Stability | experimental |
---|---|
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
This module contains a partial implementation of the COSE_Key format, limited to what is needed for Webauthn, and in a structured way.
Synopsis
- data UncheckedPublicKey
- = PublicKeyEdDSA { }
- | PublicKeyECDSA { }
- | PublicKeyRSA { }
- checkPublicKey :: UncheckedPublicKey -> Either Text PublicKey
- data PublicKey where
- pattern PublicKey :: UncheckedPublicKey -> PublicKey
- data CoseCurveEdDSA = CoseCurveEd25519
- coordinateSizeEdDSA :: CoseCurveEdDSA -> Int
- data CoseCurveECDSA
- toCryptCurveECDSA :: CoseCurveECDSA -> CurveName
- fromCryptCurveECDSA :: CurveName -> Either Text CoseCurveECDSA
- coordinateSizeECDSA :: CoseCurveECDSA -> Int
Public key
data UncheckedPublicKey Source #
(spec) A structured representation of a COSE_Key
limited to what is know to be necessary for Webauthn public keys for the
credentialPublicKey field,
and without any signing algorithm parameters like hashes. Due to the raw
nature of parameters, this type is labeled as unchecked. Parameters are
checked by using the checkPublicKey
function, returning a PublicKey
type.
PublicKeyEdDSA | (spec) EdDSA Signature Algorithm RFC8032 describes the elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). In that document, the signature algorithm is instantiated using parameters for edwards25519 and edwards448 curves. The document additionally describes two variants of the EdDSA algorithm: Pure EdDSA, where no hash function is applied to the content before signing, and HashEdDSA, where a hash function is applied to the content before signing and the result of that hash function is signed. For EdDSA, the content to be signed (either the message or the pre-hash value) is processed twice inside of the signature algorithm. For use with COSE, only the pure EdDSA version is used. Security considerations are here |
| |
PublicKeyECDSA | (spec) ECDSA Signature Algorithm This document defines ECDSA to work only with the curves P-256, P-384, and P-521. Future documents may define it to work with other curves and points in the future. In order to promote interoperability, it is suggested that SHA-256 be used only with curve P-256, SHA-384 be used only with curve P-384, and SHA-512 be used with curve P-521. This is aligned with the recommendation in Section 4 of RFC5480. Security considerations are here |
| |
PublicKeyRSA | (spec) RSASSA-PKCS1-v1_5 Signature Algorithm A key of size 2048 bits or larger MUST be used with these algorithms. Security considerations are here |
Instances
checkPublicKey :: UncheckedPublicKey -> Either Text PublicKey Source #
Checks whether an UncheckedPublicKey
is valid. This is the only way to construct a PublicKey
Same as UncheckedPublicKey
, but checked to be valid using
checkPublicKey
.
pattern PublicKey :: UncheckedPublicKey -> PublicKey | Returns the |
COSE Elliptic Curves
data CoseCurveEdDSA Source #
COSE elliptic curves that can be used with EdDSA
CoseCurveEd25519 | (spec) Ed25519 for use w/ EdDSA only |
Instances
coordinateSizeEdDSA :: CoseCurveEdDSA -> Int Source #
Returns the size of a coordinate point for a specific EdDSA curve in bytes.
data CoseCurveECDSA Source #
COSE elliptic curves that can be used with ECDSA
CoseCurveP256 | (spec) NIST P-256 also known as secp256r1 |
CoseCurveP384 | (spec) NIST P-384 also known as secp384r1 |
CoseCurveP521 | (spec) NIST P-521 also known as secp521r1 |
Instances
toCryptCurveECDSA :: CoseCurveECDSA -> CurveName Source #
Converts a CoseCurveECDSA
to an CurveName
. The inverse
function is fromCryptCurveECDSA
fromCryptCurveECDSA :: CurveName -> Either Text CoseCurveECDSA Source #
Tries to converts a CurveName
to an CoseCurveECDSA
. The inverse
function is toCryptCurveECDSA
coordinateSizeECDSA :: CoseCurveECDSA -> Int Source #
Returns the size of a coordinate point for a specific ECDSA curve in bytes.