Documentation ¶
Index ¶
- Variables
- func DisplayPublicKey(cpk []byte) string
- func HasherFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) func() hash.Hash
- func ParsePublicKey(keyBytes []byte) (interface{}, error)
- func VerifySignature(key interface{}, data []byte, sig []byte) (bool, error)
- type COSEAlgorithmIdentifier
- type COSEKeyType
- type EC2PublicKeyData
- type Error
- type OKPPublicKeyData
- type PublicKeyData
- type RSAPublicKeyData
- type SignatureAlgorithm
Constants ¶
This section is empty.
Variables ¶
var ( ErrUnsupportedKey = &Error{ Type: "invalid_key_type", Details: "Unsupported Public Key Type", } ErrUnsupportedAlgorithm = &Error{ Type: "unsupported_key_algorithm", Details: "Unsupported public key algorithm", } ErrSigNotProvidedOrInvalid = &Error{ Type: "signature_not_provided_or_invalid", Details: "Signature invalid or not provided", } )
var SignatureAlgorithmDetails = []struct { algo SignatureAlgorithm coseAlg COSEAlgorithmIdentifier name string hasher func() hash.Hash }{ {SHA1WithRSA, AlgRS1, "SHA1-RSA", crypto.SHA1.New}, {SHA256WithRSA, AlgRS256, "SHA256-RSA", crypto.SHA256.New}, {SHA384WithRSA, AlgRS384, "SHA384-RSA", crypto.SHA384.New}, {SHA512WithRSA, AlgRS512, "SHA512-RSA", crypto.SHA512.New}, {SHA256WithRSAPSS, AlgPS256, "SHA256-RSAPSS", crypto.SHA256.New}, {SHA384WithRSAPSS, AlgPS384, "SHA384-RSAPSS", crypto.SHA384.New}, {SHA512WithRSAPSS, AlgPS512, "SHA512-RSAPSS", crypto.SHA512.New}, {ECDSAWithSHA256, AlgES256, "ECDSA-SHA256", crypto.SHA256.New}, {ECDSAWithSHA384, AlgES384, "ECDSA-SHA384", crypto.SHA384.New}, {ECDSAWithSHA512, AlgES512, "ECDSA-SHA512", crypto.SHA512.New}, {UnknownSignatureAlgorithm, AlgEdDSA, "EdDSA", crypto.SHA512.New}, }
Functions ¶
func DisplayPublicKey ¶
func HasherFromCOSEAlg ¶
func HasherFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) func() hash.Hash
Return the Hashing interface to be used for a given COSE Algorithm
func ParsePublicKey ¶
Figure out what kind of COSE material was provided and create the data for the new key
Types ¶
type COSEAlgorithmIdentifier ¶
type COSEAlgorithmIdentifier int
COSEAlgorithmIdentifier From §5.10.5. A number identifying a cryptographic algorithm. The algorithm identifiers SHOULD be values registered in the IANA COSE Algorithms registry [https://www.w3.org/TR/webauthn/#biblio-iana-cose-algs-reg], for instance, -7 for "ES256"
and -257 for "RS256".
const ( // AlgES256 ECDSA with SHA-256 AlgES256 COSEAlgorithmIdentifier = -7 // AlgES384 ECDSA with SHA-384 AlgES384 COSEAlgorithmIdentifier = -35 // AlgES512 ECDSA with SHA-512 AlgES512 COSEAlgorithmIdentifier = -36 // AlgRS1 RSASSA-PKCS1-v1_5 with SHA-1 AlgRS1 COSEAlgorithmIdentifier = -65535 // AlgRS256 RSASSA-PKCS1-v1_5 with SHA-256 AlgRS256 COSEAlgorithmIdentifier = -257 // AlgRS384 RSASSA-PKCS1-v1_5 with SHA-384 AlgRS384 COSEAlgorithmIdentifier = -258 // AlgRS512 RSASSA-PKCS1-v1_5 with SHA-512 AlgRS512 COSEAlgorithmIdentifier = -259 // AlgPS256 RSASSA-PSS with SHA-256 AlgPS256 COSEAlgorithmIdentifier = -37 // AlgPS384 RSASSA-PSS with SHA-384 AlgPS384 COSEAlgorithmIdentifier = -38 // AlgPS512 RSASSA-PSS with SHA-512 AlgPS512 COSEAlgorithmIdentifier = -39 // AlgEdDSA EdDSA AlgEdDSA COSEAlgorithmIdentifier = -8 )
type COSEKeyType ¶
type COSEKeyType int
The Key Type derived from the IANA COSE AuthData
const ( // OctetKey is an Octet Key OctetKey COSEKeyType = 1 // EllipticKey is an Elliptic Curve Public Key EllipticKey COSEKeyType = 2 // RSAKey is an RSA Public Key RSAKey COSEKeyType = 3 )
type EC2PublicKeyData ¶
type EC2PublicKeyData struct { PublicKeyData // If the key type is EC2, the curve on which we derive the signature from. Curve int64 `cbor:"-1,keyasint,omitempty" json:"crv"` // A byte string 32 bytes in length that holds the x coordinate of the key. XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"` // A byte string 32 bytes in length that holds the y coordinate of the key. YCoord []byte `cbor:"-3,keyasint,omitempty" json:"y"` }
func ParseFIDOPublicKey ¶
func ParseFIDOPublicKey(keyBytes []byte) (EC2PublicKeyData, error)
ParseFIDOPublicKey is only used when the appID extension is configured by the assertion response.
type Error ¶
type Error struct { // Short name for the type of error that has occurred Type string `json:"type"` // Additional details about the error Details string `json:"error"` // Information to help debug the error DevInfo string `json:"debug"` }
func (*Error) WithDetails ¶
type OKPPublicKeyData ¶
type OKPPublicKeyData struct { PublicKeyData Curve int64 // A byte string that holds the x coordinate of the key. XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"` }
type PublicKeyData ¶
type PublicKeyData struct { // The type of key created. Should be OKP, EC2, or RSA. KeyType int64 `cbor:"1,keyasint" json:"kty"` // A COSEAlgorithmIdentifier for the algorithm used to derive the key signature. Algorithm int64 `cbor:"3,keyasint" json:"alg"` // contains filtered or unexported fields }
PublicKeyData The public key portion of a Relying Party-specific credential key pair, generated by an authenticator and returned to a Relying Party at registration time. We unpack this object using fxamacker's cbor library ("github.com/fxamacker/cbor/v2") which is why there are cbor tags included. The tag field values correspond to the IANA COSE keys that give their respective values. See §6.4.1.1 https://www.w3.org/TR/webauthn/#sctn-encoded-credPubKey-examples for examples of this COSE data.
type RSAPublicKeyData ¶
type RSAPublicKeyData struct { PublicKeyData // Represents the modulus parameter for the RSA algorithm Modulus []byte `cbor:"-1,keyasint,omitempty" json:"n"` // Represents the exponent parameter for the RSA algorithm Exponent []byte `cbor:"-2,keyasint,omitempty" json:"e"` }
type SignatureAlgorithm ¶
type SignatureAlgorithm int
Algorithm enumerations used for
const ( UnknownSignatureAlgorithm SignatureAlgorithm = iota MD2WithRSA MD5WithRSA SHA1WithRSA SHA256WithRSA SHA384WithRSA SHA512WithRSA DSAWithSHA1 DSAWithSHA256 ECDSAWithSHA1 ECDSAWithSHA256 ECDSAWithSHA384 ECDSAWithSHA512 SHA256WithRSAPSS SHA384WithRSAPSS SHA512WithRSAPSS )
func SigAlgFromCOSEAlg ¶
func SigAlgFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) SignatureAlgorithm
Return which signature algorithm is being used from the COSE Key