-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkey.go
188 lines (161 loc) · 3.35 KB
/
key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
package attestation
type Algorithm uint
func (a Algorithm) String() string {
switch a {
case AlgoRSA:
return "RSA"
case AlgoEC:
return "EC"
case AlgoAES:
return "AES"
case AlgoHMAC:
return "HMAC"
default:
return "unknown algorithm"
}
}
const (
AlgoRSA Algorithm = 1
AlgoEC Algorithm = 3
AlgoAES Algorithm = 32
AlgoHMAC Algorithm = 128
)
// KeyBlobUsageRequirements specifies the necessary system environment conditions for the generated key to be used.
type KeyBlobUsageRequirements uint
func (r KeyBlobUsageRequirements) String() string {
return [...]string{
"STANDALONE",
"REQUIRES_FILE_SYSTEM",
}[r]
}
const (
KBURequirementsStandalone KeyBlobUsageRequirements = iota
KBURequirementsRequiresFileSystem
)
// BlockMode specifies the block cipher mode(s) with which the key may be used. This tag is only relevant to AES keys.
type BlockMode uint
func (m BlockMode) String() string {
return [...]string{
"ECB",
"CBC",
"CTR",
"GCM",
}[m]
}
const (
BlockModeECB BlockMode = iota
BlockModeCBC
BlockModeCTR
BlockModeGCM BlockMode = 32
)
// Digest specifies the digest algorithms that may be used with the key to perform signing and verification operations. This tag is relevant to RSA, ECDSA and HMAC keys.
type Digest uint
func (d Digest) String() string {
return [...]string{
"NONE",
"MD5",
"SHA1",
"SHA_2_224",
"SHA_2_256",
"SHA_2_384",
"SHA_2_512",
}[d]
}
const (
DigestNONE Digest = iota
DigestMD5
DigestSHA1
DigestSHA_2_224
DigestSHA_2_256
DigestSHA_2_384
DigestSHA_2_512
)
// EcCurve specifies the EC curves.
type EcCurve uint
func (c EcCurve) String() string {
return [...]string{
"P_224",
"P_256",
"P_384",
"P_521",
}[c]
}
const (
CurveP224 EcCurve = iota
CurveP256
CurveP384
CurveP521
)
// KeyOrigin specifies where the key was created, if known.
type KeyOrigin uint
func (o KeyOrigin) String() string {
return [...]string{
"GENERATED",
"DERIVED",
"IMPORTED",
"UNKNOWN",
}[o]
}
const (
KeyOriginGenerated KeyOrigin = iota
KeyOriginDerived
KeyOriginImported
KeyOriginUnknown
)
// PaddingMode specifies the padding modes that may be used with the key.
type PaddingMode uint
func (m PaddingMode) String() string {
return [...]string{
"NONE",
"RSA_OAEP",
"RSA_PSS",
"RSA_PKCS1_1_5_ENCRYPT",
"RSA_PKCS1_1_5_SIGN",
"PKCS7",
}[m]
}
const (
_ = iota
PaddingNone PaddingMode = iota
PaddingRSA_OAEP
PaddingRSA_PSS
PaddingRSA_PKCS1_1_5_ENCRYPT
PaddingRSA_PKCS1_1_5_SIGN
PaddingPKCS7 PaddingMode = 64
)
// KeyPurpose specifies the set of purposes for which the key may be used.
type KeyPurpose uint
func (p KeyPurpose) String() string {
return [...]string{
"ENCRYPT",
"DECRYPT",
"SIGN",
"VERIFY",
"DERIVE_KEY",
"WRAP_KEY",
}[p]
}
const (
PurposeEncrypt KeyPurpose = iota
PurposeDecrypt
PurposeSign
PurposeVerify
PurposeDeriveKey
PurposeWrapKey
)
// HardwareAuthenticatorType specifies the types of user authenticators that may be used to authorize this key.
type HardwareAuthenticatorType uint
func (t HardwareAuthenticatorType) String() string {
return [...]string{
"NONE",
"PASSWORD",
"FINGERPRINT",
"ANY",
}[t]
}
const (
HwAuthTypeNone HardwareAuthenticatorType = iota
HwAuthTypePassword HardwareAuthenticatorType = 1 << iota
HwAuthTypeFingerprint
HwAuthTypeAny HardwareAuthenticatorType = HardwareAuthenticatorType(^uint32(0))
)