webauthncose

package

v0.0.0-...-d197efb Latest Latest Go to latest Published: Oct 18, 2021 License: BSD-3-Clause Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/td4b/webauthn

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DisplayPublicKey(cpk []byte) string
func HasherFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) func() hash.Hash
func ParsePublicKey(keyBytes []byte) (interface{}, error)
func VerifySignature(key interface{}, data []byte, sig []byte) (bool, error)
type COSEAlgorithmIdentifier
type COSEKeyType
type EC2PublicKeyData
- func (k *EC2PublicKeyData) Verify(data []byte, sig []byte) (bool, error)
type Error
- func (err *Error) Error() string
- func (passedError *Error) WithDetails(details string) *Error
type OKPPublicKeyData
- func (k *OKPPublicKeyData) Verify(data []byte, sig []byte) (bool, error)
type PublicKeyData
type RSAPublicKeyData
- func (k *RSAPublicKeyData) Verify(data []byte, sig []byte) (bool, error)
type SignatureAlgorithm
- func SigAlgFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) SignatureAlgorithm

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrUnsupportedKey = &Error{
		Type:    "invalid_key_type",
		Details: "Unsupported Public Key Type",
	}
	ErrUnsupportedAlgorithm = &Error{
		Type:    "unsupported_key_algorithm",
		Details: "Unsupported public key algorithm",
	}
	ErrSigNotProvidedOrInvalid = &Error{
		Type:    "signature_not_provided_or_invalid",
		Details: "Signature invalid or not provided",
	}
)

View Source

var SignatureAlgorithmDetails = []struct {
	algo    SignatureAlgorithm
	coseAlg COSEAlgorithmIdentifier
	name    string
	hasher  func() hash.Hash
}{
	{SHA1WithRSA, AlgRS1, "SHA1-RSA", crypto.SHA1.New},
	{SHA256WithRSA, AlgRS256, "SHA256-RSA", crypto.SHA256.New},
	{SHA384WithRSA, AlgRS384, "SHA384-RSA", crypto.SHA384.New},
	{SHA512WithRSA, AlgRS512, "SHA512-RSA", crypto.SHA512.New},
	{SHA256WithRSAPSS, AlgPS256, "SHA256-RSAPSS", crypto.SHA256.New},
	{SHA384WithRSAPSS, AlgPS384, "SHA384-RSAPSS", crypto.SHA384.New},
	{SHA512WithRSAPSS, AlgPS512, "SHA512-RSAPSS", crypto.SHA512.New},
	{ECDSAWithSHA256, AlgES256, "ECDSA-SHA256", crypto.SHA256.New},
	{ECDSAWithSHA384, AlgES384, "ECDSA-SHA384", crypto.SHA384.New},
	{ECDSAWithSHA512, AlgES512, "ECDSA-SHA512", crypto.SHA512.New},
	{UnknownSignatureAlgorithm, AlgEdDSA, "EdDSA", crypto.SHA512.New},
}

Functions ¶

func DisplayPublicKey ¶

func DisplayPublicKey(cpk []byte) string

func HasherFromCOSEAlg ¶

func HasherFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) func() hash.Hash

Return the Hashing interface to be used for a given COSE Algorithm

func ParsePublicKey ¶

func ParsePublicKey(keyBytes []byte) (interface{}, error)

Figure out what kind of COSE material was provided and create the data for the new key

func VerifySignature ¶

func VerifySignature(key interface{}, data []byte, sig []byte) (bool, error)

Types ¶

type COSEAlgorithmIdentifier ¶

type COSEAlgorithmIdentifier int

COSEAlgorithmIdentifier From §5.10.5. A number identifying a cryptographic algorithm. The algorithm identifiers SHOULD be values registered in the IANA COSE Algorithms registry [https://www.w3.org/TR/webauthn/#biblio-iana-cose-algs-reg], for instance, -7 for "ES256"

and -257 for "RS256".

const (
	// AlgES256 ECDSA with SHA-256
	AlgES256 COSEAlgorithmIdentifier = -7
	// AlgES384 ECDSA with SHA-384
	AlgES384 COSEAlgorithmIdentifier = -35
	// AlgES512 ECDSA with SHA-512
	AlgES512 COSEAlgorithmIdentifier = -36
	// AlgRS1 RSASSA-PKCS1-v1_5 with SHA-1
	AlgRS1 COSEAlgorithmIdentifier = -65535
	// AlgRS256 RSASSA-PKCS1-v1_5 with SHA-256
	AlgRS256 COSEAlgorithmIdentifier = -257
	// AlgRS384 RSASSA-PKCS1-v1_5 with SHA-384
	AlgRS384 COSEAlgorithmIdentifier = -258
	// AlgRS512 RSASSA-PKCS1-v1_5 with SHA-512
	AlgRS512 COSEAlgorithmIdentifier = -259
	// AlgPS256 RSASSA-PSS with SHA-256
	AlgPS256 COSEAlgorithmIdentifier = -37
	// AlgPS384 RSASSA-PSS with SHA-384
	AlgPS384 COSEAlgorithmIdentifier = -38
	// AlgPS512 RSASSA-PSS with SHA-512
	AlgPS512 COSEAlgorithmIdentifier = -39
	// AlgEdDSA EdDSA
	AlgEdDSA COSEAlgorithmIdentifier = -8
)

type COSEKeyType ¶

type COSEKeyType int

The Key Type derived from the IANA COSE AuthData

const (
	// OctetKey is an Octet Key
	OctetKey COSEKeyType = 1
	// EllipticKey is an Elliptic Curve Public Key
	EllipticKey COSEKeyType = 2
	// RSAKey is an RSA Public Key
	RSAKey COSEKeyType = 3
)

type EC2PublicKeyData ¶

type EC2PublicKeyData struct {
	PublicKeyData
	// If the key type is EC2, the curve on which we derive the signature from.
	Curve int64 `cbor:"-1,keyasint,omitempty" json:"crv"`
	// A byte string 32 bytes in length that holds the x coordinate of the key.
	XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"`
	// A byte string 32 bytes in length that holds the y coordinate of the key.
	YCoord []byte `cbor:"-3,keyasint,omitempty" json:"y"`
}

func (*EC2PublicKeyData) Verify ¶

func (k *EC2PublicKeyData) Verify(data []byte, sig []byte) (bool, error)

Verify Elliptic Curce Public Key Signature

type Error ¶

type Error struct {
	// Short name for the type of error that has occurred
	Type string `json:"type"`
	// Additional details about the error
	Details string `json:"error"`
	// Information to help debug the error
	DevInfo string `json:"debug"`
}

func (*Error) Error ¶

func (err *Error) Error() string

func (*Error) WithDetails ¶

func (passedError *Error) WithDetails(details string) *Error

type OKPPublicKeyData ¶

type OKPPublicKeyData struct {
	PublicKeyData
	Curve int64
	// A byte string that holds the x coordinate of the key.
	XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"`
}

func (*OKPPublicKeyData) Verify ¶

func (k *OKPPublicKeyData) Verify(data []byte, sig []byte) (bool, error)

Verify Octet Key Pair (OKP) Public Key Signature

type PublicKeyData ¶

type PublicKeyData struct {

	// The type of key created. Should be OKP, EC2, or RSA.
	KeyType int64 `cbor:"1,keyasint" json:"kty"`
	// A COSEAlgorithmIdentifier for the algorithm used to derive the key signature.
	Algorithm int64 `cbor:"3,keyasint" json:"alg"`
	// contains filtered or unexported fields
}

PublicKeyData The public key portion of a Relying Party-specific credential key pair, generated by an authenticator and returned to a Relying Party at registration time. We unpack this object using fxamacker's cbor library ("github.com/fxamacker/cbor/v2") which is why there are cbor tags included. The tag field values correspond to the IANA COSE keys that give their respective values. See §6.4.1.1 https://www.w3.org/TR/webauthn/#sctn-encoded-credPubKey-examples for examples of this COSE data.

type RSAPublicKeyData ¶

type RSAPublicKeyData struct {
	PublicKeyData
	// Represents the modulus parameter for the RSA algorithm
	Modulus []byte `cbor:"-1,keyasint,omitempty" json:"n"`
	// Represents the exponent parameter for the RSA algorithm
	Exponent []byte `cbor:"-2,keyasint,omitempty" json:"e"`
}

func (*RSAPublicKeyData) Verify ¶

func (k *RSAPublicKeyData) Verify(data []byte, sig []byte) (bool, error)

Verify RSA Public Key Signature

type SignatureAlgorithm ¶

type SignatureAlgorithm int

Algorithm enumerations used for

const (
	UnknownSignatureAlgorithm SignatureAlgorithm = iota
	MD2WithRSA
	MD5WithRSA
	SHA1WithRSA
	SHA256WithRSA
	SHA384WithRSA
	SHA512WithRSA
	DSAWithSHA1
	DSAWithSHA256
	ECDSAWithSHA1
	ECDSAWithSHA256
	ECDSAWithSHA384
	ECDSAWithSHA512
	SHA256WithRSAPSS
	SHA384WithRSAPSS
	SHA512WithRSAPSS
)

func SigAlgFromCOSEAlg ¶

func SigAlgFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) SignatureAlgorithm

Return which signature algorithm is being used from the COSE Key

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL