Expand description
Set of types for supporting CBOR Object Signing and Encryption (COSE).
Builds on the ciborium
crate for underlying CBOR support.
§Usage
use coset::{iana, CborSerializable};
// Inputs.
let pt = b"This is the content";
let aad = b"this is additional data";
// Build a `CoseSign1` object.
let protected = coset::HeaderBuilder::new()
.algorithm(iana::Algorithm::ES256)
.key_id(b"11".to_vec())
.build();
let sign1 = coset::CoseSign1Builder::new()
.protected(protected)
.payload(pt.to_vec())
.create_signature(aad, |pt| signer.sign(pt)) // closure to do sign operation
.build();
// Serialize to bytes.
let sign1_data = sign1.to_vec().unwrap();
println!(
"'{}' + '{}' => {}",
String::from_utf8_lossy(pt),
String::from_utf8_lossy(aad),
hex::encode(&sign1_data)
);
// At the receiving end, deserialize the bytes back to a `CoseSign1` object.
let mut sign1 = coset::CoseSign1::from_slice(&sign1_data).unwrap();
// At this point, real code would validate the protected headers.
// Check the signature, which needs to have the same `aad` provided, by
// providing a closure that can do the verify operation.
let result = sign1.verify_signature(aad, |sig, data| verifier.verify(sig, data));
println!("Signature verified: {:?}.", result);
assert!(result.is_ok());
// Changing an unprotected header leaves the signature valid.
sign1.unprotected.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
.verify_signature(aad, |sig, data| verifier.verify(sig, data))
.is_ok());
// Providing a different `aad` means the signature won't validate.
assert!(sign1
.verify_signature(b"not aad", |sig, data| verifier.verify(sig, data))
.is_err());
// Changing a protected header invalidates the signature.
sign1.protected.original_data = None;
sign1.protected.header.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
.verify_signature(aad, |sig, data| verifier.verify(sig, data))
.is_err());
Re-exports§
pub use ciborium as cbor;
Modules§
- CBOR Web Token functionality.
- Enumerations for IANA-managed values.
Structs§
- Structure representing an encrypted object.
- Structure representing an encrypted object.
- Builder for
CoseEncrypt0
objects. - Builder for
CoseEncrypt
objects. - Structure representing a a key derivation context.
- Builder for
CoseKdfContext
objects. - Structure representing a cryptographic key.
- Builder for
CoseKey
objects. - A collection of
CoseKey
objects. - Structure representing a message with authentication code (MAC).
- Structure representing a message with authentication code (MAC) where the relevant key is implicit.
- Builder for
CoseMac0
objects. - Builder for
CoseMac
objects. - Structure representing the recipient of encrypted data.
- Builder for
CoseRecipient
objects. - Signed payload with signatures.
- Signed payload with a single signature.
- Builder for
CoseSign1
objects. - Builder for
CoseSign
objects. - Structure representing a cryptographic signature.
- Builder for
CoseSignature
objects. - Marker structure indicating that the EOF was encountered when reading CBOR data.
- Structure representing a common COSE header map.
- Builder for
Header
objects. - Structure representing a party involved in key derivation.
- Builder for
PartyInfo
objects. - Structure representing a protected COSE header map.
- Structure representing supplemental public information.
- Builder for
SuppPubInfo
objects.
Enums§
- Indicate which ordering should be applied to CBOR values.
- Error type for failures in encoding or decoding COSE types.
- Possible encryption contexts.
- A COSE label may be either a signed integer value or a string.
- Possible MAC contexts.
- A nonce value.
- A COSE label which can be either a signed integer value or a string, but where the allowed integer values are governed by IANA.
- A COSE label which can be either a signed integer value or a string, and where the allowed integer values are governed by IANA but include a private use range.
- Possible signature contexts.
Traits§
- Trait for types that can be converted to/from a
Value
. - Extension trait that adds serialization/deserialization methods.
- Extension trait that adds tagged serialization/deserialization methods.
Functions§
- Create a binary blob that will be signed.
- Create a binary blob that will be signed.
- Create a binary blob that will be signed.
Type Aliases§
- Algorithm identifier.
- Content type.
- Key operation.
- Key type.
- Crate-specific Result type