cose

package
v0.19.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2025 License: MIT Imports: 14 Imported by: 6

Documentation

Index

Constants

View Source 
const (
	HeaderLabelCWTClaims              int64 = 13
	HeaderLabelReceiptVersion         int64 = 390
	HeaderLabelDID                    int64 = 391
	HeaderLabelFeed                   int64 = 392
	HeaderLabelRegistrationPolicyInfo int64 = 393
)
View Source 
const (
	// Confirmation Method Label
	CNFLabel = int64(8)

	CoseKeyLabel = int64(1)
)
View Source 
const (
	KeyTypeLabel       = 1
	KeyIDLabel         = 2
	AlgorithmLabel     = 3
	KeyOperationsLabel = 4

	KeyTypeOKP = int64(1)
	KeyTypeEC2 = int64(2)
	KeyTypeRSA = int64(3)

	KeyOperationVerifyLabel = 2

	ECCurveLabel = -1
	ECXLabel     = -2
	ECYLabel     = -3
	ECDLabel     = -4

	RSANLabel = -1
	RSAELabel = -2
	RSADLabel = -3
	RSAPLabel = -4
	RSAQLabel = -5
)
View Source 
const (
	Sign1Context = "Signature1"
)

Variables

View Source 
var (
	ErrCWTClaimsNoIssuer  = errors.New("no issuer in cwt claims")
	ErrCWTClaimsNoSubject = errors.New("no subject in cwt claims")
	ErrCWTClaimsNoCNF     = errors.New("no cnf in cwt claims")

	ErrCWTClaimsIssuerNotString  = errors.New("issuer not string in cwt claims")
	ErrCWTClaimsSubjectNotString = errors.New("subject not string in cwt claims")
	ErrCWTClaimsCNFWrongFormat   = errors.New("cnf is in wrong format in cwt claims")

	ErrUnsupportedKey   = errors.New("unsupported key")
	ErrUnknownCurve     = errors.New("unknown curve")
	ErrUnknownKeyType   = errors.New("unknown keytype")
	ErrUnknownAlgorithm = errors.New("unknown algorithm")

	ErrMalformedRSAKey       = errors.New("rsa key not in expected format")
	ErrUnsupportedCNFKeyType = errors.New("unsupported keytype for cnf")
)
View Source 
var (
	ErrCurveNotSupported = errors.New("curve not supported")
)

Functions

func AlgorithmLabelToAlgorithm 

func AlgorithmLabelToAlgorithm(label interface{}) (string, error)

AlgorithmLabelToAlgorithm converts the cose key alg label (string or int64) 

to a string algorithm name.

Mapping defined: https://www.rfc-editor.org/rfc/rfc8152.html#page-73

func CoseAlgForEC added in v0.12.15 

func CoseAlgForEC(pub ecdsa.PublicKey) (cose.Algorithm, error)

CoseAlgForEC returns the appropraite algorithm for the provided public key curve or an error if the curve is not supported

Noting that: "In order to promote interoperability, it is suggested that SHA-256 be used only with curve P-256, SHA-384 be used only with curve P-384, and SHA-512 be used with curve P-521." -- rfc 8152 & sec 4, 5480

func CurveLabelToCurve 

func CurveLabelToCurve(label interface{}) (string, error)

CurveLabelToCurve converts the cose key crv label (string or int64) 

to a string curve name.

Mapping defined: https://www.rfc-editor.org/rfc/rfc8152.html#page-73

func KeyTypeLabelToKeyType 

func KeyTypeLabelToKeyType(label interface{}) (string, error)

KeyTypeLabelToKeyType converts the cose key type label (int64 or string) 

to a string keytype name.

Mapping defined: https://www.rfc-editor.org/rfc/rfc8152.html#page-73

func MarshalCBOR 

func MarshalCBOR(message *cose.Sign1Message) ([]byte, error)

MarshalCBOR marshals a cose_Sign1 message to cbor

func NewCNFClaim added in v0.12.15 

func NewCNFClaim(
	issuer string, subject string, kid string, alg cose.Algorithm,
	pub ecdsa.PublicKey) map[int64]interface{}

NewCNFClaim returns a CoseKey cnf claim formatted properly for the cose cwt claim label 13. Note there is currently a minor divergence from the standard, we set "EC" rather than the more correct "EC2"

func UnmarshalCBOR 

func UnmarshalCBOR(message []byte) (*cose.Sign1Message, error)

UnmarshalCBOR unmarshals a cbor encoded cose_Sign1 message

Types

type CWTClaims 

type CWTClaims struct {
	Issuer             string  `json:"1,omitempty"`
	Subject            string  `json:"2,omitempty"`
	ConfirmationMethod CoseKey `json:"8,omitempty"`
}

CWTClaims are the cwt claims found on the protected header of a signed SCITT statement: https://ietf-wg-scitt.github.io/draft-ietf-scitt-architecture/draft-ietf-scitt-architecture.html

type CWTPublicKeyProvider 

type CWTPublicKeyProvider struct {
	// contains filtered or unexported fields
}

func NewCWTPublicKeyProvider 

func NewCWTPublicKeyProvider(cs *CoseSign1Message) *CWTPublicKeyProvider

func (*CWTPublicKeyProvider) PublicKey 

func (p *CWTPublicKeyProvider) PublicKey() (crypto.PublicKey, cose.Algorithm, error)

type CoseCommonKey 

type CoseCommonKey struct {
	// Key Type
	Kty string `json:"kty,omitempty"`

	// Key Identity
	Kid []byte `json:"kid,omitempty"`

	// Algorithm for cryptographic operations using the key
	Alg string `json:"alg,omitempty"`

	// Allowed cryptographic operations using the key
	KeyOps []string `json:"key_ops,omitempty"`
}

CoseKey as defined in: 

https://www.rfc-editor.org/rfc/rfc8152.html#page-33

COSE_Key = {
	1 => tstr / int,          ; kty
	? 2 => bstr,              ; kid
	? 3 => tstr / int,        ; alg
	? 4 => [+ (tstr / nt) ], ; key_ops
	? 5 => bstr,              ; Base IV
	* label => values
}

Only with the common fields

func NewCoseCommonKey 

func NewCoseCommonKey(coseKey map[int64]interface{}) (*CoseCommonKey, error)

NewCoseCommonKey creates a new cose key with common fields

func (*CoseCommonKey) Algorithm 

func (cck *CoseCommonKey) Algorithm() string

Algorithm returns the algorithm the key uses

func (*CoseCommonKey) KeyID 

func (cck *CoseCommonKey) KeyID() []byte

KeyID returns the key identity of the key

func (*CoseCommonKey) KeyOperations 

func (cck *CoseCommonKey) KeyOperations() []string

KeyOperations returns the allowed key operation for the key

func (*CoseCommonKey) KeyType 

func (cck *CoseCommonKey) KeyType() string

KeyType returns the keytype of the key

type CoseKey 

type CoseKey interface {
	Algorithm() string
	KeyID() []byte
	KeyType() string
	KeyOperations() []string

	PublicKey() (crypto.PublicKey, error)
}

// CoseKey interface as defined in: 

https://www.rfc-editor.org/rfc/rfc8152.html#page-33

allows the retrieval of common properties as well as the public key half

func CNFCoseKey 

func CNFCoseKey(cwtClaimsMap map[interface{}]interface{}) (CoseKey, error)

CNFCoseKey gets the cose key from the CNF field of CWT_Claims if it exists

expected format is: 

 /cnf/ 8 :{
	/COSE_Key/ 1 :{
		/kty/ 1 : /EC2/ 2,
		/crv/ -1 : /P-256/ 1,
		/x/ -2 : h'd7cc072de2205bdc1537a543d53c60a6acb62eccd890c7fa27c9
				   e354089bbe13',
		/y/ -3 : h'f95e1d4b851a2cc80fff87d8e23f22afb725d535e515d020731e
				   79a3b4e47120'
	   }
	 }

type CoseSign1Message 

type CoseSign1Message struct {
	*cose.Sign1Message
	// contains filtered or unexported fields
}

CoseSign1Message extends the cose.sign1message

func NewCoseSign1Message 

func NewCoseSign1Message(message *cose.Sign1Message, withOpts ...SignOption) (*CoseSign1Message, error)

NewCoseSign1Message creates a new cose sign1 message

func NewCoseSign1MessageFromCBOR 

func NewCoseSign1MessageFromCBOR(message []byte, withOpts ...SignOption) (*CoseSign1Message, error)

NewCoseSign1Message creates a new cose sign1 message from a cbor encoded message

func (*CoseSign1Message) CWTClaimsFromProtectedHeader 

func (cs *CoseSign1Message) CWTClaimsFromProtectedHeader() (*CWTClaims, error)

CWTClaimsFromProtectedHeader gets the CWT Claims from the protected header

func (*CoseSign1Message) ContentTypeFromProtectedheader 

func (cs *CoseSign1Message) ContentTypeFromProtectedheader() (string, error)

ContentTypeFromProtectedheader gets the content type from the given protected header

func (*CoseSign1Message) CreateSignPayload 

func (cs *CoseSign1Message) CreateSignPayload(external []byte) ([]byte, error)

CreateSignPayload creates a Sig_structure and returns it. As part of the cbor rfc, that is what needs 

to be signed for cose sign1

Reference: https://datatracker.ietf.org/doc/html/rfc8152#section-4.4

Code based off of: https://github.com/veraison/go-cose/blob/main/sign1.go#L156C69-L156C69 at commit from repo: 

https://github.com/veraison/go-cose/commit/ed78bf9ee97cd30fd53fdb1900cce4096b71fc18

func (*CoseSign1Message) DidFromProtectedHeader 

func (cs *CoseSign1Message) DidFromProtectedHeader() (string, error)

DidFromProtectedHeader gets the DID (Decentralised IDentity) 

to use to acquire the public key for verifying

func (*CoseSign1Message) FeedFromProtectedHeader 

func (cs *CoseSign1Message) FeedFromProtectedHeader() (string, error)

FeedFromProtectedHeader gets the feed id from the protected header

func (*CoseSign1Message) KidFromProtectedHeader 

func (cs *CoseSign1Message) KidFromProtectedHeader() (string, error)

KidFromProtectedHeader gets the kid from the protected header

func (*CoseSign1Message) SignES256 

func (cs *CoseSign1Message) SignES256(rand io.Reader, external []byte, privateKey *ecdsa.PrivateKey) error

SignES256 signs a cose sign1 message using the given ecdsa private key using the algorithm ES256

func (*CoseSign1Message) VerifyWithCWTPublicKey 

func (cs *CoseSign1Message) VerifyWithCWTPublicKey(external []byte) error

VerifyWithCWTPublicKey verifies the given message using the public key

found in the CWT Claims of the protected header

https://ietf-wg-scitt.github.io/draft-ietf-scitt-architecture/draft-ietf-scitt-architecture.html 

	CWT_Claims = {
	1 => tstr; iss, the issuer making statements,
	2 => tstr; sub, the subject of the statements, (feed id)
	/cnf/ 8 = > {
	  /COSE_Key/ 1 :{
		/kty/ 1 : /EC2/ 2,
		/crv/ -1 : /P-256/ 1,
		/x/ -2 : h'd7cc072de2205bdc1537a543d53c60a6acb62eccd890c7fa27c9
				   e354089bbe13',
		/y/ -3 : h'f95e1d4b851a2cc80fff87d8e23f22afb725d535e515d020731e
				   79a3b4e47120'
	   }
	 }
 }
	}

NOTE: that iss needs to be set, as the user needs to trace the given public key back to an issuer.

func (*CoseSign1Message) VerifyWithProvider 

func (cs *CoseSign1Message) VerifyWithProvider(
	pubKeyProvider publicKeyProvider, external []byte) error

func (*CoseSign1Message) VerifyWithPublicKey 

func (cs *CoseSign1Message) VerifyWithPublicKey(publicKey crypto.PublicKey, external []byte) error

VerifyWithPublicKey verifies the given message using the given public key 

for verification

example code: https://github.com/veraison/go-cose/blob/main/example_test.go

type ECCoseKey 

type ECCoseKey struct {
	*CoseCommonKey

	Curve string `json:"crv,omitempty"`
	X     []byte `json:"x,omitempty"`
	Y     []byte `json:"y,omitempty"`
}

ECCoseKey is an EC2 cose key

func NewECCoseKey 

func NewECCoseKey(coseKey map[int64]interface{}) (*ECCoseKey, error)

NewECCoseKey creates a new EC Cose Key

func (*ECCoseKey) KeyID added in v0.13.6 

func (ecck *ECCoseKey) KeyID() []byte

func (*ECCoseKey) PublicKey 

func (ecck *ECCoseKey) PublicKey() (crypto.PublicKey, error)

PublicKey gets the public key from the 

ECCoseKey

type ErrKeyFormatError 

type ErrKeyFormatError struct {
	// contains filtered or unexported fields
}

ErrKeyFormatError occurs when the key has unexpected format

func (*ErrKeyFormatError) Error 

func (e *ErrKeyFormatError) Error() string

Error implements the error interface

type ErrKeyValueError 

type ErrKeyValueError struct {
	// contains filtered or unexported fields
}

ErrKeyValueError occurs when the key has unexpected values

func (*ErrKeyValueError) Error 

func (e *ErrKeyValueError) Error() string

Error implements the error interface

type ErrNoProtectedHeaderValue 

type ErrNoProtectedHeaderValue struct {

	// Label is the header Label that has no value
	Label int64
}

ErrNoProtectedHeaderValue occurs when a cose protected header doesn't have a value for a given label

func (*ErrNoProtectedHeaderValue) Error 

func (e *ErrNoProtectedHeaderValue) Error() string

Error implements the error interface

type ErrUnexpectedProtectedHeaderType 

type ErrUnexpectedProtectedHeaderType struct {
	// contains filtered or unexported fields
}

ErrUnexpectedProtectedHeaderType occurs when a cose protected header label value doesn't have the expected value type

func (*ErrUnexpectedProtectedHeaderType) Error 

func (e *ErrUnexpectedProtectedHeaderType) Error() string

Error implements the error interface

type PublicKeyProvider 

type PublicKeyProvider struct {
	// contains filtered or unexported fields
}

func NewPublicKeyProvider 

func NewPublicKeyProvider(cs *CoseSign1Message, publicKey crypto.PublicKey) *PublicKeyProvider

func (*PublicKeyProvider) PublicKey 

func (p *PublicKeyProvider) PublicKey() (crypto.PublicKey, cose.Algorithm, error)

type RSACoseKey 

type RSACoseKey struct {
	*CoseCommonKey

	N int64 `json:"n,omitempty"`
	E int64 `json:"e,omitempty"`
}

RSACoseKey is an RSA cose key

func NewRSACoseKey 

func NewRSACoseKey(coseKey map[int64]interface{}) (*RSACoseKey, error)

NewRSACoseKey creates a new RSA cose key

func (*RSACoseKey) PublicKey 

func (rsack *RSACoseKey) PublicKey() (crypto.PublicKey, error)

PublicKey gets the public key from the 

RSACoseKey

type SignOption 

type SignOption func(*SignOptions)

func WithDecOptions 

func WithDecOptions(decOpts cbor.DecOptions) SignOption

func WithEncOptions 

func WithEncOptions(encOpts cbor.EncOptions) SignOption

type SignOptions 

type SignOptions struct {
	// contains filtered or unexported fields
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.