Crate coset

Expand description

Set of types for supporting CBOR Object Signing and Encryption (COSE).

Builds on the ciborium crate for underlying CBOR support.

§Usage

use coset::{iana, CborSerializable};

// Inputs.
let pt = b"This is the content";
let aad = b"this is additional data";

// Build a `CoseSign1` object.
let protected = coset::HeaderBuilder::new()
    .algorithm(iana::Algorithm::ES256)
    .key_id(b"11".to_vec())
    .build();
let sign1 = coset::CoseSign1Builder::new()
    .protected(protected)
    .payload(pt.to_vec())
    .create_signature(aad, |pt| signer.sign(pt)) // closure to do sign operation
    .build();

// Serialize to bytes.
let sign1_data = sign1.to_vec().unwrap();
println!(
    "'{}' + '{}' => {}",
    String::from_utf8_lossy(pt),
    String::from_utf8_lossy(aad),
    hex::encode(&sign1_data)
);

// At the receiving end, deserialize the bytes back to a `CoseSign1` object.
let mut sign1 = coset::CoseSign1::from_slice(&sign1_data).unwrap();

// At this point, real code would validate the protected headers.

// Check the signature, which needs to have the same `aad` provided, by
// providing a closure that can do the verify operation.
let result = sign1.verify_signature(aad, |sig, data| verifier.verify(sig, data));
println!("Signature verified: {:?}.", result);
assert!(result.is_ok());

// Changing an unprotected header leaves the signature valid.
sign1.unprotected.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
    .verify_signature(aad, |sig, data| verifier.verify(sig, data))
    .is_ok());

// Providing a different `aad` means the signature won't validate.
assert!(sign1
    .verify_signature(b"not aad", |sig, data| verifier.verify(sig, data))
    .is_err());

// Changing a protected header invalidates the signature.
sign1.protected.original_data = None;
sign1.protected.header.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
    .verify_signature(aad, |sig, data| verifier.verify(sig, data))
    .is_err());

Re-exports§

pub use ciborium as cbor;

Modules§

cwt: CBOR Web Token functionality.
iana: Enumerations for IANA-managed values.

Structs§

CoseEncrypt: Structure representing an encrypted object.
CoseEncrypt0: Structure representing an encrypted object.
CoseEncrypt0Builder: Builder for CoseEncrypt0 objects.
CoseEncryptBuilder: Builder for CoseEncrypt objects.
CoseKdfContext: Structure representing a a key derivation context.
CoseKdfContextBuilder: Builder for CoseKdfContext objects.
CoseKey: Structure representing a cryptographic key.
CoseKeyBuilder: Builder for CoseKey objects.
CoseKeySet: A collection of CoseKey objects.
CoseMac: Structure representing a message with authentication code (MAC).
CoseMac0: Structure representing a message with authentication code (MAC) where the relevant key is implicit.
CoseMac0Builder: Builder for CoseMac0 objects.
CoseMacBuilder: Builder for CoseMac objects.
CoseRecipient: Structure representing the recipient of encrypted data.
CoseRecipientBuilder: Builder for CoseRecipient objects.
CoseSign: Signed payload with signatures.
CoseSign1: Signed payload with a single signature.
CoseSign1Builder: Builder for CoseSign1 objects.
CoseSignBuilder: Builder for CoseSign objects.
CoseSignature: Structure representing a cryptographic signature.
CoseSignatureBuilder: Builder for CoseSignature objects.
EndOfFile: Marker structure indicating that the EOF was encountered when reading CBOR data.
Header: Structure representing a common COSE header map.
HeaderBuilder: Builder for Header objects.
PartyInfo: Structure representing a party involved in key derivation.
PartyInfoBuilder: Builder for PartyInfo objects.
ProtectedHeader: Structure representing a protected COSE header map.
SuppPubInfo: Structure representing supplemental public information.
SuppPubInfoBuilder: Builder for SuppPubInfo objects.

Enums§

CborOrdering: Indicate which ordering should be applied to CBOR values.
CoseError: Error type for failures in encoding or decoding COSE types.
EncryptionContext: Possible encryption contexts.
Label: A COSE label may be either a signed integer value or a string.
MacContext: Possible MAC contexts.
Nonce: A nonce value.
RegisteredLabel: A COSE label which can be either a signed integer value or a string, but where the allowed integer values are governed by IANA.
RegisteredLabelWithPrivate: A COSE label which can be either a signed integer value or a string, and where the allowed integer values are governed by IANA but include a private use range.
SignatureContext: Possible signature contexts.

Traits§

AsCborValue: Trait for types that can be converted to/from a Value.
CborSerializable: Extension trait that adds serialization/deserialization methods.
TaggedCborSerializable: Extension trait that adds tagged serialization/deserialization methods.

Functions§

enc_structure_data: Create a binary blob that will be signed.
mac_structure_data: Create a binary blob that will be signed.
sig_structure_data: Create a binary blob that will be signed.

Type Aliases§

Algorithm: Algorithm identifier.
ContentType: Content type.
KeyOperation: Key operation.
KeyType: Key type.
Result: Crate-specific Result type

Crate cosetCopy item path

§Usage

Re-exports§

Modules§

Structs§

Enums§

Traits§

Functions§

Type Aliases§

Crate coset