Documentation ¶
Index ¶
- type AppleAppAttestAttestationStatement
- type AttestationObject
- type AttestedCredentialData
- type AttestedCredentialDataHeader
- type AuthenticatorAssertionResponse
- type AuthenticatorAttestationResponse
- type AuthenticatorData
- type AuthenticatorDataHeader
- type AuthenticatorFlags
- type AuthenticatorResponse
- type AuthenticatorSelectionCriteria
- type Base64URLString
- type COSEAlgorithmIdentifier
- type COSEEllipticCurve
- type COSEKeyType
- type ClientData
- type CreatePublicKeyCredential
- type Credential
- type CredentialCreationOptions
- type CredentialRequestOptions
- type GetPublicKeyCredential
- type PackedAttestationStatement
- type PublicKey
- type PublicKeyCredentialCreationOptions
- type PublicKeyCredentialDescriptor
- type PublicKeyCredentialEntity
- type PublicKeyCredentialParameters
- type PublicKeyCredentialRequestOptions
- type PublicKeyCredentialRpEntity
- type PublicKeyCredentialUserEntity
- type PublicKeyData
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppleAppAttestAttestationStatement ¶
type AppleAppAttestAttestationStatement struct { CretificateChain [][]byte `cbor:"x5c"` // [ credCert: bytes, * (caCert: bytes) ] Receipt []byte `cbor:"receipt"` }
func (*AppleAppAttestAttestationStatement) Verify ¶
func (attStmt *AppleAppAttestAttestationStatement) Verify() error
type AttestationObject ¶
type AttestationObject struct { Format string `cbor:"fmt"` // AttestationStatement cbor.RawMessage `cbor:"attStmt"` AttestationStatement map[string]interface{} `cbor:"attStmt"` AuthenticatorData []byte `cbor:"authData"` }
func ParseAndVerifyAttestationObject ¶
func ParseAndVerifyAttestationObject(attObject []byte) (*AttestationObject, error)
type AttestedCredentialData ¶
type AttestedCredentialData struct { AttestedCredentialDataHeader CredentialID []byte // REQUIRED CredentialPublicKey PublicKeyData // OPTIONAL . The actual public key might be in the attestation statement instead for some attestation formats }
type AuthenticatorAssertionResponse ¶
type AuthenticatorAssertionResponse struct { AuthenticatorResponse AuthenticatorData Base64URLString `json:"authenticatorData"` // Signature is signed over append(sha256()) Signature Base64URLString `json:"signature"` UserHandle Base64URLString `json:"userHandle,omitempty"` }
func (*AuthenticatorAssertionResponse) Verify ¶
func (r *AuthenticatorAssertionResponse) Verify(challenge, rpID string, allowedOrigins []string, flags AuthenticatorFlags, credential *Credential) (uint32, error)
steps 10 to 21
type AuthenticatorAttestationResponse ¶
type AuthenticatorAttestationResponse struct { AuthenticatorResponse Transports []string `json:"transports,omitempty"` // getTransports() AttestationObject Base64URLString `json:"attestationObject"` }
func (*AuthenticatorAttestationResponse) Verify ¶
func (r *AuthenticatorAttestationResponse) Verify(challenge, rpID string, allowedOrigins []string, flags AuthenticatorFlags, pubKeyCredParams []COSEAlgorithmIdentifier) (*Credential, error)
TODO: Slightly change interface: There is a list of registered RP IDs and a RP ID has a list of allowed origins
type AuthenticatorData ¶
type AuthenticatorData struct { AuthenticatorDataHeader AttestedCredentialData ExtensionData []byte }
func ParseAndVerifyAuthenticatorData ¶
func ParseAndVerifyAuthenticatorData(authDataBytes []byte, rpID string, flags AuthenticatorFlags) (*AuthenticatorData, error)
type AuthenticatorDataHeader ¶
type AuthenticatorDataHeader struct { RPIDHash [32]byte Flags AuthenticatorFlags Count uint32 }
type AuthenticatorFlags ¶
type AuthenticatorFlags byte
const ( FlagUserPresent AuthenticatorFlags = 1 << iota // FlagUserPresent Bit 00000001 in the byte sequence. Tells us if user is present FlagUserVerified // FlagUserVerified Bit 00000100 in the byte sequence. Tells us if user is verified by the authenticator using a biometric or PIN FlagBackupEligibility FlagBackupState FlagAttestedCredentialData FlagExtensionData )
type AuthenticatorResponse ¶
type AuthenticatorResponse struct {
ClientDataJSON Base64URLString `json:"clientDataJSON"`
}
type Base64URLString ¶
type Base64URLString []byte
type COSEAlgorithmIdentifier ¶
type COSEAlgorithmIdentifier int64
const ( EdDSA COSEAlgorithmIdentifier = -8 ES256 COSEAlgorithmIdentifier = -7 ES384 COSEAlgorithmIdentifier = -35 PS256 COSEAlgorithmIdentifier = -37 RS256 COSEAlgorithmIdentifier = -257 )
type COSEEllipticCurve ¶
type COSEEllipticCurve int
The COSE Elliptic Curves https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
const ( // EC2 NIST P-256 also known as secp256r1 P256 COSEEllipticCurve = 1 P384 COSEEllipticCurve = 2 Ed25519 COSEEllipticCurve = 6 )
type COSEKeyType ¶
type COSEKeyType int
const ( OKP COSEKeyType = 1 EC2 COSEKeyType = 2 RSA COSEKeyType = 3 )
type ClientData ¶
type ClientData struct { Type string `json:"type"` Challenge string `json:"challenge"` Origin string `json:"origin"` CrossOrigin bool `json:"crossOrigin,omitempty"` }
func ParseAndVerifyClientData ¶
func ParseAndVerifyClientData(clientDataJSON []byte, typ, challenge string, allowedOrigins []string) (*ClientData, error)
type CreatePublicKeyCredential ¶
type CreatePublicKeyCredential struct { Type string `json:"type"` Id string `json:"id"` RawId []byte `json:"rawId"` Response AuthenticatorAttestationResponse `json:"response"` }
type Credential ¶
type Credential struct { PublicKeyCredentialDescriptor PublicKey }
type CredentialCreationOptions ¶
type CredentialCreationOptions struct {
PublicKey PublicKeyCredentialCreationOptions `json:"publicKey"`
}
type CredentialRequestOptions ¶
type CredentialRequestOptions struct {
PublicKey PublicKeyCredentialRequestOptions `json:"publicKey"`
}
type GetPublicKeyCredential ¶
type GetPublicKeyCredential struct { Type string `json:"type"` Id string `json:"id"` RawId []byte `json:"rawId"` Response AuthenticatorAssertionResponse `json:"response"` }
type PackedAttestationStatement ¶
type PackedAttestationStatement struct { Algorithm COSEAlgorithmIdentifier `cbor:"alg"` Signature []byte `cbor:"sig"` CertificateChain [][]byte `cbor:"x5c"` }
func (*PackedAttestationStatement) Verify ¶
func (attStmt *PackedAttestationStatement) Verify() error
type PublicKey ¶
type PublicKey struct { crypto.PublicKey Algorithm COSEAlgorithmIdentifier }
func COSEKeyToPublicKey ¶
func COSEKeyToPublicKey(keyData *PublicKeyData) (publicKey PublicKey, err error)
func ParsePublicKey ¶
func (*PublicKey) VerifySignature ¶
type PublicKeyCredentialCreationOptions ¶
type PublicKeyCredentialCreationOptions struct { RelyingParty PublicKeyCredentialRpEntity `json:"rp"` User PublicKeyCredentialUserEntity `json:"user"` Challenge []byte `json:"challenge"` PublicKeyCredentialParameters []PublicKeyCredentialParameters `json:"pubKeyCredParams"` Timeout uint64 `json:"timeout"` ExcludeCredentials []PublicKeyCredentialDescriptor `json:"excludeCredentials"` AuthenticatorSelectionCriteria AuthenticatorSelectionCriteria `json:"authenticatorSelection"` }
type PublicKeyCredentialEntity ¶
type PublicKeyCredentialEntity struct {
Name string `json:"name"`
}
type PublicKeyCredentialParameters ¶
type PublicKeyCredentialParameters struct { Type string `json:"type"` Algorithm COSEAlgorithmIdentifier `json:"alg"` }
type PublicKeyCredentialRequestOptions ¶
type PublicKeyCredentialRequestOptions struct { }
type PublicKeyCredentialRpEntity ¶
type PublicKeyCredentialRpEntity struct {
Id string `json:"id"`
}
type PublicKeyCredentialUserEntity ¶
type PublicKeyCredentialUserEntity struct { PublicKeyCredentialEntity Id []byte `json:"id"` DisplayName string }
type PublicKeyData ¶
type PublicKeyData struct { KeyType COSEKeyType `cbor:"1,keyasint" json:"kty"` Algorithm COSEAlgorithmIdentifier `cbor:"3,keyasint" json:"alg"` Curve COSEEllipticCurve `cbor:"-1,keyasint,omitempty" json:"crv"` XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"` YCoord []byte `cbor:"-3,keyasint,omitempty" json:"y"` }
Click to show internal directories.
Click to hide internal directories.