1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
// SPDX-FileCopyrightText: 2026 OpenBasil Contributors
//
// SPDX-License-Identifier: Apache-2.0
//! The `Signer` / `Verifier` / `Recipient` traits.
//!
//! Native `async fn` in traits (AFIT), consumed through generics: no
//! `async_trait` proc-macro dependency and no `dyn` in the public API. Local
//! implementations (this crate's [`keys`](crate::keys)) complete
//! synchronously; broker-backed implementations (which live in the basil
//! client crate, not here) await an RPC.
use Vec;
use Zeroizing;
use crateSignatureAlgorithm;
use crateProtectedHeaders;
use crate;
use crateKdfParties;
use crate;
/// Produces the signature over `Sig_structure` bytes.
///
/// The broker backs this with sign-in-place (Ed25519 transit accepts the
/// full arbitrary-length structure); clients use local keys.
/// Resolves a `kid` and verifies a signature.
///
/// Implementors enforce their own key/alg pinning (a broker checks the wire
/// alg against its catalog record inside its impl; a client checks against
/// its pinned broker key). Async because kid resolution may be remote (for
/// example resolving an unfamiliar peer kid over an RPC); local pinned-key
/// impls complete synchronously.
/// Everything an opener needs, already strictly validated by the decode
/// entry points, plus the raw encrypt bytes so a remote (broker-backed)
/// recipient can forward them verbatim without re-encoding.
///
/// The `Enc_structure` AAD embeds the exact serialized protected-header
/// bytes, so any re-encoding of `cose_encrypt` on the way to the key would
/// break the AEAD tag.
/// Opens one `COSE_Encrypt` addressed to `key_id()`: ECDH-ES decapsulation +
/// HKDF-256 (`COSE_KDF_Context`) + content AEAD, returning zeroizing
/// plaintext.
///
/// A broker-backed impl forwards `OpenRequest::cose_encrypt` verbatim to the
/// broker unseal RPC; the local impl holds a `Zeroizing` X25519 private. A
/// successful open proves confidentiality, never sender identity. Sender
/// identity comes only from the outer `COSE_Sign1`.