Expand description
§basil-cose
A strict, deterministic COSE (RFC 9052/9053) profile for basil’s sealed invocations: broker-free and publishable, shared by the basil broker, the basil client, and some basil clients.
Three constructions:
- Signed: a bare
COSE_Sign1(build_signed/verify_signed). - Sealed: a
COSE_Sign1over an embedded taggedCOSE_Encrypt(build_sealed/verify_sealed, thenVerifiedSealed::open). - Seal-only: a bare
COSE_Encrypt(build_encrypted/decode_encrypted, thenEncryptedMessage::open).
Algorithms: EdDSA (-8) or ES256 (-7, ECDSA P-256 + SHA-256) signatures,
ECDH-ES + HKDF-256 (-25) key agreement with X25519, and A256GCM (3) or
ChaCha20-Poly1305 (24) content encryption. Key material stays behind
the Signer, Verifier, and Recipient traits; nonces and
ephemerals are always generated by the library. ES256 signing is
deterministic (RFC 6979), so both signature algorithms re-sign
byte-identically.
§Strictness
Every decode entry point enforces the profile: tagged top-level
structures only, definite lengths, RFC 8949 §4.2 deterministic encodings
(checked by re-encoding the parsed message and comparing bytes, on every
decode, release builds included), closed algorithm/label allow-sets with
no Unknown arms, crit coverage of every profile label, claims only in
protected headers, and exactly one recipient.
§Claims
Claims ride in the protected header as a CWT map (header 15) plus basil
private labels (-70001..=-70005, see label). ValidationParams
parameterizes skew/TTL/audience bounds; now is injected, never sampled.
The crate is no_std + alloc and obtains production randomness through
getrandom.
Modules§
- label
- The basil private label registry and canonical label ordering.
Structs§
- Claims
- The claim set carried in a protected header (CWT map, header 15, plus the basil private labels).
- Content
Type - Content type (COSE header 3, tstr media type of
type/subtypeform). - Cose
Bytes - Complete tagged COSE bytes: the output of every build entry point.
- Ed25519
Signer - A local Ed25519 signer: a
SigningKey(ZeroizeOnDrop) plus its key id. - Ed25519
Verifier - A local Ed25519 verifier over one or more pinned public keys, looked up by key id.
- Encrypt
Params - Parameters for
build_encrypted. - Encrypted
Message - A strictly decoded (not yet opened) seal-only message.
- Es256
Signer - A local
ES256signer: a P-256SigningKeyplus its key id. - External
Aad - Caller-supplied
external_aadfor exactly one COSE layer. Empty is the explicit default, not an implicit one. - KdfParties
PartyU= message sender,PartyV= recipient, per RFC 9053 §5.1.- KeyId
- COSE
kid(bstr, 1..=128 bytes). Basil catalog names are UTF-8; other consumers may use raw byte ids. - KeyLength
Error - A private key slice was not exactly 32 bytes.
- Message
Id - CWT
cti(bstr, 1..=64 bytes, sender-unique inside the replay window). - Open
Request - Everything an opener needs, already strictly validated by the decode entry points, plus the raw encrypt bytes so a remote (broker-backed) recipient can forward them verbatim without re-encoding.
- Opened
- An opened (decrypted) message.
- P256
Verifier - A local
ES256verifier over one or more pinned P-256 public keys, looked up by key id. - Party
Identity - One party’s identity slot in the
COSE_KDF_Context(RFC 9053 §5.2). - Protected
Headers - Additional protected header values carried outside the CWT claim map.
- Request
Hash - A SHA3-256 digest of the complete tagged request bytes.
- Response
Subject - The
-70005response subject (tstr, non-empty). - Seal
Params - Parameters for
build_sealed. - Sealed
Aad - Per-layer AAD for the sealed (two-layer) construction.
- Sign
Params - Parameters for
build_signed. - Signature
- A raw signature over
Sig_structurebytes. - Subject
- CWT
iss/audsubject (tstr, non-empty). - Unix
Time - Seconds since the Unix epoch (CWT
iat/exp). - Validation
Params - Parameterized validation bounds. The broker feeds its
[invocation]config.nowis injected, never sampled internally: a broker-free crate does not own time policy. - Verified
Sealed - A verified (signature-checked, claims-validated) sealed message, not yet opened.
- Verified
Signed - A verified bare signed message.
- Verify
Sealed Params - Parameters for
verify_sealed. - Verify
Signed Params - Parameters for
verify_signed. - X25519
Recipient - A local X25519 recipient: the materialized static private key
(
Zeroizing) plus its key id. - X25519
Recipient Public - A recipient’s static X25519 public key: the seal target.
- Zeroizing
Zeroizingis a wrapper for anyZ: Zeroizetype which implements aDrophandler which zeroizes dropped values.
Enums§
- Build
Error - Why building a message failed.
- Claims
Error - Claim-set validation failures (temporal, audience, and role shape).
- Content
Algorithm - Content-encryption algorithms in the profile allow-set.
- Decode
Error - Strict-decode rejection reasons.
- KeyAgreement
Algorithm - Key-agreement algorithms in the profile allow-set.
- KeyError
- Why constructing a local key failed.
- Message
Role - Which claim shape a validator demands.
- Open
Error - Why opening (decrypting) a message failed.
- Profile
Error - An identifier newtype was constructed from out-of-range input.
- Sign
Error - Why producing a signature failed.
- Signature
Algorithm - Signature algorithms in the profile allow-set.
- Verify
Error - Why verification failed.
Traits§
- Recipient
- Opens one
COSE_Encryptaddressed tokey_id(): ECDH-ES decapsulation + HKDF-256 (COSE_KDF_Context) + content AEAD, returning zeroizing plaintext. - Signer
- Produces the signature over
Sig_structurebytes. - Verifier
- Resolves a
kidand verifies a signature.
Functions§
- build_
encrypted - Seal
plaintextto one X25519 recipient as a bare taggedCOSE_Encrypt. - build_
sealed - Build a sealed message: encrypt
plaintextto the recipient, then sign the embedded taggedCOSE_Encryptwithsigner. - build_
signed - Build a bare signed message.
- build_
signed_ with_ headers - Build a bare signed message with additional critical protected headers.
- decode_
encrypted - Strict-decode a seal-only tagged
COSE_Encrypt(no opening, no claims). - request_
hash - SHA3-256 over the complete tagged request
COSE_Sign1bytes. - verify_
sealed - Verify a sealed message.
- verify_
signed - Verify a bare signed message.