cose/

headers.rs

//! Module to build COSE message headers (protected and unprotected).
use crate::agent::CoseAgent;
use crate::algs::HASH_ALGS;
use crate::algs::{thumbprint, verify_chain, verify_thumbprint};
use crate::common;
use crate::errors::{CoseError, CoseField, CoseResult, CoseResultWithRet};
use crate::keys;
use cbor::{types::Type, Config, Decoder, Encoder};
use std::io::Cursor;

// Common headers
pub const SALT: i32 = -20;
pub const ALG: i32 = 1;
pub const CRIT: i32 = 2;
pub const CONTENT_TYPE: i32 = 3;
pub const KID: i32 = 4;
pub const IV: i32 = 5;
pub const PARTIAL_IV: i32 = 6;
pub const COUNTER_SIG: i32 = 7;

// Key Distribution headers
pub const PARTY_U_IDENTITY: i32 = -21;
pub const PARTY_U_NONCE: i32 = -22;
pub const PARTY_U_OTHER: i32 = -23;
pub const PARTY_V_IDENTITY: i32 = -24;
pub const PARTY_V_NONCE: i32 = -25;
pub const PARTY_V_OTHER: i32 = -26;

// ECDH KEY AGREEMENT headers
pub const EPHEMERAL_KEY: i32 = -1;
pub const STATIC_KEY: i32 = -2;
pub const STATIC_KEY_ID: i32 = -3;
const UINT: [Type; 4] = [Type::UInt16, Type::UInt32, Type::UInt64, Type::UInt8];

// X5
pub const X5BAG: i32 = 32;
pub const X5CHAIN: i32 = 33;
pub const X5T: i32 = 34;
pub const X5U: i32 = 35;
pub const X5T_SENDER: i32 = -27;
pub const X5U_SENDER: i32 = -28;
pub const X5CHAIN_SENDER: i32 = -29;

/// Enum for allowing content-type to be either a `String` or a `u32` label.
#[derive(Clone, Debug)]
pub enum ContentTypeTypes {
    Uint(u32),
    Tstr(String),
}

/// Structure for COSE message headers.
#[derive(Clone)]
pub struct CoseHeader {
    /// List of labels to be included in the protected header.
    pub protected: Vec<i32>,
    /// List of labels to be included in the unprotected header.
    pub unprotected: Vec<i32>,
    /// COSE Algorithm.
    pub alg: Option<i32>,
    /// List of critical header labels.
    pub crit: Vec<i32>,
    /// COSE content-type.
    pub content_type: Option<ContentTypeTypes>,
    /// COSE Key ID.
    pub kid: Option<Vec<u8>>,
    /// Initialization Vector.
    pub iv: Option<Vec<u8>>,
    /// Partial Initialization Vector.
    pub partial_iv: Option<Vec<u8>>,
    /// Salt for the key agreement algorithms.
    pub salt: Option<Vec<u8>>,
    /// List of COSE counter signatures.
    pub counters: Vec<CoseAgent>,
    /// PartyU identity for key agreement.
    pub party_u_identity: Option<Vec<u8>>,
    /// PartyU nonce for key agreement.
    pub party_u_nonce: Option<Vec<u8>>,
    /// PartyU other information for key agreement.
    pub party_u_other: Option<Vec<u8>>,
    /// PartyV identity for key agreement.
    pub party_v_identity: Option<Vec<u8>>,
    /// PartyV nonce for key agreement.
    pub party_v_nonce: Option<Vec<u8>>,
    /// PartyV other information for key agreement.
    pub party_v_other: Option<Vec<u8>>,
    /// SuppPubInfo other
    pub pub_other: Option<Vec<u8>>,
    /// SuppPrivInfo
    pub priv_info: Option<Vec<u8>>,
    /// ECDH key of the message sender.
    pub ecdh_key: keys::CoseKey,
    /// Static COSE ECDH key ID of the message sender.
    pub static_kid: Option<Vec<u8>>,
    /// X509 bag of certificates.
    pub x5bag: Option<Vec<Vec<u8>>>,
    /// X509 chain of certificates.
    pub x5chain: Option<Vec<Vec<u8>>>,
    /// End-entity x509 thumbprint.
    pub x5t: Option<Vec<u8>>,
    /// End-entity x509 thumbprint Hash algorithm.
    pub x5t_alg: Option<i32>,
    /// X509 URI.
    pub x5u: Option<String>,
    /// x509 sender ECDH thumbprint.
    pub x5t_sender: Option<Vec<u8>>,
    /// x509 sender ECDH thumbprint algorithm.
    pub x5t_sender_alg: Option<i32>,
    /// X509 ECDH sender URI.
    pub x5u_sender: Option<String>,
    /// x509 chain of certificates sender ECDH.
    pub x5chain_sender: Option<Vec<Vec<u8>>>,
    /// x509 private key.
    pub x5_private: Vec<u8>,
    pub(crate) labels_found: Vec<i32>,
}

impl CoseHeader {
    /// Creates empty CoseHeader structure.
    pub fn new() -> CoseHeader {
        CoseHeader {
            labels_found: Vec::new(),
            unprotected: Vec::new(),
            protected: Vec::new(),
            counters: Vec::new(),
            crit: Vec::new(),
            content_type: None,
            partial_iv: None,
            salt: None,
            alg: None,
            kid: None,
            iv: None,
            party_u_identity: None,
            party_v_identity: None,
            party_u_nonce: None,
            party_v_nonce: None,
            party_u_other: None,
            party_v_other: None,
            pub_other: None,
            priv_info: None,
            static_kid: None,
            x5bag: None,
            x5chain: None,
            x5t: None,
            x5_private: Vec::new(),
            x5t_alg: None,
            x5u: None,
            x5t_sender: None,
            x5t_sender_alg: None,
            x5chain_sender: None,
            x5u_sender: None,
            ecdh_key: keys::CoseKey::new(),
        }
    }

    pub(crate) fn remove_label(&mut self, label: i32) {
        self.unprotected.retain(|&x| x != label);
        self.protected.retain(|&x| x != label);
        self.crit.retain(|&x| x != label);
    }

    fn reg_label(&mut self, label: i32, prot: bool, crit: bool) {
        self.remove_label(label);
        if prot {
            self.protected.push(label);
        } else {
            self.unprotected.push(label);
        }
        if crit && !self.crit.contains(&label) {
            self.crit.push(label);
        }
    }

    /// Adds algorithm to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn alg(&mut self, alg: i32, prot: bool, crit: bool) {
        self.reg_label(ALG, prot, crit);
        self.alg = Some(alg);
    }

    /// Adds Key ID to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn kid(&mut self, kid: Vec<u8>, prot: bool, crit: bool) {
        self.reg_label(KID, prot, crit);
        self.kid = Some(kid);
    }

    /// Adds Initialization Vector to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn iv(&mut self, iv: Vec<u8>, prot: bool, crit: bool) {
        self.remove_label(PARTIAL_IV);
        self.partial_iv = None;
        self.reg_label(IV, prot, crit);
        self.iv = Some(iv);
    }

    /// Adds Partial Initialization Vector to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn partial_iv(&mut self, partial_iv: Vec<u8>, prot: bool, crit: bool) {
        self.remove_label(IV);
        self.iv = None;
        self.reg_label(PARTIAL_IV, prot, crit);
        self.partial_iv = Some(partial_iv);
    }

    /// Adds salt to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn salt(&mut self, salt: Vec<u8>, prot: bool, crit: bool) {
        self.reg_label(SALT, prot, crit);
        self.salt = Some(salt);
    }

    /// Adds content-type to the header, this can either be a text string or `u32`.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn content_type(&mut self, content_type: ContentTypeTypes, prot: bool, crit: bool) {
        self.reg_label(CONTENT_TYPE, prot, crit);
        self.content_type = Some(content_type);
    }

    /// Adds a Party identity to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn party_identity(
        &mut self,
        identity: Vec<u8>,
        prot: bool,
        crit: bool,
        u: bool,
        include: bool,
    ) {
        if u {
            if include {
                self.reg_label(PARTY_U_IDENTITY, prot, crit);
            }
            self.party_u_identity = Some(identity);
        } else {
            if include {
                self.reg_label(PARTY_V_IDENTITY, prot, crit);
            }
            self.party_v_identity = Some(identity);
        }
    }

    /// Adds a Party nonce to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn party_nonce(&mut self, nonce: Vec<u8>, prot: bool, crit: bool, u: bool) {
        if u {
            self.reg_label(PARTY_U_NONCE, prot, crit);
            self.party_u_nonce = Some(nonce);
        } else {
            self.reg_label(PARTY_V_NONCE, prot, crit);
            self.party_v_nonce = Some(nonce);
        }
    }

    /// Adds a Party Other information to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn party_other(&mut self, other: Vec<u8>, prot: bool, crit: bool, u: bool) {
        if u {
            self.reg_label(PARTY_U_OTHER, prot, crit);
            self.party_u_other = Some(other);
        } else {
            self.reg_label(PARTY_V_OTHER, prot, crit);
            self.party_v_other = Some(other);
        }
    }

    /// Adds other to SuppPubInfo to the message.
    pub fn pub_other(&mut self, other: Vec<u8>) {
        self.pub_other = Some(other);
    }

    /// Adds SuppPrivInfo to the message.
    pub fn priv_info(&mut self, info: Vec<u8>) {
        self.priv_info = Some(info);
    }

    /// Adds a X509 bag of certificates.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5bag(&mut self, x5bag: Vec<Vec<u8>>, prot: bool, crit: bool) {
        self.reg_label(X5BAG, prot, crit);
        self.x5bag = Some(x5bag);
    }

    /// Adds a X509 chain of certificates.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5chain(&mut self, x5chain: Vec<Vec<u8>>, prot: bool, crit: bool) {
        self.reg_label(X5CHAIN, prot, crit);
        self.x5chain = Some(x5chain);
    }

    /// Adds a X509 certificate URI.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5u(&mut self, x5u: String, prot: bool, crit: bool) {
        self.reg_label(X5U, prot, crit);
        self.x5u = Some(x5u);
    }

    /// Adds sender X509 chain of certificates for ECDH.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5chain_sender(&mut self, x5chain: Vec<Vec<u8>>, prot: bool, crit: bool) {
        self.remove_label(EPHEMERAL_KEY);
        self.remove_label(STATIC_KEY_ID);
        self.remove_label(STATIC_KEY);
        self.reg_label(X5CHAIN_SENDER, prot, crit);
        self.x5chain_sender = Some(x5chain);
    }

    /// Compute and add X509 thumbprint, by providing x509 certificate and the algorithm ID to be
    /// used.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5t(&mut self, x5: Vec<u8>, alg: i32, prot: bool, crit: bool) -> CoseResult {
        if !HASH_ALGS.contains(&alg) {
            return Err(CoseError::Invalid(CoseField::Alg));
        }
        self.reg_label(X5T, prot, crit);
        self.x5t = Some(x5);
        self.x5t_alg = Some(alg);
        Ok(())
    }

    /// Adds sender X509 private key in DER format, to be used when encoding a message with ECDH.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5_private(&mut self, x5: Vec<u8>) {
        self.x5_private = x5;
    }

    /// Compute and add X509 sender thumbprint for ECDH, by providing x509 certificate and the algorithm ID to be
    /// used.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5t_sender(&mut self, x5: Vec<u8>, alg: i32, prot: bool, crit: bool) -> CoseResult {
        if !HASH_ALGS.contains(&alg) {
            return Err(CoseError::Invalid(CoseField::Alg));
        }
        self.reg_label(X5T_SENDER, prot, crit);
        self.x5t_sender = Some(thumbprint(&x5, &alg)?);
        self.x5t_sender_alg = Some(alg);
        Ok(())
    }

    /// Adds sender X509 certificate URI.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    /// `u` parameter is used to specify if this is for PartyU or not (PartyV).
    pub fn x5u_sender(&mut self, x5u: String, prot: bool, crit: bool) {
        self.reg_label(X5U_SENDER, prot, crit);
        self.x5u_sender = Some(x5u);
    }

    /// Adds an Ephemeral ECDH COSE Key to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn ephemeral_key(&mut self, key: keys::CoseKey, prot: bool, crit: bool) {
        self.remove_label(X5T_SENDER);
        self.remove_label(STATIC_KEY_ID);
        self.remove_label(STATIC_KEY);
        self.static_kid = None;
        self.reg_label(EPHEMERAL_KEY, prot, crit);
        self.ecdh_key = key;
    }

    /// Adds an Static ECDH COSE Key to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn static_key(&mut self, key: keys::CoseKey, prot: bool, crit: bool) {
        self.remove_label(X5T_SENDER);
        self.remove_label(STATIC_KEY_ID);
        self.remove_label(EPHEMERAL_KEY);
        self.static_kid = None;
        self.reg_label(STATIC_KEY, prot, crit);
        self.ecdh_key = key;
    }

    /// Adds an Static ECDH COSE Key ID to the header.
    ///
    /// `prot` parameter is used to specify if it is to be included in protected header or not.
    /// `crit` parameter is used to specify if this is a critical label.
    pub fn static_key_id(&mut self, kid: Vec<u8>, key: keys::CoseKey, prot: bool, crit: bool) {
        self.remove_label(X5T_SENDER);
        self.remove_label(STATIC_KEY);
        self.remove_label(EPHEMERAL_KEY);
        self.reg_label(STATIC_KEY_ID, prot, crit);
        self.ecdh_key = key;
        self.static_kid = Some(kid);
    }

    /// Adds an ECDH COSE Key to the header structure (It will not be included in encoding).
    ///
    /// This is meant to be used when decoding a message that uses static kid.
    pub fn ecdh_key(&mut self, key: keys::CoseKey) {
        self.ecdh_key = key;
    }

    pub(crate) fn encode_unprotected(&mut self, encoder: &mut Encoder<Vec<u8>>) -> CoseResult {
        encoder.object(self.unprotected.len())?;
        for i in 0..self.unprotected.len() {
            if !self.labels_found.contains(&self.unprotected[i]) {
                self.labels_found.push(self.unprotected[i]);
            } else {
                return Err(CoseError::DuplicateLabel(self.unprotected[i]));
            };
            encoder.i32(self.unprotected[i])?;
            self.encode_label(self.unprotected[i], encoder, false)?;
        }
        Ok(())
    }

    pub(crate) fn get_protected_bstr(&mut self, verify_label: bool) -> CoseResultWithRet<Vec<u8>> {
        let mut ph_bstr = Vec::new();
        let mut encoder = Encoder::new(Vec::new());
        let prot_len = self.protected.len();
        let crit_len = self.crit.len();
        if crit_len > 0 || prot_len > 0 {
            if crit_len > 0 {
                encoder.object(prot_len + 1)?;
                encoder.i32(CRIT)?;
                encoder.array(crit_len)?;
                for i in &self.crit {
                    encoder.i32(*i)?;
                }
            } else {
                encoder.object(prot_len)?;
            }
            for i in 0..self.protected.len() {
                if verify_label {
                    if !self.labels_found.contains(&self.protected[i]) {
                        self.labels_found.push(self.protected[i]);
                    } else {
                        return Err(CoseError::DuplicateLabel(self.protected[i]));
                    };
                }
                encoder.i32(self.protected[i])?;
                self.encode_label(self.protected[i], &mut encoder, true)?;
            }
            ph_bstr = encoder.into_writer().to_vec();
        }
        Ok(ph_bstr)
    }

    pub(crate) fn decode_unprotected(
        &mut self,
        decoder: &mut Decoder<Cursor<Vec<u8>>>,
        is_counter_sig: bool,
    ) -> CoseResult {
        let unprot_len = decoder.object()?;
        self.unprotected = Vec::new();
        for _ in 0..unprot_len {
            let label = decoder.i32()?;
            if !self.labels_found.contains(&label) {
                self.labels_found.push(label);
            } else {
                return Err(CoseError::DuplicateLabel(label));
            }
            self.decode_label(label, decoder, false, is_counter_sig)?;
        }
        Ok(())
    }

    pub(crate) fn decode_protected_bstr(&mut self, ph_bstr: &Vec<u8>) -> CoseResult {
        let mut decoder = Decoder::new(Config::default(), Cursor::new(ph_bstr.clone()));
        let prot_len = decoder.object()?;
        self.protected = Vec::new();
        for _ in 0..prot_len {
            let label = decoder.i32()?;
            if !self.labels_found.contains(&label) {
                self.labels_found.push(label);
            } else {
                return Err(CoseError::DuplicateLabel(label));
            };
            self.decode_label(label, &mut decoder, true, false)?;
        }
        Ok(())
    }

    fn encode_label(
        &mut self,
        label: i32,
        encoder: &mut Encoder<Vec<u8>>,
        protected: bool,
    ) -> CoseResult {
        match label {
            ALG => {
                encoder.i32(self.alg.ok_or(CoseError::Missing(CoseField::Alg))?)?;
            }
            KID => {
                encoder.bytes(
                    &self
                        .kid
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::Kid))?,
                )?;
            }
            IV => {
                encoder.bytes(&self.iv.as_ref().ok_or(CoseError::Missing(CoseField::Iv))?)?;
            }
            PARTIAL_IV => {
                encoder.bytes(
                    &self
                        .partial_iv
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::PartialIv))?,
                )?;
            }
            SALT => {
                encoder.bytes(
                    &self
                        .salt
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::Salt))?,
                )?;
            }
            CONTENT_TYPE => {
                match &self
                    .content_type
                    .as_ref()
                    .ok_or(CoseError::Missing(CoseField::ContentType))?
                {
                    ContentTypeTypes::Uint(v) => encoder.u32(*v)?,
                    ContentTypeTypes::Tstr(v) => encoder.text(v)?,
                }
            }
            PARTY_U_IDENTITY => {
                encoder.bytes(
                    &self
                        .party_u_identity
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::PartyUIdentity))?,
                )?;
            }
            PARTY_U_NONCE => {
                encoder.bytes(
                    &self
                        .party_u_nonce
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::PartyUNonce))?,
                )?;
            }
            PARTY_U_OTHER => {
                encoder.bytes(
                    &self
                        .party_u_other
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::PartyUOther))?,
                )?;
            }
            PARTY_V_IDENTITY => {
                encoder.bytes(
                    &self
                        .party_v_identity
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::PartyVIdentity))?,
                )?;
            }
            PARTY_V_NONCE => {
                encoder.bytes(
                    &self
                        .party_v_nonce
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::PartyVNonce))?,
                )?;
            }
            PARTY_V_OTHER => {
                encoder.bytes(
                    &self
                        .party_v_other
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::PartyVOther))?,
                )?;
            }
            X5BAG | X5CHAIN | X5CHAIN_SENDER => {
                let x5;
                if label == X5BAG {
                    x5 = self
                        .x5bag
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::X5Bag))?;
                } else if label == X5CHAIN {
                    x5 = self
                        .x5chain
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::X5Chain))?;
                } else {
                    x5 = self
                        .x5chain_sender
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::X5ChainSender))?;
                }
                let x5_len = x5.len();
                if x5_len > 0 {
                    if x5_len == 1 {
                        encoder.bytes(&x5[0])?;
                    } else {
                        if label != X5BAG {
                            verify_chain(&x5)?;
                        }
                        encoder.array(x5_len)?;
                        for x in x5 {
                            encoder.bytes(x)?;
                        }
                    }
                }
            }
            X5T => {
                let x5t = self
                    .x5t
                    .as_ref()
                    .ok_or(CoseError::Missing(CoseField::X5T))?;
                let x5t_alg = self.x5t_alg.ok_or(CoseError::Missing(CoseField::X5TAlg))?;
                if self.x5chain != None {
                    verify_thumbprint(&self.x5chain.as_ref().unwrap()[0].clone(), &x5t, &x5t_alg)?;
                }
                encoder.array(2)?;
                encoder.i32(x5t_alg)?;
                encoder.bytes(x5t)?;
            }
            X5T_SENDER => {
                let x5t_sender = self
                    .x5t_sender
                    .as_ref()
                    .ok_or(CoseError::Missing(CoseField::X5TSender))?;
                let x5t_sender_alg = self
                    .x5t_sender_alg
                    .ok_or(CoseError::Missing(CoseField::X5TSenderAlg))?;
                if self.x5chain_sender != None {
                    verify_thumbprint(
                        &self.x5chain_sender.as_ref().unwrap()[0].clone(),
                        &x5t_sender,
                        &x5t_sender_alg,
                    )?;
                }
                encoder.array(2)?;
                encoder.i32(x5t_sender_alg)?;
                encoder.bytes(x5t_sender)?;
            }
            X5U => {
                encoder.text(
                    self.x5u
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::X5U))?,
                )?;
            }
            X5U_SENDER => {
                encoder.text(
                    self.x5u_sender
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::X5USender))?,
                )?;
            }
            EPHEMERAL_KEY | STATIC_KEY => {
                let mut encode_ecdh = self.ecdh_key.clone();
                encode_ecdh.remove_label(keys::D);
                encode_ecdh.d = None;
                if label == EPHEMERAL_KEY {
                    encode_ecdh.remove_label(keys::KID);
                    encode_ecdh.kid = None;
                }
                encode_ecdh.encode_key(encoder)?;
            }
            STATIC_KEY_ID => {
                encoder.bytes(
                    &self
                        .static_kid
                        .as_ref()
                        .ok_or(CoseError::Missing(CoseField::StaticKid))?,
                )?;
            }
            COUNTER_SIG if !protected => {
                if self.counters.len() > 1 {
                    encoder.array(self.counters.len())?;
                }
                for counter in &mut self.counters {
                    counter.encode(encoder)?;
                }
            }
            _ => {
                return Err(CoseError::InvalidLabel(label));
            }
        }
        Ok(())
    }

    fn decode_label(
        &mut self,
        label: i32,
        decoder: &mut Decoder<Cursor<Vec<u8>>>,
        protected: bool,
        is_counter_sig: bool,
    ) -> CoseResult {
        if protected {
            self.protected.push(label);
        } else {
            self.unprotected.push(label);
        }
        match label {
            ALG => {
                let type_info = decoder.kernel().typeinfo()?;
                if type_info.0 == Type::Text {
                    self.alg = Some(common::get_alg_id(
                        std::str::from_utf8(
                            &decoder.kernel().raw_data(type_info.1, common::MAX_BYTES)?,
                        )
                        .unwrap()
                        .to_string(),
                    )?);
                } else if common::CBOR_NUMBER_TYPES.contains(&type_info.0) {
                    self.alg = Some(decoder.kernel().i32(&type_info)?);
                } else {
                    return Err(CoseError::InvalidCoseStructure());
                }
            }
            CRIT if protected => {
                self.crit = Vec::new();
                for _ in 0..decoder.array()? {
                    self.crit.push(decoder.i32()?);
                }
            }
            CONTENT_TYPE => {
                let type_info = decoder.kernel().typeinfo()?;
                if type_info.0 == Type::Text {
                    self.content_type = Some(ContentTypeTypes::Tstr(
                        std::str::from_utf8(
                            &decoder.kernel().raw_data(type_info.1, common::MAX_BYTES)?,
                        )
                        .unwrap()
                        .to_string(),
                    ));
                } else if UINT.contains(&type_info.0) {
                    self.content_type =
                        Some(ContentTypeTypes::Uint(decoder.kernel().u32(&type_info)?));
                } else {
                    return Err(CoseError::InvalidCoseStructure());
                }
            }
            KID => {
                let type_info = decoder.kernel().typeinfo()?;
                if type_info.0 == Type::Bytes {
                    self.kid = Some(decoder.kernel().raw_data(type_info.1, common::MAX_BYTES)?);
                } else if type_info.0 == Type::Text {
                    self.kid = Some(decoder.kernel().raw_data(type_info.1, common::MAX_BYTES)?);
                } else {
                    return Err(CoseError::InvalidCoseStructure());
                }
            }
            IV => {
                self.iv = Some(decoder.bytes()?.to_vec());
            }
            SALT => {
                self.salt = Some(decoder.bytes()?.to_vec());
            }
            PARTY_U_IDENTITY => {
                self.party_u_identity = Some(decoder.bytes()?.to_vec());
            }
            PARTY_U_NONCE => {
                self.party_u_nonce = match decoder.bytes() {
                    Ok(value) => Some(value),
                    Err(ref err) => match err {
                        cbor::decoder::DecodeError::UnexpectedType { datatype, info: _ } => {
                            if *datatype == Type::Bool {
                                None
                            } else {
                                return Err(CoseError::InvalidCoseStructure());
                            }
                        }
                        _ => {
                            return Err(CoseError::InvalidCoseStructure());
                        }
                    },
                };
            }
            PARTY_U_OTHER => {
                self.party_u_other = Some(decoder.bytes()?.to_vec());
            }
            PARTY_V_IDENTITY => {
                self.party_v_identity = Some(decoder.bytes()?.to_vec());
            }
            PARTY_V_NONCE => {
                self.party_v_nonce = match decoder.bytes() {
                    Ok(value) => Some(value),
                    Err(ref err) => match err {
                        cbor::decoder::DecodeError::UnexpectedType { datatype, info: _ } => {
                            if *datatype == Type::Bool {
                                None
                            } else {
                                return Err(CoseError::InvalidCoseStructure());
                            }
                        }
                        _ => {
                            return Err(CoseError::InvalidCoseStructure());
                        }
                    },
                };
            }
            PARTY_V_OTHER => {
                self.party_v_other = Some(decoder.bytes()?.to_vec());
            }
            PARTIAL_IV => {
                self.partial_iv = Some(decoder.bytes()?.to_vec());
            }
            X5BAG | X5CHAIN | X5CHAIN_SENDER => {
                let type_info = decoder.kernel().typeinfo()?;
                if type_info.0 == Type::Array {
                    let x5_len = type_info.1;
                    let mut x5 = Vec::new();
                    for _ in 0..x5_len {
                        x5.push(decoder.bytes()?.to_vec());
                    }
                    if label == X5BAG {
                        self.x5bag = Some(x5);
                    } else if label == X5CHAIN {
                        verify_chain(&x5)?;
                        self.x5chain = Some(x5);
                    } else {
                        verify_chain(&x5)?;
                        self.x5chain_sender = Some(x5);
                    }
                } else if type_info.0 == Type::Bytes {
                    let x5 = Some(vec![decoder
                        .kernel()
                        .raw_data(type_info.1, common::MAX_BYTES)?]);
                    if label == X5BAG {
                        self.x5bag = x5;
                    } else if label == X5CHAIN {
                        self.x5chain = x5;
                    } else {
                        self.x5chain_sender = x5;
                    }
                } else {
                    return Err(CoseError::InvalidCoseStructure());
                }
            }
            X5T | X5T_SENDER => {
                if decoder.array()? != 2 {
                    return Err(CoseError::InvalidCoseStructure());
                }
                let type_info = decoder.kernel().typeinfo()?;
                let x5t_alg;
                if type_info.0 == Type::Text {
                    x5t_alg = Some(common::get_alg_id(
                        std::str::from_utf8(
                            &decoder.kernel().raw_data(type_info.1, common::MAX_BYTES)?,
                        )
                        .unwrap()
                        .to_string(),
                    )?);
                } else if common::CBOR_NUMBER_TYPES.contains(&type_info.0) {
                    x5t_alg = Some(decoder.kernel().i32(&type_info)?);
                } else {
                    return Err(CoseError::InvalidCoseStructure());
                }
                let x5t = Some(decoder.bytes()?);
                if label == X5T {
                    if self.x5chain != None {
                        verify_thumbprint(
                            &self.x5chain.as_ref().unwrap()[0].clone(),
                            &x5t.as_ref().unwrap(),
                            &x5t_alg.as_ref().unwrap(),
                        )?;
                    }
                    self.x5t = x5t;
                    self.x5t_alg = x5t_alg;
                } else {
                    if self.x5chain_sender != None {
                        verify_thumbprint(
                            &self.x5chain_sender.as_ref().unwrap()[0].clone(),
                            &x5t.as_ref().unwrap(),
                            &x5t_alg.as_ref().unwrap(),
                        )?;
                    }
                    self.x5t_sender = x5t;
                    self.x5t_sender_alg = x5t_alg;
                }
            }
            X5U => {
                self.x5u = Some(decoder.text()?);
            }
            X5U_SENDER => {
                self.x5u_sender = Some(decoder.text()?);
            }
            EPHEMERAL_KEY => {
                if [X5CHAIN_SENDER, STATIC_KEY, STATIC_KEY_ID]
                    .iter()
                    .any(|i| self.labels_found.contains(i))
                {
                    return Err(CoseError::InvalidCoseStructure());
                }
                self.ecdh_key.decode_key(decoder)?;
            }
            STATIC_KEY => {
                if [X5CHAIN_SENDER, EPHEMERAL_KEY, STATIC_KEY_ID]
                    .iter()
                    .any(|i| self.labels_found.contains(i))
                {
                    return Err(CoseError::InvalidCoseStructure());
                }
                self.ecdh_key.decode_key(decoder)?;
            }
            STATIC_KEY_ID => {
                if [X5CHAIN_SENDER, EPHEMERAL_KEY, STATIC_KEY]
                    .iter()
                    .any(|i| self.labels_found.contains(i))
                {
                    return Err(CoseError::InvalidCoseStructure());
                }
                self.static_kid = Some(decoder.bytes()?.to_vec());
            }
            COUNTER_SIG if !is_counter_sig => {
                let mut counter = CoseAgent::new_counter_sig();
                let n = decoder.array()?;
                let mut n1 = 0;
                match decoder.bytes() {
                    Ok(value) => {
                        counter.ph_bstr = value;
                    }
                    Err(ref err) => match err {
                        cbor::decoder::DecodeError::UnexpectedType { datatype, info } => {
                            if *datatype == Type::Array {
                                n1 = *info;
                            }
                        }
                        _ => {
                            return Err(CoseError::InvalidCoseStructure());
                        }
                    },
                };
                if n1 == 0 && n == 3 {
                    counter.decode(decoder)?;
                    self.counters.push(counter);
                } else {
                    counter.ph_bstr = decoder.bytes()?;
                    counter.decode(decoder)?;
                    self.counters.push(counter);
                    for _ in 1..n {
                        counter = CoseAgent::new_counter_sig();
                        decoder.array()?;
                        counter.ph_bstr = decoder.bytes()?;
                        counter.decode(decoder)?;
                        self.counters.push(counter);
                    }
                }
            }
            _ => {
                return Err(CoseError::InvalidLabel(label));
            }
        }
        Ok(())
    }

    /// Method that returns a copy of all counter signatures with the key ID provided
    pub fn get_counter(&self, kid: &Vec<u8>) -> CoseResultWithRet<Vec<usize>> {
        let mut counters: Vec<usize> = Vec::new();
        for i in 0..self.counters.len() {
            if self.counters[i]
                .header
                .kid
                .as_ref()
                .ok_or(CoseError::Missing(CoseField::Kid))?
                == kid
            {
                counters.push(i);
            }
        }
        Ok(counters)
    }
}