Documentation ¶
Index ¶
- Constants
- func Base64Bytesify(s string) []byte
- func ComputeHash(h crypto.Hash, data []byte) ([]byte, error)
- func GetRandomBytes(n uint16) []byte
- func GetRandomUint32() uint32
- func HexBytesify(h string) []byte
- func MarshalCBOR(v any) ([]byte, error)
- func MustMarshalCBOR(v any) []byte
- func NewEncoder(w io.Writer) *cbor.Encoder
- func RegisterEncryptor(kty Kty, alg Alg, fn EncryptorFactory)
- func RegisterMACer(kty Kty, alg Alg, fn MACerFactory)
- func RegisterSigner(kty Kty, alg Alg, crv Crv, fn SignerFactory)
- func RegisterVerifier(kty Kty, alg Alg, crv Crv, fn VerifierFactory)
- func SmallInt(v any) (int, error)
- func UnmarshalCBOR(data []byte, v any) error
- func ValidCBOR(data []byte) error
- type Alg
- type ByteStr
- type Crv
- type Encryptor
- type EncryptorFactory
- type IntKey
- type IntMap
- func (m IntMap) GetBool(k IntKey) (bool, error)
- func (m IntMap) GetBytes(k IntKey) (b []byte, err error)
- func (m IntMap) GetInt(k IntKey) (int64, error)
- func (m IntMap) GetSmallInt(k IntKey) (int, error)
- func (m IntMap) GetString(k IntKey) (string, error)
- func (m IntMap) GetUint(k IntKey) (uint64, error)
- func (m IntMap) Has(k IntKey) bool
- func (m IntMap) MarshalCBOR() ([]byte, error)
- type Key
- func (k Key) Alg() Alg
- func (k Key) BaseIV() ByteStr
- func (k Key) Bytesify() []byte
- func (k Key) Encryptor() (Encryptor, error)
- func (k Key) GetBool(p IntKey) (bool, error)
- func (k Key) GetBytes(p IntKey) ([]byte, error)
- func (k Key) GetSmallInt(p IntKey) (int, error)
- func (k Key) Has(p IntKey) bool
- func (k Key) Kid() ByteStr
- func (k Key) Kty() Kty
- func (k Key) MACer() (MACer, error)
- func (k Key) MarshalCBOR() ([]byte, error)
- func (k Key) MarshalJSON() ([]byte, error)
- func (k Key) Ops() Ops
- func (k Key) ParamString(p IntKey) string
- func (k Key) SetKid(kid ByteStr)
- func (k Key) SetOps(os Ops)
- func (k Key) Signer() (Signer, error)
- func (k Key) Verifier() (Verifier, error)
- type KeySet
- type Kty
- type MACer
- type MACerFactory
- type Ops
- type Signer
- type SignerFactory
- type Signers
- type Verifier
- type VerifierFactory
- type Verifiers
Constants ¶
const ( AlgReserved Alg = 0 // ECDSA P-256 w/ SHA-256. AlgES256 Alg = -7 // ECDSA P-384 w/ SHA-384. AlgES384 Alg = -35 // ECDSA P-521 w/ SHA-512. AlgES512 Alg = -36 // ECDSA using secp256k1 curve and SHA-256 AlgES256K Alg = -47 // PureEdDSA. AlgEdDSA Alg = -8 // AES-GCM mode w/ 128-bit key, 128-bit tag AlgA128GCM Alg = 1 // AES-GCM mode w/ 192-bit key, 128-bit tag AlgA192GCM Alg = 2 // AES-GCM mode w/ 256-bit key, 128-bit tag AlgA256GCM Alg = 3 // HMAC w/ SHA-256 truncated to 64 bits AlgHMAC25664 Alg = 4 // HMAC w/ SHA-256 AlgHMAC256256 Alg = 5 // HMAC w/ SHA-384 AlgHMAC384384 Alg = 6 // HMAC w/ SHA-512 AlgHMAC512512 Alg = 7 // AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce AlgAESCCM1664128 = 10 // AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce AlgAESCCM1664256 = 11 // AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce AlgAESCCM6464128 = 12 // AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce AlgAESCCM6464256 = 13 // AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce AlgAESCCM16128128 = 30 // AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce AlgAESCCM16128256 = 31 // AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce AlgAESCCM64128128 = 32 // AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce AlgAESCCM64128256 = 33 // ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag AlgChaCha20Poly1305 = 24 // AES-CBC-MAC 128-bit key, 64-bit tag AlgAESMAC12864 Alg = 14 // AES-CBC-MAC 256-bit key, 64-bit tag AlgAESMAC25664 Alg = 15 // AES-CBC-MAC 128-bit key, 128-bit tag AlgAESMAC128128 Alg = 25 // AES-CBC-MAC 256-bit key, 128-bit tag AlgAESMAC256128 Alg = 26 )
Algorithms supported by this library.
Reference https://datatracker.ietf.org/doc/html/rfc9053
const ( MIMEApplicationCOSEKey = "application/cose-key" MIMEApplicationCOSEKeySet = "application/cose-key-set" )
Reference https://datatracker.ietf.org/doc/html/rfc9052#section-11.3.2
Variables ¶
This section is empty.
Functions ¶
func Base64Bytesify ¶
Base64Bytesify converts a base64url string to []byte. It returns nil if the string is not a valid base64url string.
func ComputeHash ¶
ComputeHash computes a hash of the given data using the given hash.
func GetRandomBytes ¶
GetRandomBytes randomly generates n bytes.
func GetRandomUint32 ¶
func GetRandomUint32() uint32
GetRandomUint32 randomly generates an unsigned 32-bit integer.
func HexBytesify ¶
HexBytesify converts a hex string to []byte. It returns nil if the string is not a valid hex string.
func MarshalCBOR ¶
MarshalCBOR marshals value with the special cbor.EncOptions.
func MustMarshalCBOR ¶
MustMarshalCBOR marshals value with the special cbor.EncOptions. It will panic if marshaling failed.
func NewEncoder ¶
NewEncoder returns a new CBOR encoder with the special cbor.EncOptions.
func RegisterEncryptor ¶
func RegisterEncryptor(kty Kty, alg Alg, fn EncryptorFactory)
RegisterEncryptor registers a EncryptorFactory for the given key type, algorithm.
func RegisterMACer ¶
func RegisterMACer(kty Kty, alg Alg, fn MACerFactory)
RegisterMACer registers a MACerFactory for the given key type, algorithm.
func RegisterSigner ¶
func RegisterSigner(kty Kty, alg Alg, crv Crv, fn SignerFactory)
RegisterSigner registers a SignerFactory for the given key type, algorithm, and curve. For example, to register a SignerFactory for ed25519 signer:
key.RegisterSigner(key.KtyOKP, key.AlgEdDSA, key.CrvEd25519, ed25519.NewSigner)
func RegisterVerifier ¶
func RegisterVerifier(kty Kty, alg Alg, crv Crv, fn VerifierFactory)
RegisterVerifier registers a VerifierFactory for the given key type, algorithm, and curve.
func UnmarshalCBOR ¶
UnmarshalCBOR unmarshals data into value with the special cbor.DecOptions.
Types ¶
type Alg ¶
type Alg int
Algorithm represents an IANA algorithm entry in the COSE Algorithms registry.
Reference https://www.iana.org/assignments/cose/cose.xhtml#algorithms
type ByteStr ¶
type ByteStr []byte
ByteStr represents a byte string.
func (ByteStr) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface for ByteStr.
func (ByteStr) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface for ByteStr.
type Crv ¶
type Crv int
Crv represents the key's curve.
type Encryptor ¶
type Encryptor interface { // Encrypt encrypts a plaintext with the given nonce and additional data. // It returns the ciphertext or error. Encrypt(nonce, plaintext, additionalData []byte) (ciphertext []byte, err error) // Decrypt decrypts a ciphertext with the given nonce and additional data. // It returns the corresponding plaintext or error. Decrypt(nonce, ciphertext, additionalData []byte) (plaintext []byte, err error) // NonceSize returns the size of the nonce for encrypting and decrypting. NonceSize() int // Key returns the symmetric key in Encryptor. // If the "key_ops" field is present, it MUST include "encrypt" 3 when encrypting an plaintext. // If the "key_ops" field is present, it MUST include "decrypt" 4 when decrypting an ciphertext. Key() Key }
Encryptor is the encrypting and decrypting interface for content encryption. It is used in COSE_Encrypt and COSE_Encrypt0.
Reference https://datatracker.ietf.org/doc/html/rfc9052#section-8.3
type EncryptorFactory ¶
type IntKey ¶
type IntKey int
IntKey is a key type for the IntMap, value is from -65536 to 65536.
const ( OpSign IntKey = 1 // "sign" OpVerify IntKey = 2 // "verify" OpEncrypt IntKey = 3 // "encrypt" OpDecrypt IntKey = 4 // "decrypt" OpWrapKey IntKey = 5 // "wrap key" OpUnwrapKey IntKey = 6 // "unwrap key" OpDeriveKey IntKey = 7 // "derive key" OpDeriveBits IntKey = 8 // "derive bits" OpMACCreate IntKey = 9 // "MAC create" OpMACVerify IntKey = 10 // "MAC verify" )
Key Operation Values Reference https://datatracker.ietf.org/doc/html/rfc9052#name-cose-key-common-parameters
const ( // COSE Key Common Parameters // Reference https://datatracker.ietf.org/doc/html/rfc9052#name-cose-key-common-parameters // Reference https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters ParamKty IntKey = 1 ParamKid IntKey = 2 ParamAlg IntKey = 3 ParamOps IntKey = 4 ParamBaseIV IntKey = 5 // Reference https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters // KtyOKP, KtyEC2 ParamCrv IntKey = -1 ParamX IntKey = -2 ParamY IntKey = -3 ParamD IntKey = -4 // KtySymmetric ParamK IntKey = -1 )
type IntMap ¶
IntMap represents a map of IntKey to any value. It is base type of key.Key, cose.Header, cwt.ClaimsMap.
func (IntMap) GetBool ¶
GetBool returns the value for the key as an boolean. If the key is not present, it returns (false, nil). If the underlying value's Kind is not Bool, it returns (false, error).
func (IntMap) GetBytes ¶
GetBytes returns the value for the key as an []byte. If the key is not present, it returns (nil, nil). If the underlying value is not a slice of bytes or an addressable array of bytes, it returns (nil, error).
func (IntMap) GetInt ¶
GetInt returns the value for the key as an int64. If the key is not present, it returns (0, nil). If the underlying value's Kind is not Int, Int8, Int16, Int32, Int64, Uint, Uint8, Uint16, Uint32, Int64, or the value is overflows, it returns (0, error).
func (IntMap) GetSmallInt ¶
GetSmallInt returns the value for the key as an int in [-65536, 65536]. If the key is not present, it returns (0, nil). If the underlying value's Kind is not Int, Int8, Int16, Int32, Int64, Uint, Uint8, Uint16, Uint32, Int64, or the value's range is out of [-65536, 65536], it returns (0, error).
func (IntMap) GetString ¶
GetString returns the value for the key as an string. If the key is not present, it returns ("", nil). If the underlying value is not a string, it returns ("", error).
func (IntMap) GetUint ¶
GetUint returns the value for the key as an uint64. If the key is not present, it returns (0, nil). If the underlying value's Kind is not Int, Int8, Int16, Int32, Int64, Uint, Uint8, Uint16, Uint32, Int64, or the value is overflows, it returns (0, error).
func (IntMap) MarshalCBOR ¶
MarshalCBOR implements the CBOR Marshaler interface for IntMap. It sorts the int keys in increasing order and then encode the map. The map's capacity should be small, no more than 23 that is enough for COSE, CWT cases.
type Key ¶
type Key IntMap
Key represents a COSE_Key object.
Reference https://datatracker.ietf.org/doc/html/rfc9052#section-7
func (Key) Alg ¶
Alg returns the key algorithm. If It is elliptic-curves key and algorithm is not present, it will return the algorithm that matched the curve. Reference https://www.iana.org/assignments/cose/cose.xhtml#algorithms
func (Key) BaseIV ¶
BaseIV returns the base IV to be XORed with Partial IVs.
Reference https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
func (Key) Bytesify ¶
Bytesify returns a CBOR-encoded byte slice. It returns nil if MarshalCBOR failed.
func (Key) Encryptor ¶
Encryptor returns a Encryptor for the given key. If the key is nil, or EncryptorFactory for the given key type, algorithm not registered, an error is returned.
func (Key) GetBytes ¶
GetBytes returns the value of the given parameter as a slice of bytes, or a error.
func (Key) GetSmallInt ¶
GetSmallInt returns the value of the given parameter as a small integer, or a error.
func (Key) Kid ¶
Kid returns the key identifier. If the key identifier is not present, or the underlying value's Kind is not []byte, it returns nil.
func (Key) Kty ¶
Kty returns the key type. If the key is nil, it returns KtyReserved.
Reference https://www.iana.org/assignments/cose/cose.xhtml#key-type
func (Key) MACer ¶
MACer returns a MACer for the given key. If the key is nil, or MACerFactory for the given key type, algorithm not registered, an error is returned.
func (Key) MarshalCBOR ¶
MarshalCBOR implements the CBOR Marshaler interface for Key. It is the same as IntMap.MarshalCBOR.
func (Key) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface for Key.
func (Key) Ops ¶
Ops returns the key operations, or nil.
Reference https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
func (Key) ParamString ¶
ParamString returns the name of the key parameter.
type KeySet ¶
type KeySet []Key
func (KeySet) Lookup ¶
Lookup returns the first key matching the given key id. return nil if there are no keys matching the key id
type Kty ¶
type Kty int
Kty represents the key type.
const ( KtyReserved Kty = 0 // Octet Key Pair KtyOKP Kty = 1 // Elliptic Curve Keys w/ x- and y-coordinate pair KtyEC2 Kty = 2 KtyRSA Kty = 3 KtySymmetric Kty = 4 KtyHSSLMS Kty = 5 // https://datatracker.ietf.org/doc/html/rfc8778 KtyWalnutDSA Kty = 6 // https://datatracker.ietf.org/doc/html/rfc9021 )
Reference https://www.iana.org/assignments/cose/cose.xhtml#key-type
type MACer ¶
type MACer interface { // MACCreate computes message authentication code (MAC) for the given data. MACCreate(data []byte) ([]byte, error) // MACVerify verifies whether the given MAC is a correct message authentication code (MAC) the given data. MACVerify(data, mac []byte) error // Key returns the key in MACer. // If the "key_ops" field is present, it MUST include "MAC create" 9 when creating an HMAC authentication tag. // If the "key_ops" field is present, it MUST include "MAC verify" 10 when verifying an HMAC authentication tag. Key() Key }
MACer is the MAC interface for MAC objects. It is used in COSE_Mac and COSE_Mac0.
Reference https://datatracker.ietf.org/doc/html/rfc9052#section-8.2
type MACerFactory ¶
MACerFactory is a function that returns a MACer for the given key.
type Ops ¶
type Ops []IntKey
Ops represents the key operations.
func (Ops) EmptyOrHas ¶
EmptyOrHas returns true if the list of operations is empty, or the given operation is in the list of operations.
type Signer ¶
type Signer interface { // Computes the digital signature for data. Sign(data []byte) ([]byte, error) // Key returns the private key in Signer. // If the "key_ops" field is present, it MUST include "sign" 1. Key() Key }
Signer is the signing interface for signing objects. It is used in COSE_Sign and COSE_Sign1.
Reference https://datatracker.ietf.org/doc/html/rfc9052#section-8.1
type SignerFactory ¶
SignerFactory is a function that returns a Signer for the given key.
type Signers ¶
type Signers []Signer
Signers is a list of signers to be used for signing with one or more signers.
Reference https://datatracker.ietf.org/doc/html/rfc9052#section-4-1
type Verifier ¶
type Verifier interface { // Verifies returns nil if signature is a valid signature for data; otherwise returns an error. Verify(data, signature []byte) error // Key returns the public key in Verifier. // The key returned by this method should not include private key bytes. // If the "key_ops" field is present, it MUST include "verify" 12. Key() Key }
Verifier is the verifying interface for signing objects.
Reference https://datatracker.ietf.org/doc/html/rfc9052#section-8.1
type VerifierFactory ¶
VerifierFactory is a function that returns a Verifier for the given key.