Skip to content

Class swarmauri_cipher_suite_webauthn.WebAuthnCipherSuite.WebAuthnCipherSuite

swarmauri_cipher_suite_webauthn.WebAuthnCipherSuite.WebAuthnCipherSuite

Bases: CipherSuiteBase

COSE subset tailored for WebAuthn / FIDO2.

suite_id

suite_id()
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
23
24
def suite_id(self) -> str:
    return "webauthn"

supports

supports()
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
26
27
def supports(self) -> Mapping[CipherOp, Iterable[Alg]]:
    return {"sign": _FIDO_COSE, "verify": _FIDO_COSE}

default_alg

default_alg(op, *, for_key=None)
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
29
30
def default_alg(self, op: CipherOp, *, for_key: Optional[KeyRef] = None) -> Alg:
    return "-7"

features

features()
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
32
33
34
35
36
37
38
39
40
41
42
def features(self) -> Features:
    return {
        "suite": "webauthn",
        "version": 1,
        "dialects": {"cose": list(_FIDO_COSE), "fido2": list(_FIDO_COSE)},
        "ops": {"sign": {"default": "-7", "allowed": list(_FIDO_COSE)}},
        "constraints": {
            "attestation_formats": ["packed", "tpm", "android-safetynet", "apple"]
        },
        "compliance": {"fips": False},
    }

normalize

normalize(
    *, op, alg=None, key=None, params=None, dialect=None
)
Source code in swarmauri_cipher_suite_webauthn/WebAuthnCipherSuite.py
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
def normalize(
    self,
    *,
    op: CipherOp,
    alg: Optional[Alg] = None,
    key: Optional[KeyRef] = None,
    params: Optional[ParamMapping] = None,
    dialect: Optional[str] = None,
) -> NormalizedDescriptor:
    allowed = set(self.supports().get(op, ()))
    chosen = str(alg or self.default_alg(op))
    if chosen not in allowed:
        raise ValueError(f"{chosen=} not allowed for {op=} in WebAuthn")

    return {
        "op": op,
        "alg": chosen,
        "dialect": "cose" if dialect is None else dialect,
        "mapped": {"cose": int(chosen), "fido2": chosen, "provider": chosen},
        "params": dict(params or {}),
        "constraints": {},
        "policy": self.policy(),
    }