cose: Index | Files

package cose

import ""


Package Files

algorithms.go cbor.go common_headers.go core.go errors.go sign_verify.go


const ContextSignature = "Signature"

ContextSignature identifies the context of the signature as a COSE_Signature structure per

const SignMessageCBORTag = 98

SignMessageCBORTag is the CBOR tag for a COSE SignMessage from


var (
    // PS256 is RSASSA-PSS w/ SHA-256 from [RFC8230]
    PS256 = getAlgByNameOrPanic("PS256")

    // ES256 is ECDSA w/ SHA-256 from [RFC8152]
    ES256 = getAlgByNameOrPanic("ES256")

    // ES384 is ECDSA w/ SHA-384 from [RFC8152]
    ES384 = getAlgByNameOrPanic("ES384")

    // ES512 is ECDSA w/ SHA-512 from [RFC8152]
    ES512 = getAlgByNameOrPanic("ES512")

Supported Algorithms

var (
    ErrInvalidAlg             = errors.New("Invalid algorithm")
    ErrAlgNotFound            = errors.New("Error fetching alg")
    ErrECDSAVerification      = errors.New("verification failed ecdsa.Verify")
    ErrRSAPSSVerification     = errors.New("verification failed rsa.VerifyPSS err crypto/rsa: verification error")
    ErrMissingCOSETagForLabel = errors.New("No common COSE tag for label")
    ErrMissingCOSETagForTag   = errors.New("No common COSE label for tag")
    ErrNilSigHeader           = errors.New("Signature.headers is nil")
    ErrNilSigProtectedHeaders = errors.New("Signature.headers.protected is nil")
    ErrNilSignatures          = errors.New("SignMessage.signatures is nil. Use AddSignature to add one")
    ErrNoSignatures           = errors.New("No signatures to sign the message. Use AddSignature to add them")
    ErrNoSignerFound          = errors.New("No signer found")
    ErrNoVerifierFound        = errors.New("No verifier found")
    ErrUnavailableHashFunc    = errors.New("hash function is not available")
    ErrUnknownPrivateKeyType  = errors.New("Unrecognized private key type")
    ErrUnknownPublicKeyType   = errors.New("Unrecognized public key type")

func CompressHeaders Uses

func CompressHeaders(headers map[interface{}]interface{}) (compressed map[interface{}]interface{})

CompressHeaders replaces string tags with their int values and alg tags with their IANA int values.

panics when a compressed header tag already exists (e.g. alg and 1) casts int64 keys to int to make looking up common header IDs easier

func DecompressHeaders Uses

func DecompressHeaders(headers map[interface{}]interface{}) (decompressed map[interface{}]interface{})

DecompressHeaders replaces int values with string tags and alg int values with their IANA labels. Is the inverse of CompressHeaders.

func FindDuplicateHeader Uses

func FindDuplicateHeader(headers *Headers) interface{}

FindDuplicateHeader compresses the headers and returns the first duplicate header or nil for none found

func FromBase64Int Uses

func FromBase64Int(data string) *big.Int

FromBase64Int decodes a base64-encoded string into a big.Int or panics

from Apache License 2.0

func GetCommonHeaderLabel Uses

func GetCommonHeaderLabel(tag int) (label string, err error)

GetCommonHeaderLabel returns the CBOR label for the map tag. Is the inverse of GetCommonHeaderTag.

func GetCommonHeaderTag Uses

func GetCommonHeaderTag(label string) (tag int, err error)

GetCommonHeaderTag returns the CBOR tag for the map label

using Common COSE Headers Parameters Table 2

func GetCommonHeaderTagOrPanic Uses

func GetCommonHeaderTagOrPanic(label string) (tag int)

GetCommonHeaderTagOrPanic returns the CBOR label for a string. Is the inverse of GetCommonHeaderLabel.

func I2OSP Uses

func I2OSP(b *big.Int, n int) []byte

I2OSP "Integer-to-Octet-String" converts a nonnegative integer to an octet string of a specified length

func IsSignMessage Uses

func IsSignMessage(data []byte) bool

IsSignMessage checks whether the prefix is 0xd8 0x62 for a COSE SignMessage

func Marshal Uses

func Marshal(o interface{}) (b []byte, err error)

Marshal returns the CBOR []byte encoding of param o

func Sign Uses

func Sign(rand io.Reader, digest []byte, signers []ByteSigner) (signatures [][]byte, err error)

Sign returns the SignatureBytes for each Signer in the same order on the digest or the error from the first failing Signer

func Unmarshal Uses

func Unmarshal(b []byte) (o interface{}, err error)

Unmarshal returns the CBOR decoding of a []byte into param o

func Verify Uses

func Verify(digest []byte, signatures [][]byte, verifiers []ByteVerifier) (err error)

Verify returns nil if all Verifier verify the SignatureBytes or the error from the first failing Verifier

type Algorithm Uses

type Algorithm struct {
    Name  string
    Value int

    // optional fields
    HashFunc crypto.Hash // hash function for SignMessages
    // contains filtered or unexported fields

Algorithm represents an IANA algorithm's parameters (Name, Value/ID, and optional extra data)

From the spec:

NOTE: The assignment of algorithm identifiers in this document was done so that positive numbers were used for the first layer objects (COSE_Sign, COSE_Sign1, COSE_Encrypt, COSE_Encrypt0, COSE_Mac, and COSE_Mac0). Negative numbers were used for second layer objects (COSE_Signature and COSE_recipient).

type ByteSigner Uses

type ByteSigner interface {
    // Sign returns the COSE signature as a byte slice
    Sign(rand io.Reader, digest []byte) (signature []byte, err error)

ByteSigner take a signature digest and returns COSE signature bytes

type ByteVerifier Uses

type ByteVerifier interface {
    // Verify returns nil for a successfully verified signature or an error
    Verify(digest []byte, signature []byte) (err error)

ByteVerifier checks COSE signatures

type Headers Uses

type Headers struct {
    Protected   map[interface{}]interface{}
    Unprotected map[interface{}]interface{}

Headers represents "two buckets of information that are not considered to be part of the payload itself, but are used for holding information about content, algorithms, keys, or evaluation hints for the processing of the layer."

It is represented by CDDL fragments:

Headers = (

protected : empty_or_serialized_map,
unprotected : header_map


header_map = {

* label => values


empty_or_serialized_map = bstr .cbor header_map / bstr .size 0

func (*Headers) Decode Uses

func (h *Headers) Decode(o []interface{}) (err error)

Decode loads a two element interface{} slice into Headers.protected and unprotected respectively

func (*Headers) DecodeProtected Uses

func (h *Headers) DecodeProtected(o interface{}) (err error)

DecodeProtected Unmarshals and sets Headers.protected from an interface{}

func (*Headers) DecodeUnprotected Uses

func (h *Headers) DecodeUnprotected(o interface{}) (err error)

DecodeUnprotected Unmarshals and sets Headers.unprotected from an interface{}

func (*Headers) EncodeProtected Uses

func (h *Headers) EncodeProtected() (bstr []byte)

EncodeProtected compresses and Marshals protected headers to bytes to encode as a CBOR bstr

func (*Headers) EncodeUnprotected Uses

func (h *Headers) EncodeUnprotected() (encoded map[interface{}]interface{})

EncodeUnprotected returns compressed unprotected headers

type KeyType Uses

type KeyType int

KeyType is the type to use in keyOptions to tell MakeDEREndEntity which type of crypto.PrivateKey to generate

const (
    // KeyTypeUnsupported is the type to not generate a key
    KeyTypeUnsupported KeyType = iota

    // KeyTypeRSA is the type to generate an rsa.PrivateKey
    KeyTypeRSA KeyType = iota

    // KeyTypeECDSA is the type to generate an ecdsa.PrivateKey
    KeyTypeECDSA KeyType = iota

type RSAOptions Uses

type RSAOptions struct {
    Size int

RSAOptions are options for NewSigner currently just the RSA Key size

type SignMessage Uses

type SignMessage struct {
    Headers    *Headers
    Payload    []byte
    Signatures []Signature

SignMessage represents a COSESignMessage with CDDL fragment:

COSE_Sign = [

payload : bstr / nil,
signatures : [+ COSE_Signature]


func NewSignMessage Uses

func NewSignMessage() *SignMessage

NewSignMessage takes a []byte payload and returns a new pointer to a SignMessage with empty headers and signatures

func (*SignMessage) AddSignature Uses

func (m *SignMessage) AddSignature(s *Signature)

AddSignature adds a signature to the message signatures creating an empty []Signature if necessary

func (*SignMessage) MarshalCBOR Uses

func (message *SignMessage) MarshalCBOR() ([]byte, error)

MarshalCBOR encodes SignMessage.

func (*SignMessage) SigStructure Uses

func (m *SignMessage) SigStructure(external []byte, signature *Signature) (ToBeSigned []byte, err error)

SigStructure returns the byte slice to be signed

func (*SignMessage) Sign Uses

func (m *SignMessage) Sign(rand io.Reader, external []byte, signers []Signer) (err error)

Sign signs a SignMessage i.e. it populates signatures[].SignatureBytes using the provided array of Signers

func (*SignMessage) UnmarshalCBOR Uses

func (message *SignMessage) UnmarshalCBOR(data []byte) (err error)

UnmarshalCBOR decodes data into SignMessage.

Unpacks a SignMessage described by CDDL fragments:

COSE_Sign = [

payload : bstr / nil,
signatures : [+ COSE_Signature]


COSE_Signature = [

signature : bstr


Headers = (

protected : empty_or_serialized_map,
unprotected : header_map


header_map = {

* label => values


empty_or_serialized_map = bstr .cbor header_map / bstr .size 0

Generic_Headers = (

? 1 => int / tstr,  ; algorithm identifier
? 2 => [+label],    ; criticality
? 3 => tstr / int,  ; content type
? 4 => bstr,        ; key identifier
? 5 => bstr,        ; IV
? 6 => bstr,        ; Partial IV
? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature


func (*SignMessage) Verify Uses

func (m *SignMessage) Verify(external []byte, verifiers []Verifier) (err error)

Verify verifies all signatures on the SignMessage returning nil for success or an error from the first failed verification

type Signature Uses

type Signature struct {
    Headers        *Headers
    SignatureBytes []byte

Signature represents a COSE signature with CDDL fragment:

COSE_Signature = [

signature : bstr


func NewSignature Uses

func NewSignature() (s *Signature)

NewSignature returns a new COSE Signature with empty headers and nil signature bytes

func (*Signature) Decode Uses

func (s *Signature) Decode(o interface{})

Decode updates the signature inplace from its COSE serialization

func (*Signature) Equal Uses

func (s *Signature) Equal(other *Signature) bool

type Signer Uses

type Signer struct {
    PrivateKey crypto.PrivateKey
    // contains filtered or unexported fields

Signer holds a COSE Algorithm and private key for signing messages

func NewSigner Uses

func NewSigner(alg *Algorithm, options interface{}) (signer *Signer, err error)

NewSigner returns a Signer with a generated key

func NewSignerFromKey Uses

func NewSignerFromKey(alg *Algorithm, privateKey crypto.PrivateKey) (signer *Signer, err error)

NewSignerFromKey checks whether the privateKey is supported and returns a Signer using the provided key

func (*Signer) Public Uses

func (s *Signer) Public() (publicKey crypto.PublicKey)

Public returns the crypto.PublicKey for the Signer's privateKey

func (*Signer) Sign Uses

func (s *Signer) Sign(rand io.Reader, digest []byte) (signature []byte, err error)

Sign returns the COSE signature as a byte slice

func (*Signer) Verifier Uses

func (s *Signer) Verifier() (verifier *Verifier)

Verifier returns a Verifier using the Signer's public key and Algorithm

type Verifier Uses

type Verifier struct {
    PublicKey crypto.PublicKey
    Alg       *Algorithm

Verifier holds a PublicKey and Algorithm to verify signatures

func (*Verifier) Verify Uses

func (v *Verifier) Verify(digest []byte, signature []byte) (err error)

Verify verifies a signature returning nil for success or an error

Package cose imports 15 packages (graph) and is imported by 5 packages. Updated 2020-10-02. Refresh now. Tools for package owners.