Documentation ¶
Index ¶
Constants ¶
const ( // RSASSA-PKCS1-v1_5 using SHA-1 AlgorithmRS1 = -65535 // WalnutDSA signature AlgorithmWalnutDSA = -260 // RSASSA-PKCS1-v1_5 using SHA-512 AlgorithmRS512 = -259 // RSASSA-PKCS1-v1_5 using SHA-384 AlgorithmRS384 = -258 // RSASSA-PKCS1-v1_5 using SHA-256 AlgorithmRS256 = -257 // ECDSA using secp256k1 curve and SHA-256 AlgorithmES256K = -47 // HSS/LMS hash-based digital signature AlgorithmHSS_LMS = -46 // SHAKE-256 512-bit Hash Value AlgorithmSHAKE256 = -45 // SHA-2 512-bit Hash AlgorithmSHA_512 = -44 // SHA-2 384-bit Hash AlgorithmSHA_384 = -43 // RSAES-OAEP w/ SHA-512 AlgorithmRSAES_OAEP_SHA_512 = -42 // RSAES-OAEP w/ SHA-256 AlgorithmRSAES_OAEP_SHA_256 = -41 // RSAES-OAEP w/ SHA-1 AlgorithmRSAES_OAEP_RFC_8017_default = -40 // RSASSA-PSS w/ SHA-512 AlgorithmPS512 = -39 // RSASSA-PSS_SHA-384 AlgorithmPS384 = -38 // RSASSA-PSS w/ SHA-256 AlgorithmPS256 = -37 // ECDSA w/ SHA-512 AlgorithmES512 = -36 // ECDSA w/ SHA-384 AlgorithmES384 = -35 // ECDH SS w/ Concat KDF and AES Key Wrap w/ 256-bit key AlgorithmECDH_SS_A256KW = -34 // ECDH SS w/ Concat KDF and AES Key Wrap w/ 192-bit key AlgorithmECDH_SS_A192KW = -33 // ECDH SS w/ Concat KDF and AES Key Wrap w/ 128-bit key AlgorithmECDH_SS_A128KW = -32 // ECDH ES w/ Concat KDF and AES Key Wrap w/ 256-bit key AlgorithmECDH_ES_A256KW = -31 // ECDH ES w/ Concat KDF and AES Key Wrap w/ 192-bit key AlgorithmECDH_ES_A192KW = -30 // ECDH ES w/ Concat KDF and AES Key Wrap w/ 128-bit key AlgorithmECDH_ES_A128KW = -29 // ECDH SS w/ HKDF - generate key directly AlgorithmECDH_SS_HKDF_512 = -28 // ECDH SS w/ HKDF - generate key directly AlgorithmECDH_SS_HKDF_256 = -27 // ECDH ES w/ HKDF - generate key directly AlgorithmECDH_ES_HKDF_512 = -26 // ECDH ES w/ HKDF - generate key directly AlgorithmECDH_ES_HKDF_256 = -25 // SHAKE-128 256-bit Hash Value AlgorithmSHAKE128 = -18 // SHA-2 512-bit Hash truncated to 256-bits AlgorithmSHA_512_256 = -17 // SHA-2 256-bit Hash AlgorithmSHA_256 = -16 // SHA-2 256-bit Hash truncated to 64-bits AlgorithmSHA_256_64 = -15 // SHA-1 Hash AlgorithmSHA_1 = -14 // Shared secret w/ AES-MAC 256-bit key AlgorithmDirect_HKDF_AES_256 = -13 // Shared secret w/ AES-MAC 128-bit key AlgorithmDirect_HKDF_AES_128 = -12 // Shared secret w/ HKDF and SHA-512 AlgorithmDirect_HKDF_SHA_512 = -11 // Shared secret w/ HKDF and SHA-256 AlgorithmDirect_HKDF_SHA_256 = -10 // EdDSA AlgorithmEdDSA = -8 // ECDSA w/ SHA-256 AlgorithmES256 = -7 // Direct use of CEK AlgorithmDirect = -6 // AES Key Wrap w/ 256-bit key AlgorithmA256KW = -5 // AES Key Wrap w/ 192-bit key AlgorithmA192KW = -4 // AES Key Wrap w/ 128-bit key AlgorithmA128KW = -3 // Reserved AlgorithmReserved = 0 // AES-GCM mode w/ 128-bit key, 128-bit tag AlgorithmA128GCM = 1 // AES-GCM mode w/ 192-bit key, 128-bit tag AlgorithmA192GCM = 2 // AES-GCM mode w/ 256-bit key, 128-bit tag AlgorithmA256GCM = 3 // HMAC w/ SHA-256 truncated to 64 bits AlgorithmHMAC_256_64 = 4 // HMAC w/ SHA-256 AlgorithmHMAC_256_256 = 5 // HMAC w/ SHA-384 AlgorithmHMAC_384_384 = 6 // HMAC w/ SHA-512 AlgorithmHMAC_512_512 = 7 // AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce AlgorithmAES_CCM_16_64_128 = 10 // AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce AlgorithmAES_CCM_16_64_256 = 11 // AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce AlgorithmAES_CCM_64_64_128 = 12 // AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce AlgorithmAES_CCM_64_64_256 = 13 // AES-MAC 128-bit key, 64-bit tag AlgorithmAES_MAC_128_64 = 14 // AES-MAC 256-bit key, 64-bit tag AlgorithmAES_MAC_256_64 = 15 // ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag AlgorithmChaCha20Poly1305 = 24 // AES-MAC 128-bit key, 128-bit tag AlgorithmAES_MAC_128_128 = 25 // AES-MAC 256-bit key, 128-bit tag AlgorithmAES_MAC_256_128 = 26 // AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce AlgorithmAES_CCM_16_128_128 = 30 // AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce AlgorithmAES_CCM_16_128_256 = 31 // AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce AlgorithmAES_CCM_64_128_128 = 32 // AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce AlgorithmAES_CCM_64_128_256 = 33 // For doing IV generation for symmetric algorithms. AlgorithmIV_GENERATION = 34 )
IANA-registered COSE algorithms.
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#algorithms as of 2022-12-19.
const ( // Health certificate ("hcert": map). CWTClaimHCert = -260 // Challenge nonce ("EUPHNonce": bstr). CWTClaimEUPHNonce = -259 // Signing prefix for multi-app restricted operating environment ("EATMAROEPrefix": bstr). CWTClaimEATMAROEPrefix = -258 // FIDO Device Onboarding EAT ("EAT-FDO": array). CWTClaimEATFDO = -257 // Reserved value. CWTClaimReserved = 0 // Issuer ("iss": tstr). CWTClaimIss = 1 // Subject ("sub": tstr) CWTClaimSub = 2 // Audience ("aud": tstr) CWTClaimAud = 3 // Expiration Time, as seconds since UNIX epoch ("exp": int/float) CWTClaimExp = 4 // Not Before, as seconds since UNIX epoch ("nbf": int/float) CWTClaimNbf = 5 // Issued at, as seconds since UNIX epoch ("iat": int/float) CWTClaimIat = 6 // CWT ID ("cti": bstr) CWTClaimCti = 7 // Confirmation ("cnf": map) CWTClaimCnf = 8 // Scope of an access token ("scope": bstr/tstr) CWTClaimScope = 9 // Nonce ("nonce": bstr) TEMPORARY, expires 2023-03-23 CWTClaimNonce = 10 // The ACE profile a token is supposed to be used with ("ace_profile": int) CWTClaimACEProfile = 38 // The client-nonce sent to the AS by the RS via the client ("cnonce": bstr) CWTClaimCNonce = 39 // The expiration time of a token measured from when it was received at the RS in seconds ("exi": int) CWTClaimExi = 40 // The Universal Entity ID ("ueid": bstr) TEMPORARY, expires 2023-03-23 CWTClaimUEID = 256 // Hardware OEM ID ("sueids": map) TEMPORARY, expires 2023-03-23 CWTClaimSUEIDs = 257 // Hardware OEM ID ("oemid": bstr/int) TEMPORARY, expires 2023-03-23 CWTClaimOEMID = 258 // Model identifier for hardware ("hwmodel": bstr) TEMPORARY, expires 2023-03-23 CWTClaimHWModel = 259 // Hardware Version Identifier ("hwversion": array) TEMPORARY, expires 2023-03-23 CWTClaimHWVersion = 260 // Indicate whether the boot was secure ("secboot": bool) TEMPORARY, expires 2023-03-23 CWTClaimSecureBoot = 262 // Indicate status of debug facilities ("dbgstat": int) TEMPORARY, expires 2023-03-23 CWTClaimDebugStatus = 263 // The geographic location ("location": map) TEMPORARY, expires 2023-03-23 CWTClaimLocation = 264 // Indicates the EAT profile followed ("eat_profile": uri/oid) TEMPORARY, expires 2023-03-23 CWTClaimProfile = 265 // The section containing submodules ("submods": map) TEMPORARY, expires 2023-03-23 CWTClaimSubmodules = 266 // Reference <https://datatracker.ietf.org/doc/draft-tschofenig-rats-psa-token/09/> // PSA Client ID (N/A: signed integer) CWTClaimPSAClientID = 2394 // PSA Security Lifecycle (N/A: unsigned integer) CWTClaimPSASecurityLifecycle = 2395 // PSA Implementation ID (N/A: bstr) CWTClaimPSAImplementationID = 2396 // PSA Boot Seed (N/A: bstr) CWTClaimPSABootSeed = 2397 // PSA Certification Reference (N/A: tstr) CWTClaimPSACertificationReference = 2398 // PSA Software Components (N/A: array) CWTClaimPSASoftwareComponents = 2399 // PSA Verification Service Indicator (N/A: tstr) CWTClaimPSAVerificationServiceIndicator = 2400 )
CBOR Web Token (CWT) Claims From IANA registry https://www.iana.org/assignments/cwt/cwt.xhtml as of 2022-12-19.
const ( EllipticCurveReserved = 0 // EC2: NIST P-256 also known as secp256r1 EllipticCurveP_256 = 1 // EC2: NIST P-384 also known as secp384r1 EllipticCurveP_384 = 2 // EC2: NIST P-521 also known as secp521r1 EllipticCurveP_521 = 3 // OKP: X25519 for use w/ ECDH only EllipticCurveX25519 = 4 // OKP: X448 for use w/ ECDH only EllipticCurveX448 = 5 // OKP: Ed25519 for use w/ EdDSA only EllipticCurveEd25519 = 6 // OKP: Ed448 for use w/ EdDSA only EllipticCurveEd448 = 7 // EC2: SECG secp256k1 curve EllipticCurveSecp256k1 = 8 )
IANA-registered COSE elliptic curves.
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves as of 2022-12-19.
const ( // Reserved HeaderParameterReserved = 0 // Cryptographic algorithm to use // // Associated value of type int / tstr HeaderParameterAlg = 1 // Critical headers to be understood // // Associated value of type [+ label] HeaderParameterCrit = 2 // Content type of the payload // // Associated value of type tstr / uint HeaderParameterContentType = 3 // Key identifier // // Associated value of type bstr HeaderParameterKid = 4 // Full Initialization Vector // // Associated value of type bstr HeaderParameterIV = 5 // Partial Initialization Vector // // Associated value of type bstr HeaderParameterPartialIV = 6 // CBOR-encoded signature structure // // Associated value of type COSE_Signature / [+ COSE_Signature ] HeaderParameterCounterSignature = 7 // Counter signature with implied signer and headers // // Associated value of type bstr HeaderParameterCounterSignature0 = 9 // Identifies the context for the key identifier // // Associated value of type bstr HeaderParameterKidContext = 10 // V2 countersignature attribute // // Associated value of type COSE_Countersignature / [+ COSE_Countersignature] HeaderParameterCountersignatureV2 = 11 // V2 Abbreviated Countersignature // // Associated value of type COSE_Countersignature0 HeaderParameterCountersignature0V2 = 11 // An unordered bag of X.509 certificates // // Associated value of type COSE_X509 HeaderParameterX5Bag = 32 // An ordered chain of X.509 certificates // // Associated value of type COSE_X509 HeaderParameterX5Chain = 33 // Hash of an X.509 certificate // // Associated value of type COSE_CertHash HeaderParameterX5T = 34 // URI pointing to an X.509 certificate // // Associated value of type uri HeaderParameterX5U = 35 // Challenge Nonce // // Associated value of type bstr HeaderParameterCuphNonce = 256 // Public Key // // Associated value of type array HeaderParameterCuphOwnerPubKey = 257 )
IANA-registered COSE header parameters.
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#header-parameters as of 2022-12-19.
const ( // static key X.509 certificate chain // // Associated value of type COSE_X509 HeaderAlgorithmParameterX5ChainSender = -29 // URI for the sender's X.509 certificate // // Associated value of type uri HeaderAlgorithmParameterX5USender = -28 // Thumbprint for the sender's X.509 certificate // // Associated value of type COSE_CertHash HeaderAlgorithmParameterX5TSender = -27 // Party V other provided information // // Associated value of type bstr HeaderAlgorithmParameterPartyVOther = -26 // Party V provided nonce // // Associated value of type bstr / int HeaderAlgorithmParameterPartyVNonce = -25 // Party V identity information // // Associated value of type bstr HeaderAlgorithmParameterPartyVIdentity = -24 // Party U other provided information // // Associated value of type bstr HeaderAlgorithmParameterPartyUOther = -23 // Party U provided nonce // // Associated value of type bstr / int HeaderAlgorithmParameterPartyUNonce = -22 // Party U identity information // // Associated value of type bstr HeaderAlgorithmParameterPartyUIdentity = -21 // Random salt // // Associated value of type bstr HeaderAlgorithmParameterSalt = -20 // Static public key identifier for the sender // // Associated value of type bstr HeaderAlgorithmParameterStaticKeyId = -3 // Static public key for the sender // // Associated value of type COSE_Key HeaderAlgorithmParameterStaticKey = -2 // Ephemeral public key for the sender // // Associated value of type COSE_Key HeaderAlgorithmParameterEphemeralKey = -1 )
IANA-registered COSE header algorithm parameters.
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#header-algorithm-parameters as of 2022-12-19.
const ( // Reserved value. KeyParameterReserved = 0 // Identification of the key type // // Associated value of type tstr / int KeyParameterKty = 1 // Key identification value - match to kid in message // // Associated value of type bstr KeyParameterKid = 2 // Key usage restriction to this algorithm // // Associated value of type tstr / int KeyParameterAlg = 3 // Restrict set of permissible operations // // Associated value of type [+ (tstr / int)] KeyParameterKeyOps = 4 // Base IV to be XORed with Partial IVs // // Associated value of type bstr KeyParameterBaseIV = 5 )
IANA-registered COSE common key parameters.
From IANA registry <https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters> as of 2022-12-19.
const ( // This value is reserved KeyTypeReserved = 0 // Octet Key Pair KeyTypeOKP = 1 // Elliptic Curve Keys w/ x- and y-coordinate pair KeyTypeEC2 = 2 // RSA Key KeyTypeRSA = 3 // Symmetric Keys KeyTypeSymmetric = 4 // Public key for HSS/LMS hash-based digital signature KeyTypeHSS_LMS = 5 // WalnutDSA public key KeyTypeWalnutDSA = 6 )
IANA-registered COSE key types.
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#key-type as of 2022-12-19.
const ( // EC identifier - Taken from the "COSE Elliptic Curves" registry // // Associated value of type tstr / int OKPKeyParameterCrv = -1 // x-coordinate // // Associated value of type bstr OKPKeyParameterX = -2 // Private key // // Associated value of type bstr OKPKeyParameterD = -4 )
IANA-registered COSE key parameters for keys of type [KeyType::OKP].
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters as of 2022-12-19.
const ( // EC identifier - Taken from the "COSE Elliptic Curves" registry // // Associated value of type tstr / int EC2KeyParameterCrv = -1 // Public Key // // Associated value of type bstr EC2KeyParameterX = -2 // y-coordinate // // Associated value of type bstr / bool EC2KeyParameterY = -3 // Private key // // Associated value of type bstr EC2KeyParameterD = -4 )
IANA-registered COSE key parameters for keys of type [KeyType::EC2].
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters as of 2022-12-19.
const ( // The RSA modulus n // // Associated value of type bstr RSAKeyParameterN = -1 // The RSA public exponent e // // Associated value of type bstr RSAKeyParameterE = -2 // The RSA private exponent d // // Associated value of type bstr RSAKeyParameterD = -3 // The prime factor p of n // // Associated value of type bstr RSAKeyParameterP = -4 // The prime factor q of n // // Associated value of type bstr RSAKeyParameterQ = -5 // dP is d mod (p - 1) // // Associated value of type bstr RSAKeyParameterDP = -6 // dQ is d mod (q - 1) // // Associated value of type bstr RSAKeyParameterDQ = -7 // qInv is the CRT coefficient q^(-1) mod p // // Associated value of type bstr RSAKeyParameterQInv = -8 // Other prime infos, an array // // Associated value of type array RSAKeyParameterOther = -9 // a prime factor r_i of n, where i >= 3 // // Associated value of type bstr RSAKeyParameterRI = -10 // d_i = d mod (r_i - 1) // // Associated value of type bstr RSAKeyParameterDI = -11 // The CRT coefficient t_i = (r_1 * r_2 * ... * r_(i-1))^(-1) mod r_i // // Associated value of type bstr RSAKeyParameterTI = -12 )
IANA-registered COSE key parameters for keys of type [KeyType::RSA].
From IANA registry <https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters> as of 2022-12-19.
const ( // Group and Matrix (NxN) size // // Associated value of type uint WalnutDSAKeyParameterN = -1 // Finite field F_q // // Associated value of type uint WalnutDSAKeyParameterQ = -2 // List of T-values, enties in F_q // // Associated value of type array of uint WalnutDSAKeyParameterTValues = -3 // NxN Matrix of enties in F_q in column-major form // // Associated value of type array of array of uint WalnutDSAKeyParameterMatrix1 = -4 // Permutation associated with matrix 1 // // Associated value of type array of uint WalnutDSAKeyParameterPermutation1 = -5 // NxN Matrix of enties in F_q in column-major form // // Associated value of type array of array of uint WalnutDSAKeyParameterMatrix2 = -6 )
IANA-registered COSE key parameters for keys of type [KeyType::WalnutDSA].
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters as of 2022-12-19.
const ( // Key is used to create signatures. Requires private key fields. KeyOperationSign = 1 // Key is used for verification of signatures. KeyOperationVerify = 2 // Key is used for key transport encryption. KeyOperationEncrypt = 3 // Key is used for key transport decryption. Requires private key fields. KeyOperationDecrypt = 4 // Key is used for key wrap encryption. KeyOperationWrapKey = 5 // Key is used for key wrap decryption. Requires private key fields. KeyOperationUnwrapKey = 6 // Key is used for deriving keys. Requires private key fields. KeyOperationDeriveKey = 7 // Key is used for deriving bits not to be used as a key. Requires private key fields. KeyOperationDeriveBits = 8 // Key is used for creating MACs. KeyOperationMacCreate = 9 // Key is used for validating MACs. KeyOperationMacVerify = 10 )
Key operation values.
See https://datatracker.ietf.org/doc/html/rfc9052#name-key-operation-values
const ( // COSE Single Recipient Encrypted Data Object CBORTagCOSEEncrypt0 = 16 // COSE Mac w/o Recipients Object CBORTagCOSEMac0 = 17 // COSE Single Signer Data Object CBORTagCOSESign1 = 18 // CBOR Web Token (CWT) CBORTagCWT = 61 // COSE Encrypted Data Object CBORTagCOSEEncrypt = 96 // COSE MACed Data Object CBORTagCOSEMac = 97 // COSE Signed Data Object CBORTagCOSESign = 98 )
CBOR tag values for COSE structures.
From IANA registry https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml as of 2022-12-19.
const ( // Public key for HSS/LMS hash-based digital signature // // Associated value of type bstr HSS_LMSKeyParameterPub = -1 )
IANA-registered COSE key parameters for keys of type [KeyType::HSS_LMS].
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters as of 2022-12-19.
const ( // Key Value // // Associated value of type bstr SymmetricKeyParameterK = -1 )
IANA-registered COSE key parameters for keys of type [KeyType::Symmetric].
From IANA registry https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters as of 2022-12-19.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
This section is empty.