package dsig import ( "crypto" "crypto/x509" ) const ( DefaultPrefix = "ds" Namespace = "http://www.w3.org/2000/09/xmldsig#" ) // Tags const ( SignatureTag = "Signature" SignedInfoTag = "SignedInfo" CanonicalizationMethodTag = "CanonicalizationMethod" SignatureMethodTag = "SignatureMethod" ReferenceTag = "Reference" TransformsTag = "Transforms" TransformTag = "Transform" DigestMethodTag = "DigestMethod" DigestValueTag = "DigestValue" SignatureValueTag = "SignatureValue" KeyInfoTag = "KeyInfo" X509DataTag = "X509Data" X509CertificateTag = "X509Certificate" InclusiveNamespacesTag = "InclusiveNamespaces" ) const ( AlgorithmAttr = "Algorithm" URIAttr = "URI" DefaultIdAttr = "ID" PrefixListAttr = "PrefixList" ) type AlgorithmID string func (id AlgorithmID) String() string { return string(id) } const ( RSASHA1SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" RSASHA256SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" RSASHA384SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" RSASHA512SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" ECDSASHA1SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" ECDSASHA256SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" ECDSASHA384SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" ECDSASHA512SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" ) // Well-known signature algorithms const ( // Supported canonicalization algorithms CanonicalXML10ExclusiveAlgorithmId AlgorithmID = "http://www.w3.org/2001/10/xml-exc-c14n#" CanonicalXML10ExclusiveWithCommentsAlgorithmId AlgorithmID = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" CanonicalXML11AlgorithmId AlgorithmID = "http://www.w3.org/2006/12/xml-c14n11" CanonicalXML11WithCommentsAlgorithmId AlgorithmID = "http://www.w3.org/2006/12/xml-c14n11#WithComments" CanonicalXML10RecAlgorithmId AlgorithmID = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" CanonicalXML10WithCommentsAlgorithmId AlgorithmID = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" EnvelopedSignatureAltorithmId AlgorithmID = "http://www.w3.org/2000/09/xmldsig#enveloped-signature" ) var digestAlgorithmIdentifiers = map[crypto.Hash]string{ crypto.SHA1: "http://www.w3.org/2000/09/xmldsig#sha1", crypto.SHA256: "http://www.w3.org/2001/04/xmlenc#sha256", crypto.SHA384: "http://www.w3.org/2001/04/xmldsig-more#sha384", crypto.SHA512: "http://www.w3.org/2001/04/xmlenc#sha512", } type signatureMethodInfo struct { PublicKeyAlgorithm x509.PublicKeyAlgorithm Hash crypto.Hash } var digestAlgorithmsByIdentifier = map[string]crypto.Hash{} var signatureMethodsByIdentifier = map[string]signatureMethodInfo{} func init() { for hash, id := range digestAlgorithmIdentifiers { digestAlgorithmsByIdentifier[id] = hash } for algo, hashToMethod := range signatureMethodIdentifiers { for hash, method := range hashToMethod { signatureMethodsByIdentifier[method] = signatureMethodInfo{ PublicKeyAlgorithm: algo, Hash: hash, } } } } var signatureMethodIdentifiers = map[x509.PublicKeyAlgorithm]map[crypto.Hash]string{ x509.RSA: { crypto.SHA1: RSASHA1SignatureMethod, crypto.SHA256: RSASHA256SignatureMethod, crypto.SHA384: RSASHA384SignatureMethod, crypto.SHA512: RSASHA512SignatureMethod, }, x509.ECDSA: { crypto.SHA1: ECDSASHA1SignatureMethod, crypto.SHA256: ECDSASHA256SignatureMethod, crypto.SHA384: ECDSASHA384SignatureMethod, crypto.SHA512: ECDSASHA512SignatureMethod, }, } var x509SignatureAlgorithmByIdentifier = map[string]x509.SignatureAlgorithm{ RSASHA1SignatureMethod: x509.SHA1WithRSA, RSASHA256SignatureMethod: x509.SHA256WithRSA, RSASHA384SignatureMethod: x509.SHA384WithRSA, RSASHA512SignatureMethod: x509.SHA512WithRSA, ECDSASHA1SignatureMethod: x509.ECDSAWithSHA1, ECDSASHA256SignatureMethod: x509.ECDSAWithSHA256, ECDSASHA384SignatureMethod: x509.ECDSAWithSHA384, ECDSASHA512SignatureMethod: x509.ECDSAWithSHA512, }