Documentation
¶
Index ¶
- type AppleAppAttestAttestationStatement
- type AttestationObject
- type AttestedCredentialData
- type AttestedCredentialDataHeader
- type AuthenticatorAssertionResponse
- type AuthenticatorAttestationResponse
- type AuthenticatorData
- type AuthenticatorDataHeader
- type AuthenticatorFlags
- type AuthenticatorResponse
- type AuthenticatorSelectionCriteria
- type Base64URLString
- type COSEAlgorithmIdentifier
- type COSEEllipticCurve
- type COSEKeyType
- type ClientData
- type CreatePublicKeyCredential
- type Credential
- type CredentialCreationOptions
- type CredentialRequestOptions
- type GetPublicKeyCredential
- type PackedAttestationStatement
- type PublicKey
- type PublicKeyCredentialCreationOptions
- type PublicKeyCredentialDescriptor
- type PublicKeyCredentialEntity
- type PublicKeyCredentialParameters
- type PublicKeyCredentialRequestOptions
- type PublicKeyCredentialRpEntity
- type PublicKeyCredentialUserEntity
- type PublicKeyData
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppleAppAttestAttestationStatement ¶
type AppleAppAttestAttestationStatement struct {
CretificateChain [][]byte `cbor:"x5c"` // [ credCert: bytes, * (caCert: bytes) ]
Receipt []byte `cbor:"receipt"`
}
func (*AppleAppAttestAttestationStatement) Verify ¶
func (attStmt *AppleAppAttestAttestationStatement) Verify() error
type AttestationObject ¶
type AttestationObject struct {
Format string `cbor:"fmt"`
// AttestationStatement cbor.RawMessage `cbor:"attStmt"`
AttestationStatement map[string]interface{} `cbor:"attStmt"`
AuthenticatorData []byte `cbor:"authData"`
}
func ParseAndVerifyAttestationObject ¶
func ParseAndVerifyAttestationObject(attObject []byte) (*AttestationObject, error)
type AttestedCredentialData ¶
type AttestedCredentialData struct {
AttestedCredentialDataHeader
CredentialID []byte // REQUIRED
CredentialPublicKey PublicKeyData // OPTIONAL . The actual public key might be in the attestation statement instead for some attestation formats
}
type AuthenticatorAssertionResponse ¶
type AuthenticatorAssertionResponse struct {
AuthenticatorResponse
AuthenticatorData Base64URLString `json:"authenticatorData"`
// Signature is signed over append(sha256())
Signature Base64URLString `json:"signature"`
UserHandle Base64URLString `json:"userHandle,omitempty"`
}
func (*AuthenticatorAssertionResponse) Verify ¶
func (r *AuthenticatorAssertionResponse) Verify(challenge, rpID string, allowedOrigins []string, flags AuthenticatorFlags, credential *Credential) (uint32, error)
steps 10 to 21
type AuthenticatorAttestationResponse ¶
type AuthenticatorAttestationResponse struct {
AuthenticatorResponse
Transports []string `json:"transports,omitempty"` // getTransports()
AttestationObject Base64URLString `json:"attestationObject"`
}
func (*AuthenticatorAttestationResponse) Verify ¶
func (r *AuthenticatorAttestationResponse) Verify(challenge, rpID string, allowedOrigins []string, flags AuthenticatorFlags, pubKeyCredParams []COSEAlgorithmIdentifier) (*Credential, error)
TODO: Slightly change interface: There is a list of registered RP IDs and a RP ID has a list of allowed origins
type AuthenticatorData ¶
type AuthenticatorData struct {
AuthenticatorDataHeader
AttestedCredentialData
ExtensionData []byte
}
func ParseAndVerifyAuthenticatorData ¶
func ParseAndVerifyAuthenticatorData(authDataBytes []byte, rpID string, flags AuthenticatorFlags) (*AuthenticatorData, error)
type AuthenticatorDataHeader ¶
type AuthenticatorDataHeader struct {
RPIDHash [32]byte
Flags AuthenticatorFlags
Count uint32
}
type AuthenticatorFlags ¶
type AuthenticatorFlags byte
const ( FlagUserPresent AuthenticatorFlags = 1 << iota // FlagUserPresent Bit 00000001 in the byte sequence. Tells us if user is present FlagUserVerified // FlagUserVerified Bit 00000100 in the byte sequence. Tells us if user is verified by the authenticator using a biometric or PIN FlagBackupEligibility FlagBackupState FlagAttestedCredentialData FlagExtensionData )
type AuthenticatorResponse ¶
type AuthenticatorResponse struct {
ClientDataJSON Base64URLString `json:"clientDataJSON"`
}
type Base64URLString ¶
type Base64URLString []byte
type COSEAlgorithmIdentifier ¶
type COSEAlgorithmIdentifier int64
const ( EdDSA COSEAlgorithmIdentifier = -8 ES256 COSEAlgorithmIdentifier = -7 ES384 COSEAlgorithmIdentifier = -35 PS256 COSEAlgorithmIdentifier = -37 RS256 COSEAlgorithmIdentifier = -257 )
type COSEEllipticCurve ¶
type COSEEllipticCurve int
The COSE Elliptic Curves https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
const ( // EC2 NIST P-256 also known as secp256r1 P256 COSEEllipticCurve = 1 P384 COSEEllipticCurve = 2 Ed25519 COSEEllipticCurve = 6 )
type COSEKeyType ¶
type COSEKeyType int
const ( OKP COSEKeyType = 1 EC2 COSEKeyType = 2 RSA COSEKeyType = 3 )
type ClientData ¶
type ClientData struct {
Type string `json:"type"`
Challenge string `json:"challenge"`
Origin string `json:"origin"`
CrossOrigin bool `json:"crossOrigin,omitempty"`
}
func ParseAndVerifyClientData ¶
func ParseAndVerifyClientData(clientDataJSON []byte, typ, challenge string, allowedOrigins []string) (*ClientData, error)
type CreatePublicKeyCredential ¶
type CreatePublicKeyCredential struct {
Type string `json:"type"`
Id string `json:"id"`
RawId []byte `json:"rawId"`
Response AuthenticatorAttestationResponse `json:"response"`
}
type Credential ¶
type Credential struct {
PublicKeyCredentialDescriptor
PublicKey
}
type CredentialCreationOptions ¶
type CredentialCreationOptions struct {
PublicKey PublicKeyCredentialCreationOptions `json:"publicKey"`
}
type CredentialRequestOptions ¶
type CredentialRequestOptions struct {
PublicKey PublicKeyCredentialRequestOptions `json:"publicKey"`
}
type GetPublicKeyCredential ¶
type GetPublicKeyCredential struct {
Type string `json:"type"`
Id string `json:"id"`
RawId []byte `json:"rawId"`
Response AuthenticatorAssertionResponse `json:"response"`
}
type PackedAttestationStatement ¶
type PackedAttestationStatement struct {
Algorithm COSEAlgorithmIdentifier `cbor:"alg"`
Signature []byte `cbor:"sig"`
CertificateChain [][]byte `cbor:"x5c"`
}
func (*PackedAttestationStatement) Verify ¶
func (attStmt *PackedAttestationStatement) Verify() error
type PublicKey ¶
type PublicKey struct {
crypto.PublicKey
Algorithm COSEAlgorithmIdentifier
}
func COSEKeyToPublicKey ¶
func COSEKeyToPublicKey(keyData *PublicKeyData) (publicKey PublicKey, err error)
func ParsePublicKey ¶
func (*PublicKey) VerifySignature ¶
type PublicKeyCredentialCreationOptions ¶
type PublicKeyCredentialCreationOptions struct {
RelyingParty PublicKeyCredentialRpEntity `json:"rp"`
User PublicKeyCredentialUserEntity `json:"user"`
Challenge []byte `json:"challenge"`
PublicKeyCredentialParameters []PublicKeyCredentialParameters `json:"pubKeyCredParams"`
Timeout uint64 `json:"timeout"`
ExcludeCredentials []PublicKeyCredentialDescriptor `json:"excludeCredentials"`
AuthenticatorSelectionCriteria AuthenticatorSelectionCriteria `json:"authenticatorSelection"`
}
type PublicKeyCredentialEntity ¶
type PublicKeyCredentialEntity struct {
Name string `json:"name"`
}
type PublicKeyCredentialParameters ¶
type PublicKeyCredentialParameters struct {
Type string `json:"type"`
Algorithm COSEAlgorithmIdentifier `json:"alg"`
}
type PublicKeyCredentialRequestOptions ¶
type PublicKeyCredentialRequestOptions struct {
}
type PublicKeyCredentialRpEntity ¶
type PublicKeyCredentialRpEntity struct {
Id string `json:"id"`
}
type PublicKeyCredentialUserEntity ¶
type PublicKeyCredentialUserEntity struct {
PublicKeyCredentialEntity
Id []byte `json:"id"`
DisplayName string
}
type PublicKeyData ¶
type PublicKeyData struct {
KeyType COSEKeyType `cbor:"1,keyasint" json:"kty"`
Algorithm COSEAlgorithmIdentifier `cbor:"3,keyasint" json:"alg"`
Curve COSEEllipticCurve `cbor:"-1,keyasint,omitempty" json:"crv"`
XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"`
YCoord []byte `cbor:"-3,keyasint,omitempty" json:"y"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.