cose/
lib.rs

1//! CBOR Object Signing and Encryption, COSE ([RFC 8152](https://tools.ietf.org/html/rfc8152)), implementation for Rust.
2//!
3//! This library offers a set of methods and structures to help encoding/decoding a COSE message,
4//! including the respective cryptographic operations with the given parameters.
5//!
6//! The cryptographic functions used in this library are from the
7//! [rust-openssl](https://crates.io/crates/openssl) and [rand](https://crates.io/crates/rand) crates and
8//! the CBOR encoding/decoding methods are from the
9//! [cbor-codec](https://twittner.gitlab.io/cbor-codec/cbor/) crate.
10//!
11//! # Examples
12//!
13//! The following examples, demonstrate how to encode and decode COSE messages in different types without
14//! the recipients/signers bucket. Examples with the recipients/signers bucket can be found in the modules
15//! [message](message/index.html) and [agent](agent/index.html).
16//!
17//! ## cose-sign1
18//!
19//! ### Encode cose-sign1 message
20//! ```
21//! use cose::message::CoseMessage;
22//! use cose::keys;
23//! use cose::algs;
24//! use hex;
25//!
26//! fn main() {
27//!     let msg = b"This is the content.".to_vec();
28//!     let kid = vec![49, 49];
29//!
30//!     let mut signer = CoseMessage::new_sign();
31//!
32//!     // Prepare cose-key
33//!     let mut key = keys::CoseKey::new();
34//!     key.kty(keys::EC2);
35//!     key.alg(algs::ES256);
36//!     key.crv(keys::P_256);
37//!     key.d(hex::decode("57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3").unwrap());
38//!
39//!     // Prepare cose-sign1 parameters
40//!     signer.header.alg(algs::ES256, true, false);
41//!     signer.header.kid(kid, true, false);
42//!     signer.payload(msg);
43//!     signer.key(&key).unwrap();
44//!
45//!     // Generate the signature
46//!     signer.secure_content(None).unwrap();
47//!
48//!     // Encode the message with the payload included
49//!     signer.encode(true).unwrap();
50//! }
51//! ```
52//!
53//! ### Decode cose-sign1 message
54//! ```
55//! use cose::message::CoseMessage;
56//! use cose::keys;
57//! use cose::algs;
58//! use hex;
59//!
60//! fn main() {
61//!
62//!     // Prepare cose-key
63//!     let mut key = keys::CoseKey::new();
64//!     key.kty(keys::EC2);
65//!     key.alg(algs::ES256);
66//!     key.crv(keys::P_256);
67//!     key.x(hex::decode("bac5b11cad8f99f9c72b05cf4b9e26d244dc189f745228255a219a86d6a09eff").unwrap());
68//!     key.y(hex::decode("20138bf82dc1b6d562be0fa54ab7804a3a64b6d72ccfed6b6fb6ed28bbfc117e").unwrap());
69//!     
70//!     // Prepare CoseSign with the cose-sign1 bytes
71//!     let mut verify = CoseMessage::new_sign();
72//!     verify.bytes =
73//!     hex::decode("d28447a2012604423131a054546869732069732074686520636f6e74656e742e58405e84ce5812b0966e6919ff1ac15c030666bae902c0705d1e0a5fbac828437c63b0bb87a95a456835f4d115850adefcf0fd0a5c26027140c10d3e20a890c5eaa7").unwrap();
74//!
75//!     // Init decoding
76//!     verify.init_decoder(None).unwrap();
77//!
78//!     // Add key
79//!     verify.key(&key).unwrap();
80//!
81//!     // Verify the cose-sign1 signature
82//!     verify.decode(None, None).unwrap();
83//! }
84//! ```
85//!
86//! ## cose-encrypt0
87//!
88//! ### Encode cose-encrypt0 message
89//! ```
90//! use cose::message::CoseMessage;
91//! use cose::keys;
92//! use cose::algs;
93//! use hex;
94//!
95//! fn main() {
96//!     let msg = b"This is the content.".to_vec();
97//!     let kid = b"secret".to_vec();
98//!
99//!     let mut enc = CoseMessage::new_encrypt();
100//!
101//!     // Prepare the cose-key
102//!     let mut key = keys::CoseKey::new();
103//!     key.kty(keys::SYMMETRIC);
104//!     key.alg(algs::CHACHA20);
105//!     key.k(hex::decode("849b57219dae48de646d07dbb533566e976686457c1491be3a76dcea6c427188").unwrap());
106//!
107//!     // Prepare cose-encrypt0 parameters
108//!     enc.header.alg(algs::CHACHA20, true, false);
109//!     enc.header.iv(hex::decode("89f52f65a1c580933b5261a7").unwrap(), true, false);
110//!     enc.payload(msg);
111//!     enc.key(&key).unwrap();
112//!
113//!     // Generate the ciphertext with no AAD.
114//!     enc.secure_content(None).unwrap();
115//!
116//!     // Encode the cose-encrypt0 message with the ciphertext included
117//!     enc.encode(true).unwrap();
118//! }
119//!
120//! ```
121//!
122//! ### Decode cose-encrypt0 message
123//! ```
124//! use cose::message::CoseMessage;
125//! use cose::keys;
126//! use cose::algs;
127//! use hex;
128//!
129//! fn main() {
130//!     let expected_msg = b"This is the content.".to_vec();
131//!
132//!     // Prepare the cose-key
133//!     let mut key = keys::CoseKey::new();
134//!     key.kty(keys::SYMMETRIC);
135//!     key.alg(algs::CHACHA20);
136//!     key.k(hex::decode("849b57219dae48de646d07dbb533566e976686457c1491be3a76dcea6c427188").unwrap());
137//!
138//!
139//!     // Generate CoseEncrypt struct with the cose-encryt0 bytes
140//!     let mut dec = CoseMessage::new_encrypt();
141//!     dec.bytes =
142//!     hex::decode("d08352a2011818054c89f52f65a1c580933b5261a7a0582481c32c048134989007b3b5b932811ea410eeab15bd0de5d5ac5be03c84dce8c88871d6e9").unwrap();
143//!
144//!     // Init decoding
145//!     dec.init_decoder(None).unwrap();
146//!
147//!     // Add cose-key
148//!     dec.key(&key).unwrap();
149//!
150//!     // Decrypt the cose-encrypt0 message
151//!     let msg = dec.decode(None, None).unwrap();
152//!     assert_eq!(msg, expected_msg);
153//! }
154//!
155//! ```
156//! ## cose-mac0
157//!
158//! ### Encode cose-mac0 message
159//! ```
160//! use cose::message::CoseMessage;
161//! use cose::keys;
162//! use cose::algs;
163//! use hex;
164//!
165//! fn main() {
166//!     let msg = b"This is the content.".to_vec();
167//!
168//!     // Prepare the cose-key
169//!     let mut key = keys::CoseKey::new();
170//!     key.kty(keys::SYMMETRIC);
171//!     key.alg(algs::AES_MAC_256_128);
172//!     key.k(hex::decode("849b57219dae48de646d07dbb533566e976686457c1491be3a76dcea6c427188").unwrap());
173//!
174//!     // Prepare the cose-mac0 parameters
175//!     let mut mac = CoseMessage::new_mac();
176//!     mac.header.alg(algs::AES_MAC_256_128, true, false);
177//!     mac.payload(msg);
178//!     mac.key(&key).unwrap();
179//!
180//!     // Generate MAC tag without AAD
181//!     mac.secure_content(None).unwrap();
182//!
183//!     // Encode the cose-mac0 message with the payload included
184//!     mac.encode(true).unwrap();
185//!
186//! }
187//! ```
188//!
189//! ### Decode cose-mac0 message
190//! ```
191//! use cose::message::CoseMessage;
192//! use cose::keys;
193//! use cose::algs;
194//! use hex;
195//!
196//! fn main() {
197//!     // Prepare the cose-key
198//!     let mut key = keys::CoseKey::new();
199//!     key.kty(keys::SYMMETRIC);
200//!     key.alg(algs::AES_MAC_256_128);
201//!     key.k(hex::decode("849b57219dae48de646d07dbb533566e976686457c1491be3a76dcea6c427188").unwrap());
202//!
203//!     // Generate CoseMAC struct with the cose-mac0 bytes
204//!     let mut verify = CoseMessage::new_mac();
205//!     verify.bytes =
206//!     hex::decode("d18444a101181aa054546869732069732074686520636f6e74656e742e50403152cc208c1d501e1dc2a789ae49e4").unwrap();
207//!
208//!     // Init decoding
209//!     verify.init_decoder(None).unwrap();
210//!
211//!     // Add cose-key
212//!     verify.key(&key).unwrap();
213//!
214//!     // Verify the cose-mac0 message
215//!     verify.decode(None, None).unwrap();
216//! }
217//! ```
218
219pub mod headers;
220pub mod keys;
221
222pub mod agent;
223pub mod algs;
224pub mod message;
225
226pub mod errors;
227pub mod utils;
228
229pub(crate) mod common;
230pub(crate) mod cose_struct;
231
232#[cfg(test)]
233mod test_vecs {
234    use crate::agent::CoseAgent;
235    use crate::algs;
236    use crate::keys;
237    use crate::message::CoseMessage;
238    use std::fs;
239    use std::path::Path;
240
241    fn get_test_vec(id: &str) -> Vec<u8> {
242        let path = format!("test_params/{}.bin", id);
243        fs::read(Path::new(&path)).unwrap()
244    }
245
246    fn get_pub_key(kid: &Vec<u8>) -> keys::CoseKey {
247        let key_set = include_bytes!("../test_params/pub_key_set.bin");
248        let mut cose_ks = keys::CoseKeySet::new();
249        cose_ks.bytes = key_set.to_vec();
250        cose_ks.decode().unwrap();
251        cose_ks.get_key(kid).unwrap()
252    }
253
254    fn get_priv_key(kid: &Vec<u8>) -> keys::CoseKey {
255        let key_set = include_bytes!("../test_params/priv_key_set.bin");
256        let mut cose_ks = keys::CoseKeySet::new();
257        cose_ks.bytes = key_set.to_vec();
258        cose_ks.decode().unwrap();
259        cose_ks.get_key(kid).unwrap()
260    }
261
262    #[test]
263    fn c11() {
264        let kid = &b"11".to_vec();
265        let mut verify = CoseMessage::new_sign();
266        verify.bytes = get_test_vec("c11");
267        verify.init_decoder(None).unwrap();
268        let i = verify.get_agent(kid).unwrap()[0];
269        let key = get_pub_key(&kid);
270        verify.agents[i].key(&key).unwrap();
271        verify.decode(None, Some(i)).unwrap();
272    }
273
274    #[test]
275    fn prod_c11() {
276        let kid = &b"11".to_vec();
277        let payload = b"This is the content.".to_vec();
278        let mut sign = CoseMessage::new_sign();
279        sign.payload = payload;
280
281        let key = get_priv_key(&kid);
282
283        let mut agent = CoseAgent::new();
284        agent.header.kid(kid.clone(), false, false);
285        agent.header.alg(algs::ES256, true, false);
286
287        agent.key(&key).unwrap();
288
289        sign.add_agent(&mut agent).unwrap();
290        sign.secure_content(None).unwrap();
291
292        sign.encode(true).unwrap();
293        assert_eq!(sign.bytes, get_test_vec("c11"));
294    }
295
296    #[test]
297    fn c12() {
298        let kid1 = &b"11".to_vec();
299        let kid2 = &b"bilbo.baggins@hobbiton.example".to_vec();
300
301        let mut verify = CoseMessage::new_sign();
302        verify.bytes = get_test_vec("c12");
303        verify.init_decoder(None).unwrap();
304
305        let mut i = verify.get_agent(kid1).unwrap()[0];
306        let mut key = get_pub_key(&kid1);
307        verify.agents[i].key(&key).unwrap();
308        verify.decode(None, Some(i)).unwrap();
309
310        i = verify.get_agent(kid2).unwrap()[0];
311        key = get_pub_key(&kid2);
312        verify.agents[i].key(&key).unwrap();
313        verify.decode(None, Some(i)).unwrap();
314    }
315
316    #[test]
317    fn prod_c12() {
318        let kid1 = &b"11".to_vec();
319        let kid2 = &b"bilbo.baggins@hobbiton.example".to_vec();
320
321        let payload = b"This is the content.".to_vec();
322        let mut sign = CoseMessage::new_sign();
323        sign.payload = payload;
324
325        let mut key = get_priv_key(&kid1);
326        let mut agent = CoseAgent::new();
327        agent.header.kid(kid1.clone(), false, false);
328        agent.header.alg(algs::ES256, true, false);
329        agent.key(&key).unwrap();
330        sign.add_agent(&mut agent).unwrap();
331
332        key = get_priv_key(&kid2);
333        agent = CoseAgent::new();
334        agent.header.kid(kid2.clone(), false, false);
335        agent.header.alg(algs::ES512, true, false);
336        agent.key(&key).unwrap();
337        sign.add_agent(&mut agent).unwrap();
338
339        sign.secure_content(None).unwrap();
340
341        // Remove probabilistic signature for ES512 agent ("SHOULD use a deterministic version of
342        // ECDSA")
343        sign.agents[1].payload = vec![];
344        let mut t_vec = CoseMessage::new_sign();
345        t_vec.bytes = get_test_vec("c12");
346        t_vec.init_decoder(None).unwrap();
347        t_vec.agents[1].payload = vec![];
348        t_vec.encode(true).unwrap();
349
350        sign.encode(true).unwrap();
351
352        assert_eq!(sign.bytes, t_vec.bytes);
353    }
354
355    #[test]
356    fn c13() {
357        let kid = &b"11".to_vec();
358        let mut verify = CoseMessage::new_sign();
359        verify.bytes = get_test_vec("c13");
360        verify.init_decoder(None).unwrap();
361
362        let i = verify.get_agent(kid).unwrap()[0];
363        let key = get_pub_key(&kid);
364        verify.agents[i].key(&key).unwrap();
365        verify.decode(None, Some(i)).unwrap();
366
367        let counter = verify.header.get_counter(kid).unwrap()[0];
368        verify.header.counters[counter].key(&key).unwrap();
369        verify.counters_verify(None, counter).unwrap();
370    }
371
372    #[test]
373    fn prod_c13() {
374        let kid = &b"11".to_vec();
375        let payload = b"This is the content.".to_vec();
376
377        let mut sign = CoseMessage::new_sign();
378        sign.payload = payload;
379
380        let key = get_priv_key(&kid);
381        let mut agent = CoseAgent::new();
382        agent.header.kid(kid.clone(), false, false);
383        agent.header.alg(algs::ES256, true, false);
384        agent.key(&key).unwrap();
385
386        sign.add_agent(&mut agent).unwrap();
387        sign.secure_content(None).unwrap();
388
389        agent = CoseAgent::new_counter_sig();
390        agent.header.kid(kid.clone(), false, false);
391        agent.header.alg(algs::ES256, true, false);
392        agent.key(&key).unwrap();
393        sign.counter_sig(None, &mut agent).unwrap();
394        sign.add_counter_sig(agent).unwrap();
395
396        sign.encode(true).unwrap();
397
398        assert_eq!(sign.bytes, get_test_vec("c13"));
399    }
400
401    #[test]
402    fn c21() {
403        let mut verify = CoseMessage::new_sign();
404        verify.bytes = get_test_vec("c21");
405        verify.init_decoder(None).unwrap();
406
407        let key = get_pub_key(&verify.header.kid.clone().unwrap());
408        verify.key(&key).unwrap();
409
410        verify.decode(None, None).unwrap();
411    }
412
413    #[test]
414    fn prod_c21() {
415        let kid = &b"11".to_vec();
416        let payload = b"This is the content.".to_vec();
417
418        let mut sign = CoseMessage::new_sign();
419        sign.payload = payload;
420        sign.header.kid(kid.clone(), false, false);
421        sign.header.alg(algs::ES256, true, false);
422
423        let key = get_priv_key(&kid);
424        sign.key(&key).unwrap();
425
426        sign.secure_content(None).unwrap();
427        sign.encode(true).unwrap();
428
429        assert_eq!(sign.bytes, get_test_vec("c21"));
430    }
431
432    #[test]
433    fn c31() {
434        let kid = &b"meriadoc.brandybuck@buckland.example".to_vec();
435        let msg = b"This is the content.".to_vec();
436
437        let mut dec = CoseMessage::new_encrypt();
438        dec.bytes = get_test_vec("c31");
439        dec.init_decoder(None).unwrap();
440
441        let i = dec.get_agent(kid).unwrap()[0];
442        let key = get_priv_key(kid);
443        dec.agents[i].key(&key).unwrap();
444
445        assert_eq!(dec.decode(None, Some(i)).unwrap(), msg);
446    }
447
448    #[test]
449    fn prod_c31() {
450        let kid = &b"meriadoc.brandybuck@buckland.example".to_vec();
451        let eph_kid = &b"peregrin.took@tuckborough.example".to_vec();
452        let payload = b"This is the content.".to_vec();
453
454        let mut enc = CoseMessage::new_encrypt();
455        enc.header.alg(algs::A128GCM, true, false);
456        enc.header.iv(
457            vec![201, 207, 77, 242, 254, 108, 99, 43, 247, 136, 100, 19],
458            false,
459            false,
460        );
461        enc.payload = payload;
462
463        let mut key = get_priv_key(&kid);
464
465        let mut agent = CoseAgent::new();
466        agent.header.alg(algs::ECDH_ES_HKDF_256, true, false);
467        agent.key(&key).unwrap();
468
469        key = get_priv_key(eph_kid);
470
471        agent.header.ephemeral_key(key, false, false);
472        agent.header.kid(kid.clone(), false, false);
473
474        enc.add_agent(&mut agent).unwrap();
475
476        enc.secure_content(None).unwrap();
477
478        enc.encode(true).unwrap();
479        assert_eq!(enc.bytes, get_test_vec("c31"));
480    }
481
482    #[test]
483    fn c32() {
484        let kid = &b"our-secret".to_vec();
485        let msg = b"This is the content.".to_vec();
486
487        let mut dec = CoseMessage::new_encrypt();
488        dec.bytes = get_test_vec("c32");
489        dec.init_decoder(None).unwrap();
490
491        let i = dec.get_agent(kid).unwrap()[0];
492        let key = get_priv_key(kid);
493        dec.agents[i].key(&key).unwrap();
494        dec.agents[i]
495            .header
496            .party_identity(b"lighting-client".to_vec(), false, false, true, false);
497        dec.agents[i].header.party_identity(
498            b"lighting-server".to_vec(),
499            false,
500            false,
501            false,
502            false,
503        );
504        dec.agents[i]
505            .header
506            .pub_other(b"Encryption Example 02".to_vec());
507
508        assert_eq!(dec.decode(None, Some(i)).unwrap(), msg);
509    }
510
511    #[test]
512    fn prod_c32() {
513        let kid = &b"our-secret".to_vec();
514        let salt = b"aabbccddeeffgghh".to_vec();
515        let payload = b"This is the content.".to_vec();
516
517        let mut enc = CoseMessage::new_encrypt();
518        enc.header.alg(algs::AES_CCM_16_64_128, true, false);
519        enc.header.iv(
520            vec![137, 245, 47, 101, 161, 197, 128, 147, 59, 82, 97, 167, 108],
521            false,
522            false,
523        );
524        enc.payload = payload;
525
526        let key = get_priv_key(&kid);
527
528        let mut agent = CoseAgent::new();
529        agent.header.alg(algs::DIRECT_HKDF_SHA_256, true, false);
530        agent.header.salt(salt, false, false);
531        agent.header.kid(kid.clone(), false, false);
532        agent
533            .header
534            .party_identity(b"lighting-client".to_vec(), false, false, true, false);
535        agent
536            .header
537            .party_identity(b"lighting-server".to_vec(), false, false, false, false);
538        agent.header.pub_other(b"Encryption Example 02".to_vec());
539        agent.key(&key).unwrap();
540
541        enc.add_agent(&mut agent).unwrap();
542
543        enc.secure_content(None).unwrap();
544
545        enc.encode(true).unwrap();
546        assert_eq!(enc.bytes, get_test_vec("c32"));
547    }
548
549    #[test]
550    fn c33() {
551        let msg = b"This is the content.".to_vec();
552
553        let mut dec = CoseMessage::new_encrypt();
554        dec.bytes = get_test_vec("c33");
555        dec.init_decoder(None).unwrap();
556
557        let mut key = get_priv_key(&dec.agents[0].header.kid.clone().unwrap());
558        dec.agents[0].key(&key).unwrap();
559
560        key = get_priv_key(&dec.header.counters[0].header.kid.clone().unwrap());
561        dec.header.counters[0].key(&key).unwrap();
562        dec.counters_verify(None, 0).unwrap();
563
564        assert_eq!(dec.decode(None, Some(0)).unwrap(), msg);
565    }
566
567    #[test]
568    fn prod_c33() {
569        let kid = &b"meriadoc.brandybuck@buckland.example".to_vec();
570        let c_kid = &b"bilbo.baggins@hobbiton.example".to_vec();
571        let eph_kid = &b"peregrin.took@tuckborough.example".to_vec();
572        let payload = b"This is the content.".to_vec();
573
574        let mut enc = CoseMessage::new_encrypt();
575        enc.header.alg(algs::A128GCM, true, false);
576        enc.header.iv(
577            vec![201, 207, 77, 242, 254, 108, 99, 43, 247, 136, 100, 19],
578            false,
579            false,
580        );
581        enc.payload = payload;
582
583        let mut key = get_pub_key(kid);
584
585        let mut agent = CoseAgent::new();
586        agent.header.alg(algs::ECDH_ES_HKDF_256, true, false);
587        agent.key(&key).unwrap();
588
589        key = get_priv_key(eph_kid);
590        agent.header.ephemeral_key(key, false, false);
591        agent.header.kid(kid.clone(), false, false);
592
593        enc.add_agent(&mut agent).unwrap();
594
595        enc.secure_content(None).unwrap();
596
597        key = get_priv_key(c_kid);
598        agent = CoseAgent::new_counter_sig();
599        agent.header.kid(c_kid.clone(), false, false);
600        agent.header.alg(algs::ES512, true, false);
601        agent.key(&key).unwrap();
602        enc.counter_sig(None, &mut agent).unwrap();
603        enc.add_counter_sig(agent).unwrap();
604
605        // Remove probabilistic signature for ES512 agent ("SHOULD use a deterministic version of
606        // ECDSA")
607        let mut test_vec = CoseMessage::new_encrypt();
608        test_vec.bytes = get_test_vec("c33");
609        test_vec.init_decoder(None).unwrap();
610        test_vec.header.counters[0].payload = vec![];
611        test_vec.encode(true).unwrap();
612        enc.header.counters[0].payload = vec![];
613
614        enc.encode(true).unwrap();
615
616        assert_eq!(enc.bytes, test_vec.bytes);
617    }
618
619    #[test]
620    fn c34() {
621        let kid = &b"meriadoc.brandybuck@buckland.example".to_vec();
622        let static_kid = &b"peregrin.took@tuckborough.example".to_vec();
623        let msg = b"This is the content.".to_vec();
624        let aad = vec![0, 17, 187, 204, 34, 221, 68, 238, 85, 255, 102, 0, 119];
625
626        let mut dec = CoseMessage::new_encrypt();
627        dec.bytes = get_test_vec("c34");
628        dec.init_decoder(None).unwrap();
629
630        let i = dec.get_agent(&kid.clone()).unwrap()[0];
631        let mut key = get_priv_key(kid);
632        dec.agents[i].key(&key).unwrap();
633
634        key = get_pub_key(static_kid);
635        dec.agents[i].header.ecdh_key(key);
636
637        assert_eq!(dec.decode(Some(aad), Some(i)).unwrap(), msg);
638    }
639
640    #[test]
641    fn prod_c34() {
642        let kid = &b"meriadoc.brandybuck@buckland.example".to_vec();
643        let static_kid = &b"peregrin.took@tuckborough.example".to_vec();
644        let payload = b"This is the content.".to_vec();
645        let aad = vec![0, 17, 187, 204, 34, 221, 68, 238, 85, 255, 102, 0, 119];
646
647        let mut enc = CoseMessage::new_encrypt();
648        enc.header.alg(algs::A128GCM, true, false);
649        enc.header.iv(
650            vec![2, 209, 247, 230, 242, 108, 67, 212, 134, 141, 135, 206],
651            false,
652            false,
653        );
654        enc.payload = payload;
655
656        let mut key = get_priv_key(&kid);
657
658        let mut agent = CoseAgent::new();
659        agent.header.alg(algs::ECDH_SS_A128KW, true, false);
660        agent.key(&key).unwrap();
661
662        key = get_priv_key(static_kid);
663
664        agent
665            .header
666            .static_key_id(static_kid.clone(), key, false, false);
667        agent.header.kid(kid.clone(), false, false);
668        agent.header.party_nonce(vec![1, 1], false, false, true);
669
670        enc.add_agent(&mut agent).unwrap();
671
672        enc.secure_content(Some(aad)).unwrap();
673
674        // Remove probabilistic ciphertext and CEK
675        let mut test_vec = CoseMessage::new_encrypt();
676        test_vec.bytes = get_test_vec("c34");
677        test_vec.init_decoder(None).unwrap();
678        test_vec.agents[0].payload = vec![];
679        test_vec.secured = vec![];
680        test_vec.encode(true).unwrap();
681        enc.agents[0].payload = vec![];
682        enc.secured = vec![];
683
684        enc.encode(true).unwrap();
685
686        assert_eq!(enc.bytes, test_vec.bytes);
687    }
688
689    #[test]
690    fn c41() {
691        let kid = &b"our-secret2".to_vec();
692        let msg = b"This is the content.".to_vec();
693
694        let mut dec = CoseMessage::new_encrypt();
695        dec.bytes = get_test_vec("c41");
696        dec.init_decoder(None).unwrap();
697        let key = get_priv_key(kid);
698        dec.key(&key).unwrap();
699
700        assert_eq!(dec.decode(None, None).unwrap(), msg);
701    }
702
703    #[test]
704    fn prod_c41() {
705        let kid = &b"our-secret2".to_vec();
706        let msg = b"This is the content.".to_vec();
707
708        let mut enc = CoseMessage::new_encrypt();
709        enc.header.alg(algs::AES_CCM_16_64_128, true, false);
710        enc.header.iv(
711            vec![137, 245, 47, 101, 161, 197, 128, 147, 59, 82, 97, 167, 140],
712            false,
713            false,
714        );
715        enc.payload = msg;
716
717        let key = get_priv_key(kid);
718        enc.key(&key).unwrap();
719        enc.secure_content(None).unwrap();
720        enc.encode(true).unwrap();
721
722        assert_eq!(enc.bytes, get_test_vec("c41"));
723    }
724
725    #[test]
726    fn c42() {
727        let kid = &b"our-secret2".to_vec();
728        let msg = b"This is the content.".to_vec();
729
730        let mut dec = CoseMessage::new_encrypt();
731        dec.bytes = get_test_vec("c42");
732        dec.init_decoder(None).unwrap();
733        let mut key = get_priv_key(kid);
734        key.base_iv(vec![137, 245, 47, 101, 161, 197, 128, 147]);
735        dec.key(&key).unwrap();
736
737        assert_eq!(dec.decode(None, None).unwrap(), msg);
738    }
739
740    #[test]
741    fn prod_c42() {
742        let kid = &b"our-secret2".to_vec();
743        let msg = b"This is the content.".to_vec();
744
745        let mut enc = CoseMessage::new_encrypt();
746        enc.header.alg(algs::AES_CCM_16_64_128, true, false);
747        enc.header.partial_iv(vec![97, 167], false, false);
748        enc.payload = msg;
749
750        let mut key = get_priv_key(kid);
751        key.base_iv(vec![137, 245, 47, 101, 161, 197, 128, 147]);
752        enc.key(&key).unwrap();
753        enc.secure_content(None).unwrap();
754        enc.encode(true).unwrap();
755
756        assert_eq!(enc.bytes, get_test_vec("c42"));
757    }
758
759    #[test]
760    fn c51() {
761        let kid = &b"our-secret".to_vec();
762        let mut verify = CoseMessage::new_mac();
763        verify.bytes = get_test_vec("c51");
764        verify.init_decoder(None).unwrap();
765
766        let i = verify.get_agent(kid).unwrap()[0];
767
768        let key = get_priv_key(kid);
769        verify.agents[i].key(&key).unwrap();
770        verify.decode(None, Some(i)).unwrap();
771    }
772
773    #[test]
774    fn prod_c51() {
775        let kid = &b"our-secret".to_vec();
776        let payload = b"This is the content.".to_vec();
777
778        let mut enc = CoseMessage::new_mac();
779        enc.header.alg(algs::AES_MAC_256_64, true, false);
780        enc.payload = payload;
781
782        let key = get_priv_key(&kid);
783
784        let mut agent = CoseAgent::new();
785        agent.header.alg(algs::DIRECT, false, false);
786        agent.header.kid(kid.clone(), false, false);
787        agent.key(&key).unwrap();
788
789        enc.add_agent(&mut agent).unwrap();
790
791        enc.secure_content(None).unwrap();
792
793        enc.encode(true).unwrap();
794        assert_eq!(enc.bytes, get_test_vec("c51"));
795    }
796
797    #[test]
798    fn c52() {
799        let kid = &b"meriadoc.brandybuck@buckland.example".to_vec();
800        let static_kid = &b"peregrin.took@tuckborough.example".to_vec();
801
802        let mut verify = CoseMessage::new_mac();
803        verify.bytes = get_test_vec("c52");
804        verify.init_decoder(None).unwrap();
805
806        let i = verify.get_agent(kid).unwrap()[0];
807        let mut key = get_priv_key(kid);
808        verify.agents[i].key(&key).unwrap();
809
810        key = get_priv_key(static_kid);
811        verify.agents[i].header.ecdh_key(key);
812
813        verify.decode(None, Some(i)).unwrap();
814    }
815
816    #[test]
817    fn prod_c52() {
818        let kid = &b"meriadoc.brandybuck@buckland.example".to_vec();
819        let static_kid = &b"peregrin.took@tuckborough.example".to_vec();
820        let payload = b"This is the content.".to_vec();
821
822        let mut enc = CoseMessage::new_mac();
823        enc.header.alg(algs::HMAC_256_256, true, false);
824        enc.payload = payload;
825
826        let mut key = get_priv_key(&kid);
827
828        let mut agent = CoseAgent::new();
829        agent.header.alg(algs::ECDH_SS_HKDF_256, true, false);
830        agent.key(&key).unwrap();
831
832        key = get_priv_key(&static_kid);
833        agent
834            .header
835            .static_key_id(static_kid.clone(), key, false, false);
836        agent.header.kid(kid.clone(), false, false);
837        agent.header.party_nonce(
838            vec![
839                77, 133, 83, 231, 231, 79, 60, 106, 58, 157, 211, 239, 40, 106, 129, 149, 203, 248,
840                162, 61, 25, 85, 140, 207, 236, 125, 52, 184, 36, 244, 45, 146, 189, 6, 189, 44,
841                127, 2, 113, 240, 33, 78, 20, 31, 183, 121, 174, 40, 86, 171, 245, 133, 165, 131,
842                104, 176, 23, 231, 242, 169, 229, 206, 77, 181,
843            ],
844            false,
845            false,
846            true,
847        );
848
849        enc.add_agent(&mut agent).unwrap();
850
851        enc.secure_content(None).unwrap();
852
853        enc.encode(true).unwrap();
854        assert_eq!(enc.bytes, get_test_vec("c52"));
855    }
856
857    #[test]
858    fn c53() {
859        let kid = &b"018c0ae5-4d9b-471b-bfd6-eef314bc7037".to_vec();
860
861        let mut verify = CoseMessage::new_mac();
862        verify.bytes = get_test_vec("c53");
863        verify.init_decoder(None).unwrap();
864
865        let i = verify.get_agent(kid).unwrap()[0];
866        let key = get_priv_key(&kid);
867
868        verify.agents[i].key(&key).unwrap();
869
870        verify.decode(None, Some(i)).unwrap();
871    }
872
873    #[test]
874    fn prod_c53() {
875        let kid = &b"018c0ae5-4d9b-471b-bfd6-eef314bc7037".to_vec();
876        let payload = b"This is the content.".to_vec();
877
878        let mut enc = CoseMessage::new_mac();
879        enc.header.alg(algs::AES_MAC_128_64, true, false);
880        enc.payload = payload;
881
882        let key = get_priv_key(&kid);
883
884        let mut agent = CoseAgent::new();
885        agent.header.alg(algs::A256KW, false, false);
886        agent.header.kid(kid.clone(), false, false);
887        agent.key(&key).unwrap();
888
889        enc.add_agent(&mut agent).unwrap();
890
891        enc.secure_content(None).unwrap();
892
893        // Remove probabilistic
894        let mut test_vec = CoseMessage::new_mac();
895        test_vec.bytes = get_test_vec("c53");
896        test_vec.init_decoder(None).unwrap();
897        test_vec.agents[0].payload = vec![];
898        test_vec.secured = vec![];
899        test_vec.encode(true).unwrap();
900        enc.agents[0].payload = vec![];
901        enc.secured = vec![];
902
903        enc.encode(true).unwrap();
904        assert_eq!(enc.bytes, test_vec.bytes);
905    }
906
907    #[test]
908    fn c54() {
909        let kid1 = &b"018c0ae5-4d9b-471b-bfd6-eef314bc7037".to_vec();
910        let kid2 = &b"bilbo.baggins@hobbiton.example".to_vec();
911
912        let mut verify = CoseMessage::new_mac();
913        verify.bytes = get_test_vec("c54");
914        verify.init_decoder(None).unwrap();
915
916        let mut i = verify.get_agent(kid1).unwrap()[0];
917        let mut key = get_priv_key(kid1);
918        verify.agents[i].key(&key).unwrap();
919
920        verify.decode(None, Some(i)).unwrap();
921
922        i = verify.get_agent(kid2).unwrap()[0];
923        key = get_priv_key(kid2);
924        verify.agents[i].key(&key).unwrap();
925
926        verify.decode(None, Some(i)).unwrap();
927    }
928    #[test]
929    fn prod_c54() {
930        let kid1 = &b"bilbo.baggins@hobbiton.example".to_vec();
931        let kid2 = &b"018c0ae5-4d9b-471b-bfd6-eef314bc7037".to_vec();
932        let payload = b"This is the content.".to_vec();
933
934        let mut enc = CoseMessage::new_mac();
935        enc.header.alg(algs::HMAC_256_256, true, false);
936        enc.payload = payload;
937
938        let key = get_priv_key(&kid1);
939
940        let mut agent = CoseAgent::new();
941        agent.header.alg(algs::ECDH_ES_A128KW, true, false);
942        agent.key(&key).unwrap();
943
944        let mut eph_key = keys::CoseKey::new();
945        eph_key.kty(keys::EC2);
946        eph_key.crv(keys::P_521);
947        eph_key.d(hex::decode("000624B09A73EAD64AE07C0EBDA18126F02C80720DA239C8643198DBC1A10F967E5183D915678503CB78808F831AED26FF7D0F1E638AC58CD398E2AD00AC8A9B56E6").unwrap());
948        eph_key.x(hex::decode("0043b12669acac3fd27898ffba0bcd2e6c366d53bc4db71f909a759304acfb5e18cdc7ba0b13ff8c7636271a6924b1ac63c02688075b55ef2d613574e7dc242f79c3").unwrap());
949        eph_key.y_parity(true);
950
951        agent.header.ephemeral_key(eph_key, false, false);
952        agent.header.kid(kid1.clone(), false, false);
953
954        enc.add_agent(&mut agent).unwrap();
955
956        let key = get_priv_key(&kid2);
957
958        let mut agent = CoseAgent::new();
959        agent.header.alg(algs::A256KW, false, false);
960        agent.header.kid(kid2.clone(), false, false);
961        agent.key(&key).unwrap();
962
963        enc.add_agent(&mut agent).unwrap();
964
965        enc.secure_content(None).unwrap();
966
967        // Remove probabilistic
968        let mut test_vec = CoseMessage::new_mac();
969        test_vec.bytes = get_test_vec("c54");
970        test_vec.init_decoder(None).unwrap();
971        test_vec.agents[0].payload = vec![];
972        test_vec.agents[1].payload = vec![];
973        test_vec.secured = vec![];
974        test_vec.encode(true).unwrap();
975        enc.agents[0].payload = vec![];
976        enc.agents[1].payload = vec![];
977        enc.secured = vec![];
978
979        enc.encode(true).unwrap();
980        assert_eq!(enc.bytes, test_vec.bytes);
981    }
982
983    #[test]
984    fn c61() {
985        let kid = &b"our-secret".to_vec();
986
987        let mut verify = CoseMessage::new_mac();
988        verify.bytes = get_test_vec("c61");
989        verify.init_decoder(None).unwrap();
990
991        let key = get_priv_key(kid);
992
993        verify.key(&key).unwrap();
994        verify.decode(None, None).unwrap();
995    }
996
997    #[test]
998    fn prod_c61() {
999        let kid = &b"our-secret".to_vec();
1000        let msg = b"This is the content.".to_vec();
1001
1002        let mut enc = CoseMessage::new_mac();
1003        enc.header.alg(algs::AES_MAC_256_64, true, false);
1004        enc.payload = msg;
1005
1006        let key = get_priv_key(kid);
1007        enc.key(&key).unwrap();
1008        enc.secure_content(None).unwrap();
1009        enc.encode(true).unwrap();
1010
1011        assert_eq!(enc.bytes, get_test_vec("c61"));
1012    }
1013    #[test]
1014    fn rsa_pss_01() {
1015        let kid = &b"meriadoc.brandybuck@rsa.example".to_vec();
1016        let mut verify = CoseMessage::new_sign();
1017        verify.bytes = get_test_vec("rsa_pss_01");
1018        verify.init_decoder(None).unwrap();
1019
1020        let i = verify.get_agent(kid).unwrap()[0];
1021        let key = get_pub_key(kid);
1022        verify.agents[i].key(&key).unwrap();
1023
1024        verify.decode(None, Some(i)).unwrap();
1025    }
1026    #[test]
1027    fn prod_rsa_pss_01() {
1028        use crate::headers::ContentTypeTypes;
1029        let kid = &b"meriadoc.brandybuck@rsa.example".to_vec();
1030        let msg = b"This is the content.".to_vec();
1031
1032        let mut sign = CoseMessage::new_sign();
1033        sign.header
1034            .content_type(ContentTypeTypes::Uint(0), true, false);
1035        sign.payload = msg;
1036
1037        let key = get_priv_key(kid);
1038        let mut agent = CoseAgent::new();
1039        agent.header.alg(algs::PS256, true, false);
1040        agent.header.kid(kid.clone(), false, false);
1041        agent.key(&key).unwrap();
1042
1043        sign.add_agent(&mut agent).unwrap();
1044
1045        sign.secure_content(None).unwrap();
1046
1047        // Remove probabilistic
1048        let mut test_vec = CoseMessage::new_sign();
1049        test_vec.bytes = get_test_vec("rsa_pss_01");
1050        test_vec.init_decoder(None).unwrap();
1051        test_vec.agents[0].payload = vec![];
1052        test_vec.encode(true).unwrap();
1053        sign.agents[0].payload = vec![];
1054
1055        sign.encode(true).unwrap();
1056
1057        assert_eq!(sign.bytes, test_vec.bytes);
1058    }
1059
1060    #[test]
1061    fn rsa_oaep_01() {
1062        let kid = &b"meriadoc.brandybuck@rsa.example".to_vec();
1063        let mut verify = CoseMessage::new_encrypt();
1064        verify.bytes = get_test_vec("rsa_oaep_01");
1065        verify.init_decoder(None).unwrap();
1066
1067        let i = verify.get_agent(kid).unwrap()[0];
1068        let key = get_priv_key(kid);
1069        verify.agents[i].key(&key).unwrap();
1070
1071        verify.decode(None, Some(i)).unwrap();
1072    }
1073
1074    #[test]
1075    fn prod_rsa_oaep_01() {
1076        let kid = &b"meriadoc.brandybuck@rsa.example".to_vec();
1077        let payload = b"This is the content.".to_vec();
1078
1079        let mut enc = CoseMessage::new_encrypt();
1080        enc.header.alg(algs::A128GCM, true, false);
1081        enc.header.iv(
1082            vec![217, 122, 179, 165, 199, 45, 47, 13, 126, 95, 141, 94],
1083            false,
1084            false,
1085        );
1086        enc.payload = payload;
1087
1088        let key = get_pub_key(&kid);
1089
1090        let mut agent = CoseAgent::new();
1091        agent.header.alg(algs::RSA_OAEP_1, false, false);
1092        agent.header.kid(kid.clone(), false, false);
1093        agent.key(&key).unwrap();
1094
1095        enc.add_agent(&mut agent).unwrap();
1096
1097        enc.secure_content(None).unwrap();
1098
1099        // Remove probabilistic
1100        let mut test_vec = CoseMessage::new_encrypt();
1101        test_vec.bytes = get_test_vec("rsa_oaep_01");
1102        test_vec.init_decoder(None).unwrap();
1103        test_vec.agents[0].payload = vec![];
1104        test_vec.secured = vec![];
1105        test_vec.encode(true).unwrap();
1106        enc.agents[0].payload = vec![];
1107        enc.secured = vec![];
1108        enc.encode(true).unwrap();
1109
1110        assert_eq!(enc.bytes, test_vec.bytes);
1111    }
1112
1113    #[test]
1114    fn x509_signed_02() {
1115        let kid = &b"Alice Lovelace".to_vec();
1116        let mut verify = CoseMessage::new_sign();
1117        verify.bytes = get_test_vec("x509_signed_02");
1118
1119        verify.init_decoder(None).unwrap();
1120        let v1 = verify.get_agent(kid).unwrap()[0];
1121        let key = get_pub_key(&kid);
1122        verify.agents[v1].key(&key).unwrap();
1123
1124        verify.decode(None, Some(v1)).unwrap();
1125    }
1126    #[test]
1127    fn prod_x509_signed_02() {
1128        use crate::agent::CoseAgent;
1129        use crate::headers::ContentTypeTypes;
1130        use hex;
1131
1132        let msg = b"This is the content.".to_vec();
1133        let kid = &b"Alice Lovelace".to_vec();
1134
1135        let key = get_priv_key(kid);
1136
1137        let x5_private = hex::decode("30770201010420d42044eb2cd2691e926da4871cf3529ddec6b034f824ba5e050d2c702f97c7a5a00a06082a8648ce3d030107a14403420004863aa7bc0326716aa59db5bf66cc660d0591d51e4891bc2e6a9baff5077d927cad4eed482a7985be019e9b1936c16e00190e8bcc48ee12d35ff89f0fc7a099ca").unwrap().to_vec();
1138        let x5bag = vec![
1139		     hex::decode("308201A930820150A00302010202144E3019548429A2893D04B8EDBA143B8F7D17B276300A06082A8648CE3D040302302C312A30280603550403132153616D706C6520434F534520436572746966696361746520417574686F726974793020170D3230313230323137323732355A180F32303533313031303137323732355A3019311730150603550403130E416C696365204C6F76656C6163653059301306072A8648CE3D020106082A8648CE3D03010703420004863AA7BC0326716AA59DB5BF66CC660D0591D51E4891BC2E6A9BAFF5077D927CAD4EED482A7985BE019E9B1936C16E00190E8BCC48EE12D35FF89F0FC7A099CAA361305F300C0603551D130101FF04023000300F0603551D0F0101FF04050303078000301D0603551D0E041604141151555B01FF3F6DDDF9E5712AD3FF72A2D94D62301F0603551D230418301680141E6FC4D0C0DA004A8427CBBD3FE05A99EA2D2D11300A06082A8648CE3D0403020347003044022038FF9207872BA4D685700774783D35BE5B45AF59265A8567AE952D7182D5CBA00220163A18388EFE6310517385458AB4D3BBF7A0C23D9C87DA1CF378884FBBCDC86C").unwrap().to_vec(),
1140		     hex::decode("3082019E30820145A003020102021414A4957FD506AA2AAFC669A880032E8C95B87624300A06082A8648CE3D040302302C312A30280603550403132153616D706C6520434F534520436572746966696361746520417574686F726974793020170D3230313230323137323333325A180F32303533313031303137323333325A302C312A30280603550403132153616D706C6520434F534520436572746966696361746520417574686F726974793059301306072A8648CE3D020106082A8648CE3D030107034200047B447C98F731337AFBE3BAC96E793AF12865F3BD56B647A1729764191AE111F3161B4D56FA42F26E1B18DD87F9DB42F4C9168E420E2CE5E2D149648EE0EE5FB4A3433041300F0603551D130101FF040530030101FF300F0603551D0F0101FF04050303070600301D0603551D0E041604141E6FC4D0C0DA004A8427CBBD3FE05A99EA2D2D11300A06082A8648CE3D0403020347003044022006F99B3ACE00007BFB717784DDD230013D8CDCA0BABE20EE00039BEA0898A6D402200FFAF9DE61C1B6BD28BF5DDB1A191E63B22EAD4A69468D5222C487D53C33C204").unwrap().to_vec(),
1141		  ];
1142
1143        let mut enc = CoseMessage::new_sign();
1144        enc.header
1145            .content_type(ContentTypeTypes::Uint(0), true, false);
1146        enc.payload(msg);
1147
1148        let mut recipient2 = CoseAgent::new();
1149        recipient2.header.alg(algs::ES256, true, false);
1150        recipient2.key(&key).unwrap();
1151        recipient2.header.kid(kid.clone(), false, false);
1152        recipient2.header.x5bag(x5bag, false, false);
1153        recipient2.header.x5_private(x5_private);
1154        enc.add_agent(&mut recipient2).unwrap();
1155
1156        enc.secure_content(None).unwrap();
1157
1158        // Remove probabilistic ciphertext and CEK
1159        let mut test_vec = CoseMessage::new_sign();
1160        test_vec.bytes = get_test_vec("x509_signed_02");
1161        test_vec.init_decoder(None).unwrap();
1162        test_vec.agents[0].payload = vec![];
1163        test_vec.encode(true).unwrap();
1164        enc.agents[0].payload = vec![];
1165        enc.encode(true).unwrap();
1166
1167        assert_eq!(enc.bytes, test_vec.bytes);
1168    }
1169    #[test]
1170    fn x509_signed_04() {
1171        let mut verify = CoseMessage::new_sign();
1172        verify.bytes = get_test_vec("x509_signed_04");
1173
1174        verify.init_decoder(None).unwrap();
1175        let key = get_pub_key(&b"Alice Lovelace".to_vec());
1176        verify.agents[0].key(&key).unwrap();
1177
1178        verify.decode(None, Some(0)).unwrap();
1179    }
1180    #[test]
1181    fn prod_x509_signed_04() {
1182        use crate::agent::CoseAgent;
1183        use crate::headers::ContentTypeTypes;
1184        use hex;
1185
1186        let msg = b"This is the content.".to_vec();
1187        let kid = &b"Alice Lovelace".to_vec();
1188
1189        let key = get_priv_key(kid);
1190
1191        let x5_private = hex::decode("30770201010420d42044eb2cd2691e926da4871cf3529ddec6b034f824ba5e050d2c702f97c7a5a00a06082a8648ce3d030107a14403420004863aa7bc0326716aa59db5bf66cc660d0591d51e4891bc2e6a9baff5077d927cad4eed482a7985be019e9b1936c16e00190e8bcc48ee12d35ff89f0fc7a099ca").unwrap().to_vec();
1192        let x5chain = vec![
1193		     hex::decode("308201A930820150A00302010202144E3019548429A2893D04B8EDBA143B8F7D17B276300A06082A8648CE3D040302302C312A30280603550403132153616D706C6520434F534520436572746966696361746520417574686F726974793020170D3230313230323137323732355A180F32303533313031303137323732355A3019311730150603550403130E416C696365204C6F76656C6163653059301306072A8648CE3D020106082A8648CE3D03010703420004863AA7BC0326716AA59DB5BF66CC660D0591D51E4891BC2E6A9BAFF5077D927CAD4EED482A7985BE019E9B1936C16E00190E8BCC48EE12D35FF89F0FC7A099CAA361305F300C0603551D130101FF04023000300F0603551D0F0101FF04050303078000301D0603551D0E041604141151555B01FF3F6DDDF9E5712AD3FF72A2D94D62301F0603551D230418301680141E6FC4D0C0DA004A8427CBBD3FE05A99EA2D2D11300A06082A8648CE3D0403020347003044022038FF9207872BA4D685700774783D35BE5B45AF59265A8567AE952D7182D5CBA00220163A18388EFE6310517385458AB4D3BBF7A0C23D9C87DA1CF378884FBBCDC86C").unwrap().to_vec(),
1194		     hex::decode("3082019E30820145A003020102021414A4957FD506AA2AAFC669A880032E8C95B87624300A06082A8648CE3D040302302C312A30280603550403132153616D706C6520434F534520436572746966696361746520417574686F726974793020170D3230313230323137323333325A180F32303533313031303137323333325A302C312A30280603550403132153616D706C6520434F534520436572746966696361746520417574686F726974793059301306072A8648CE3D020106082A8648CE3D030107034200047B447C98F731337AFBE3BAC96E793AF12865F3BD56B647A1729764191AE111F3161B4D56FA42F26E1B18DD87F9DB42F4C9168E420E2CE5E2D149648EE0EE5FB4A3433041300F0603551D130101FF040530030101FF300F0603551D0F0101FF04050303070600301D0603551D0E041604141E6FC4D0C0DA004A8427CBBD3FE05A99EA2D2D11300A06082A8648CE3D0403020347003044022006F99B3ACE00007BFB717784DDD230013D8CDCA0BABE20EE00039BEA0898A6D402200FFAF9DE61C1B6BD28BF5DDB1A191E63B22EAD4A69468D5222C487D53C33C204").unwrap().to_vec(),
1195		  ];
1196
1197        let mut enc = CoseMessage::new_sign();
1198        enc.header
1199            .content_type(ContentTypeTypes::Uint(0), true, false);
1200        enc.payload(msg);
1201
1202        let mut recipient2 = CoseAgent::new();
1203        recipient2.header.alg(algs::ES256, true, false);
1204        recipient2.key(&key).unwrap();
1205        recipient2.header.x5chain(x5chain, false, false);
1206        recipient2.header.x5_private(x5_private);
1207        enc.add_agent(&mut recipient2).unwrap();
1208
1209        enc.secure_content(None).unwrap();
1210
1211        // Remove probabilistic ciphertext and CEK
1212        let mut test_vec = CoseMessage::new_sign();
1213        test_vec.bytes = get_test_vec("x509_signed_04");
1214        test_vec.init_decoder(None).unwrap();
1215        test_vec.agents[0].payload = vec![];
1216        test_vec.encode(true).unwrap();
1217        enc.agents[0].payload = vec![];
1218        enc.encode(true).unwrap();
1219
1220        assert_eq!(enc.bytes, test_vec.bytes);
1221    }
1222    #[test]
1223    fn x509_signed_05() {
1224        let mut verify = CoseMessage::new_sign();
1225        verify.bytes = get_test_vec("x509_signed_05");
1226
1227        verify.init_decoder(None).unwrap();
1228        let key = get_pub_key(&b"Alice Lovelace".to_vec());
1229        let v1 = 0;
1230        verify.agents[v1].key(&key).unwrap();
1231
1232        verify.decode(None, Some(v1)).unwrap();
1233    }
1234    #[test]
1235    fn prod_x509_signed_05() {
1236        use crate::agent::CoseAgent;
1237        use crate::headers::ContentTypeTypes;
1238        use hex;
1239
1240        let msg = b"This is the content.".to_vec();
1241        let kid = &b"Alice Lovelace".to_vec();
1242
1243        let key = get_priv_key(kid);
1244
1245        let x5_private =
1246            hex::decode("00d42044eb2cd2691e926da4871cf3529ddec6b034f824ba5e050d2c702f97c7a5")
1247                .unwrap()
1248                .to_vec();
1249        let x5t = hex::decode("11FA0500D6763AE15A3238296E04C048A8FDD220A0DDA0234824B18FB6666600")
1250            .unwrap()
1251            .to_vec();
1252
1253        let mut enc = CoseMessage::new_sign();
1254        enc.header
1255            .content_type(ContentTypeTypes::Uint(0), true, false);
1256        enc.payload(msg);
1257
1258        let mut recipient2 = CoseAgent::new();
1259        recipient2.header.alg(algs::ES256, true, false);
1260        recipient2.key(&key).unwrap();
1261        recipient2
1262            .header
1263            .x5t(x5t, algs::SHA_256, false, false)
1264            .unwrap();
1265        recipient2.header.x5_private(x5_private);
1266        enc.add_agent(&mut recipient2).unwrap();
1267
1268        enc.secure_content(None).unwrap();
1269
1270        // Remove probabilistic ciphertext and CEK
1271        let mut test_vec = CoseMessage::new_sign();
1272        test_vec.bytes = get_test_vec("x509_signed_05");
1273        test_vec.init_decoder(None).unwrap();
1274        test_vec.agents[0].payload = vec![];
1275        test_vec.encode(true).unwrap();
1276        enc.agents[0].payload = vec![];
1277        enc.encode(true).unwrap();
1278
1279        assert_eq!(enc.bytes, test_vec.bytes);
1280    }
1281}
cose/lib.rs

cose/
lib.rs
