Bases: CipherSuiteBase
COSE subset tailored for WebAuthn / FIDO2.
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
| def suite_id(self) -> str:
return "webauthn"
|
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
| def supports(self) -> Mapping[CipherOp, Iterable[Alg]]:
return {"sign": _FIDO_COSE, "verify": _FIDO_COSE}
|
default_alg(op, *, for_key=None)
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
| def default_alg(self, op: CipherOp, *, for_key: Optional[KeyRef] = None) -> Alg:
return "-7"
|
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
32
33
34
35
36
37
38
39
40
41
42 | def features(self) -> Features:
return {
"suite": "webauthn",
"version": 1,
"dialects": {"cose": list(_FIDO_COSE), "fido2": list(_FIDO_COSE)},
"ops": {"sign": {"default": "-7", "allowed": list(_FIDO_COSE)}},
"constraints": {
"attestation_formats": ["packed", "tpm", "android-safetynet", "apple"]
},
"compliance": {"fips": False},
}
|
normalize(
*, op, alg=None, key=None, params=None, dialect=None
)
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66 | def normalize(
self,
*,
op: CipherOp,
alg: Optional[Alg] = None,
key: Optional[KeyRef] = None,
params: Optional[ParamMapping] = None,
dialect: Optional[str] = None,
) -> NormalizedDescriptor:
allowed = set(self.supports().get(op, ()))
chosen = str(alg or self.default_alg(op))
if chosen not in allowed:
raise ValueError(f"{chosen=} not allowed for {op=} in WebAuthn")
return {
"op": op,
"alg": chosen,
"dialect": "cose" if dialect is None else dialect,
"mapped": {"cose": int(chosen), "fido2": chosen, "provider": chosen},
"params": dict(params or {}),
"constraints": {},
"policy": self.policy(),
}
|