Documentation ¶
Index ¶
- Constants
- Variables
- func CompressHeaders(headers map[interface{}]interface{}) (compressed map[interface{}]interface{})
- func DecompressHeaders(headers map[interface{}]interface{}) (decompressed map[interface{}]interface{})
- func FromBase64Int(data string) *big.Int
- func GetCOSEHandle() (h *codec.CborHandle)
- func GetCommonHeaderLabel(tag int) (label string, err error)
- func GetCommonHeaderTag(label string) (tag int, err error)
- func GetCommonHeaderTagOrPanic(label string) (tag int)
- func I2OSP(b *big.Int, n int) []byte
- func Marshal(o interface{}) (b []byte, err error)
- func Unmarshal(b []byte) (o interface{}, err error)
- type Algorithm
- type Ext
- type Headers
- func (h *Headers) Decode(o []interface{}) (err error)
- func (h *Headers) DecodeProtected(o interface{}) (err error)
- func (h *Headers) DecodeUnprotected(o interface{}) (err error)
- func (h *Headers) EncodeProtected() (bstr []byte)
- func (h *Headers) EncodeUnprotected() (encoded map[interface{}]interface{})
- func (h *Headers) MarshalBinary() (data []byte, err error)
- func (h *Headers) UnmarshalBinary(data []byte) (err error)
- type SignMessage
- func (m *SignMessage) AddSignature(s *Signature)
- func (m *SignMessage) SigStructure(external []byte, signature *Signature) (ToBeSigned []byte, err error)
- func (m *SignMessage) Sign(rand io.Reader, external []byte, opts SignOpts) (err error)
- func (m *SignMessage) SignatureDigest(external []byte, signature *Signature) (digest []byte, err error)
- func (m *SignMessage) Verify(external []byte, opts *VerifyOpts) (err error)
- type SignOpts
- type Signature
- type Signer
- type Verifier
- type VerifyOpts
Constants ¶
const ( // Encrypt0MessageCBORTag is the CBOR tag for an Encrypt0Message Encrypt0MessageCBORTag = 16 // MAC0MessageCBORTag is the CBOR tag for a MAC0Message MAC0MessageCBORTag = 17 // Sign1MessageCBORTag is the CBOR tag for a Sign1Message Sign1MessageCBORTag = 18 // EncryptMessageCBORTag is the CBOR tag for an EncryptMessage EncryptMessageCBORTag = 96 // MACMessageCBORTag is the CBOR tag for a MACMessage MACMessageCBORTag = 97 // SignMessageCBORTag is the CBOR tag for a SignMessage SignMessageCBORTag = 98 )
const ( // ContextSignature for signatures using the COSE_Signature structure ContextSignature = "Signature" // ContextSignature1 for signatures using the COSE_Sign1 structure ContextSignature1 = "Signature1" // ContextCounterSignature for signatures used as counter signature attributes ContextCounterSignature = "CounterSignature" )
Variables ¶
var ( ErrInvalidAlg = errors.New("Invalid algorithm") ErrAlgNotFound = errors.New("Error fetching alg") ErrECDSAVerification = errors.New("verification failed ecdsa.Verify") ErrRSAPSSVerification = errors.New("verification failed rsa.VerifyPSS err crypto/rsa: verification error") ErrMissingCOSETagForLabel = errors.New("No common COSE tag for label") ErrMissingCOSETagForTag = errors.New("No common COSE label for tag") ErrNilSigHeader = errors.New("Signature.headers is nil") ErrNilSigProtectedHeaders = errors.New("Signature.headers.protected is nil") ErrNilSignatures = errors.New("SignMessage.signatures is nil. Use AddSignature to add one") ErrNoSignatures = errors.New("No signatures to sign the message. Use AddSignature to add them") ErrNoSignerFound = errors.New("No signer found") ErrNoVerifierFound = errors.New("No verifier found") ErrUnknownPrivateKeyType = errors.New("Unrecognized private key type") ErrUnknownPublicKeyType = errors.New("Unrecognized public key type") )
var Algorithms = []Algorithm{ Algorithm{ Name: "RSAES-OAEP w/ SHA-512", Value: -42, }, Algorithm{ Name: "RSAES-OAEP w/ SHA-256", Value: -41, }, Algorithm{ Name: "RSAES-OAEP w/ RFC 8017 default parameters", Value: -40, }, Algorithm{ Name: "PS512", Value: -39, }, Algorithm{ Name: "PS384", Value: -38, }, Algorithm{ Name: "PS256", Value: -37, HashFunc: crypto.SHA256, }, Algorithm{ Name: "ES512", Value: -36, HashFunc: crypto.SHA512, // contains filtered or unexported fields }, Algorithm{ Name: "ES384", Value: -35, HashFunc: crypto.SHA384, // contains filtered or unexported fields }, Algorithm{ Name: "ECDH-SS + A256KW", Value: -34, }, Algorithm{ Name: "ECDH-SS + A192KW", Value: -33, }, Algorithm{ Name: "ECDH-SS + A128KW", Value: -32, }, Algorithm{ Name: "ECDH-ES + A256KW", Value: -31, }, Algorithm{ Name: "ECDH-ES + A192KW", Value: -30, }, Algorithm{ Name: "ECDH-ES + A128KW", Value: -29, }, Algorithm{ Name: "ECDH-SS + HKDF-512", Value: -28, }, Algorithm{ Name: "ECDH-SS + HKDF-256", Value: -27, }, Algorithm{ Name: "ECDH-ES + HKDF-512", Value: -26, }, Algorithm{ Name: "ECDH-ES + HKDF-256", Value: -25, }, Algorithm{ Name: "direct+HKDF-AES-256", Value: -13, }, Algorithm{ Name: "direct+HKDF-AES-128", Value: -12, }, Algorithm{ Name: "direct+HKDF-SHA-512", Value: -11, }, Algorithm{ Name: "direct+HKDF-SHA-256", Value: -10, }, Algorithm{ Name: "EdDSA", Value: -8, }, Algorithm{ Name: "ES256", Value: -7, HashFunc: crypto.SHA256, // contains filtered or unexported fields }, Algorithm{ Name: "direct", Value: -6, }, Algorithm{ Name: "A256KW", Value: -5, }, Algorithm{ Name: "A192KW", Value: -4, }, Algorithm{ Name: "A128KW", Value: -3, }, Algorithm{ Name: "A128GCM", Value: 1, }, Algorithm{ Name: "A192GCM", Value: 2, }, Algorithm{ Name: "A256GCM", Value: 3, }, Algorithm{ Name: "HMAC 256/64", Value: 4, }, Algorithm{ Name: "HMAC 256/256", Value: 5, }, Algorithm{ Name: "HMAC 384/384", Value: 6, }, Algorithm{ Name: "HMAC 512/512", Value: 7, }, Algorithm{ Name: "AES-CCM-16-64-128", Value: 10, }, Algorithm{ Name: "AES-CCM-16-64-256", Value: 11, }, Algorithm{ Name: "AES-CCM-64-64-128", Value: 12, }, Algorithm{ Name: "AES-CCM-64-64-256", Value: 13, }, Algorithm{ Name: "AES-MAC 128/64", Value: 14, }, Algorithm{ Name: "AES-MAC 256/64", Value: 15, }, Algorithm{ Name: "ChaCha20/Poly1305", Value: 24, }, Algorithm{ Name: "AES-MAC 128/128", Value: 25, }, Algorithm{ Name: "AES-MAC 256/128", Value: 26, }, Algorithm{ Name: "AES-CCM-16-128-128", Value: 30, }, Algorithm{ Name: "AES-CCM-16-128-256", Value: 31, }, Algorithm{ Name: "AES-CCM-64-128-128", Value: 32, }, Algorithm{ Name: "AES-CCM-64-128-256", Value: 33, }, }
Algorithms is an array/slice of IANA algorithms
Functions ¶
func CompressHeaders ¶
func CompressHeaders(headers map[interface{}]interface{}) (compressed map[interface{}]interface{})
CompressHeaders replaces string tags with their int values and alg tags with their IANA int values. Is the inverse of DecompressHeaders.
func DecompressHeaders ¶
func DecompressHeaders(headers map[interface{}]interface{}) (decompressed map[interface{}]interface{})
DecompressHeaders replaces int values with string tags and alg int values with their IANA labels. Is the inverse of CompressHeaders.
func FromBase64Int ¶
FromBase64Int decodes a base64-encoded string into a big.Int or panics
from https://github.com/square/go-jose/blob/789a4c4bd4c118f7564954f441b29c153ccd6a96/utils_test.go#L45 Apache License 2.0
func GetCOSEHandle ¶
func GetCOSEHandle() (h *codec.CborHandle)
GetCOSEHandle returns a codec.CborHandle with an extension registered for COSE SignMessage as CBOR tag 98
func GetCommonHeaderLabel ¶
GetCommonHeaderLabel returns the CBOR label for the map tag. Is the inverse of GetCommonHeaderTag.
func GetCommonHeaderTag ¶
GetCommonHeaderTag returns the CBOR tag for the map label
using Common COSE Headers Parameters Table 2 https://tools.ietf.org/html/rfc8152#section-3.1
func GetCommonHeaderTagOrPanic ¶
GetCommonHeaderTagOrPanic returns the CBOR label for a string. Is the inverse of GetCommonHeaderLabel.
func I2OSP ¶
I2OSP converts a nonnegative integer to an octet string of a specified length https://tools.ietf.org/html/rfc8017#section-4.1
implementation from https://github.com/r2ishiguro/vrf/blob/69d5bfb37b72b7b932ffe34213778bdb319f0438/go/vrf_ed25519/vrf_ed25519.go#L206 (Apache License 2.0)
Types ¶
type Algorithm ¶
type Algorithm struct { Name string Value int HashFunc crypto.Hash // optional hash function for SignMessages // contains filtered or unexported fields }
Algorithm represents an IANA algorithm's parameters (Name, Value/ID, and optional extra data)
From the spec:
NOTE: The assignment of algorithm identifiers in this document was done so that positive numbers were used for the first layer objects (COSE_Sign, COSE_Sign1, COSE_Encrypt, COSE_Encrypt0, COSE_Mac, and COSE_Mac0). Negative numbers were used for second layer objects (COSE_Signature and COSE_recipient).
https://www.iana.org/assignments/cose/cose.xhtml#header-algorithm-parameters
https://tools.ietf.org/html/rfc8152#section-16.4
func GetAlgByName ¶
GetAlgByName returns a Algorithm for an IANA name
func GetAlgByNameOrPanic ¶
GetAlgByNameOrPanic returns a Algorithm for an IANA name and panics otherwise
func GetAlgByValue ¶
GetAlgByValue returns a Algorithm for an IANA value
type Ext ¶
type Ext struct{}
Ext is a codec.cbor extension to handle custom (de)serialization of types to/from another interface{} value
https://godoc.org/github.com/ugorji/go/codec#InterfaceExt
func (Ext) ConvertExt ¶
func (x Ext) ConvertExt(v interface{}) interface{}
ConvertExt converts a value into a simpler interface for easier encoding
func (Ext) UpdateExt ¶
func (x Ext) UpdateExt(dest interface{}, v interface{})
UpdateExt updates a value from a simpler interface for easy decoding dest is always a point
Note: dest is always a pointer kind to the registered extension type.
Unpacks a SignMessage described by CDDL fragments:
COSE_Sign = [
Headers, payload : bstr / nil, signatures : [+ COSE_Signature]
]
COSE_Signature = [
Headers, signature : bstr
]
Headers = (
protected : empty_or_serialized_map, unprotected : header_map
)
header_map = { Generic_Headers, * label => values }
empty_or_serialized_map = bstr .cbor header_map / bstr .size 0
Generic_Headers = (
? 1 => int / tstr, ; algorithm identifier ? 2 => [+label], ; criticality ? 3 => tstr / int, ; content type ? 4 => bstr, ; key identifier ? 5 => bstr, ; IV ? 6 => bstr, ; Partial IV ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature
)
Note: the decoder will convert panics to errors
type Headers ¶
type Headers struct { Protected map[interface{}]interface{} Unprotected map[interface{}]interface{} }
Headers represents "two buckets of information that are not considered to be part of the payload itself, but are used for holding information about content, algorithms, keys, or evaluation hints for the processing of the layer."
https://tools.ietf.org/html/rfc8152#section-3
It is represented by CDDL fragments:
Headers = (
protected : empty_or_serialized_map, unprotected : header_map
)
header_map = { Generic_Headers, * label => values }
empty_or_serialized_map = bstr .cbor header_map / bstr .size 0
Generic_Headers = (
? 1 => int / tstr, ; algorithm identifier ? 2 => [+label], ; criticality ? 3 => tstr / int, ; content type ? 4 => bstr, ; key identifier ? 5 => bstr, ; IV ? 6 => bstr, ; Partial IV ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature
)
func (*Headers) Decode ¶
Decode loads a two element interface{} slice into Headers.protected and unprotected respectively
func (*Headers) DecodeProtected ¶
DecodeProtected Unmarshals and sets Headers.protected from an interface{}
func (*Headers) DecodeUnprotected ¶
DecodeUnprotected Unmarshals and sets Headers.unprotected from an interface{}
func (*Headers) EncodeProtected ¶
EncodeProtected compresses and Marshals protected headers to bytes to encode as a CBOR bstr TODO: check for dups in maps
func (*Headers) EncodeUnprotected ¶
func (h *Headers) EncodeUnprotected() (encoded map[interface{}]interface{})
EncodeUnprotected returns compressed unprotected headers
func (*Headers) MarshalBinary ¶
MarshalBinary is called by codec to serialize Headers to CBOR bytes
func (*Headers) UnmarshalBinary ¶
UnmarshalBinary is not implemented and panics
type SignMessage ¶
SignMessage represents a COSESignMessage with CDDL fragment:
COSE_Sign = [
Headers, payload : bstr / nil, signatures : [+ COSE_Signature]
]
https://tools.ietf.org/html/rfc8152#section-4.1
func NewSignMessage ¶
func NewSignMessage(payload []byte) (msg SignMessage)
NewSignMessage takes a []byte payload and returns a new SignMessage with empty headers and signatures
func (*SignMessage) AddSignature ¶
func (m *SignMessage) AddSignature(s *Signature)
AddSignature adds a signature to the message signatures creating an empty []Signature if necessary
func (*SignMessage) SigStructure ¶
func (m *SignMessage) SigStructure(external []byte, signature *Signature) (ToBeSigned []byte, err error)
SigStructure returns the byte slice to be signed
func (*SignMessage) SignatureDigest ¶
func (m *SignMessage) SignatureDigest(external []byte, signature *Signature) (digest []byte, err error)
SignatureDigest takes an extra external byte slice and a Signature and returns the SigStructure (i.e. ToBeSigned) hashed using the algorithm from the signature parameter
TODO: check that signature is in SignMessage?
func (*SignMessage) Verify ¶
func (m *SignMessage) Verify(external []byte, opts *VerifyOpts) (err error)
Verify verifies all signatures on the SignMessage returning nil for success or an error
type SignOpts ¶
type SignOpts struct { HashFunc crypto.Hash GetSigner func(index int, signature Signature) (Signer, error) }
SignOpts are options for Signer.Sign()
HashFunc is the crypto.Hash to apply to the SigStructure func GetSigner returns the cose.Signer for the signature protected key ID or an error when one isn't found
type Signature ¶
Signature represents a COSE signature with CDDL fragment:
COSE_Signature = [
Headers, signature : bstr
]
https://tools.ietf.org/html/rfc8152#section-4.1
func NewSignature ¶
func NewSignature() (s *Signature)
NewSignature returns a new COSE Signature with empty headers and nil signature bytes
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer holds a private key for signing SignMessages implements crypto.Signer interface
func NewSigner ¶
func NewSigner(privateKey crypto.PrivateKey) (signer *Signer, err error)
NewSigner checks whether the privateKey is supported and returns a new cose.Signer