Crate coset

source · []
Expand description

Set of types for supporting CBOR Object Signing and Encryption (COSE).

Builds on the ciborium crate for underlying CBOR support.

Usage

use coset::{iana, CborSerializable};

// Inputs.
let pt = b"This is the content";
let aad = b"this is additional data";

// Build a `CoseSign1` object.
let protected = coset::HeaderBuilder::new()
    .algorithm(iana::Algorithm::ES256)
    .key_id(b"11".to_vec())
    .build();
let sign1 = coset::CoseSign1Builder::new()
    .protected(protected)
    .payload(pt.to_vec())
    .create_signature(aad, |pt| signer.sign(pt)) // closure to do sign operation
    .build();

// Serialize to bytes.
let sign1_data = sign1.to_vec().unwrap();
println!(
    "'{}' + '{}' => {}",
    String::from_utf8_lossy(pt),
    String::from_utf8_lossy(aad),
    hex::encode(&sign1_data)
);

// At the receiving end, deserialize the bytes back to a `CoseSign1` object.
let mut sign1 = coset::CoseSign1::from_slice(&sign1_data).unwrap();

// At this point, real code would validate the protected headers.

// Check the signature, which needs to have the same `aad` provided, by
// providing a closure that can do the verify operation.
let result = sign1.verify_signature(aad, |sig, data| verifier.verify(sig, data));
println!("Signature verified: {:?}.", result);
assert!(result.is_ok());

// Changing an unprotected header leaves the signature valid.
sign1.unprotected.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
    .verify_signature(aad, |sig, data| verifier.verify(sig, data))
    .is_ok());

// Providing a different `aad` means the signature won't validate.
assert!(sign1
    .verify_signature(b"not aad", |sig, data| verifier.verify(sig, data))
    .is_err());

// Changing a protected header invalidates the signature.
sign1.protected.original_data = None;
sign1.protected.header.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
    .verify_signature(aad, |sig, data| verifier.verify(sig, data))
    .is_err());

Re-exports

pub use ciborium as cbor;

Modules

iana

Enumerations for IANA-managed values.

Structs

CoseEncrypt

Structure representing an encrypted object.

CoseEncrypt0

Structure representing an encrypted object.

CoseEncrypt0Builder

Builder for CoseEncrypt0 objects.

CoseEncryptBuilder

Builder for CoseEncrypt objects.

CoseKdfContext

Structure representing a a key derivation context.

CoseKdfContextBuilder

Builder for CoseKdfContext objects.

CoseKey

Structure representing a cryptographic key.

CoseKeyBuilder

Builder for CoseKey objects.

CoseKeySet

A collection of CoseKey objects.

CoseMac

Structure representing a message with authentication code (MAC).

CoseMac0

Structure representing a message with authentication code (MAC) where the relevant key is implicit.

CoseMac0Builder

Builder for CoseMac0 objects.

CoseMacBuilder

Builder for CoseMac objects.

CoseRecipient

Structure representing the recipient of encrypted data.

CoseRecipientBuilder

Builder for CoseRecipient objects.

CoseSign

Signed payload with signatures.

CoseSign1

Signed payload with a single signature.

CoseSign1Builder

Builder for CoseSign1 objects.

CoseSignBuilder

Builder for CoseSign objects.

CoseSignature

Structure representing a cryptographic signature.

CoseSignatureBuilder

Builder for CoseSignature objects.

EndOfFile

Marker structure indicating that the EOF was encountered when reading CBOR data.

Header

Structure representing a common COSE header map.

HeaderBuilder

Builder for Header objects.

PartyInfo

Structure representing a party involved in key derivation.

PartyInfoBuilder

Builder for PartyInfo objects.

ProtectedHeader

Structure representing a protected COSE header map.

SuppPubInfo

Structure representing supplemental public information.

SuppPubInfoBuilder

Builder for SuppPubInfo objects.

Enums

CoseError

Error type for failures in encoding or decoding COSE types.

EncryptionContext

Possible encryption contexts.

Label

A COSE label may be either a signed integer value or a string.

MacContext

Possible MAC contexts.

Nonce

A nonce value.

RegisteredLabel

A COSE label which can be either a signed integer value or a string, but where the allowed integer values are governed by IANA.

RegisteredLabelWithPrivate

A COSE label which can be either a signed integer value or a string, and where the allowed integer values are governed by IANA but include a private use range.

SignatureContext

Possible signature contexts.

Traits

CborSerializable

Extension trait that adds serialization/deserialization methods.

TaggedCborSerializable

Extension trait that adds tagged serialization/deserialization methods.

Functions

enc_structure_data

Create a binary blob that will be signed.

mac_structure_data

Create a binary blob that will be signed.

sig_structure_data

Create a binary blob that will be signed.

Type Definitions

Algorithm

Algorithm identifier.

ContentType

Content type.

KeyOperation

Key operation.

KeyType

Key type.

Result

Crate-specific Result type