1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
//! Set of types for supporting [CBOR Object Signing and Encryption (COSE)][COSE].
//!
//! Builds on the [`serde_cbor`](https://docs.rs/serde-cbor) crate for underlying [CBOR][CBOR] support.
//!
//! ## Usage
//!
//! ```
//! # #[derive(Copy, Clone)]
//! # struct FakeSigner {}
//! # impl FakeSigner {
//! # fn sign(&self, data: &[u8]) -> Vec<u8> {
//! # data.to_vec()
//! # }
//! # fn verify(&self, sig: &[u8], data: &[u8]) -> Result<(), String> {
//! # if sig != self.sign(data) {
//! # Err("failed to verify".to_owned())
//! # } else {
//! # Ok(())
//! # }
//! # }
//! # }
//! # let signer = FakeSigner {};
//! # let verifier = signer;
//! use coset::{iana, CborSerializable};
//!
//! // Inputs.
//! let pt = b"This is the content";
//! let aad = b"this is additional data";
//!
//! // Build a `CoseSign1` object.
//! let protected = coset::HeaderBuilder::new()
//! .algorithm(iana::Algorithm::ES256)
//! .key_id(b"11".to_vec())
//! .build();
//! let sign1 = coset::CoseSign1Builder::new()
//! .protected(protected)
//! .payload(pt.to_vec())
//! .create_signature(aad, |pt| signer.sign(pt)) // closure to do sign operation
//! .build();
//!
//! // Serialize to bytes.
//! let sign1_data = sign1.to_vec().unwrap();
//! println!(
//! "'{}' + '{}' => {}",
//! String::from_utf8_lossy(pt),
//! String::from_utf8_lossy(aad),
//! hex::encode(sign1.to_vec().unwrap())
//! );
//!
//! // At the receiving end, deserialize the bytes back to a `CoseSign1` object.
//! let mut sign1 = coset::CoseSign1::from_slice(&sign1_data).unwrap();
//!
//! // Check the signature, which needs to have the same `aad` provided, by
//! // providing a closure that can do the verify operation.
//! let result = sign1.verify_signature(aad, |sig, data| verifier.verify(sig, data));
//! println!("Signature verified: {:?}.", result);
//! assert!(result.is_ok());
//!
//! // Changing an unprotected header leaves the signature valid.
//! sign1.unprotected.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
//! assert!(sign1
//! .verify_signature(aad, |sig, data| verifier.verify(sig, data))
//! .is_ok());
//!
//! // Providing a different `aad` means the signature won't validate.
//! assert!(sign1
//! .verify_signature(b"not aad", |sig, data| verifier.verify(sig, data))
//! .is_err());
//!
//! // Changing a protected header invalidates the signature.
//! sign1.protected.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
//! assert!(sign1
//! .verify_signature(aad, |sig, data| verifier.verify(sig, data))
//! .is_err());
//! ```
//!
//! [COSE]: https://tools.ietf.org/html/rfc8152
//! [CBOR]: https://tools.ietf.org/html/rfc7049
#![deny(broken_intra_doc_links)]
#[macro_use]
pub(crate) mod util;
pub mod iana;
mod common;
pub use common::*;
mod context;
pub use context::*;
mod encrypt;
pub use encrypt::*;
mod header;
pub use header::*;
mod key;
pub use key::*;
mod mac;
pub use mac::*;
mod sign;
pub use sign::*;