-
Notifications
You must be signed in to change notification settings - Fork 0
/
opts.go
326 lines (266 loc) · 9.14 KB
/
opts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
/*
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package bccsp
const (
// ECDSA Elliptic Curve Digital Signature Algorithm (key gen, import, sign, verify),
// at default security level.
// Each BCCSP may or may not support default security level. If not supported than
// an error will be returned.
ECDSA = "ECDSA"
// ECDSA Elliptic Curve Digital Signature Algorithm over P-256 curve
ECDSAP256 = "ECDSAP256"
// ECDSA Elliptic Curve Digital Signature Algorithm over P-384 curve
ECDSAP384 = "ECDSAP384"
// ECDSAReRand ECDSA key re-randomization
ECDSAReRand = "ECDSA_RERAND"
// RSA at the default security level.
// Each BCCSP may or may not support default security level. If not supported than
// an error will be returned.
RSA = "RSA"
// RSA at 1024 bit security level.
RSA1024 = "RSA1024"
// RSA at 2048 bit security level.
RSA2048 = "RSA2048"
// RSA at 3072 bit security level.
RSA3072 = "RSA3072"
// RSA at 4096 bit security level.
RSA4096 = "RSA4096"
// AES Advanced Encryption Standard at the default security level.
// Each BCCSP may or may not support default security level. If not supported than
// an error will be returned.
AES = "AES"
// AES Advanced Encryption Standard at 128 bit security level
AES128 = "AES128"
// AES Advanced Encryption Standard at 192 bit security level
AES192 = "AES192"
// AES Advanced Encryption Standard at 256 bit security level
AES256 = "AES256"
// HMAC keyed-hash message authentication code
HMAC = "HMAC"
// HMACTruncated256 HMAC truncated at 256 bits.
HMACTruncated256 = "HMAC_TRUNCATED_256"
// SHA Secure Hash Algorithm using default family.
// Each BCCSP may or may not support default security level. If not supported than
// an error will be returned.
SHA = "SHA"
// SHA2 is an identifier for SHA2 hash family
SHA2 = "SHA2"
// SHA3 is an identifier for SHA3 hash family
SHA3 = "SHA3"
// SHA256
SHA256 = "SHA256"
// SHA384
SHA384 = "SHA384"
// SHA3_256
SHA3_256 = "SHA3_256"
// SHA3_384
SHA3_384 = "SHA3_384"
// X509Certificate Label for X509 certificate related operation
X509Certificate = "X509Certificate"
)
// ECDSAKeyGenOpts contains options for ECDSA key generation.
type ECDSAKeyGenOpts struct {
Temporary bool
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (opts *ECDSAKeyGenOpts) Algorithm() string {
return ECDSA
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *ECDSAKeyGenOpts) Ephemeral() bool {
return opts.Temporary
}
// ECDSAPKIXPublicKeyImportOpts contains options for ECDSA public key importation in PKIX format
type ECDSAPKIXPublicKeyImportOpts struct {
Temporary bool
}
// Algorithm returns the key importation algorithm identifier (to be used).
func (opts *ECDSAPKIXPublicKeyImportOpts) Algorithm() string {
return ECDSA
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *ECDSAPKIXPublicKeyImportOpts) Ephemeral() bool {
return opts.Temporary
}
// ECDSAPrivateKeyImportOpts contains options for ECDSA secret key importation in DER format
// or PKCS#8 format.
type ECDSAPrivateKeyImportOpts struct {
Temporary bool
}
// Algorithm returns the key importation algorithm identifier (to be used).
func (opts *ECDSAPrivateKeyImportOpts) Algorithm() string {
return ECDSA
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *ECDSAPrivateKeyImportOpts) Ephemeral() bool {
return opts.Temporary
}
// ECDSAGoPublicKeyImportOpts contains options for ECDSA key importation from ecdsa.PublicKey
type ECDSAGoPublicKeyImportOpts struct {
Temporary bool
}
// Algorithm returns the key importation algorithm identifier (to be used).
func (opts *ECDSAGoPublicKeyImportOpts) Algorithm() string {
return ECDSA
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *ECDSAGoPublicKeyImportOpts) Ephemeral() bool {
return opts.Temporary
}
// ECDSAReRandKeyOpts contains options for ECDSA key re-randomization.
type ECDSAReRandKeyOpts struct {
Temporary bool
Expansion []byte
}
// Algorithm returns the key derivation algorithm identifier (to be used).
func (opts *ECDSAReRandKeyOpts) Algorithm() string {
return ECDSAReRand
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *ECDSAReRandKeyOpts) Ephemeral() bool {
return opts.Temporary
}
// ExpansionValue returns the re-randomization factor
func (opts *ECDSAReRandKeyOpts) ExpansionValue() []byte {
return opts.Expansion
}
// AESKeyGenOpts contains options for AES key generation at default security level
type AESKeyGenOpts struct {
Temporary bool
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (opts *AESKeyGenOpts) Algorithm() string {
return AES
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *AESKeyGenOpts) Ephemeral() bool {
return opts.Temporary
}
// AESCBCPKCS7ModeOpts contains options for AES encryption in CBC mode
// with PKCS7 padding.
type AESCBCPKCS7ModeOpts struct{}
// HMACTruncated256AESDeriveKeyOpts contains options for HMAC truncated
// at 256 bits key derivation.
type HMACTruncated256AESDeriveKeyOpts struct {
Temporary bool
Arg []byte
}
// Algorithm returns the key derivation algorithm identifier (to be used).
func (opts *HMACTruncated256AESDeriveKeyOpts) Algorithm() string {
return HMACTruncated256
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *HMACTruncated256AESDeriveKeyOpts) Ephemeral() bool {
return opts.Temporary
}
// Argument returns the argument to be passed to the HMAC
func (opts *HMACTruncated256AESDeriveKeyOpts) Argument() []byte {
return opts.Arg
}
// HMACDeriveKeyOpts contains options for HMAC key derivation.
type HMACDeriveKeyOpts struct {
Temporary bool
Arg []byte
}
// Algorithm returns the key derivation algorithm identifier (to be used).
func (opts *HMACDeriveKeyOpts) Algorithm() string {
return HMAC
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *HMACDeriveKeyOpts) Ephemeral() bool {
return opts.Temporary
}
// Argument returns the argument to be passed to the HMAC
func (opts *HMACDeriveKeyOpts) Argument() []byte {
return opts.Arg
}
// AES256ImportKeyOpts contains options for importing AES 256 keys.
type AES256ImportKeyOpts struct {
Temporary bool
}
// Algorithm returns the key importation algorithm identifier (to be used).
func (opts *AES256ImportKeyOpts) Algorithm() string {
return AES
}
// Ephemeral returns true if the key generated has to be ephemeral,
// false otherwise.
func (opts *AES256ImportKeyOpts) Ephemeral() bool {
return opts.Temporary
}
// HMACImportKeyOpts contains options for importing HMAC keys.
type HMACImportKeyOpts struct {
Temporary bool
}
// Algorithm returns the key importation algorithm identifier (to be used).
func (opts *HMACImportKeyOpts) Algorithm() string {
return HMAC
}
// Ephemeral returns true if the key generated has to be ephemeral,
// false otherwise.
func (opts *HMACImportKeyOpts) Ephemeral() bool {
return opts.Temporary
}
// SHAOpts contains options for computing SHA.
type SHAOpts struct {
}
// Algorithm returns the hash algorithm identifier (to be used).
func (opts *SHAOpts) Algorithm() string {
return SHA
}
// RSAKeyGenOpts contains options for RSA key generation.
type RSAKeyGenOpts struct {
Temporary bool
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (opts *RSAKeyGenOpts) Algorithm() string {
return RSA
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *RSAKeyGenOpts) Ephemeral() bool {
return opts.Temporary
}
// ECDSAGoPublicKeyImportOpts contains options for RSA key importation from rsa.PublicKey
type RSAGoPublicKeyImportOpts struct {
Temporary bool
}
// Algorithm returns the key importation algorithm identifier (to be used).
func (opts *RSAGoPublicKeyImportOpts) Algorithm() string {
return RSA
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *RSAGoPublicKeyImportOpts) Ephemeral() bool {
return opts.Temporary
}
// X509PublicKeyImportOpts contains options for importing public keys from an x509 certificate
type X509PublicKeyImportOpts struct {
Temporary bool
}
// Algorithm returns the key importation algorithm identifier (to be used).
func (opts *X509PublicKeyImportOpts) Algorithm() string {
return X509Certificate
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (opts *X509PublicKeyImportOpts) Ephemeral() bool {
return opts.Temporary
}