tssig

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 26, 2023 License: MIT Imports: 14 Imported by: 1

Documentation

Overview

Package tssig Go implementation of TSSig - a signed timestamp system.

Index

Constants

View Source 
const MaxHttpDownloadSize = 192

MaxHttpDownloadSize Max size in bytes of the allowed body returned from the Issuer Key URL.

Variables

This section is empty.

Functions

This section is empty.

Types

type HttpKeyLookup 

type HttpKeyLookup struct {
	Timeout time.Duration
}

HttpKeyLookup A concrete implementation for retrieving a root public key directly from the URL.

func (*HttpKeyLookup) Get 

func (l *HttpKeyLookup) Get(url string) ([]byte, error)

Get Downloads the root public key directly from the URL.

type Issuer 

type Issuer struct {
	RootPublicKeyUrl string   `json:"root-key"`
	LeafPublicKeyDer b64bytes `json:"leaf-key"`
	Signature        b64bytes `json:"signature"`
	// contains filtered or unexported fields
}

The Issuer represents:

  • A Leaf Public Key, used to verify the signature on the SignedTimeStamp.
  • The URL to a DER encoded Root Public Key, used to verify the signature on the Issuer.
  • The issuer's signature, which signs the Root Key's URL, and the Leaf Key DER.

func NewIssuer 

func NewIssuer(public ed25519.PublicKey, private ed25519.PrivateKey) (*Issuer, error)

NewIssuer Creates a new Issuer with a ed25519 key.

func (*Issuer) BytesToSign 

func (iss *Issuer) BytesToSign() []byte

BytesToSign Returns the bytes to be signed in the Issuer's signature.

func (*Issuer) SignIssuer 

func (iss *Issuer) SignIssuer(signer IssuerSigner) error

SignIssuer Signs the Key URL, and the Leaf Public Key, with the Root Private Key. The data is passed to the IssuerSigner, which performs the actual signing.

func (*Issuer) SignTimeStamp 

func (iss *Issuer) SignTimeStamp(sts *SignedTimeStamp) error

SignTimeStamp Generate the SignTimeStamp's signature, taking into account:

  • The Issuer's signature
  • The originally provided digest
  • The current datetime

type IssuerSigner 

type IssuerSigner interface {
	GetKeyUrl() (string, error)
	Sign([]byte) ([]byte, error)
}

IssuerSigner Defines the methods for signing an Issuer

type KeyLookup 

type KeyLookup interface {
	Get(string) ([]byte, error)
}

KeyLookup An interface for retrieving a root public key. Primarily designed to a caching layer can be added.

type SignedTimeStamp 

type SignedTimeStamp struct {
	Issuer    *Issuer   `json:"issuer"`
	Datetime  time.Time `json:"datetime"`
	Digest    b64bytes  `json:"digest"`
	Signature b64bytes  `json:"signature"`
}

The SignedTimeStamp represents:

  • The Issuer who has signed the time stamp
  • The user provided Digest
  • The Datetime at which we signed it
  • The Signature

func NewSignedTimeStamp 

func NewSignedTimeStamp(digest string) (*SignedTimeStamp, error)

NewSignedTimeStamp Creates a new instance of SignedTimeStamp We pass digest in as a string as we want to ensure that it's URL encoded base64.

func (*SignedTimeStamp) BytesToSign 

func (ss *SignedTimeStamp) BytesToSign() []byte

BytesToSign The bytes which we are signing, made up of:

  • The originally provided digest
  • The Issuer's signature
  • The current datetime

func (*SignedTimeStamp) Json 

func (ss *SignedTimeStamp) Json() ([]byte, error)

func (*SignedTimeStamp) PrettyJson 

func (ss *SignedTimeStamp) PrettyJson() ([]byte, error)

type TrustedIssuerKeyCheck 

type TrustedIssuerKeyCheck interface {
	Trusted(string) (bool, error)
}

TrustedIssuerKeyCheck Interface for checking if a given Issuer Key URL is trusted.

type TrustedIssuerKeys 

type TrustedIssuerKeys struct {
	KeyPrefixes []string
}

TrustedIssuerKeys Basic implementation of a Trusted Issuer Key check.

func (*TrustedIssuerKeys) Trusted 

func (t *TrustedIssuerKeys) Trusted(key string) (bool, error)

Trusted Check if a Issuer key is trusted.

type Verifier 

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier Represents the code to verify a SignedTimeStamp, and its Issuer.

func NewVerifier 

func NewVerifier(trustedIssuers TrustedIssuerKeyCheck) *Verifier

NewVerifier instantiates an instance of Verifier with its default (direct) key lookup.

func NewVerifierWithKeyLookup 

func NewVerifierWithKeyLookup(trustedIssuers TrustedIssuerKeyCheck, keyLookup KeyLookup) *Verifier

NewVerifierWithKeyLookup instantiates an instance of Verifier with a custom key lookup.

func (*Verifier) Verify 

func (v *Verifier) Verify(sts *SignedTimeStamp) error

Verify Combines the calling of the above into one method, verifying that both the Issuer and SignedTimeStamp are valid.

func (*Verifier) VerifyIssuer 

func (v *Verifier) VerifyIssuer(i *Issuer) error

VerifyIssuer Verifies that the Leaf's public key has been signed by the Root Private Key,

func (*Verifier) VerifySignedTimeStamp 

func (v *Verifier) VerifySignedTimeStamp(sts *SignedTimeStamp) error

VerifySignedTimeStamp Verifies that the SignedTimeStamp has been signed by the Leaf Private Key.

func (*Verifier) VerifyWithDigest added in v0.2.1 

func (v *Verifier) VerifyWithDigest(sts *SignedTimeStamp, digest []byte) error

VerifyWithDigest Checks the Time Stamps digest matches the expected one passed. If so, it goes ahead and does the full verification.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.