Documentation ¶
Index ¶
- Constants
- Variables
- func CompressHeaders(headers map[interface{}]interface{}) (compressed map[interface{}]interface{})
- func DecompressHeaders(headers map[interface{}]interface{}) (decompressed map[interface{}]interface{})
- func FindDuplicateHeader(headers *Headers) interface{}
- func FromBase64Int(data string) *big.Int
- func GetCommonHeaderLabel(tag int) (label string, err error)
- func GetCommonHeaderTag(label string) (tag int, err error)
- func GetCommonHeaderTagOrPanic(label string) (tag int)
- func I2OSP(b *big.Int, n int) []byte
- func IsSignMessage(data []byte) bool
- func Marshal(o interface{}) (b []byte, err error)
- func Sign(rand io.Reader, digest []byte, signers []ByteSigner) (signatures [][]byte, err error)
- func Unmarshal(b []byte) (o interface{}, err error)
- func Verify(digest []byte, signatures [][]byte, verifiers []ByteVerifier) (err error)
- type Algorithm
- type ByteSigner
- type ByteVerifier
- type Headers
- func (h *Headers) Decode(o []interface{}) (err error)
- func (h *Headers) DecodeProtected(o interface{}) (err error)
- func (h *Headers) DecodeUnprotected(o interface{}) (err error)
- func (h *Headers) EncodeProtected() (bstr []byte)
- func (h *Headers) EncodeUnprotected() (encoded map[interface{}]interface{})
- type KeyType
- type RSAOptions
- type SignMessage
- func (m *SignMessage) AddSignature(s *Signature)
- func (message *SignMessage) MarshalCBOR() ([]byte, error)
- func (m *SignMessage) SigStructure(external []byte, signature *Signature) (ToBeSigned []byte, err error)
- func (m *SignMessage) Sign(rand io.Reader, external []byte, signers []Signer) (err error)
- func (m *SignMessage) SignatureDigests(external []byte) (digests [][]byte, err error)
- func (message *SignMessage) UnmarshalCBOR(data []byte) (err error)
- func (m *SignMessage) Verify(external []byte, verifiers []Verifier) (err error)
- type Signature
- type Signer
- type Verifier
Constants ¶
const ContextSignature = "Signature"
ContextSignature identifies the context of the signature as a COSE_Signature structure per https://tools.ietf.org/html/rfc8152#section-4.4
const SignMessageCBORTag = 98
SignMessageCBORTag is the CBOR tag for a COSE SignMessage from https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml#tags
Variables ¶
var ( // PS256 is RSASSA-PSS w/ SHA-256 from [RFC8230] PS256 = getAlgByNameOrPanic("PS256") // ES256 is ECDSA w/ SHA-256 from [RFC8152] ES256 = getAlgByNameOrPanic("ES256") // ES384 is ECDSA w/ SHA-384 from [RFC8152] ES384 = getAlgByNameOrPanic("ES384") // ES512 is ECDSA w/ SHA-512 from [RFC8152] ES512 = getAlgByNameOrPanic("ES512") )
Supported Algorithms
var ( ErrInvalidAlg = errors.New("Invalid algorithm") ErrAlgNotFound = errors.New("Error fetching alg") ErrECDSAVerification = errors.New("verification failed ecdsa.Verify") ErrRSAPSSVerification = errors.New("verification failed rsa.VerifyPSS err crypto/rsa: verification error") ErrMissingCOSETagForLabel = errors.New("No common COSE tag for label") ErrMissingCOSETagForTag = errors.New("No common COSE label for tag") ErrNilSigHeader = errors.New("Signature.headers is nil") ErrNilSigProtectedHeaders = errors.New("Signature.headers.protected is nil") ErrNilSignatures = errors.New("SignMessage.signatures is nil. Use AddSignature to add one") ErrNoSignatures = errors.New("No signatures to sign the message. Use AddSignature to add them") ErrNoSignerFound = errors.New("No signer found") ErrNoVerifierFound = errors.New("No verifier found") ErrUnknownPrivateKeyType = errors.New("Unrecognized private key type") ErrUnknownPublicKeyType = errors.New("Unrecognized public key type") )
Functions ¶
func CompressHeaders ¶
func CompressHeaders(headers map[interface{}]interface{}) (compressed map[interface{}]interface{})
CompressHeaders replaces string tags with their int values and alg tags with their IANA int values.
panics when a compressed header tag already exists (e.g. alg and 1) casts int64 keys to int to make looking up common header IDs easier
func DecompressHeaders ¶
func DecompressHeaders(headers map[interface{}]interface{}) (decompressed map[interface{}]interface{})
DecompressHeaders replaces int values with string tags and alg int values with their IANA labels. Is the inverse of CompressHeaders.
func FindDuplicateHeader ¶
func FindDuplicateHeader(headers *Headers) interface{}
FindDuplicateHeader compresses the headers and returns the first duplicate header or nil for none found
func FromBase64Int ¶
FromBase64Int decodes a base64-encoded string into a big.Int or panics
from https://github.com/square/go-jose/blob/789a4c4bd4c118f7564954f441b29c153ccd6a96/utils_test.go#L45 Apache License 2.0
func GetCommonHeaderLabel ¶
GetCommonHeaderLabel returns the CBOR label for the map tag. Is the inverse of GetCommonHeaderTag.
func GetCommonHeaderTag ¶
GetCommonHeaderTag returns the CBOR tag for the map label
using Common COSE Headers Parameters Table 2 https://tools.ietf.org/html/rfc8152#section-3.1
func GetCommonHeaderTagOrPanic ¶
GetCommonHeaderTagOrPanic returns the CBOR label for a string. Is the inverse of GetCommonHeaderLabel.
func I2OSP ¶
I2OSP "Integer-to-Octet-String" converts a nonnegative integer to an octet string of a specified length
func IsSignMessage ¶
IsSignMessage checks whether the prefix is 0xd8 0x62 for a COSE SignMessage
func Sign ¶
Sign returns the SignatureBytes for each Signer in the same order on the digest or the error from the first failing Signer
Types ¶
type Algorithm ¶
type Algorithm struct { Name string Value int // optional fields HashFunc crypto.Hash // hash function for SignMessages // contains filtered or unexported fields }
Algorithm represents an IANA algorithm's parameters (Name, Value/ID, and optional extra data)
From the spec:
NOTE: The assignment of algorithm identifiers in this document was done so that positive numbers were used for the first layer objects (COSE_Sign, COSE_Sign1, COSE_Encrypt, COSE_Encrypt0, COSE_Mac, and COSE_Mac0). Negative numbers were used for second layer objects (COSE_Signature and COSE_recipient).
https://www.iana.org/assignments/cose/cose.xhtml#header-algorithm-parameters
type ByteSigner ¶
type ByteSigner interface { // Sign returns the COSE signature as a byte slice Sign(rand io.Reader, digest []byte) (signature []byte, err error) }
ByteSigner take a signature digest and returns COSE signature bytes
type ByteVerifier ¶
type ByteVerifier interface { // Verify returns nil for a successfully verified signature or an error Verify(digest []byte, signature []byte) (err error) }
ByteVerifier checks COSE signatures
type Headers ¶
type Headers struct { Protected map[interface{}]interface{} Unprotected map[interface{}]interface{} }
Headers represents "two buckets of information that are not considered to be part of the payload itself, but are used for holding information about content, algorithms, keys, or evaluation hints for the processing of the layer."
https://tools.ietf.org/html/rfc8152#section-3
It is represented by CDDL fragments:
Headers = (
protected : empty_or_serialized_map, unprotected : header_map
)
header_map = { Generic_Headers, * label => values }
empty_or_serialized_map = bstr .cbor header_map / bstr .size 0
func (*Headers) Decode ¶
Decode loads a two element interface{} slice into Headers.protected and unprotected respectively
func (*Headers) DecodeProtected ¶
DecodeProtected Unmarshals and sets Headers.protected from an interface{}
func (*Headers) DecodeUnprotected ¶
DecodeUnprotected Unmarshals and sets Headers.unprotected from an interface{}
func (*Headers) EncodeProtected ¶
EncodeProtected compresses and Marshals protected headers to bytes to encode as a CBOR bstr
func (*Headers) EncodeUnprotected ¶
func (h *Headers) EncodeUnprotected() (encoded map[interface{}]interface{})
EncodeUnprotected returns compressed unprotected headers
type KeyType ¶
type KeyType int
KeyType is the type to use in keyOptions to tell MakeDEREndEntity which type of crypto.PrivateKey to generate
type RSAOptions ¶
type RSAOptions struct {
Size int
}
RSAOptions are options for NewSigner currently just the RSA Key size
type SignMessage ¶
SignMessage represents a COSESignMessage with CDDL fragment:
COSE_Sign = [
Headers, payload : bstr / nil, signatures : [+ COSE_Signature]
]
https://tools.ietf.org/html/rfc8152#section-4.1
func NewSignMessage ¶
func NewSignMessage() *SignMessage
NewSignMessage takes a []byte payload and returns a new pointer to a SignMessage with empty headers and signatures
func (*SignMessage) AddSignature ¶
func (m *SignMessage) AddSignature(s *Signature)
AddSignature adds a signature to the message signatures creating an empty []Signature if necessary
func (*SignMessage) MarshalCBOR ¶
func (message *SignMessage) MarshalCBOR() ([]byte, error)
MarshalCBOR encodes SignMessage.
func (*SignMessage) SigStructure ¶
func (m *SignMessage) SigStructure(external []byte, signature *Signature) (ToBeSigned []byte, err error)
SigStructure returns the byte slice to be signed
func (*SignMessage) Sign ¶
Sign signs a SignMessage i.e. it populates signatures[].SignatureBytes using the provided array of Signers
func (*SignMessage) SignatureDigests ¶
func (m *SignMessage) SignatureDigests(external []byte) (digests [][]byte, err error)
SignatureDigests returns the list of signature digests of a sign message. This is mainly so that we can do the actual signing remotely without sending the message over.
func (*SignMessage) UnmarshalCBOR ¶
func (message *SignMessage) UnmarshalCBOR(data []byte) (err error)
UnmarshalCBOR decodes data into SignMessage.
Unpacks a SignMessage described by CDDL fragments:
COSE_Sign = [
Headers, payload : bstr / nil, signatures : [+ COSE_Signature]
]
COSE_Signature = [
Headers, signature : bstr
]
Headers = (
protected : empty_or_serialized_map, unprotected : header_map
)
header_map = { Generic_Headers, * label => values }
empty_or_serialized_map = bstr .cbor header_map / bstr .size 0
Generic_Headers = (
? 1 => int / tstr, ; algorithm identifier ? 2 => [+label], ; criticality ? 3 => tstr / int, ; content type ? 4 => bstr, ; key identifier ? 5 => bstr, ; IV ? 6 => bstr, ; Partial IV ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature
)
type Signature ¶
Signature represents a COSE signature with CDDL fragment:
COSE_Signature = [
Headers, signature : bstr
]
https://tools.ietf.org/html/rfc8152#section-4.1
func NewSignature ¶
func NewSignature() (s *Signature)
NewSignature returns a new COSE Signature with empty headers and nil signature bytes
type Signer ¶
type Signer struct { PrivateKey crypto.PrivateKey // contains filtered or unexported fields }
Signer holds a COSE Algorithm and private key for signing messages
func NewSignerFromKey ¶
func NewSignerFromKey(alg *Algorithm, privateKey crypto.PrivateKey) (signer *Signer, err error)
NewSignerFromKey checks whether the privateKey is supported and returns a Signer using the provided key