Stability | internal |
---|---|
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
public keys and signature algorithms are represented with three different types:
CoseSignAlg
, which is the signature algorithm used, equivalent to a COSE Algorithm from the COSE registryCosePublicKey
, which is a combination of aCoseSignAlg
along with a public key that can be used with it. This is what the COSE_Key CBOR structure decodes toPublicKey
, only the public key part ofCosePublicKey
The following main operations are supported for these types:
CosePublicKey
can be totally decomposed into aCoseSignAlg
withsignAlg
and aPublicKey
withpublicKey
- A
PublicKey
can be created from an X.509 public key withfromX509
- A
CoseSignAlg
and aPublicKey
can be used to verify a signature withverify
Synopsis
- fromX509 :: PubKey -> Either Text PublicKey
- newtype Message = Message {}
- newtype Signature = Signature {}
- verify :: PublicKeyWithSignAlg -> Message -> Signature -> Either Text ()
- data SomeHashAlgorithm = forall a.HashAlgorithm a => SomeHashAlgorithm a
- toCryptHashECDSA :: CoseHashAlgECDSA -> SomeHashAlgorithm
- data SomeHashAlgorithmASN1 = forall a.HashAlgorithmASN1 a => SomeHashAlgorithmASN1 a
- toCryptHashRSA :: CoseHashAlgRSA -> SomeHashAlgorithmASN1
Public Key
Signature verification
A wrapper for the bytes of a message that should be verified. This is used for both assertion and assertion.
(spec) A wrapper for the bytes of a signature that can be used to verify a Message
.
The encoding is specific to webauthn and depends on the CoseSignAlg
used.
verify :: PublicKeyWithSignAlg -> Message -> Signature -> Either Text () Source #
Verifies an asymmetric signature for a message using a
PublicKeyWithSignAlg
Returns an error if the signature algorithm
doesn't match. Also returns an error if the signature wasn't valid or for
other errors.
FIXME: https://w3c.github.io/webauthn/#sctn-signature-attestation-types kind of documents this, but not for all formats. This is notably not really related to COSE, but rather webauthn's own definitions. The spec should be made less ambiguous, file upstream issues and refactor this code
Hash Conversions to cryptonite types
data SomeHashAlgorithm Source #
Some cryptonite HashAlgorithm
type, used as a return value of toCryptHashECDSA
forall a.HashAlgorithm a => SomeHashAlgorithm a |
toCryptHashECDSA :: CoseHashAlgECDSA -> SomeHashAlgorithm Source #
Returns the cryptonite SomeHashAlgorithm
corresponding to this hash algorithm
data SomeHashAlgorithmASN1 Source #
Some cryptonite HashAlgorithmASN1
type, used as a return value of toCryptHashRSA
forall a.HashAlgorithmASN1 a => SomeHashAlgorithmASN1 a |
toCryptHashRSA :: CoseHashAlgRSA -> SomeHashAlgorithmASN1 Source #
Returns the cryptonite SomeHashAlgorithmASN1
corresponding to this hash algorithm