2022-08-16 09:48:06 +00:00
|
|
|
|
package kmip
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"math/big"
|
|
|
|
|
|
|
|
|
|
"github.com/gemalto/kmip-go/kmip14"
|
|
|
|
|
"github.com/gemalto/kmip-go/ttlv"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// 2.1 Base Objects
|
|
|
|
|
//
|
|
|
|
|
// These objects are used within the messages of the protocol, but are not objects managed by the key
|
|
|
|
|
// management system. They are components of Managed Objects.
|
|
|
|
|
|
|
|
|
|
// Attribute 2.1.1 Table 2
|
|
|
|
|
//
|
|
|
|
|
// An Attribute object is a structure (see Table 2) used for sending and receiving Managed Object attributes.
|
|
|
|
|
// The Attribute Name is a text-string that is used to identify the attribute. The Attribute Index is an index
|
|
|
|
|
// number assigned by the key management server. The Attribute Index is used to identify the particular instance.
|
|
|
|
|
// Attribute Indices SHALL start with 0. The Attribute Index of an attribute SHALL NOT change when other instances
|
|
|
|
|
// are added or deleted. Single-instance Attributes (attributes which an object MAY only have at most one instance
|
|
|
|
|
// thereof) SHALL have an Attribute Index of 0. The Attribute Value is either a primitive data type or structured
|
|
|
|
|
// object, depending on the attribute.
|
|
|
|
|
//
|
|
|
|
|
// When an Attribute structure is used to specify or return a particular instance of an Attribute and the Attribute
|
|
|
|
|
// Index is not specified it SHALL be assumed to be 0.
|
|
|
|
|
type Attribute struct {
|
|
|
|
|
// AttributeName should contain the canonical name of a tag, e.g. "Cryptographic Algorithm"
|
|
|
|
|
AttributeName string
|
|
|
|
|
// AttributeIndex is typically 0 when clients use this struct to create objects or add attributes. Clients
|
|
|
|
|
// only need to set this if modifying or deleting an existing attribute.
|
|
|
|
|
AttributeIndex int `ttlv:",omitempty"`
|
|
|
|
|
AttributeValue interface{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewAttributeFromTag(tag ttlv.Tag, idx int, val interface{}) Attribute {
|
|
|
|
|
return Attribute{
|
|
|
|
|
AttributeName: tag.CanonicalName(),
|
|
|
|
|
AttributeIndex: idx,
|
|
|
|
|
AttributeValue: val,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Credential 2.1.2 Table 3
|
|
|
|
|
//
|
|
|
|
|
// A Credential is a structure (see Table 3) used for client identification purposes and is not managed by the
|
|
|
|
|
// key management system (e.g., user id/password pairs, Kerberos tokens, etc.). It MAY be used for authentication
|
|
|
|
|
// purposes as indicated in [KMIP-Prof].
|
|
|
|
|
//
|
|
|
|
|
// TODO: add an unmarshal impl to Credential to handle decoding the right kind
|
|
|
|
|
// of credential based on the credential type value
|
|
|
|
|
type Credential struct {
|
|
|
|
|
CredentialType kmip14.CredentialType
|
|
|
|
|
CredentialValue interface{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UsernameAndPasswordCredentialValue 2.1.2 Table 4
|
|
|
|
|
//
|
|
|
|
|
// If the Credential Type in the Credential is Username and Password, then Credential Value is a
|
|
|
|
|
// structure as shown in Table 4. The Username field identifies the client, and the Password field
|
|
|
|
|
// is a secret that authenticates the client.
|
|
|
|
|
type UsernameAndPasswordCredentialValue struct {
|
|
|
|
|
Username string
|
|
|
|
|
Password string `ttlv:",omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DeviceCredentialValue 2.1.2 Table 5
|
|
|
|
|
//
|
|
|
|
|
// If the Credential Type in the Credential is Device, then Credential Value is a structure as shown in
|
|
|
|
|
// Table 5. One or a combination of the Device Serial Number, Network Identifier, Machine Identifier,
|
|
|
|
|
// and Media Identifier SHALL be unique. Server implementations MAY enforce policies on uniqueness for
|
|
|
|
|
// individual fields. A shared secret or password MAY also be used to authenticate the client.
|
|
|
|
|
// The client SHALL provide at least one field.
|
|
|
|
|
type DeviceCredentialValue struct {
|
|
|
|
|
DeviceSerialNumber string `ttlv:",omitempty"`
|
|
|
|
|
Password string `ttlv:",omitempty"`
|
|
|
|
|
DeviceIdentifier string `ttlv:",omitempty"`
|
|
|
|
|
NetworkIdentifier string `ttlv:",omitempty"`
|
|
|
|
|
MachineIdentifier string `ttlv:",omitempty"`
|
|
|
|
|
MediaIdentifier string `ttlv:",omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AttestationCredentialValue 2.1.2 Table 6
|
|
|
|
|
//
|
|
|
|
|
// If the Credential Type in the Credential is Attestation, then Credential Value is a structure
|
|
|
|
|
// as shown in Table 6. The Nonce Value is obtained from the key management server in a Nonce Object.
|
|
|
|
|
// The Attestation Credential Object can contain a measurement from the client or an assertion from a
|
|
|
|
|
// third party if the server is not capable or willing to verify the attestation data from the client.
|
|
|
|
|
// Neither type of attestation data (Attestation Measurement or Attestation Assertion) is necessary to
|
|
|
|
|
// allow the server to accept either. However, the client SHALL provide attestation data in either the
|
|
|
|
|
// Attestation Measurement or Attestation Assertion fields.
|
|
|
|
|
type AttestationCredentialValue struct {
|
|
|
|
|
Nonce Nonce
|
|
|
|
|
AttestationType kmip14.AttestationType
|
|
|
|
|
AttestationMeasurement []byte `ttlv:",omitempty"`
|
|
|
|
|
AttestationAssertion []byte `ttlv:",omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// KeyBlock 2.1.3 Table 7
|
|
|
|
|
//
|
|
|
|
|
// A Key Block object is a structure (see Table 7) used to encapsulate all of the information that is
|
|
|
|
|
// closely associated with a cryptographic key. It contains a Key Value of one of the following Key Format Types:
|
|
|
|
|
//
|
2022-10-06 10:24:15 +00:00
|
|
|
|
// - Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes.
|
|
|
|
|
// - Opaque – This is an encoded key for which the encoding is unknown to the key management system.
|
|
|
|
|
// It is encoded as a string of bytes.
|
|
|
|
|
// - PKCS1 – This is an encoded private key, expressed as a DER-encoded ASN.1 PKCS#1 object.
|
|
|
|
|
// - PKCS8 – This is an encoded private key, expressed as a DER-encoded ASN.1 PKCS#8 object, supporting both
|
|
|
|
|
// the RSAPrivateKey syntax and EncryptedPrivateKey.
|
|
|
|
|
// - X.509 – This is an encoded object, expressed as a DER-encoded ASN.1 X.509 object.
|
|
|
|
|
// - ECPrivateKey – This is an ASN.1 encoded elliptic curve private key.
|
|
|
|
|
// - Several Transparent Key types – These are algorithm-specific structures containing defined values
|
|
|
|
|
// for the various key types, as defined in Section 2.1.7.
|
|
|
|
|
// - Extensions – These are vendor-specific extensions to allow for proprietary or legacy key formats.
|
2022-08-16 09:48:06 +00:00
|
|
|
|
//
|
|
|
|
|
// The Key Block MAY contain the Key Compression Type, which indicates the format of the elliptic curve public
|
|
|
|
|
// key. By default, the public key is uncompressed.
|
|
|
|
|
//
|
|
|
|
|
// The Key Block also has the Cryptographic Algorithm and the Cryptographic Length of the key contained
|
|
|
|
|
// in the Key Value field. Some example values are:
|
|
|
|
|
//
|
2022-10-06 10:24:15 +00:00
|
|
|
|
// - RSA keys are typically 1024, 2048 or 3072 bits in length.
|
|
|
|
|
// - 3DES keys are typically from 112 to 192 bits (depending upon key length and the presence of parity bits).
|
|
|
|
|
// - AES keys are 128, 192 or 256 bits in length.
|
2022-08-16 09:48:06 +00:00
|
|
|
|
//
|
|
|
|
|
// The Key Block SHALL contain a Key Wrapping Data structure if the key in the Key Value field is
|
|
|
|
|
// wrapped (i.e., encrypted, or MACed/signed, or both).
|
|
|
|
|
type KeyBlock struct {
|
|
|
|
|
KeyFormatType kmip14.KeyFormatType
|
|
|
|
|
KeyCompressionType kmip14.KeyCompressionType `ttlv:",omitempty"`
|
|
|
|
|
KeyValue *KeyValue `ttlv:",omitempty"`
|
|
|
|
|
CryptographicAlgorithm kmip14.CryptographicAlgorithm `ttlv:",omitempty"`
|
|
|
|
|
CryptographicLength int `ttlv:",omitempty"`
|
|
|
|
|
KeyWrappingData *KeyWrappingData
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// KeyValue 2.1.4 Table 8
|
|
|
|
|
//
|
|
|
|
|
// The Key Value is used only inside a Key Block and is either a Byte String or a structure (see Table 8):
|
|
|
|
|
//
|
2022-10-06 10:24:15 +00:00
|
|
|
|
// - The Key Value structure contains the key material, either as a byte string or as a Transparent Key
|
|
|
|
|
// structure (see Section 2.1.7), and OPTIONAL attribute information that is associated and encapsulated
|
|
|
|
|
// with the key material. This attribute information differs from the attributes associated with Managed
|
|
|
|
|
// Objects, and is obtained via the Get Attributes operation, only by the fact that it is encapsulated with
|
|
|
|
|
// (and possibly wrapped with) the key material itself.
|
|
|
|
|
// - The Key Value Byte String is either the wrapped TTLV-encoded (see Section 9.1) Key Value structure, or
|
|
|
|
|
// the wrapped un-encoded value of the Byte String Key Material field.
|
2022-08-16 09:48:06 +00:00
|
|
|
|
//
|
|
|
|
|
// TODO: Unmarshaler impl which unmarshals correct KeyMaterial type.
|
|
|
|
|
type KeyValue struct {
|
|
|
|
|
// KeyMaterial should be []byte, one of the Transparent*Key structs, or a custom struct if KeyFormatType is
|
|
|
|
|
// an extension.
|
|
|
|
|
KeyMaterial interface{}
|
|
|
|
|
Attribute []Attribute
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// KeyWrappingData 2.1.5 Table 9
|
|
|
|
|
//
|
|
|
|
|
// The Key Block MAY also supply OPTIONAL information about a cryptographic key wrapping mechanism used
|
|
|
|
|
// to wrap the Key Value. This consists of a Key Wrapping Data structure (see Table 9). It is only used
|
|
|
|
|
// inside a Key Block.
|
|
|
|
|
//
|
|
|
|
|
// This structure contains fields for:
|
|
|
|
|
//
|
2022-10-06 10:24:15 +00:00
|
|
|
|
// - A Wrapping Method, which indicates the method used to wrap the Key Value.
|
|
|
|
|
// - Encryption Key Information, which contains the Unique Identifier (see 3.1) value of the encryption key
|
|
|
|
|
// and associated cryptographic parameters.
|
|
|
|
|
// - MAC/Signature Key Information, which contains the Unique Identifier value of the MAC/signature key
|
|
|
|
|
// and associated cryptographic parameters.
|
|
|
|
|
// - A MAC/Signature, which contains a MAC or signature of the Key Value.
|
|
|
|
|
// - An IV/Counter/Nonce, if REQUIRED by the wrapping method.
|
|
|
|
|
// - An Encoding Option, specifying the encoding of the Key Material within the Key Value structure of the
|
|
|
|
|
// Key Block that has been wrapped. If No Encoding is specified, then the Key Value structure SHALL NOT contain
|
|
|
|
|
// any attributes.
|
2022-08-16 09:48:06 +00:00
|
|
|
|
//
|
|
|
|
|
// If wrapping is used, then the whole Key Value structure is wrapped unless otherwise specified by the
|
|
|
|
|
// Wrapping Method. The algorithms used for wrapping are given by the Cryptographic Algorithm attributes of
|
|
|
|
|
// the encryption key and/or MAC/signature key; the block-cipher mode, padding method, and hashing algorithm used
|
|
|
|
|
// for wrapping are given by the Cryptographic Parameters in the Encryption Key Information and/or MAC/Signature
|
|
|
|
|
// Key Information, or, if not present, from the Cryptographic Parameters attribute of the respective key(s).
|
|
|
|
|
// Either the Encryption Key Information or the MAC/Signature Key Information (or both) in the Key Wrapping Data
|
|
|
|
|
// structure SHALL be specified.
|
|
|
|
|
//
|
|
|
|
|
// The following wrapping methods are currently defined:
|
|
|
|
|
//
|
2022-10-06 10:24:15 +00:00
|
|
|
|
// - Encrypt only (i.e., encryption using a symmetric key or public key, or authenticated encryption algorithms that use a single key).
|
|
|
|
|
// - MAC/sign only (i.e., either MACing the Key Value with a symmetric key, or signing the Key Value with a private key).
|
|
|
|
|
// - Encrypt then MAC/sign.
|
|
|
|
|
// - MAC/sign then encrypt.
|
|
|
|
|
// - TR-31.
|
|
|
|
|
// - Extensions.
|
2022-08-16 09:48:06 +00:00
|
|
|
|
//
|
|
|
|
|
// The following encoding options are currently defined:
|
|
|
|
|
//
|
2022-10-06 10:24:15 +00:00
|
|
|
|
// - No Encoding (i.e., the wrapped un-encoded value of the Byte String Key Material field in the Key Value structure).
|
|
|
|
|
// - TTLV Encoding (i.e., the wrapped TTLV-encoded Key Value structure).
|
2022-08-16 09:48:06 +00:00
|
|
|
|
type KeyWrappingData struct {
|
|
|
|
|
WrappingMethod kmip14.WrappingMethod
|
|
|
|
|
EncryptionKeyInformation *EncryptionKeyInformation
|
|
|
|
|
MACSignatureKeyInformation *MACSignatureKeyInformation
|
|
|
|
|
MACSignature []byte
|
|
|
|
|
IVCounterNonce []byte
|
|
|
|
|
EncodingOption kmip14.EncodingOption `ttlv:",omitempty" default:"TTLVEncoding"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// EncryptionKeyInformation 2.1.5 Table 10
|
|
|
|
|
type EncryptionKeyInformation struct {
|
|
|
|
|
UniqueIdentifier string
|
|
|
|
|
CryptographicParameters *CryptographicParameters
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// MACSignatureKeyInformation 2.1.5 Table 11
|
|
|
|
|
type MACSignatureKeyInformation struct {
|
|
|
|
|
UniqueIdentifier string
|
|
|
|
|
CryptographicParameters *CryptographicParameters
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentSymmetricKey 2.1.7.1 Table 14
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent Symmetric Key, then Key Material is a
|
|
|
|
|
// structure as shown in Table 14.
|
|
|
|
|
type TransparentSymmetricKey struct {
|
|
|
|
|
Key []byte `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentDSAPrivateKey 2.1.7.2 Table 15
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent DSA Private Key, then Key Material is a structure as
|
|
|
|
|
// shown in Table 15.
|
|
|
|
|
type TransparentDSAPrivateKey struct {
|
|
|
|
|
// TODO: should these be pointers? big package deals entirely with pointers, but these are not optional values.
|
|
|
|
|
P *big.Int `validate:"required"`
|
|
|
|
|
Q *big.Int `validate:"required"`
|
|
|
|
|
G *big.Int `validate:"required"`
|
|
|
|
|
X *big.Int `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentDSAPublicKey 2.1.7.3 Table 16
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent DSA Public Key, then Key Material is a structure as
|
|
|
|
|
// shown in Table 16.
|
|
|
|
|
type TransparentDSAPublicKey struct {
|
|
|
|
|
P *big.Int `validate:"required"`
|
|
|
|
|
Q *big.Int `validate:"required"`
|
|
|
|
|
G *big.Int `validate:"required"`
|
|
|
|
|
Y *big.Int `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentRSAPrivateKey 2.1.7.4 Table 17
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent RSA Private Key, then Key Material is a structure
|
|
|
|
|
// as shown in Table 17.
|
|
|
|
|
//
|
|
|
|
|
// One of the following SHALL be present (refer to [PKCS#1]):
|
|
|
|
|
//
|
2022-10-06 10:24:15 +00:00
|
|
|
|
// - Private Exponent,
|
|
|
|
|
// - P and Q (the first two prime factors of Modulus), or
|
|
|
|
|
// - Prime Exponent P and Prime Exponent Q.
|
2022-08-16 09:48:06 +00:00
|
|
|
|
type TransparentRSAPrivateKey struct {
|
|
|
|
|
Modulus *big.Int `validate:"required"`
|
|
|
|
|
PrivateExponent, PublicExponent *big.Int
|
|
|
|
|
P, Q *big.Int
|
|
|
|
|
PrimeExponentP, PrimeExponentQ *big.Int
|
|
|
|
|
CRTCoefficient *big.Int
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentRSAPublicKey 2.1.7.5 Table 18
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent RSA Public Key, then Key Material is a structure
|
|
|
|
|
// as shown in Table 18.
|
|
|
|
|
type TransparentRSAPublicKey struct {
|
|
|
|
|
Modulus *big.Int `validate:"required"`
|
|
|
|
|
PublicExponent *big.Int `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentDHPrivateKey 2.1.7.6 Table 19
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent DH Private Key, then Key Material is a structure as shown
|
|
|
|
|
// in Table 19.
|
|
|
|
|
type TransparentDHPrivateKey struct {
|
|
|
|
|
P *big.Int `validate:"required"`
|
|
|
|
|
Q *big.Int
|
|
|
|
|
G *big.Int `validate:"required"`
|
|
|
|
|
J *big.Int
|
|
|
|
|
X *big.Int `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentDHPublicKey 2.1.7.7 Table 20
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent DH Public Key, then Key Material is a structure as
|
|
|
|
|
// shown in Table 20.
|
|
|
|
|
//
|
|
|
|
|
// P, G, and Y are required.
|
|
|
|
|
type TransparentDHPublicKey struct {
|
|
|
|
|
P *big.Int `validate:"required"`
|
|
|
|
|
Q *big.Int
|
|
|
|
|
G *big.Int `validate:"required"`
|
|
|
|
|
J *big.Int
|
|
|
|
|
Y *big.Int `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentECDSAPrivateKey 2.1.7.8 Table 21
|
|
|
|
|
//
|
|
|
|
|
// The Transparent ECDSA Private Key structure is deprecated as of version 1.3 of this
|
|
|
|
|
// specification and MAY be removed from subsequent versions of the specification. The
|
|
|
|
|
// Transparent EC Private Key structure SHOULD be used as a replacement.
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent ECDSA Private Key, then Key Material is a
|
|
|
|
|
// structure as shown in Table 21.
|
|
|
|
|
type TransparentECDSAPrivateKey struct {
|
|
|
|
|
RecommendedCurve kmip14.RecommendedCurve
|
|
|
|
|
D *big.Int `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentECDSAPublicKey 2.1.7.9 Table 22
|
|
|
|
|
//
|
|
|
|
|
// The Transparent ECDSA Public Key structure is deprecated as of version 1.3 of this specification and
|
|
|
|
|
// MAY be removed from subsequent versions of the specification. The Transparent EC Public Key structure
|
|
|
|
|
// SHOULD be used as a replacement.
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent ECDSA Public Key, then Key Material is a
|
|
|
|
|
// structure as shown in Table 22.
|
|
|
|
|
type TransparentECDSAPublicKey struct {
|
|
|
|
|
RecommendedCurve kmip14.RecommendedCurve
|
|
|
|
|
QString []byte `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentECDHPrivateKey 2.1.7.10 Table 23
|
|
|
|
|
//
|
|
|
|
|
// The Transparent ECDH Private Key structure is deprecated as of version 1.3 of this specification and
|
|
|
|
|
// MAY be removed from subsequent versions of the specification. The Transparent EC Private Key structure
|
|
|
|
|
// SHOULD be used as a replacement.
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent ECDH Private Key, then Key Material is a structure
|
|
|
|
|
// as shown in Table 23.
|
|
|
|
|
type TransparentECDHPrivateKey TransparentECPrivateKey
|
|
|
|
|
|
|
|
|
|
// TransparentECDHPublicKey 2.1.7.11 Table 24
|
|
|
|
|
//
|
|
|
|
|
// The Transparent ECDH Public Key structure is deprecated as of version 1.3 of this specification and MAY
|
|
|
|
|
// be removed from subsequent versions of the specification. The Transparent EC Public Key structure SHOULD
|
|
|
|
|
// be used as a replacement.
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent ECDH Public Key, then Key Material is a structure as
|
|
|
|
|
// shown in Table 24.
|
|
|
|
|
type TransparentECDHPublicKey TransparentECPublicKey
|
|
|
|
|
|
|
|
|
|
// TransparentECMQVPrivateKey 2.1.7.12 Table 25
|
|
|
|
|
//
|
|
|
|
|
// The Transparent ECMQV Private Key structure is deprecated as of version 1.3 of this specification and MAY
|
|
|
|
|
// be removed from subsequent versions of the specification. The Transparent EC Private Key structure SHOULD
|
|
|
|
|
// be used as a replacement.
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent ECMQV Private Key, then Key Material is a structure
|
|
|
|
|
// as shown in Table 25.
|
|
|
|
|
type TransparentECMQVPrivateKey TransparentECPrivateKey
|
|
|
|
|
|
|
|
|
|
// TransparentECMQVPublicKey 2.1.7.13 Table 26
|
|
|
|
|
//
|
|
|
|
|
// The Transparent ECMQV Public Key structure is deprecated as of version 1.3 of this specification and MAY be
|
|
|
|
|
// removed from subsequent versions of the specification. The Transparent EC Public Key structure SHOULD be used as
|
|
|
|
|
// a replacement.
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent ECMQV Public Key, then Key Material is a structure as shown
|
|
|
|
|
// in Table 26.
|
|
|
|
|
type TransparentECMQVPublicKey TransparentECPublicKey
|
|
|
|
|
|
|
|
|
|
// TransparentECPrivateKey 2.1.7.14 Table 27
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent EC Private Key, then Key Material is a structure as shown
|
|
|
|
|
// in Table 27.
|
|
|
|
|
type TransparentECPrivateKey struct {
|
|
|
|
|
RecommendedCurve kmip14.RecommendedCurve
|
|
|
|
|
D *big.Int `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TransparentECPublicKey 2.1.7.15 Table 28
|
|
|
|
|
//
|
|
|
|
|
// If the Key Format Type in the Key Block is Transparent EC Public Key, then Key Material is a structure as
|
|
|
|
|
// shown in Table 28.
|
|
|
|
|
type TransparentECPublicKey struct {
|
|
|
|
|
RecommendedCurve kmip14.RecommendedCurve
|
|
|
|
|
QString []byte `validate:"required"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TemplateAttribute 2.1.8 Table 29
|
|
|
|
|
//
|
|
|
|
|
// The Template Managed Object is deprecated as of version 1.3 of this specification and MAY be removed from
|
|
|
|
|
// subsequent versions of the specification. Individual Attributes SHOULD be used in operations which currently
|
|
|
|
|
// support use of a Name within a Template-Attribute to reference a Template.
|
|
|
|
|
//
|
|
|
|
|
// These structures are used in various operations to provide the desired attribute values and/or template
|
|
|
|
|
// names in the request and to return the actual attribute values in the response.
|
|
|
|
|
//
|
|
|
|
|
// The Template-Attribute, Common Template-Attribute, Private Key Template-Attribute, and Public Key
|
|
|
|
|
// Template-Attribute structures are defined identically as follows:
|
2022-10-06 10:24:15 +00:00
|
|
|
|
//
|
|
|
|
|
// type TemplateAttribute struct {
|
|
|
|
|
// Attribute []Attribute
|
|
|
|
|
// }
|
2022-08-16 09:48:06 +00:00
|
|
|
|
type TemplateAttribute struct {
|
|
|
|
|
Name []Name
|
|
|
|
|
Attribute []Attribute
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get returns a reference to the first Attribute in the list matching the name.
|
|
|
|
|
// Returns nil if not found.
|
|
|
|
|
func (t *TemplateAttribute) Get(s string) *Attribute {
|
|
|
|
|
if t == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for i := range t.Attribute {
|
|
|
|
|
if t.Attribute[i].AttributeName == s {
|
|
|
|
|
return &t.Attribute[i]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetIdx returns a reference to the Attribute in the list matching the name and index.
|
|
|
|
|
// Returns nil if not found.
|
|
|
|
|
func (t *TemplateAttribute) GetIdx(s string, idx int) *Attribute {
|
|
|
|
|
if t == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for i := range t.Attribute {
|
|
|
|
|
if t.Attribute[i].AttributeName == s && t.Attribute[i].AttributeIndex == idx {
|
|
|
|
|
return &t.Attribute[i]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetTag returns a reference to the first Attribute in the list matching the tag.
|
|
|
|
|
// Returns nil if not found.
|
|
|
|
|
func (t *TemplateAttribute) GetTag(tag ttlv.Tag) *Attribute {
|
|
|
|
|
return t.Get(tag.String())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetTagIdx returns a reference to the first Attribute in the list matching the tag and index.
|
|
|
|
|
// Returns nil if not found.
|
|
|
|
|
func (t *TemplateAttribute) GetTagIdx(tag ttlv.Tag, idx int) *Attribute {
|
|
|
|
|
return t.GetIdx(tag.String(), idx)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *TemplateAttribute) GetAll(s string) []Attribute {
|
|
|
|
|
if t == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var ret []Attribute
|
|
|
|
|
|
|
|
|
|
for i := range t.Attribute {
|
|
|
|
|
if t.Attribute[i].AttributeName == s {
|
|
|
|
|
ret = append(ret, t.Attribute[i])
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *TemplateAttribute) Append(tag ttlv.Tag, value interface{}) {
|
|
|
|
|
t.Attribute = append(t.Attribute, NewAttributeFromTag(tag, 0, value))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *TemplateAttribute) GetAllTag(tag ttlv.Tag) []Attribute {
|
|
|
|
|
return t.GetAll(tag.String())
|
|
|
|
|
}
|