Beispiel #1
0
func namedCurveFromOID(oid asn1.ObjectIdentifier) *bitelliptic.BitCurve {
	switch {
	case oid.Equal(oidNamedCurveS256):
		return bitelliptic.S256()
	}
	return nil
}
Beispiel #2
0
func getHashForOID(oid asn1.ObjectIdentifier) (crypto.Hash, error) {
	switch {
	case oid.Equal(oidDigestAlgorithmSHA1):
		return crypto.SHA1, nil
	}
	return crypto.Hash(0), ErrUnsupportedAlgorithm
}
Beispiel #3
0
func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku ExtKeyUsage, ok bool) {
	for _, pair := range extKeyUsageOIDs {
		if oid.Equal(pair.oid) {
			return pair.extKeyUsage, true
		}
	}
	return
}
Beispiel #4
0
// TODO(agl): this is taken from crypto/x509 and so should probably be exported
// from crypto/x509 or crypto/x509/pkix.
func getSignatureAlgorithmFromOID(oid asn1.ObjectIdentifier) x509.SignatureAlgorithm {
	for _, details := range signatureAlgorithmDetails {
		if oid.Equal(details.oid) {
			return details.algo
		}
	}
	return x509.UnknownSignatureAlgorithm
}
Beispiel #5
0
func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm {
	switch {
	case oid.Equal(oidPublicKeyRsa):
		return RSA
	case oid.Equal(oidPublicKeyDsa):
		return DSA
	}
	return UnknownPublicKeyAlgorithm
}
Beispiel #6
0
func getAttributeNameFromOID(oid asn1.ObjectIdentifier) CsrAttribute {
	switch {
	case oid.Equal(oidAttrUnstructuredName):
		return CsrAttrUnstructuredName
	case oid.Equal(oidAttrChallengePassword):
		return CsrAttrChallengePassword
	}
	return CsrAttrUnknown
}
Beispiel #7
0
func hashFromOID(oid asn1.ObjectIdentifier) func() hash.Hash {
	switch {
	case oid.Equal(oidSHA1):
		return sha1.New
	case oid.Equal(oidSHA224):
		return sha256.New224
	case oid.Equal(oidSHA256):
		return sha256.New
	case oid.Equal(oidSHA384):
		return sha512.New384
	case oid.Equal(oidSHA512):
		return sha512.New
	}
	return nil
}
Beispiel #8
0
func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
	switch {
	case oid.Equal(oidNamedCurveP224):
		return elliptic.P224()
	case oid.Equal(oidNamedCurveP256):
		return elliptic.P256()
	case oid.Equal(oidNamedCurveP384):
		return elliptic.P384()
	case oid.Equal(oidNamedCurveP521):
		return elliptic.P521()
	}
	return nil
}
func getTagForOid(oid asn1.ObjectIdentifier) string {
	type oidNameMap struct {
		oid  []int
		name string
	}

	oidTags := []oidNameMap{
		{[]int{2, 5, 4, 3}, "CN"},
		{[]int{2, 5, 4, 5}, "SN"},
		{[]int{2, 5, 4, 6}, "C"},
		{[]int{2, 5, 4, 7}, "L"},
		{[]int{2, 5, 4, 8}, "ST"},
		{[]int{2, 5, 4, 10}, "O"},
		{[]int{2, 5, 4, 11}, "OU"},
		{[]int{1, 2, 840, 113549, 1, 9, 1}, "E"}}

	for _, v := range oidTags {
		if oid.Equal(v.oid) {
			return v.name
		}
	}

	return fmt.Sprint(oid)
}
Beispiel #10
0
func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) x509.PublicKeyAlgorithm {
	switch {
	case oid.Equal(oidPublicKeyRSA):
		return x509.RSA
	case oid.Equal(oidPublicKeyDSA):
		return x509.DSA
	case oid.Equal(oidPublicKeyECDSA):
		return x509.ECDSA
	}
	return x509.UnknownPublicKeyAlgorithm
}
Beispiel #11
0
func oidToCurve(oid asn1.ObjectIdentifier) elliptic.Curve {
	switch {
	case oid.Equal(asn1secp256r1):
		return elliptic.P256()
	case oid.Equal(asn1secp384r1):
		return elliptic.P384()
	case oid.Equal(asn1secp521r1):
		return elliptic.P521()
	default:
		return nil
	}
}
Beispiel #12
0
func getSignatureAlgorithmFromOID(oid asn1.ObjectIdentifier) SignatureAlgorithm {
	switch {
	case oid.Equal(oidSignatureMD2WithRSA):
		return MD2WithRSA
	case oid.Equal(oidSignatureMD5WithRSA):
		return MD5WithRSA
	case oid.Equal(oidSignatureSHA1WithRSA):
		return SHA1WithRSA
	case oid.Equal(oidSignatureSHA256WithRSA):
		return SHA256WithRSA
	case oid.Equal(oidSignatureSHA384WithRSA):
		return SHA384WithRSA
	case oid.Equal(oidSignatureSHA512WithRSA):
		return SHA512WithRSA
	case oid.Equal(oidSignatureDSAWithSHA1):
		return DSAWithSHA1
	case oid.Equal(oidSignatureDSAWithSHA256):
		return DSAWithSHA256
	}
	return UnknownSignatureAlgorithm
}
Beispiel #13
0
			b.Bytes, err = x509.MarshalECPrivateKey(key)
			if err != nil {
				return nil, err
			}
		default:
			return nil, errors.New("found unknown private key type in PKCS#8 wrapping")
		}
	default:
		return nil, errors.New("don't know how to convert a safe bag of type " + bag.ID.String())
	}
	return b, nil
}

var (
	oidFriendlyName     = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 20}
	oidLocalKeyID       = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 21}
	oidMicrosoftCSPName = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 17, 1}
)

var attributeNameByOID = map[string]string{
	oidFriendlyName.String():     "friendlyName",
	oidLocalKeyID.String():       "localKeyId",
	oidMicrosoftCSPName.String(): "Microsoft CSP Name", // openssl-compatible
}

func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error) {
	key = attributeNameByOID[attribute.ID.String()]
	switch {
	case attribute.ID.Equal(oidMicrosoftCSPName):
		fallthrough
	case attribute.ID.Equal(oidFriendlyName):
Beispiel #14
0
// from PKCS#7:
type digestInfo struct {
	Algorithm pkix.AlgorithmIdentifier
	Digest    []byte
}

const (
	sha1Algorithm = "SHA-1"
)

var (
	oidSha1Algorithm = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
	hashNameByID     = map[string]string{
		oidSha1Algorithm.String(): sha1Algorithm,
	}
	hashByName = map[string]func() hash.Hash{
		sha1Algorithm: sha1.New,
	}
)

func verifyMac(macData *macData, message, password []byte) error {
	name, ok := hashNameByID[macData.Mac.Algorithm.Algorithm.String()]
	if !ok {
		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
	}
	k := deriveMacKeyByAlg[name](macData.MacSalt, password, macData.Iterations)
	password = nil

	mac := hmac.New(hashByName[name], k)
	mac.Write(message)
Beispiel #15
0
func getSignatureAlgorithmFromOID(oid asn1.ObjectIdentifier) x509.SignatureAlgorithm {
	switch {
	case oid.Equal(oidSignatureMD2WithRSA):
		return x509.MD2WithRSA
	case oid.Equal(oidSignatureMD5WithRSA):
		return x509.MD5WithRSA
	case oid.Equal(oidSignatureSHA1WithRSA):
		return x509.SHA1WithRSA
	case oid.Equal(oidSignatureSHA256WithRSA):
		return x509.SHA256WithRSA
	case oid.Equal(oidSignatureSHA384WithRSA):
		return x509.SHA384WithRSA
	case oid.Equal(oidSignatureSHA512WithRSA):
		return x509.SHA512WithRSA
	case oid.Equal(oidSignatureDSAWithSHA1):
		return x509.DSAWithSHA1
	case oid.Equal(oidSignatureDSAWithSHA256):
		return x509.DSAWithSHA256
	case oid.Equal(oidSignatureECDSAWithSHA1):
		return x509.ECDSAWithSHA1
	case oid.Equal(oidSignatureECDSAWithSHA256):
		return x509.ECDSAWithSHA256
	case oid.Equal(oidSignatureECDSAWithSHA384):
		return x509.ECDSAWithSHA384
	case oid.Equal(oidSignatureECDSAWithSHA512):
		return x509.ECDSAWithSHA512
	}
	return x509.UnknownSignatureAlgorithm
}
Beispiel #16
0
	"bytes"
	"crypto/cipher"
	"crypto/des"
	"crypto/x509/pkix"
	"encoding/asn1"

	"github.com/dgryski/go-rc2"
)

const (
	pbeWithSHAAnd3KeyTripleDESCBC = "pbeWithSHAAnd3-KeyTripleDES-CBC"
	pbewithSHAAnd40BitRC2CBC      = "pbewithSHAAnd40BitRC2-CBC"
)

var (
	oidPbeWithSHAAnd3KeyTripleDESCBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 12, 1, 3}
	oidPbewithSHAAnd40BitRC2CBC      = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 12, 1, 6}
)

var algByOID = map[string]string{
	oidPbeWithSHAAnd3KeyTripleDESCBC.String(): pbeWithSHAAnd3KeyTripleDESCBC,
	oidPbewithSHAAnd40BitRC2CBC.String():      pbewithSHAAnd40BitRC2CBC,
}

var blockcodeByAlg = map[string]func(key []byte) (cipher.Block, error){
	pbeWithSHAAnd3KeyTripleDESCBC: des.NewTripleDESCipher,
	pbewithSHAAnd40BitRC2CBC: func(key []byte) (cipher.Block, error) {
		return rc2.New(key, len(key)*8)
	},
}

type pbeParams struct {
Beispiel #17
0
func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) x509.PublicKeyAlgorithm {
	if oid.Equal(oidPublicKeyRSA) {
		return x509.RSA
	}
	return x509.UnknownPublicKeyAlgorithm
}
Beispiel #18
0
// MarshalJSON implements the json.Marshaler interface
func (aux *AuxOID) MarshalJSON() ([]byte, error) {
	var oid asn1.ObjectIdentifier
	oid = []int(*aux)
	return json.Marshal(oid.String())
}
Beispiel #19
0
func oidToHash(oid asn1.ObjectIdentifier) crypto.Hash {
	switch {
	case oid.Equal(asn1SHA1withRSA):
		return crypto.SHA1
	case oid.Equal(asn1SHA224withRSA):
		return crypto.SHA224
	case oid.Equal(asn1SHA256withRSA):
		return crypto.SHA256
	case oid.Equal(asn1SHA384withRSA):
		return crypto.SHA384
	case oid.Equal(asn1SHA512withRSA):
		return crypto.SHA512
	case oid.Equal(asn1SHA1withECDSA):
		return crypto.SHA1
	case oid.Equal(asn1SHA224withECDSA):
		return crypto.SHA224
	case oid.Equal(asn1SHA256withECDSA):
		return crypto.SHA256
	case oid.Equal(asn1SHA384withECDSA):
		return crypto.SHA384
	case oid.Equal(asn1SHA512withECDSA):
		return crypto.SHA512
	default:
		return 0
	}
}
Beispiel #20
0
// Returns human-readable information about cert.
func CertificateInfo(cert *x509.Certificate) string {
	s := []string{}
	s = append(s, fmt.Sprintf("Version: %v\nSerial no.: %v\nIssuer: %v\nSubject: %v\nNotBefore: %v\nNotAfter: %v\n", cert.Version, cert.SerialNumber, cert.Issuer, cert.Subject, cert.NotBefore, cert.NotAfter))
	for k := range KeyUsageString {
		if cert.KeyUsage&k != 0 {
			s = append(s, fmt.Sprintf("KeyUsage: %v\n", KeyUsageString[k]))
		}
	}

	for _, ext := range cert.Extensions {
		s = append(s, fmt.Sprintf("Extension: %v critical=%v  % 02X\n", ext.Id, ext.Critical, ext.Value))
	}

	for _, ext := range cert.ExtKeyUsage {
		s = append(s, fmt.Sprintf("ExtKeyUsage: %v\n", ExtKeyUsageString[ext]))
	}

	for _, ext := range cert.UnknownExtKeyUsage {
		s = append(s, fmt.Sprintf("ExtKeyUsage: %v\n", ext))
	}

	if cert.BasicConstraintsValid {
		s = append(s, fmt.Sprintf("IsCA: %v\n", cert.IsCA))
		if cert.MaxPathLen > 0 {
			s = append(s, fmt.Sprintf("MaxPathLen: %v\n", cert.MaxPathLen))
		}
	}

	s = append(s, fmt.Sprintf("SubjectKeyId: % 02X\nAuthorityKeyId: % 02X\n", cert.SubjectKeyId, cert.AuthorityKeyId))
	s = append(s, fmt.Sprintf("OCSPServer: %v\nIssuingCertificateURL: %v\n", cert.OCSPServer, cert.IssuingCertificateURL))

	oids := []string{}
	for _, e := range cert.Extensions {
		if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 && e.Id[3] == 17 {
			var seq asn1.RawValue
			var rest []byte
			var err error
			if rest, err = asn1.Unmarshal(e.Value, &seq); err != nil {
				continue
			} else if len(rest) != 0 {
				continue
			}
			if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {
				continue
			}

			rest = seq.Bytes
			for len(rest) > 0 {
				var v asn1.RawValue
				rest, err = asn1.Unmarshal(rest, &v)
				if err != nil {
					break
				}
				if v.Tag == 8 { // registeredID
					var oid asn1.ObjectIdentifier
					_, err = asn1.Unmarshal(v.FullBytes, &oid)
					if err != nil {
						oids = append(oids, oid.String())
					}
				}
			}
		}
	}

	s = append(s, fmt.Sprintf("DNSNames: %v\nEmailAddresses: %v\nIPAddresses: %v\nRegisteredIDs: %v\n", cert.DNSNames, cert.EmailAddresses, cert.IPAddresses, oids))

	s = append(s, fmt.Sprintf("PermittedDNSDomainsCritical: %v\nPermittedDNSDomains: %v\n", cert.PermittedDNSDomainsCritical, cert.PermittedDNSDomains))

	s = append(s, fmt.Sprintf("CRLDistributionPoints: %v\nPolicyIdentifiers: %v\n", cert.CRLDistributionPoints, cert.PolicyIdentifiers))
	return strings.Join(s, "")
}