webauthn_rs_proto/
cose.rs

1//! Types related to CBOR Object Signing and Encryption (COSE)
2
3use serde::{Deserialize, Serialize};
4
5/// A COSE signature algorithm, indicating the type of key and hash type
6/// that should be used. You shouldn't need to alter or use this value.
7#[allow(non_camel_case_types)]
8#[derive(Copy, Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
9#[repr(i32)]
10pub enum COSEAlgorithm {
11    /// Identifies this key as ECDSA (recommended SECP256R1) with SHA256 hashing
12    #[serde(alias = "ECDSA_SHA256")]
13    ES256 = -7, // recommends curve SECP256R1
14    /// Identifies this key as ECDSA (recommended SECP384R1) with SHA384 hashing
15    #[serde(alias = "ECDSA_SHA384")]
16    ES384 = -35, // recommends curve SECP384R1
17    /// Identifies this key as ECDSA (recommended SECP521R1) with SHA512 hashing
18    #[serde(alias = "ECDSA_SHA512")]
19    ES512 = -36, // recommends curve SECP521R1
20    /// Identifies this key as RS256 aka RSASSA-PKCS1-v1_5 w/ SHA-256
21    RS256 = -257,
22    /// Identifies this key as RS384 aka RSASSA-PKCS1-v1_5 w/ SHA-384
23    RS384 = -258,
24    /// Identifies this key as RS512 aka RSASSA-PKCS1-v1_5 w/ SHA-512
25    RS512 = -259,
26    /// Identifies this key as PS256 aka RSASSA-PSS w/ SHA-256
27    PS256 = -37,
28    /// Identifies this key as PS384 aka RSASSA-PSS w/ SHA-384
29    PS384 = -38,
30    /// Identifies this key as PS512 aka RSASSA-PSS w/ SHA-512
31    PS512 = -39,
32    /// Identifies this key as EdDSA (likely curve ed25519)
33    EDDSA = -8,
34    /// Identifies this as an INSECURE RS1 aka RSASSA-PKCS1-v1_5 using SHA-1. This is not
35    /// used by validators, but can exist in some windows hello tpm's
36    INSECURE_RS1 = -65535,
37    /// Identifies this key as the protocol used for [PIN/UV Auth Protocol One](https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#pinProto1)
38    ///
39    /// This reports as algorithm `-25`, but it is a lie. Don't include this in any algorithm lists.
40    PinUvProtocol,
41}
42
43impl COSEAlgorithm {
44    /// Return the set of secure recommended COSEAlgorithm's
45    pub fn secure_algs() -> Vec<Self> {
46        vec![
47            COSEAlgorithm::ES256,
48            // COSEAlgorithm::ES384,
49            // COSEAlgorithm::ES512,
50            COSEAlgorithm::RS256,
51            // COSEAlgorithm::RS384,
52            // COSEAlgorithm::RS512
53            // -- Testing required
54            // COSEAlgorithm::EDDSA,
55        ]
56    }
57
58    /// Return the set of all possible algorithms that may exist as a COSEAlgorithm
59    pub fn all_possible_algs() -> Vec<Self> {
60        vec![
61            COSEAlgorithm::ES256,
62            COSEAlgorithm::ES384,
63            COSEAlgorithm::ES512,
64            COSEAlgorithm::RS256,
65            COSEAlgorithm::RS384,
66            COSEAlgorithm::RS512,
67            COSEAlgorithm::PS256,
68            COSEAlgorithm::PS384,
69            COSEAlgorithm::PS512,
70            COSEAlgorithm::EDDSA,
71            COSEAlgorithm::INSECURE_RS1,
72        ]
73    }
74}
75
76impl TryFrom<i128> for COSEAlgorithm {
77    type Error = ();
78
79    fn try_from(i: i128) -> Result<Self, Self::Error> {
80        match i {
81            -7 => Ok(COSEAlgorithm::ES256),
82            -35 => Ok(COSEAlgorithm::ES384),
83            -36 => Ok(COSEAlgorithm::ES512),
84            -257 => Ok(COSEAlgorithm::RS256),
85            -258 => Ok(COSEAlgorithm::RS384),
86            -259 => Ok(COSEAlgorithm::RS512),
87            -37 => Ok(COSEAlgorithm::PS256),
88            -38 => Ok(COSEAlgorithm::PS384),
89            -39 => Ok(COSEAlgorithm::PS512),
90            -8 => Ok(COSEAlgorithm::EDDSA),
91            -65535 => Ok(COSEAlgorithm::INSECURE_RS1),
92            _ => Err(()),
93        }
94    }
95}