Documentation ¶
Overview ¶
Package key implements algorithms and key objects for COSE as defined in RFC9052 and RFC9053. https://datatracker.ietf.org/doc/html/rfc9052#name-key-objects. https://datatracker.ietf.org/doc/html/rfc9053.
Index ¶
- func Base64Bytesify(s string) []byte
- func ComputeHash(h crypto.Hash, data []byte) ([]byte, error)
- func GetRandomBytes(n uint16) []byte
- func GetRandomUint32() uint32
- func HexBytesify(h string) []byte
- func MarshalCBOR(v any) ([]byte, error)
- func MustMarshalCBOR(v any) []byte
- func RegisterEncryptor(kty, alg int, fn EncryptorFactory)
- func RegisterMACer(kty, alg int, fn MACerFactory)
- func RegisterSigner(kty, alg, crv int, fn SignerFactory)
- func RegisterVerifier(kty, alg, crv int, fn VerifierFactory)
- func ToInt(v any) (int, error)
- func UnmarshalCBOR(data []byte, v any) error
- func ValidCBOR(data []byte) error
- type Alg
- type ByteStr
- type Encryptor
- type EncryptorFactory
- type IntMap
- func (m IntMap) Bytesify() []byte
- func (m IntMap) GetBool(k int) (bool, error)
- func (m IntMap) GetBytes(k int) (b []byte, err error)
- func (m IntMap) GetInt(k int) (int, error)
- func (m IntMap) GetInt64(k int) (int64, error)
- func (m IntMap) GetIntMap(k int) (IntMap, error)
- func (m IntMap) GetString(k int) (string, error)
- func (m IntMap) GetUint64(k int) (uint64, error)
- func (m IntMap) Has(k int) bool
- func (m IntMap) MarshalCBOR() ([]byte, error)
- func (m *IntMap) UnmarshalCBOR(data []byte) error
- type Key
- func (k Key) Alg() Alg
- func (k Key) BaseIV() ByteStr
- func (k Key) Bytesify() []byte
- func (k Key) Encryptor() (Encryptor, error)
- func (k Key) GetBool(p int) (bool, error)
- func (k Key) GetBytes(p int) ([]byte, error)
- func (k Key) GetInt(p int) (int, error)
- func (k Key) GetInt64(p int) (int64, error)
- func (k Key) GetString(p int) (string, error)
- func (k Key) GetUint64(p int) (uint64, error)
- func (k Key) Has(p int) bool
- func (k Key) Kid() ByteStr
- func (k Key) Kty() int
- func (k Key) MACer() (MACer, error)
- func (k Key) MarshalCBOR() ([]byte, error)
- func (k Key) Ops() Ops
- func (k Key) SetKid(kid ByteStr)
- func (k Key) SetOps(os ...int)
- func (k Key) Signer() (Signer, error)
- func (k *Key) UnmarshalCBOR(data []byte) error
- func (k Key) Verifier() (Verifier, error)
- type KeySet
- type MACer
- type MACerFactory
- type Ops
- type Signer
- type SignerFactory
- type Signers
- type Verifier
- type VerifierFactory
- type Verifiers
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Base64Bytesify ¶
Base64Bytesify converts a base64url string to []byte. It returns nil if the string is not a valid base64url string.
func ComputeHash ¶
ComputeHash computes a hash of the given data using the given hash.
func GetRandomBytes ¶
GetRandomBytes randomly generates n bytes.
func GetRandomUint32 ¶
func GetRandomUint32() uint32
GetRandomUint32 randomly generates an unsigned 32-bit integer.
func HexBytesify ¶
HexBytesify converts a hex string to []byte. It returns nil if the string is not a valid hex string.
func MarshalCBOR ¶
MarshalCBOR marshals value with the special cbor.EncOptions.
func MustMarshalCBOR ¶
MustMarshalCBOR marshals value with the special cbor.EncOptions. It will panic if marshaling failed.
func RegisterEncryptor ¶
func RegisterEncryptor(kty, alg int, fn EncryptorFactory)
RegisterEncryptor registers a EncryptorFactory for the given key type and algorithm.
func RegisterMACer ¶
func RegisterMACer(kty, alg int, fn MACerFactory)
RegisterMACer registers a MACerFactory for the given key type and algorithm.
func RegisterSigner ¶
func RegisterSigner(kty, alg, crv int, fn SignerFactory)
RegisterSigner registers a SignerFactory for the given key type, algorithm, and curve. For example, to register a ed25519 signer factory:
key.RegisterSigner(iana.KeyTypeOKP, iana.AlgorithmEdDSA, iana.EllipticCurveEd25519, ed25519.NewSigner)
func RegisterVerifier ¶
func RegisterVerifier(kty, alg, crv int, fn VerifierFactory)
RegisterVerifier registers a VerifierFactory for the given key type, algorithm, and curve.
func ToInt ¶ added in v0.6.0
ToInt converts the given value to int, the range is [math.MinInt32, math.MaxInt32].
func UnmarshalCBOR ¶
UnmarshalCBOR unmarshals data into value with the special cbor.DecOptions.
Types ¶
type Alg ¶
type Alg int
Alg represents an IANA algorithm entry in the COSE Algorithms registry.
Reference https://www.iana.org/assignments/cose/cose.xhtml#algorithms
type ByteStr ¶
type ByteStr []byte
ByteStr represents a byte string.
func (ByteStr) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface for ByteStr.
func (ByteStr) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface for ByteStr.
type Encryptor ¶
type Encryptor interface { // Encrypt encrypts a plaintext with the given nonce and additional data. // It returns the ciphertext or error. Encrypt(nonce, plaintext, additionalData []byte) (ciphertext []byte, err error) // Decrypt decrypts a ciphertext with the given nonce and additional data. // It returns the corresponding plaintext or error. Decrypt(nonce, ciphertext, additionalData []byte) (plaintext []byte, err error) // NonceSize returns the size of the nonce for encrypting and decrypting. NonceSize() int // Key returns the symmetric key in the Encryptor. // If the key's "key_ops" field is present, it MUST include "encrypt":3 when encrypting an plaintext. // If the key's "key_ops" field is present, it MUST include "decrypt":4 when decrypting an ciphertext. Key() Key }
Encryptor is the encrypting and decrypting interface for content encryption. It is used in COSE_Encrypt and COSE_Encrypt0.
Reference https://datatracker.ietf.org/doc/html/rfc9052#name-content-encryption-algorith.
type EncryptorFactory ¶
EncryptorFactory is a function that returns a Encryptor for the given key.
type IntMap ¶
IntMap represents a map of int to any value. It is the base type of key.Key, cose.Header, cwt.ClaimsMap.
func (IntMap) Bytesify ¶ added in v0.6.6
Bytesify returns a CBOR-encoded byte slice. It returns nil if MarshalCBOR failed.
func (IntMap) GetBool ¶
GetBool returns the value for the key as an boolean. If the key is not present, it returns (false, nil). If the underlying value's Kind is not Bool, it returns (false, error).
func (IntMap) GetBytes ¶
GetBytes returns the value for the key as an []byte. If the key is not present, it returns (nil, nil). If the underlying value is not a slice of bytes or an addressable array of bytes, it returns (nil, error).
func (IntMap) GetInt ¶
GetInt returns the value for the key as an int. If the key is not present, it returns (0, nil). If the underlying value's Kind is not Int, Int8, Int16, Int32, Int64, Uint, Uint8, Uint16, Uint32, Int64, or the value's range is out of [math.MinInt32, math.MaxInt32], it returns (0, error).
func (IntMap) GetInt64 ¶ added in v0.6.0
GetInt64 returns the value for the key as an int64. If the key is not present, it returns (0, nil). If the underlying value's Kind is not Int, Int8, Int16, Int32, Int64, Uint, Uint8, Uint16, Uint32, Int64, or the value is overflows, it returns (0, error).
func (IntMap) GetIntMap ¶ added in v0.6.9
GetIntMap returns the value for the key as an IntMap. If the key is not present, it returns (nil, nil). If the underlying value is not a IntMap, it returns (nil, error).
func (IntMap) GetString ¶
GetString returns the value for the key as an string. If the key is not present, it returns ("", nil). If the underlying value is not a string, it returns ("", error).
func (IntMap) GetUint64 ¶ added in v0.6.0
GetUint64 returns the value for the key as an uint64. If the key is not present, it returns (0, nil). If the underlying value's Kind is not Int, Int8, Int16, Int32, Int64, Uint, Uint8, Uint16, Uint32, Int64, or the value is overflows, it returns (0, error).
func (IntMap) MarshalCBOR ¶
MarshalCBOR implements the CBOR Marshaler interface for IntMap.
func (*IntMap) UnmarshalCBOR ¶ added in v0.6.6
UnmarshalCBOR implements the CBOR Unmarshaler interface for IntMap.
type Key ¶
type Key IntMap
Key represents a COSE_Key object.
Reference https://datatracker.ietf.org/doc/html/rfc9052#name-key-objects.
func (Key) Alg ¶
Alg returns the key algorithm. If It is elliptic-curves key and algorithm is not present, it will return the algorithm that matched the curve.
Reference https://www.iana.org/assignments/cose/cose.xhtml#algorithms
func (Key) BaseIV ¶
BaseIV returns the base IV to be XORed with Partial IVs.
Reference https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
func (Key) Bytesify ¶
Bytesify returns a CBOR-encoded byte slice. It returns nil if MarshalCBOR failed.
func (Key) Encryptor ¶
Encryptor returns a Encryptor for the given key. If the key is nil, or EncryptorFactory for the given key type and algorithm not registered, an error is returned.
func (Key) GetBytes ¶
GetBytes returns the value of the given parameter as a slice of bytes, or a error.
func (Key) GetInt ¶ added in v0.6.0
GetInt returns the value of the given parameter as a int, or a error.
func (Key) GetInt64 ¶ added in v0.6.0
GetInt64 returns the value of the given parameter as a int64, or a error.
func (Key) GetString ¶ added in v0.6.0
GetString returns the value of the given parameter as a string, or a error.
func (Key) GetUint64 ¶ added in v0.6.0
GetUint64 returns the value of the given parameter as a uint64, or a error.
func (Key) Kid ¶
Kid returns the key identifier. If the key identifier is not present, or the underlying value's Kind is not []byte, it returns nil.
func (Key) Kty ¶
Kty returns the key type. If the key is nil, it returns KtyReserved.
Reference https://www.iana.org/assignments/cose/cose.xhtml#key-type
func (Key) MACer ¶
MACer returns a MACer for the given key. If the key is nil, or MACerFactory for the given key type and algorithm not registered, an error is returned.
func (Key) MarshalCBOR ¶
MarshalCBOR implements the CBOR Marshaler interface for Key.
func (Key) Ops ¶
Ops returns the key operations, or nil.
Reference https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
func (Key) SetOps ¶
SetOps sets the key operations. If operations is empty, it will remove the key_ops field.
func (Key) Signer ¶
Signer returns a Signer for the given key. If the key is nil, or SignerFactory for the given key type, algorithm, and curve not registered, an error is returned.
func (*Key) UnmarshalCBOR ¶ added in v0.6.0
UnmarshalCBOR implements the CBOR Unmarshaler interface for Key.
type KeySet ¶
type KeySet []Key
KeySet is a set of Keys.
func (KeySet) Lookup ¶
Lookup returns the first key matching the given key id. return nil if there are no keys matching the key id
type MACer ¶
type MACer interface { // MACCreate computes message authentication code (MAC) for the given data. MACCreate(data []byte) ([]byte, error) // MACVerify verifies whether the given MAC is a correct message authentication code (MAC) for the given data. MACVerify(data, mac []byte) error // Key returns the key in the MACer. // If the key's "key_ops" field is present, it MUST include "MAC create":9 when creating an HMAC authentication tag. // If the key's "key_ops" field is present, it MUST include "MAC verify":10 when verifying an HMAC authentication tag. Key() Key }
MACer is the MAC interface for MAC objects. It is used in COSE_Mac and COSE_Mac0.
Reference https://datatracker.ietf.org/doc/html/rfc9052#name-message-authentication-code.
type MACerFactory ¶
MACerFactory is a function that returns a MACer for the given key.
type Ops ¶
type Ops []int
Ops represents the key operations.
func (Ops) EmptyOrHas ¶
EmptyOrHas returns true if the operations is empty, or the given operation is in the operations.
type Signer ¶
type Signer interface { // Computes the digital signature for data. Sign(data []byte) ([]byte, error) // Key returns the private key in the Signer. // If the key's "key_ops" field is present, it MUST include "sign":1. Key() Key }
Signer is the signing interface for signing objects. It is used in COSE_Sign and COSE_Sign1.
Reference https://datatracker.ietf.org/doc/html/rfc9052#name-signature-algorithms.
type SignerFactory ¶
SignerFactory is a function that returns a Signer for the given key.
type Signers ¶
type Signers []Signer
Signers is a list of signers to be used for signing with one or more signers.
Reference https://datatracker.ietf.org/doc/html/rfc9052#name-signing-with-one-or-more-si.
type Verifier ¶
type Verifier interface { // Verifies returns nil if signature is a valid signature for data; otherwise returns an error. Verify(data, signature []byte) error // Key returns the public key in the Verifier. // The key returned by this method should not include private key bytes. // If the key's "key_ops" field is present, it MUST include "verify":12. Key() Key }
Verifier is the verifying interface for signing objects.
Reference https://datatracker.ietf.org/doc/html/rfc9052#name-signature-algorithms.
type VerifierFactory ¶
VerifierFactory is a function that returns a Verifier for the given key.
type Verifiers ¶
type Verifiers []Verifier
Verifiers is a list of verifiers to be used for verifying with one or more verifiers.
Reference https://datatracker.ietf.org/doc/html/rfc9052#name-signing-with-one-or-more-si.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package aesccm implements content encryption algorithm AES-CCM for COSE as defined in RFC9053.
|
Package aesccm implements content encryption algorithm AES-CCM for COSE as defined in RFC9053. |
Package aesgcm implements content encryption algorithm AES-GCM for COSE as defined in RFC9053.
|
Package aesgcm implements content encryption algorithm AES-GCM for COSE as defined in RFC9053. |
Package aesmac implements message authentication code algorithm AES-CBC-MAC for COSE as defined in RFC9053.
|
Package aesmac implements message authentication code algorithm AES-CBC-MAC for COSE as defined in RFC9053. |
Package chacha20poly1305 implements content encryption algorithm ChaCha20/Poly1305 for COSE as defined in RFC9053.
|
Package chacha20poly1305 implements content encryption algorithm ChaCha20/Poly1305 for COSE as defined in RFC9053. |
Package ecdsa implements signature algorithm ECDSA for COSE as defined in RFC9053.
|
Package ecdsa implements signature algorithm ECDSA for COSE as defined in RFC9053. |
Package ed25519 implements signature algorithm Ed25519 for COSE as defined in RFC9053.
|
Package ed25519 implements signature algorithm Ed25519 for COSE as defined in RFC9053. |
Package hkdf implements key derivation function HKDF for COSE as defined in RFC9053.
|
Package hkdf implements key derivation function HKDF for COSE as defined in RFC9053. |
Package hmac implements message authentication code algorithm HMAC for COSE as defined in RFC9053.
|
Package hmac implements message authentication code algorithm HMAC for COSE as defined in RFC9053. |