1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
package cose
import (
"crypto"
"strconv"
)
// Algorithms supported by this library.
//
// When using an algorithm which requires hashing,
// make sure the associated hash function is linked to the binary.
const (
// RSASSA-PSS w/ SHA-256 by RFC 8230.
// Requires an available crypto.SHA256.
AlgorithmPS256 Algorithm = -37
// RSASSA-PSS w/ SHA-384 by RFC 8230.
// Requires an available crypto.SHA384.
AlgorithmPS384 Algorithm = -38
// RSASSA-PSS w/ SHA-512 by RFC 8230.
// Requires an available crypto.SHA512.
AlgorithmPS512 Algorithm = -39
// ECDSA w/ SHA-256 by RFC 8152.
// Requires an available crypto.SHA256.
AlgorithmES256 Algorithm = -7
// ECDSA w/ SHA-384 by RFC 8152.
// Requires an available crypto.SHA384.
AlgorithmES384 Algorithm = -35
// ECDSA w/ SHA-512 by RFC 8152.
// Requires an available crypto.SHA512.
AlgorithmES512 Algorithm = -36
// PureEdDSA by RFC 8152.
//
// Deprecated: use AlgorithmEdDSA instead, which has
// the same value but with a more accurate name.
AlgorithmEd25519 Algorithm = -8
// PureEdDSA by RFC 8152.
AlgorithmEdDSA Algorithm = -8
// Reserved value.
AlgorithmReserved Algorithm = 0
)
// Algorithms known, but not supported by this library.
//
// Signers and Verifiers requiring the algorithms below are not
// directly supported by this library. They need to be provided
// as an external [cose.Signer] or [cose.Verifier] implementation.
//
// An example use case where RS256 is allowed and used is in
// WebAuthn: https://www.w3.org/TR/webauthn-2/#sctn-sample-registration.
const (
// RSASSA-PKCS1-v1_5 using SHA-256 by RFC 8812.
AlgorithmRS256 Algorithm = -257
// RSASSA-PKCS1-v1_5 using SHA-384 by RFC 8812.
AlgorithmRS384 Algorithm = -258
// RSASSA-PKCS1-v1_5 using SHA-512 by RFC 8812.
AlgorithmRS512 Algorithm = -259
)
// Algorithm represents an IANA algorithm entry in the COSE Algorithms registry.
//
// # See Also
//
// COSE Algorithms: https://www.iana.org/assignments/cose/cose.xhtml#algorithms
//
// RFC 8152 16.4: https://datatracker.ietf.org/doc/html/rfc8152#section-16.4
type Algorithm int64
// String returns the name of the algorithm
func (a Algorithm) String() string {
switch a {
case AlgorithmPS256:
return "PS256"
case AlgorithmPS384:
return "PS384"
case AlgorithmPS512:
return "PS512"
case AlgorithmRS256:
return "RS256"
case AlgorithmRS384:
return "RS384"
case AlgorithmRS512:
return "RS512"
case AlgorithmES256:
return "ES256"
case AlgorithmES384:
return "ES384"
case AlgorithmES512:
return "ES512"
case AlgorithmEdDSA:
// As stated in RFC 8152 8.2, only the pure EdDSA version is used for
// COSE.
return "EdDSA"
case AlgorithmReserved:
return "Reserved"
default:
return "Algorithm(" + strconv.Itoa(int(a)) + ")"
}
}
// hashFunc returns the hash associated with the algorithm supported by this
// library.
func (a Algorithm) hashFunc() crypto.Hash {
switch a {
case AlgorithmPS256, AlgorithmES256:
return crypto.SHA256
case AlgorithmPS384, AlgorithmES384:
return crypto.SHA384
case AlgorithmPS512, AlgorithmES512:
return crypto.SHA512
default:
return 0
}
}
// computeHash computes the digest using the hash specified in the algorithm.
func (a Algorithm) computeHash(data []byte) ([]byte, error) {
return computeHash(a.hashFunc(), data)
}
// computeHash computes the digest using the given hash.
func computeHash(h crypto.Hash, data []byte) ([]byte, error) {
if !h.Available() {
return nil, ErrUnavailableHashFunc
}
hh := h.New()
if _, err := hh.Write(data); err != nil {
return nil, err
}
return hh.Sum(nil), nil
}
|
