...

Package tls

import "github.com/google/certificate-transparency-go/tls"
Overview
Index

Overview ▾

Package tls implements functionality for dealing with TLS-encoded data, as defined in RFC 5246. This includes parsing and generation of TLS-encoded data, together with utility functions for dealing with the DigitallySigned TLS type.

func Marshal 

func Marshal(val interface{}) ([]byte, error)

Marshal returns the TLS encoding of val.

func MarshalWithParams 

func MarshalWithParams(val interface{}, params string) ([]byte, error)

MarshalWithParams returns the TLS encoding of val, and allows field parameters to be specified for the top-level element. The form of the params is the same as the field tags.

func Unmarshal 

func Unmarshal(b []byte, val interface{}) ([]byte, error)

Unmarshal parses the TLS-encoded data in b and uses the reflect package to fill in an arbitrary value pointed at by val. Because Unmarshal uses the reflect package, the structs being written to must use exported fields (upper case names).

The mappings between TLS types and Go types is as follows; some fields must have tags (to indicate their encoded size). 

TLS		Go		Required Tags
opaque		byte / uint8
uint8		byte / uint8
uint16		uint16
uint24		tls.Uint24
uint32		uint32
uint64		uint64
enum		tls.Enum	size:S or maxval:N
Type<N,M>	[]Type		minlen:N,maxlen:M
opaque[N]	[N]byte / [N]uint8
uint8[N]	[N]byte / [N]uint8
struct { }	struct { }
select(T) {
 case e1: Type	*T		selector:Field,val:e1
}

TLS variants (RFC 5246 s4.6.1) are only supported when the value of the associated enumeration type is available earlier in the same enclosing struct, and each possible variant is marked with a selector tag (to indicate which field selects the variants) and a val tag (to indicate what value of the selector picks this particular field).

For example, a TLS structure: 

enum { e1(1), e2(2) } EnumType;
struct {
   EnumType sel;
   select(sel) {
      case e1: uint16
      case e2: uint32
   } data;
} VariantItem;

would have a corresponding Go type: 

type VariantItem struct {
   Sel    tls.Enum  `tls:"maxval:2"`
   Data16 *uint16   `tls:"selector:Sel,val:1"`
   Data32 *uint32   `tls:"selector:Sel,val:2"`
 }

TLS fixed-length vectors of types other than opaque or uint8 are not supported.

For TLS variable-length vectors that are themselves used in other vectors, create a single-field structure to represent the inner type. For example, for: 

opaque InnerType<1..65535>;
struct {
  InnerType inners<1,65535>;
} Something;

convert to: 

type InnerType struct {
   Val    []byte       `tls:"minlen:1,maxlen:65535"`
}
type Something struct {
   Inners []InnerType  `tls:"minlen:1,maxlen:65535"`
}

If the encoded value does not fit in the Go type, Unmarshal returns a parse error.

func UnmarshalWithParams 

func UnmarshalWithParams(b []byte, val interface{}, params string) ([]byte, error)

UnmarshalWithParams allows field parameters to be specified for the top-level element. The form of the params is the same as the field tags.

func VerifySignature 

func VerifySignature(pubKey crypto.PublicKey, data []byte, sig DigitallySigned) error

VerifySignature verifies that the passed in signature over data was created by the given PublicKey.

type DigitallySigned

DigitallySigned gives information about a signature, including the algorithm used and the signature value. Defined in RFC 5246 s4.7. 

type DigitallySigned struct {
    Algorithm SignatureAndHashAlgorithm
    Signature []byte `tls:"minlen:0,maxlen:65535"`
}

func CreateSignature 

func CreateSignature(privKey crypto.PrivateKey, hashAlgo HashAlgorithm, data []byte) (DigitallySigned, error)

CreateSignature builds a signature over the given data using the specified hash algorithm and private key.

func (DigitallySigned) String 

func (d DigitallySigned) String() string

type Enum

Enum is an unsigned integer. 

type Enum uint64

type HashAlgorithm

HashAlgorithm enum from RFC 5246 s7.4.1.4.1. 

type HashAlgorithm Enum

HashAlgorithm constants from RFC 5246 s7.4.1.4.1. 

const (
    None   HashAlgorithm = 0
    MD5    HashAlgorithm = 1
    SHA1   HashAlgorithm = 2
    SHA224 HashAlgorithm = 3
    SHA256 HashAlgorithm = 4
    SHA384 HashAlgorithm = 5
    SHA512 HashAlgorithm = 6
)

func (HashAlgorithm) String 

func (h HashAlgorithm) String() string

type SignatureAlgorithm

SignatureAlgorithm enum from RFC 5246 s7.4.1.4.1. 

type SignatureAlgorithm Enum

SignatureAlgorithm constants from RFC 5246 s7.4.1.4.1. 

const (
    Anonymous SignatureAlgorithm = 0
    RSA       SignatureAlgorithm = 1
    DSA       SignatureAlgorithm = 2
    ECDSA     SignatureAlgorithm = 3
)

func SignatureAlgorithmFromPubKey 

func SignatureAlgorithmFromPubKey(k crypto.PublicKey) SignatureAlgorithm

SignatureAlgorithmFromPubKey returns the algorithm used for this public key. ECDSA, RSA, and DSA keys are supported. Other key types will return Anonymous.

func (SignatureAlgorithm) String 

func (s SignatureAlgorithm) String() string

type SignatureAndHashAlgorithm

SignatureAndHashAlgorithm gives information about the algorithms used for a signature. Defined in RFC 5246 s7.4.1.4.1. 

type SignatureAndHashAlgorithm struct {
    Hash      HashAlgorithm      `tls:"maxval:255"`
    Signature SignatureAlgorithm `tls:"maxval:255"`
}

type Uint24

Uint24 is an unsigned 3-byte integer. 

type Uint24 uint32