Skip to content

Commit

Permalink
Add support for RS256, RS384, RS512 constants (#163)
Browse files Browse the repository at this point in the history
Signed-off-by: hslatman <herman+github@smallstep.com>
  • Loading branch information
hslatman authored Aug 11, 2023
1 parent ed78bf9 commit 4451940
Show file tree
Hide file tree
Showing 7 changed files with 58 additions and 4 deletions.
25 changes: 25 additions & 0 deletions algorithm.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,25 @@ const (
AlgorithmReserved Algorithm = 0
)

// Algorithms known, but not supported by this library.
//
// Signers and Verifiers requiring the algorithms below are not
// directly supported by this library. They need to be provided
// as an external [cose.Signer] or [cose.Verifier] implementation.
//
// An example use case where RS256 is allowed and used is in
// WebAuthn: https://www.w3.org/TR/webauthn-2/#sctn-sample-registration.
const (
// RSASSA-PKCS1-v1_5 using SHA-256 by RFC 8812.
AlgorithmRS256 Algorithm = -257

// RSASSA-PKCS1-v1_5 using SHA-384 by RFC 8812.
AlgorithmRS384 Algorithm = -258

// RSASSA-PKCS1-v1_5 using SHA-512 by RFC 8812.
AlgorithmRS512 Algorithm = -259
)

// Algorithm represents an IANA algorithm entry in the COSE Algorithms registry.
//
// # See Also
Expand All @@ -65,6 +84,12 @@ func (a Algorithm) String() string {
return "PS384"
case AlgorithmPS512:
return "PS512"
case AlgorithmRS256:
return "RS256"
case AlgorithmRS384:
return "RS384"
case AlgorithmRS512:
return "RS512"
case AlgorithmES256:
return "ES256"
case AlgorithmES384:
Expand Down
3 changes: 3 additions & 0 deletions algorithm_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ func TestAlgorithm_String(t *testing.T) {
{AlgorithmPS256, "PS256"},
{AlgorithmPS384, "PS384"},
{AlgorithmPS512, "PS512"},
{AlgorithmRS256, "RS256"},
{AlgorithmRS384, "RS384"},
{AlgorithmRS512, "RS512"},
{AlgorithmES256, "ES256"},
{AlgorithmES384, "ES384"},
{AlgorithmES512, "ES512"},
Expand Down
6 changes: 6 additions & 0 deletions conformance_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,12 @@ func mustNameToAlg(name string) cose.Algorithm {
return cose.AlgorithmPS384
case "PS512":
return cose.AlgorithmPS512
case "RS256":
return cose.AlgorithmRS256
case "RS384":
return cose.AlgorithmRS384
case "RS512":
return cose.AlgorithmRS512
case "ES256":
return cose.AlgorithmES256
case "ES384":
Expand Down
2 changes: 1 addition & 1 deletion signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,6 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
key: key,
}, nil
default:
return nil, ErrAlgorithmNotSupported
return nil, fmt.Errorf("can't create new Signer for %s: %w", alg, ErrAlgorithmNotSupported)
}
}
12 changes: 11 additions & 1 deletion signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,10 +110,20 @@ func TestNewSigner(t *testing.T) {
key: rsaKeyLowEntropy,
wantErr: "RSA key must be at least 2048 bits long",
},
{
name: "unsupported rsa signing algorithm",
alg: AlgorithmRS256,
wantErr: "can't create new Signer for RS256: algorithm not supported",
},
{
name: "unknown algorithm",
alg: 0,
wantErr: "algorithm not supported",
wantErr: "can't create new Signer for Reserved: algorithm not supported",
},
{
name: "unassigned algorithm",
alg: -1,
wantErr: "can't create new Signer for unknown algorithm value -1: algorithm not supported",
},
}
for _, tt := range tests {
Expand Down
2 changes: 1 addition & 1 deletion verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,6 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
key: vk,
}, nil
default:
return nil, ErrAlgorithmNotSupported
return nil, fmt.Errorf("can't create new Verifier for %s: %w", alg, ErrAlgorithmNotSupported)
}
}
12 changes: 11 additions & 1 deletion verifier_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,20 @@ func TestNewVerifier(t *testing.T) {
key: rsaKeyLowEntropy,
wantErr: "RSA key must be at least 2048 bits long",
},
{
name: "unsupported rsa signing algorithm",
alg: AlgorithmRS256,
wantErr: "can't create new Verifier for RS256: algorithm not supported",
},
{
name: "unknown algorithm",
alg: 0,
wantErr: "algorithm not supported",
wantErr: "can't create new Verifier for Reserved: algorithm not supported",
},
{
name: "unassigned algorithm",
alg: -1,
wantErr: "can't create new Verifier for unknown algorithm value -1: algorithm not supported",
},
{
name: "bogus ecdsa public key (point not on curve)",
Expand Down

0 comments on commit 4451940

Please sign in to comment.