is not supported.
func NewObjectIdentifier(oid string) (oi asn1.ObjectIdentifier, err error) {
if len(oid) == 0 {
return nil, errors.New("zero length OBJECT IDENTIFIER")
}
if oid[0] == '{' {
// ASN.1 notation. (eg {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) messageDigest(4)})
parts := strings.Split(oid[1:len(oid)-1], " ")
oi = make(asn1.ObjectIdentifier, len(parts), len(parts))
for i, part := range parts {
idx := strings.IndexRune(part, '(')
oi[i], err = strconv.Atoi(part[idx+1 : len(part)-1])
if err != nil {
return
}
}
} else {
// Dot notation. (eg 1.2.840.113549.1.9.4)
parts := strings.Split(oid, ".")
oi = make(asn1.ObjectIdentifier, len(parts), len(parts))
for i, part := range parts {
oi[i], err = strconv.Atoi(part)
if err != nil {
return
}
}
}
return oi, nil
}
// Public Key Algorithms
// ---------------------
// RFC 3279, 2.3 Public Key Algorithms
var RSA = PublicKeyAlgorithm{
Name: "RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1}",
}
// RFC 3279, 2.3 Public Key Algorithms
var DSA = PublicKeyAlgorithm{
Name: "DSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1},
OIDString: "{iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1}",
}
// RFC 3279, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure
var ECDSA = PublicKeyAlgorithm{
Name: "ECDSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1},
OIDString: "{iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1}",
}
// Hash Algorithms
// ---------------------
// RFC 1319, The MD2 Message-Digest Algorithm
var MD2 = HashAlgorithm{
Name: "MD2",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 2},
OIDString: "{iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}",
}
// RFC 1320, The MD4 Message-Digest Algorithm
var MD4 = HashAlgorithm{
Name: "MD4",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 4},
OIDString: "{iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}",
Hash: crypto.MD4,
}
// RFC 3370, Cryptographic Message Syntax (CMS) Algorithms
var MD5 = HashAlgorithm{
Name: "MD5",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5}",
Hash: crypto.MD5,
}
// RFC 3370, Cryptographic Message Syntax (CMS) Algorithms
var SHA1 = HashAlgorithm{
Name: "SHA1",
OID: asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26},
OIDString: "{iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}",
Hash: crypto.SHA1,
}
// RFC 3874, A 224-bit One-way Hash Function: SHA-224
var SHA224 = HashAlgorithm{
Name: "SHA224",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 4},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) sha224(4)}",
Hash: crypto.SHA256,
}
// RFC 3560, Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
var SHA256 = HashAlgorithm{
Name: "SHA256",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1}",
Hash: crypto.SHA256,
}
// RFC 3560, Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
var SHA384 = HashAlgorithm{
Name: "SHA384",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2}",
Hash: crypto.SHA384,
}
// RFC 3560, Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
var SHA512 = HashAlgorithm{
Name: "SHA512",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3}",
Hash: crypto.SHA512,
}
// RFC for SHA-3 is pending
var SHA3_224 = HashAlgorithm{
Name: "SHA3-224",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 7},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 7}",
Hash: crypto.SHA3_224,
}
// RFC for SHA-3 is pending
var SHA3_256 = HashAlgorithm{
Name: "SHA3-256",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 8},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 8}",
Hash: crypto.SHA3_256,
}
// RFC for SHA-3 is pending
var SHA3_384 = HashAlgorithm{
Name: "SHA3-384",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 9},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 9}",
Hash: crypto.SHA3_384,
}
// RFC for SHA-3 is pending
var SHA3_512 = HashAlgorithm{
Name: "SHA3-512",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 10},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 10}",
Hash: crypto.SHA3_512,
}
// RFC for SHA-3 is pending
var SHAKE128 = HashAlgorithm{
Name: "SHAKE128",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 11},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 11}",
}
// RFC for SHA-3 is pending
var SHAKE256 = HashAlgorithm{
Name: "SHAKE256",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 12},
OIDString: "{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 12}",
}
// Signature Algorithms
// --------------------
// RFC 3279 2.2.1 RSA Signature Algorithms
var MD2WithRSA = SignatureAlgorithm{
Name: "MD2-RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) md2WithRSAEncryption(2)}",
X509: x509.MD2WithRSA,
PublicKeyAlgorithm: RSA,
HashAlgorithm: MD2,
}
// RFC 3279 2.2.1 RSA Signature Algorithms
var MD4WithRSA = SignatureAlgorithm{
Name: "MD4-RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 3},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) md4WithRSAEncryption(3)}",
X509: x509.UnknownSignatureAlgorithm, // Not implemented in the x509 package
PublicKeyAlgorithm: RSA,
HashAlgorithm: MD4,
}
// RFC 3279 2.2.1 RSA Signature Algorithms
var MD5WithRSA = SignatureAlgorithm{
Name: "MD5-RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) md5WithRSAEncryption(4)}",
X509: x509.MD5WithRSA,
PublicKeyAlgorithm: RSA,
HashAlgorithm: MD5,
}
// RFC 3279 2.2.1 RSA Signature Algorithms
var SHA1WithRSA = SignatureAlgorithm{
Name: "SHA1-RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) sha1-with-rsa-signature(5)}",
X509: x509.SHA1WithRSA,
PublicKeyAlgorithm: RSA,
HashAlgorithm: SHA1,
}
// RFC 4055 5 PKCS #1 Version 1.5
var SHA256WithRSA = SignatureAlgorithm{
Name: "SHA256-RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) sha256WithRSAEncryption(11)}",
X509: x509.SHA256WithRSA,
PublicKeyAlgorithm: RSA,
HashAlgorithm: SHA256,
}
// RFC 4055 5 PKCS #1 Version 1.5
var SHA384WithRSA = SignatureAlgorithm{
Name: "SHA384-RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) sha384WithRSAEncryption(12)}",
X509: x509.SHA384WithRSA,
PublicKeyAlgorithm: RSA,
HashAlgorithm: SHA384,
}
// RFC 4055 5 PKCS #1 Version 1.5
var SHA512WithRSA = SignatureAlgorithm{
Name: "SHA512-RSA",
OID: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13},
OIDString: "{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) sha384WithRSAEncryption(13)}",
X509: x509.SHA512WithRSA,
PublicKeyAlgorithm: RSA,
HashAlgorithm: SHA512,
}
// RFC 3279 2.2.1 RSA Signature Algorithms
var DSAWithSHA1 = SignatureAlgorithm{
Name: "DSA-SHA1",
OID: asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 3},
OIDString: "{iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) dsa-with-sha1(3)}",
X509: x509.DSAWithSHA1,
PublicKeyAlgorithm: DSA,
HashAlgorithm: SHA1,
}
// RFC 5758 3.1 DSA Signature Algorithms
var DSAWithSHA256 = SignatureAlgorithm{
Name: "DSA-SHA256",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 3, 2},
OIDString: "{joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) algorithms(4) id-dsa-with-sha2(3) 2}",
X509: x509.DSAWithSHA256,
PublicKeyAlgorithm: DSA,
HashAlgorithm: SHA256,
}
// RFC 3279 2.2.3 ECDSA Signature Algorithm
var ECDSAWithSHA1 = SignatureAlgorithm{
Name: "ECDSA-SHA1",
OID: asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 1},
OIDString: "{iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1)}",
X509: x509.ECDSAWithSHA1,
PublicKeyAlgorithm: ECDSA,
HashAlgorithm: SHA1,
}
// RFC 5758 3.2 ECDSA Signature Algorithm
var ECDSAWithSHA256 = SignatureAlgorithm{
Name: "ECDSA-SHA256",
OID: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 4, 3, 2},
OIDString: "{iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2}",
X509: x509.ECDSAWithSHA256,
PublicKeyAlgorithm: ECDSA,
HashAlgorithm: SHA256,
}
// RFC 5758 3.2 ECDSA Signature Algorithm
var ECDSAWithSHA384 = SignatureAlgorithm{
Name: "ECDSA-SHA384",
OID: asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3},
OIDString: "{iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3}",
X509: x509.ECDSAWithSHA384,
PublicKeyAlgorithm: ECDSA,
HashAlgorithm: SHA384,
}
// RFC 5758 3.2 ECDSA Signature Algorithm
var ECDSAWithSHA512 = SignatureAlgorithm{
Name: "ECDSA-SHA512",
OID: asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4},
OIDString: "{iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4}",
X509: x509.ECDSAWithSHA512,
PublicKeyAlgorithm: ECDSA,
HashAlgorithm: SHA512,
}