{-# LANGUAGE PatternSynonyms #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StandaloneDeriving #-}

-- | Stability: experimental
-- This module contains a partial implementation of the
-- [COSE_Key](https://datatracker.ietf.org/doc/html/rfc8152#section-7) format,
-- limited to what is needed for Webauthn, and in a structured way.
module Crypto.WebAuthn.Cose.PublicKey
  ( -- * Public key
    UncheckedPublicKey (..),
    checkPublicKey,
    PublicKey (PublicKey),
    EdDSAKeyBytes (..),

    -- * COSE Elliptic Curves
    CoseCurveEdDSA (..),
    coordinateSizeEdDSA,
    CoseCurveECDSA (..),
    toCryptCurveECDSA,
    fromCryptCurveECDSA,
    coordinateSizeECDSA,
  )
where

import qualified Crypto.PubKey.ECC.Prim as ECC
import qualified Crypto.PubKey.ECC.Types as ECC
import qualified Crypto.PubKey.Ed25519 as Ed25519
import Crypto.WebAuthn.Internal.ToJSONOrphans (PrettyHexByteString (PrettyHexByteString))
import Data.Aeson (ToJSON)
import qualified Data.ByteString as BS
import Data.Text (Text)
import qualified Data.Text as Text
import GHC.Generics (Generic)

-- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.2)
-- This contains the public key bytes.
newtype EdDSAKeyBytes = EdDSAKeyBytes {EdDSAKeyBytes -> ByteString
unEdDSAKeyBytes :: BS.ByteString}
  deriving newtype (EdDSAKeyBytes -> EdDSAKeyBytes -> Bool
(EdDSAKeyBytes -> EdDSAKeyBytes -> Bool)
-> (EdDSAKeyBytes -> EdDSAKeyBytes -> Bool) -> Eq EdDSAKeyBytes
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: EdDSAKeyBytes -> EdDSAKeyBytes -> Bool
== :: EdDSAKeyBytes -> EdDSAKeyBytes -> Bool
$c/= :: EdDSAKeyBytes -> EdDSAKeyBytes -> Bool
/= :: EdDSAKeyBytes -> EdDSAKeyBytes -> Bool
Eq)
  deriving (Int -> EdDSAKeyBytes -> ShowS
[EdDSAKeyBytes] -> ShowS
EdDSAKeyBytes -> String
(Int -> EdDSAKeyBytes -> ShowS)
-> (EdDSAKeyBytes -> String)
-> ([EdDSAKeyBytes] -> ShowS)
-> Show EdDSAKeyBytes
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> EdDSAKeyBytes -> ShowS
showsPrec :: Int -> EdDSAKeyBytes -> ShowS
$cshow :: EdDSAKeyBytes -> String
show :: EdDSAKeyBytes -> String
$cshowList :: [EdDSAKeyBytes] -> ShowS
showList :: [EdDSAKeyBytes] -> ShowS
Show, [EdDSAKeyBytes] -> Value
[EdDSAKeyBytes] -> Encoding
EdDSAKeyBytes -> Value
EdDSAKeyBytes -> Encoding
(EdDSAKeyBytes -> Value)
-> (EdDSAKeyBytes -> Encoding)
-> ([EdDSAKeyBytes] -> Value)
-> ([EdDSAKeyBytes] -> Encoding)
-> ToJSON EdDSAKeyBytes
forall a.
(a -> Value)
-> (a -> Encoding)
-> ([a] -> Value)
-> ([a] -> Encoding)
-> ToJSON a
$ctoJSON :: EdDSAKeyBytes -> Value
toJSON :: EdDSAKeyBytes -> Value
$ctoEncoding :: EdDSAKeyBytes -> Encoding
toEncoding :: EdDSAKeyBytes -> Encoding
$ctoJSONList :: [EdDSAKeyBytes] -> Value
toJSONList :: [EdDSAKeyBytes] -> Value
$ctoEncodingList :: [EdDSAKeyBytes] -> Encoding
toEncodingList :: [EdDSAKeyBytes] -> Encoding
ToJSON) via PrettyHexByteString

-- | [(spec)](https://www.w3.org/TR/webauthn-2/#credentialpublickey)
-- A structured representation of a [COSE_Key](https://datatracker.ietf.org/doc/html/rfc8152#section-7)
-- limited to what is know to be necessary for Webauthn public keys for the
-- [credentialPublicKey](https://www.w3.org/TR/webauthn-2/#credentialpublickey) field,
-- and without any signing algorithm parameters like hashes. Due to the raw
-- nature of parameters, this type is labeled as unchecked. Parameters are
-- checked by using the 'checkPublicKey' function, returning a t'PublicKey'
-- type.
data UncheckedPublicKey
  = -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-2.2)
    -- EdDSA Signature Algorithm
    --
    -- [RFC8032](https://datatracker.ietf.org/doc/html/rfc8032) describes the
    -- elliptic curve signature scheme Edwards-curve
    -- Digital Signature Algorithm (EdDSA). In that document, the signature
    -- algorithm is instantiated using parameters for edwards25519 and
    -- edwards448 curves. The document additionally describes two variants
    -- of the EdDSA algorithm: Pure EdDSA, where no hash function is applied
    -- to the content before signing, and HashEdDSA, where a hash function
    -- is applied to the content before signing and the result of that hash
    -- function is signed. For EdDSA, the content to be signed (either the
    -- message or the pre-hash value) is processed twice inside of the
    -- signature algorithm. For use with COSE, only the pure EdDSA version
    -- is used.
    --
    -- Security considerations are [here](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-2.2.1)
    PublicKeyEdDSA
      { -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.2)
        -- The elliptic curve to use
        UncheckedPublicKey -> CoseCurveEdDSA
eddsaCurve :: CoseCurveEdDSA,
        -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.2)
        -- This contains the public key bytes.
        UncheckedPublicKey -> EdDSAKeyBytes
eddsaX :: EdDSAKeyBytes
      }
  | -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-2.1)
    -- ECDSA Signature Algorithm
    --
    -- This document defines ECDSA to work only with the curves P-256,
    -- P-384, and P-521. Future documents may define it to work with other
    -- curves and points in the future.
    --
    -- In order to promote interoperability, it is suggested that SHA-256 be
    -- used only with curve P-256, SHA-384 be used only with curve P-384,
    -- and SHA-512 be used with curve P-521. This is aligned with the recommendation in
    -- [Section 4 of RFC5480](https://datatracker.ietf.org/doc/html/rfc5480#section-4).
    --
    -- Security considerations are [here](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-2.1.1)
    PublicKeyECDSA
      { -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.1.1)
        -- The elliptic curve to use
        UncheckedPublicKey -> CoseCurveECDSA
ecdsaCurve :: CoseCurveECDSA,
        -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.1.1)
        -- This contains the x-coordinate for the EC point. The integer is
        -- converted to a byte string as defined in [SEC1]. Leading zero
        -- octets MUST be preserved.
        UncheckedPublicKey -> Integer
ecdsaX :: Integer,
        -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.1.1)
        -- This contains the value of the
        -- y-coordinate for the EC point. When encoding the value y, the
        -- integer is converted to an byte string (as defined in
        -- [SEC1](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#ref-SEC1))
        -- and encoded as a CBOR bstr. Leading zero octets MUST be
        -- preserved.
        UncheckedPublicKey -> Integer
ecdsaY :: Integer
      }
  | -- | [(spec)](https://www.rfc-editor.org/rfc/rfc8812.html#section-2)
    -- [RSASSA-PKCS1-v1_5](https://www.rfc-editor.org/rfc/rfc8017#section-8.2) Signature Algorithm
    --
    -- A key of size 2048 bits or larger MUST be used with these algorithms.
    -- Security considerations are [here](https://www.rfc-editor.org/rfc/rfc8812.html#section-5)
    PublicKeyRSA
      { -- | [(spec)](https://www.rfc-editor.org/rfc/rfc8230.html#section-4)
        -- The RSA modulus n is a product of u distinct odd primes
        -- r_i, i = 1, 2, ..., u, where u >= 2
        UncheckedPublicKey -> Integer
rsaN :: Integer,
        -- | [(spec)](https://www.rfc-editor.org/rfc/rfc8230.html#section-4)
        -- The RSA public exponent e is an integer between 3 and n - 1 satisfying
        -- GCD(e,\\lambda(n)) = 1, where \\lambda(n) = LCM(r_1 - 1, ..., r_u - 1)
        UncheckedPublicKey -> Integer
rsaE :: Integer
      }
  deriving (UncheckedPublicKey -> UncheckedPublicKey -> Bool
(UncheckedPublicKey -> UncheckedPublicKey -> Bool)
-> (UncheckedPublicKey -> UncheckedPublicKey -> Bool)
-> Eq UncheckedPublicKey
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: UncheckedPublicKey -> UncheckedPublicKey -> Bool
== :: UncheckedPublicKey -> UncheckedPublicKey -> Bool
$c/= :: UncheckedPublicKey -> UncheckedPublicKey -> Bool
/= :: UncheckedPublicKey -> UncheckedPublicKey -> Bool
Eq, Int -> UncheckedPublicKey -> ShowS
[UncheckedPublicKey] -> ShowS
UncheckedPublicKey -> String
(Int -> UncheckedPublicKey -> ShowS)
-> (UncheckedPublicKey -> String)
-> ([UncheckedPublicKey] -> ShowS)
-> Show UncheckedPublicKey
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> UncheckedPublicKey -> ShowS
showsPrec :: Int -> UncheckedPublicKey -> ShowS
$cshow :: UncheckedPublicKey -> String
show :: UncheckedPublicKey -> String
$cshowList :: [UncheckedPublicKey] -> ShowS
showList :: [UncheckedPublicKey] -> ShowS
Show, (forall x. UncheckedPublicKey -> Rep UncheckedPublicKey x)
-> (forall x. Rep UncheckedPublicKey x -> UncheckedPublicKey)
-> Generic UncheckedPublicKey
forall x. Rep UncheckedPublicKey x -> UncheckedPublicKey
forall x. UncheckedPublicKey -> Rep UncheckedPublicKey x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x. UncheckedPublicKey -> Rep UncheckedPublicKey x
from :: forall x. UncheckedPublicKey -> Rep UncheckedPublicKey x
$cto :: forall x. Rep UncheckedPublicKey x -> UncheckedPublicKey
to :: forall x. Rep UncheckedPublicKey x -> UncheckedPublicKey
Generic)

-- | An arbitrary and potentially unstable JSON encoding, only intended for
-- logging purposes. To actually encode and decode structures, use the
-- "Crypto.WebAuthn.Encoding" modules
deriving instance ToJSON UncheckedPublicKey

-- | Same as 'UncheckedPublicKey', but checked to be valid using
-- 'checkPublicKey'.
newtype PublicKey = CheckedPublicKey UncheckedPublicKey
  deriving newtype (PublicKey -> PublicKey -> Bool
(PublicKey -> PublicKey -> Bool)
-> (PublicKey -> PublicKey -> Bool) -> Eq PublicKey
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: PublicKey -> PublicKey -> Bool
== :: PublicKey -> PublicKey -> Bool
$c/= :: PublicKey -> PublicKey -> Bool
/= :: PublicKey -> PublicKey -> Bool
Eq, Int -> PublicKey -> ShowS
[PublicKey] -> ShowS
PublicKey -> String
(Int -> PublicKey -> ShowS)
-> (PublicKey -> String)
-> ([PublicKey] -> ShowS)
-> Show PublicKey
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> PublicKey -> ShowS
showsPrec :: Int -> PublicKey -> ShowS
$cshow :: PublicKey -> String
show :: PublicKey -> String
$cshowList :: [PublicKey] -> ShowS
showList :: [PublicKey] -> ShowS
Show)

-- | An arbitrary and potentially unstable JSON encoding, only intended for
-- logging purposes. To actually encode and decode structures, use the
-- "Crypto.WebAuthn.Encoding" modules
deriving newtype instance ToJSON PublicKey

-- | Returns the 'UncheckedPublicKey' for a t'PublicKey'
pattern PublicKey :: UncheckedPublicKey -> PublicKey
pattern $mPublicKey :: forall {r}.
PublicKey -> (UncheckedPublicKey -> r) -> ((# #) -> r) -> r
PublicKey k <- CheckedPublicKey k

{-# COMPLETE PublicKey #-}

-- | Checks whether an 'UncheckedPublicKey' is valid. This is the only way to construct a t'PublicKey'
checkPublicKey :: UncheckedPublicKey -> Either Text PublicKey
checkPublicKey :: UncheckedPublicKey -> Either Text PublicKey
checkPublicKey key :: UncheckedPublicKey
key@PublicKeyEdDSA {CoseCurveEdDSA
EdDSAKeyBytes
eddsaCurve :: UncheckedPublicKey -> CoseCurveEdDSA
eddsaX :: UncheckedPublicKey -> EdDSAKeyBytes
eddsaCurve :: CoseCurveEdDSA
eddsaX :: EdDSAKeyBytes
..}
  | Int
actualSize Int -> Int -> Bool
forall a. Eq a => a -> a -> Bool
== Int
expectedSize = PublicKey -> Either Text PublicKey
forall a b. b -> Either a b
Right (PublicKey -> Either Text PublicKey)
-> PublicKey -> Either Text PublicKey
forall a b. (a -> b) -> a -> b
$ UncheckedPublicKey -> PublicKey
CheckedPublicKey UncheckedPublicKey
key
  | Bool
otherwise =
      Text -> Either Text PublicKey
forall a b. a -> Either a b
Left (Text -> Either Text PublicKey) -> Text -> Either Text PublicKey
forall a b. (a -> b) -> a -> b
$
        Text
"EdDSA public key for curve "
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> String -> Text
Text.pack (CoseCurveEdDSA -> String
forall a. Show a => a -> String
show CoseCurveEdDSA
eddsaCurve)
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> Text
" didn't have the expected size of "
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> String -> Text
Text.pack (Int -> String
forall a. Show a => a -> String
show Int
expectedSize)
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> Text
" bytes, it has "
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> String -> Text
Text.pack (Int -> String
forall a. Show a => a -> String
show Int
actualSize)
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> Text
" bytes instead: "
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> String -> Text
Text.pack (EdDSAKeyBytes -> String
forall a. Show a => a -> String
show EdDSAKeyBytes
eddsaX)
  where
    actualSize :: Int
actualSize = ByteString -> Int
BS.length (ByteString -> Int) -> ByteString -> Int
forall a b. (a -> b) -> a -> b
$ EdDSAKeyBytes -> ByteString
unEdDSAKeyBytes EdDSAKeyBytes
eddsaX
    expectedSize :: Int
expectedSize = CoseCurveEdDSA -> Int
coordinateSizeEdDSA CoseCurveEdDSA
eddsaCurve
checkPublicKey key :: UncheckedPublicKey
key@PublicKeyECDSA {Integer
CoseCurveECDSA
ecdsaCurve :: UncheckedPublicKey -> CoseCurveECDSA
ecdsaX :: UncheckedPublicKey -> Integer
ecdsaY :: UncheckedPublicKey -> Integer
ecdsaCurve :: CoseCurveECDSA
ecdsaX :: Integer
ecdsaY :: Integer
..}
  | Curve -> Point -> Bool
ECC.isPointValid Curve
curve Point
point = PublicKey -> Either Text PublicKey
forall a b. b -> Either a b
Right (PublicKey -> Either Text PublicKey)
-> PublicKey -> Either Text PublicKey
forall a b. (a -> b) -> a -> b
$ UncheckedPublicKey -> PublicKey
CheckedPublicKey UncheckedPublicKey
key
  | Bool
otherwise =
      Text -> Either Text PublicKey
forall a b. a -> Either a b
Left (Text -> Either Text PublicKey) -> Text -> Either Text PublicKey
forall a b. (a -> b) -> a -> b
$
        Text
"ECDSA public key point is not valid for curve "
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> String -> Text
Text.pack (CoseCurveECDSA -> String
forall a. Show a => a -> String
show CoseCurveECDSA
ecdsaCurve)
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> Text
": "
          Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> String -> Text
Text.pack (Point -> String
forall a. Show a => a -> String
show Point
point)
  where
    curve :: Curve
curve = CurveName -> Curve
ECC.getCurveByName (CoseCurveECDSA -> CurveName
toCryptCurveECDSA CoseCurveECDSA
ecdsaCurve)
    point :: Point
point = Integer -> Integer -> Point
ECC.Point Integer
ecdsaX Integer
ecdsaY
checkPublicKey UncheckedPublicKey
key = PublicKey -> Either Text PublicKey
forall a b. b -> Either a b
Right (PublicKey -> Either Text PublicKey)
-> PublicKey -> Either Text PublicKey
forall a b. (a -> b) -> a -> b
$ UncheckedPublicKey -> PublicKey
CheckedPublicKey UncheckedPublicKey
key

-- | COSE elliptic curves that can be used with EdDSA
data CoseCurveEdDSA
  = -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.1)
    -- Ed25519 for use w/ EdDSA only
    CoseCurveEd25519
  deriving (CoseCurveEdDSA -> CoseCurveEdDSA -> Bool
(CoseCurveEdDSA -> CoseCurveEdDSA -> Bool)
-> (CoseCurveEdDSA -> CoseCurveEdDSA -> Bool) -> Eq CoseCurveEdDSA
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: CoseCurveEdDSA -> CoseCurveEdDSA -> Bool
== :: CoseCurveEdDSA -> CoseCurveEdDSA -> Bool
$c/= :: CoseCurveEdDSA -> CoseCurveEdDSA -> Bool
/= :: CoseCurveEdDSA -> CoseCurveEdDSA -> Bool
Eq, Int -> CoseCurveEdDSA -> ShowS
[CoseCurveEdDSA] -> ShowS
CoseCurveEdDSA -> String
(Int -> CoseCurveEdDSA -> ShowS)
-> (CoseCurveEdDSA -> String)
-> ([CoseCurveEdDSA] -> ShowS)
-> Show CoseCurveEdDSA
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> CoseCurveEdDSA -> ShowS
showsPrec :: Int -> CoseCurveEdDSA -> ShowS
$cshow :: CoseCurveEdDSA -> String
show :: CoseCurveEdDSA -> String
$cshowList :: [CoseCurveEdDSA] -> ShowS
showList :: [CoseCurveEdDSA] -> ShowS
Show, Int -> CoseCurveEdDSA
CoseCurveEdDSA -> Int
CoseCurveEdDSA -> [CoseCurveEdDSA]
CoseCurveEdDSA -> CoseCurveEdDSA
CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
CoseCurveEdDSA
-> CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
(CoseCurveEdDSA -> CoseCurveEdDSA)
-> (CoseCurveEdDSA -> CoseCurveEdDSA)
-> (Int -> CoseCurveEdDSA)
-> (CoseCurveEdDSA -> Int)
-> (CoseCurveEdDSA -> [CoseCurveEdDSA])
-> (CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA])
-> (CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA])
-> (CoseCurveEdDSA
    -> CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA])
-> Enum CoseCurveEdDSA
forall a.
(a -> a)
-> (a -> a)
-> (Int -> a)
-> (a -> Int)
-> (a -> [a])
-> (a -> a -> [a])
-> (a -> a -> [a])
-> (a -> a -> a -> [a])
-> Enum a
$csucc :: CoseCurveEdDSA -> CoseCurveEdDSA
succ :: CoseCurveEdDSA -> CoseCurveEdDSA
$cpred :: CoseCurveEdDSA -> CoseCurveEdDSA
pred :: CoseCurveEdDSA -> CoseCurveEdDSA
$ctoEnum :: Int -> CoseCurveEdDSA
toEnum :: Int -> CoseCurveEdDSA
$cfromEnum :: CoseCurveEdDSA -> Int
fromEnum :: CoseCurveEdDSA -> Int
$cenumFrom :: CoseCurveEdDSA -> [CoseCurveEdDSA]
enumFrom :: CoseCurveEdDSA -> [CoseCurveEdDSA]
$cenumFromThen :: CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
enumFromThen :: CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
$cenumFromTo :: CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
enumFromTo :: CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
$cenumFromThenTo :: CoseCurveEdDSA
-> CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
enumFromThenTo :: CoseCurveEdDSA
-> CoseCurveEdDSA -> CoseCurveEdDSA -> [CoseCurveEdDSA]
Enum, CoseCurveEdDSA
CoseCurveEdDSA -> CoseCurveEdDSA -> Bounded CoseCurveEdDSA
forall a. a -> a -> Bounded a
$cminBound :: CoseCurveEdDSA
minBound :: CoseCurveEdDSA
$cmaxBound :: CoseCurveEdDSA
maxBound :: CoseCurveEdDSA
Bounded, (forall x. CoseCurveEdDSA -> Rep CoseCurveEdDSA x)
-> (forall x. Rep CoseCurveEdDSA x -> CoseCurveEdDSA)
-> Generic CoseCurveEdDSA
forall x. Rep CoseCurveEdDSA x -> CoseCurveEdDSA
forall x. CoseCurveEdDSA -> Rep CoseCurveEdDSA x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x. CoseCurveEdDSA -> Rep CoseCurveEdDSA x
from :: forall x. CoseCurveEdDSA -> Rep CoseCurveEdDSA x
$cto :: forall x. Rep CoseCurveEdDSA x -> CoseCurveEdDSA
to :: forall x. Rep CoseCurveEdDSA x -> CoseCurveEdDSA
Generic)

-- | An arbitrary and potentially unstable JSON encoding, only intended for
-- logging purposes. To actually encode and decode structures, use the
-- "Crypto.WebAuthn.Encoding" modules
deriving instance ToJSON CoseCurveEdDSA

-- | Returns the size of a coordinate point for a specific EdDSA curve in bytes.
coordinateSizeEdDSA :: CoseCurveEdDSA -> Int
coordinateSizeEdDSA :: CoseCurveEdDSA -> Int
coordinateSizeEdDSA CoseCurveEdDSA
CoseCurveEd25519 = Int
Ed25519.publicKeySize

-- | COSE elliptic curves that can be used with ECDSA
data CoseCurveECDSA
  = -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.1)
    -- NIST P-256 also known as secp256r1
    CoseCurveP256
  | -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.1)
    -- NIST P-384 also known as secp384r1
    CoseCurveP384
  | -- | [(spec)](https://datatracker.ietf.org/doc/html/draft-ietf-cose-rfc8152bis-algs-12#section-7.1)
    -- NIST P-521 also known as secp521r1
    CoseCurveP521
  deriving (CoseCurveECDSA -> CoseCurveECDSA -> Bool
(CoseCurveECDSA -> CoseCurveECDSA -> Bool)
-> (CoseCurveECDSA -> CoseCurveECDSA -> Bool) -> Eq CoseCurveECDSA
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: CoseCurveECDSA -> CoseCurveECDSA -> Bool
== :: CoseCurveECDSA -> CoseCurveECDSA -> Bool
$c/= :: CoseCurveECDSA -> CoseCurveECDSA -> Bool
/= :: CoseCurveECDSA -> CoseCurveECDSA -> Bool
Eq, Int -> CoseCurveECDSA -> ShowS
[CoseCurveECDSA] -> ShowS
CoseCurveECDSA -> String
(Int -> CoseCurveECDSA -> ShowS)
-> (CoseCurveECDSA -> String)
-> ([CoseCurveECDSA] -> ShowS)
-> Show CoseCurveECDSA
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> CoseCurveECDSA -> ShowS
showsPrec :: Int -> CoseCurveECDSA -> ShowS
$cshow :: CoseCurveECDSA -> String
show :: CoseCurveECDSA -> String
$cshowList :: [CoseCurveECDSA] -> ShowS
showList :: [CoseCurveECDSA] -> ShowS
Show, Int -> CoseCurveECDSA
CoseCurveECDSA -> Int
CoseCurveECDSA -> [CoseCurveECDSA]
CoseCurveECDSA -> CoseCurveECDSA
CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
CoseCurveECDSA
-> CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
(CoseCurveECDSA -> CoseCurveECDSA)
-> (CoseCurveECDSA -> CoseCurveECDSA)
-> (Int -> CoseCurveECDSA)
-> (CoseCurveECDSA -> Int)
-> (CoseCurveECDSA -> [CoseCurveECDSA])
-> (CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA])
-> (CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA])
-> (CoseCurveECDSA
    -> CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA])
-> Enum CoseCurveECDSA
forall a.
(a -> a)
-> (a -> a)
-> (Int -> a)
-> (a -> Int)
-> (a -> [a])
-> (a -> a -> [a])
-> (a -> a -> [a])
-> (a -> a -> a -> [a])
-> Enum a
$csucc :: CoseCurveECDSA -> CoseCurveECDSA
succ :: CoseCurveECDSA -> CoseCurveECDSA
$cpred :: CoseCurveECDSA -> CoseCurveECDSA
pred :: CoseCurveECDSA -> CoseCurveECDSA
$ctoEnum :: Int -> CoseCurveECDSA
toEnum :: Int -> CoseCurveECDSA
$cfromEnum :: CoseCurveECDSA -> Int
fromEnum :: CoseCurveECDSA -> Int
$cenumFrom :: CoseCurveECDSA -> [CoseCurveECDSA]
enumFrom :: CoseCurveECDSA -> [CoseCurveECDSA]
$cenumFromThen :: CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
enumFromThen :: CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
$cenumFromTo :: CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
enumFromTo :: CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
$cenumFromThenTo :: CoseCurveECDSA
-> CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
enumFromThenTo :: CoseCurveECDSA
-> CoseCurveECDSA -> CoseCurveECDSA -> [CoseCurveECDSA]
Enum, CoseCurveECDSA
CoseCurveECDSA -> CoseCurveECDSA -> Bounded CoseCurveECDSA
forall a. a -> a -> Bounded a
$cminBound :: CoseCurveECDSA
minBound :: CoseCurveECDSA
$cmaxBound :: CoseCurveECDSA
maxBound :: CoseCurveECDSA
Bounded, (forall x. CoseCurveECDSA -> Rep CoseCurveECDSA x)
-> (forall x. Rep CoseCurveECDSA x -> CoseCurveECDSA)
-> Generic CoseCurveECDSA
forall x. Rep CoseCurveECDSA x -> CoseCurveECDSA
forall x. CoseCurveECDSA -> Rep CoseCurveECDSA x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x. CoseCurveECDSA -> Rep CoseCurveECDSA x
from :: forall x. CoseCurveECDSA -> Rep CoseCurveECDSA x
$cto :: forall x. Rep CoseCurveECDSA x -> CoseCurveECDSA
to :: forall x. Rep CoseCurveECDSA x -> CoseCurveECDSA
Generic)

-- | An arbitrary and potentially unstable JSON encoding, only intended for
-- logging purposes. To actually encode and decode structures, use the
-- "Crypto.WebAuthn.Encoding" modules
deriving instance ToJSON CoseCurveECDSA

-- | Converts a 'Cose.CoseCurveECDSA' to an 'ECC.CurveName'. The inverse
-- function is 'fromCryptCurveECDSA'
toCryptCurveECDSA :: CoseCurveECDSA -> ECC.CurveName
toCryptCurveECDSA :: CoseCurveECDSA -> CurveName
toCryptCurveECDSA CoseCurveECDSA
CoseCurveP256 = CurveName
ECC.SEC_p256r1
toCryptCurveECDSA CoseCurveECDSA
CoseCurveP384 = CurveName
ECC.SEC_p384r1
toCryptCurveECDSA CoseCurveECDSA
CoseCurveP521 = CurveName
ECC.SEC_p521r1

-- | Tries to converts a 'ECC.CurveName' to an 'Cose.CoseCurveECDSA'. The inverse
-- function is 'toCryptCurveECDSA'
fromCryptCurveECDSA :: ECC.CurveName -> Either Text CoseCurveECDSA
fromCryptCurveECDSA :: CurveName -> Either Text CoseCurveECDSA
fromCryptCurveECDSA CurveName
ECC.SEC_p256r1 = CoseCurveECDSA -> Either Text CoseCurveECDSA
forall a b. b -> Either a b
Right CoseCurveECDSA
CoseCurveP256
fromCryptCurveECDSA CurveName
ECC.SEC_p384r1 = CoseCurveECDSA -> Either Text CoseCurveECDSA
forall a b. b -> Either a b
Right CoseCurveECDSA
CoseCurveP384
fromCryptCurveECDSA CurveName
ECC.SEC_p521r1 = CoseCurveECDSA -> Either Text CoseCurveECDSA
forall a b. b -> Either a b
Right CoseCurveECDSA
CoseCurveP521
fromCryptCurveECDSA CurveName
curve =
  Text -> Either Text CoseCurveECDSA
forall a b. a -> Either a b
Left (Text -> Either Text CoseCurveECDSA)
-> Text -> Either Text CoseCurveECDSA
forall a b. (a -> b) -> a -> b
$
    Text
"Curve "
      Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> String -> Text
Text.pack (CurveName -> String
forall a. Show a => a -> String
show CurveName
curve)
      Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<> Text
" is not a supported COSE ECDSA public key curve"

-- | Returns the size of a coordinate point for a specific ECDSA curve in bytes.
coordinateSizeECDSA :: CoseCurveECDSA -> Int
coordinateSizeECDSA :: CoseCurveECDSA -> Int
coordinateSizeECDSA CoseCurveECDSA
curve = Int
byteSize
  where
    bitSize :: Int
bitSize = Curve -> Int
ECC.curveSizeBits (CurveName -> Curve
ECC.getCurveByName (CoseCurveECDSA -> CurveName
toCryptCurveECDSA CoseCurveECDSA
curve))
    byteSize :: Int
byteSize = (Int
bitSize Int -> Int -> Int
forall a. Num a => a -> a -> a
+ Int
7) Int -> Int -> Int
forall a. Integral a => a -> a -> a
`div` Int
8