-package yacpki
+package pki
import (
- "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b"
- "go.cypherpunks.su/yac/gyac/yacpki/gost"
+ "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b"
+ "go.cypherpunks.su/yac/gyac/pki/gost"
)
const (
-package yacpki
+package pki
import (
"bytes"
"github.com/google/uuid"
"go.cypherpunks.su/yac/gyac"
- pkihash "go.cypherpunks.su/yac/gyac/yacpki/hash"
- "go.cypherpunks.su/yac/gyac/yacpki/utils"
+ pkihash "go.cypherpunks.su/yac/gyac/pki/hash"
+ "go.cypherpunks.su/yac/gyac/pki/utils"
)
// Algorithm-value often used structure.
-package yacpki
+package pki
import (
"crypto"
"go.cypherpunks.su/yac/gyac"
"go.cypherpunks.su/yac/gyac/mapstruct"
- ed25519blake2b "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b"
- "go.cypherpunks.su/yac/gyac/yacpki/gost"
+ ed25519blake2b "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b"
+ "go.cypherpunks.su/yac/gyac/pki/gost"
)
const (
"time"
"go.cypherpunks.su/yac/gyac"
- "go.cypherpunks.su/yac/gyac/yacpki"
- ed25519blake2b "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b"
- "go.cypherpunks.su/yac/gyac/yacpki/gost"
- "go.cypherpunks.su/yac/gyac/yacpki/utils"
+ "go.cypherpunks.su/yac/gyac/pki"
+ ed25519blake2b "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b"
+ "go.cypherpunks.su/yac/gyac/pki/gost"
+ "go.cypherpunks.su/yac/gyac/pki/utils"
)
func main() {
"Optional notBefore, \"2006-01-02 15:04:05\" format")
lifetime := flag.Uint("lifetime", 365,
"Lifetime of the certificate, days")
- algo := flag.String("algo", yacpki.GOST3410256A, "Public key algorithm")
+ algo := flag.String("algo", pki.GOST3410256A, "Public key algorithm")
issuingPrv := flag.String("ca-prv", "",
"Path to private key file for issuing with")
reuseKey := flag.Bool("reuse-key", false,
till := since.Add(time.Duration(*lifetime) * 24 * time.Hour)
var caPrv crypto.Signer
- var caCers []*yacpki.SignedData
+ var caCers []*pki.SignedData
for _, issuingCer := range issuingCers {
- var sd *yacpki.SignedData
- sd, _, err = yacpki.CerParse(utils.MustReadFile(issuingCer))
+ var sd *pki.SignedData
+ sd, _, err = pki.CerParse(utils.MustReadFile(issuingCer))
if err != nil {
log.Fatal(err)
}
if *issuingPrv == "" {
log.Fatal("no -ca-key is set")
}
- caPrv, _, err = yacpki.PrvParse(utils.MustReadFile(*issuingPrv))
+ caPrv, _, err = pki.PrvParse(utils.MustReadFile(*issuingPrv))
if err != nil {
log.Fatal(err)
}
}
if *verify {
- var sd *yacpki.SignedData
- sd, _, err = yacpki.CerParse(utils.MustReadFile(*cerPath))
+ var sd *pki.SignedData
+ sd, _, err = pki.CerParse(utils.MustReadFile(*cerPath))
if err != nil {
log.Fatal(err)
}
var prvRaw []byte
var pub []byte
if *reuseKey {
- prv, pub, err = yacpki.PrvParse(utils.MustReadFile(*prvPath))
+ prv, pub, err = pki.PrvParse(utils.MustReadFile(*prvPath))
if err != nil {
log.Fatal(err)
}
} else {
switch *algo {
- case yacpki.Ed25519BLAKE2b:
+ case pki.Ed25519BLAKE2b:
prv, prvRaw, pub, err = ed25519blake2b.NewKeypair()
- case yacpki.GOST3410256A, yacpki.GOST3410512C:
+ case pki.GOST3410256A, pki.GOST3410512C:
prv, prvRaw, pub, err = gost.NewKeypair(*algo)
default:
err = errors.New("unknown -algo specified")
}
err = os.WriteFile(
*prvPath,
- gyac.FromGo(yacpki.AV{A: *algo, V: prvRaw}).Encode(nil),
+ gyac.FromGo(pki.AV{A: *algo, V: prvRaw}).Encode(nil),
0o600,
)
if err != nil {
}
}
- pubMap := yacpki.Pub{A: *algo, V: pub}
+ pubMap := pki.Pub{A: *algo, V: pub}
{
- av := yacpki.AV{A: *algo, V: pub}
+ av := pki.AV{A: *algo, V: pub}
pubMap.Id = av.Id()
}
- cerLoad := yacpki.CerLoad{Subj: subj, Pub: []yacpki.Pub{pubMap}}
+ cerLoad := pki.CerLoad{Subj: subj, Pub: []pki.Pub{pubMap}}
if len(ku) > 0 {
cerLoad.KU = &ku
}
- var caCerLoad *yacpki.CerLoad
+ var caCerLoad *pki.CerLoad
if caPrv == nil {
caPrv = prv
caCerLoad = &cerLoad
} else {
caCerLoad = caCers[0].CerLoad()
}
- sd := yacpki.SignedData{Load: yacpki.SignedDataLoad{T: "cer", V: cerLoad}}
+ sd := pki.SignedData{Load: pki.SignedDataLoad{T: "cer", V: cerLoad}}
err = sd.CerIssueWith(caCerLoad, caPrv, since, till)
if err != nil {
log.Fatal(err)
"time"
"go.cypherpunks.su/yac/gyac"
- "go.cypherpunks.su/yac/gyac/yacpki"
- pkihash "go.cypherpunks.su/yac/gyac/yacpki/hash"
- "go.cypherpunks.su/yac/gyac/yacpki/utils"
+ "go.cypherpunks.su/yac/gyac/pki"
+ pkihash "go.cypherpunks.su/yac/gyac/pki/hash"
+ "go.cypherpunks.su/yac/gyac/pki/utils"
)
func main() {
if *cerPath == "" {
log.Fatal("no -cer is set")
}
- cer, _, err := yacpki.CerParse(utils.MustReadFile(*cerPath))
+ cer, _, err := pki.CerParse(utils.MustReadFile(*cerPath))
if err != nil {
log.Fatal(err)
}
if *prvPath == "" {
log.Fatal("no -prv is set")
}
- signer, _, err = yacpki.PrvParse(utils.MustReadFile(*prvPath))
+ signer, _, err = pki.PrvParse(utils.MustReadFile(*prvPath))
if err != nil {
log.Fatal(err)
}
log.Fatal(err)
}
if *verify {
- var sd *yacpki.SignedData
- sd, _, err = yacpki.SignedDataParse(utils.MustReadFile(*sdPath))
+ var sd *pki.SignedData
+ sd, _, err = pki.SignedDataParse(utils.MustReadFile(*sdPath))
if err != nil {
log.Fatal(err)
}
log.Fatal("hash mismatch")
}
signer := cer.CerLoad()
- if !signer.Can(yacpki.KUSig) || len(signer.Pub) != 1 {
+ if !signer.Can(pki.KUSig) || len(signer.Pub) != 1 {
log.Fatal("cer can not sign")
}
if sig.Sign.A != signer.Pub[0].A {
log.Fatal(err)
}
} else {
- var sd yacpki.SignedData
+ var sd pki.SignedData
sd.Load.T = *typ
sdHashes := map[string]*struct{}{*hashAlgo: nil}
sd.Hashes = &sdHashes
sigHashes := map[string][]byte{*hashAlgo: hasher.Sum(nil)}
when := time.Now().UTC().Truncate(1000 * time.Microsecond)
- err = sd.SignWith(cer.CerLoad(), signer, yacpki.SigTBS{
+ err = sd.SignWith(cer.CerLoad(), signer, pki.SigTBS{
Hashes: &sigHashes,
When: &when,
})
--- /dev/null
+// gyac/pki provides PKI-related capabilities based on YAC encoded formats.
+package pki
+++ ed25519/ed25519.go 2024-12-03 11:07:51.892841000 +0300
@@ -20,11 +20,12 @@
"crypto"
- "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b/edwards25519"
+ "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b/edwards25519"
cryptorand "crypto/rand"
- "crypto/sha512"
"crypto/subtle"
"crypto"
"crypto/rand"
- "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b/ed25519"
+ "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b/ed25519"
)
func NewKeypair() (signer crypto.Signer, prv, pub []byte, err error) {
# That script copies the library (tested on 1.23.3) and patches it to
# use BLAKE2b hash.
-modname=go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b
+modname=go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b
go mod init $modname
dst=$PWD
cd $(go env GOROOT)/src
"crypto"
"errors"
- "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b/ed25519"
+ "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b/ed25519"
)
func NewSigner(v []byte) (prv crypto.Signer, pub []byte, err error) {
import (
"errors"
- "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b/ed25519"
+ "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b/ed25519"
)
func Verify(pub, signed, signature []byte) (valid bool, err error) {
-module go.cypherpunks.su/yac/gyac/yacpki
+module go.cypherpunks.su/yac/gyac/pki
go 1.22
"go.cypherpunks.su/gogost/v6/gost3410"
"go.cypherpunks.su/gogost/v6/gost34112012256"
"go.cypherpunks.su/gogost/v6/gost34112012512"
- "go.cypherpunks.su/yac/gyac/yacpki/utils"
+ "go.cypherpunks.su/yac/gyac/pki/utils"
)
func Verify(algo string, pub, signed, signature []byte) (valid bool, err error) {
-package yacpki
+package pki
import (
"crypto"
"fmt"
"go.cypherpunks.su/yac/gyac/mapstruct"
- ed25519blake2b "go.cypherpunks.su/yac/gyac/yacpki/ed25519-blake2b"
- "go.cypherpunks.su/yac/gyac/yacpki/gost"
+ ed25519blake2b "go.cypherpunks.su/yac/gyac/pki/ed25519-blake2b"
+ "go.cypherpunks.su/yac/gyac/pki/gost"
)
// Parse private key contained in AV YAC-encoded structure.
-package yacpki
+package pki
import (
"crypto"
+++ /dev/null
-// yacpki provides PKI-related capabilities based on YAC encoded formats.
-package yacpki