Documentation
¶
Index ¶
- Constants
- Variables
- func ComputeKeyHash(key *ecdsa.PublicKey) [sha256.Size]byte
- func ComputeNonce(authData, clientDataHash []byte) (res [sha256.Size]byte, err error)
- func VerifyChain(chain []*x509.Certificate, roots []*x509.Certificate) error
- func WithAppAttestRoots(certs []*x509.Certificate) option
- type ASN1AANonceContainer
- type AssertionObject
- type AttestationObject
- type AttestationStatement
- type Attestor
- type AttestorImpl
- type Environment
- type VerifyAssertionInput
- type VerifyAssertionOutput
- type VerifyAttestationInput
- type VerifyAttestationInputPure
- type VerifyAttestationOutput
Constants ¶
View Source
const (
Format = "apple-appattest"
)
Variables ¶
View Source
var ( NonceOID = asn1.ObjectIdentifier{1, 2, 840, 113635, 100, 8, 2} AAGUIDProd = Environment("appattest\x00\x00\x00\x00\x00\x00\x00") AAGUIDDev = Environment("appattestdevelop") )
Functions ¶
func ComputeNonce ¶
func VerifyChain ¶
func VerifyChain(chain []*x509.Certificate, roots []*x509.Certificate) error
VerifyChain is a simplified verification routine. Since it might be desireable to verify the validity of an attestation beyond its lifetime, this function returns the timerange in which it was valid. It assumes that the chain will be passed in the order of leaf to root.
func WithAppAttestRoots ¶
func WithAppAttestRoots(certs []*x509.Certificate) option
WithAppAttestRoots lets the user provide its own authoritative certificates
Types ¶
type ASN1AANonceContainer ¶
type ASN1AANonceContainer struct {
Nonce []byte `asn1:"tag:1,explicit"`
}
type AssertionObject ¶
type AttestationObject ¶
type AttestationObject struct {
Format string `cbor:"fmt"`
AttestationStatement AttestationStatement `cbor:"attStmt"`
AuthData []byte `cbor:"authData"` // https://www.w3.org/TR/webauthn/#sctn-authenticator-data
}
type AttestationStatement ¶
type Attestor ¶
type Attestor interface {
VerifyAttestation(*VerifyAttestationInput) (VerifyAttestationOutput, error)
}
type AttestorImpl ¶
type AttestorImpl struct {
// contains filtered or unexported fields
}
func New ¶
func New( options ...option, ) (*AttestorImpl, error)
func (*AttestorImpl) VerifyAttestation ¶
func (at *AttestorImpl) VerifyAttestation(in *VerifyAttestationInput) (VerifyAttestationOutput, error)
type Environment ¶
type Environment = []byte
type VerifyAssertionInput ¶
type VerifyAssertionOutput ¶
func VerifyAssertion ¶
func VerifyAssertion( input *VerifyAssertionInput, ) (VerifyAssertionOutput, error)
type VerifyAttestationInput ¶
type VerifyAttestationInput struct {
ServerChallenge []byte
AttestationCBOR []byte
OutAuthenticatorData *authenticatordata.T
}
type VerifyAttestationInputPure ¶
type VerifyAttestationInputPure struct {
AttestationInput *VerifyAttestationInput
Time time.Time
AARoots []*x509.Certificate
}
type VerifyAttestationOutput ¶
type VerifyAttestationOutput struct {
AuthenticatorData *authenticatordata.T
LeafCert *x509.Certificate
EnvironmentGUID Environment
BundleDigest []byte
KeyID []byte
}
func VerifyAttestationPure ¶
func VerifyAttestationPure(in *VerifyAttestationInputPure) (VerifyAttestationOutput, error)
VerifyAttestationPure performs attestation without the guardrails provided by AppAttestImpl.
func (*VerifyAttestationOutput) AttestedPubkey ¶
func (o *VerifyAttestationOutput) AttestedPubkey() *ecdsa.PublicKey
AttestedPubkey returns the key from the leaf certificate
Source Files
Click to show internal directories.
Click to hide internal directories.