Struct aws_nitro_enclaves_cose::COSESign1

pub struct COSESign1(_, _, _, _);

Implementation of the COSE_Sign1 structure as defined in RFC8152.

The COSE_Sign1 signature structure is used when only one signature is going to be placed on a message. The parameters dealing with the content and the signature are placed in the same pair of buckets rather than having the separation of COSE_Sign.

The structure can be encoded as either tagged or untagged depending on the context it will be used in. A tagged COSE_Sign1 structure is identified by the CBOR tag 18. The CDDL fragment that represents this is:

COSE_Sign1_Tagged = #6.18(COSE_Sign1)

The CBOR object that carries the body, the signature, and the information about the body and signature is called the COSE_Sign1 structure. Examples of COSE_Sign1 messages can be found in Appendix C.2.

The COSE_Sign1 structure is a CBOR array. The fields of the array in order are:

protected: This is as described in Section 3.

unprotected: This is as described in Section 3.

payload: This is as described in Section 4.1.

signature: This field contains the computed signature value. The type of the field is a bstr.

The CDDL fragment that represents the above text for COSE_Sign1 follows.

COSE_Sign1 = [ Headers, payload : bstr / nil, signature : bstr ]

https://tools.ietf.org/html/rfc8152#section-3

Headers = ( protected : empty_or_serialized_map, unprotected : header_map )

header_map = { Generic_Headers, * label => values }

empty_or_serialized_map = bstr .cbor header_map / bstr .size 0

Generic_Headers = ( ? 1 => int / tstr, ; algorithm identifier ? 2 => [+label], ; criticality ? 3 => tstr / int, ; content type ? 4 => bstr, ; key identifier ? 5 => bstr, ; IV ? 6 => bstr, ; Partial IV ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature )

Note: Currently, the structures are not tagged, since it isn't required by the spec and the only way to achieve this is to add the token at the start of the serialized object, since the serde_cbor library doesn't support custom tags.

Implementations

impl COSESign1

pub fn new(
    payload: &[u8],
    unprotected: &HeaderMap,
    key: &EcKeyRef<Private>
) -> Result<Self, COSEError>

Creates a COSESign1 structure from the given payload and some unprotected data in the form of a HeaderMap. Signs the content with the given key using the recommedations from the spec and sets the protected part of the document to reflect the algorithm used.

pub fn as_bytes(&self, _tagged: bool) -> Result<Vec<u8>, COSEError>

Serializes the structure for transport / storage. tagged is currently unused, but it will be used to set the #6.18 tag on the object as allowed by the spec.

pub fn from_bytes(bytes: &[u8]) -> Result<Self, COSEError>

This function deserializes the structure, but doesn't check the contents for correctness at all.

pub fn verify_signature(
    &self,
    key: &EcKeyRef<Public>
) -> Result<bool, COSEError>

This checks the signature included in the structure against the given public key and returns true if the signature matches the given key.

pub fn get_payload(
    &self,
    key: Option<&EcKeyRef<Public>>
) -> Result<Vec<u8>, COSEError>

This gets the payload of the document. If key is provided, it only gets the payload if the signature is correctly verified, otherwise returns Err(COSEError::UnverifiedSignature).

Trait Implementations

impl Clone for COSESign1

fn clone(&self) -> COSESign1

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for COSESign1

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for COSESign1

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Serialize for COSESign1

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.