Struct Credential

#[repr(C)]
pub struct Credential {
    pub bytes: BufferCred,
    pub key: CredentialKey,
    pub kid: Option<BufferKid>,
    pub cred_type: CredentialType,
}

A credential for use in EDHOC

For now supports CCS credentials only. Experimental support for CCS_PSK credentials is also available.

Fields

bytes: BufferCred

Original bytes of the credential, CBOR-encoded

If the credential is a CCS, it contains an encoded CBOR map containnig a COSE_Key in a cnf claim, see RFC 9528 Section 3.5.2.

key: CredentialKey

kid: Option<BufferKid>

cred_type: CredentialType

Implementations

impl Credential

pub fn new_ccs(bytes: BufferCred, public_key: BytesKeyEC2) -> Self

Creates a new CCS credential with the given bytes and public key

pub fn new_ccs_symmetric( bytes: BufferCred, symmetric_key: BytesKeyAES128, ) -> Self

Creates a new CCS credential with the given bytes and a pre-shared key

NOTE: For now this is only useful for the experimental PSK method.

pub fn with_kid(self, kid: BufferKid) -> Self

pub fn public_key(&self) -> Option<BytesKeyEC2>

pub fn parse_ccs(value: &[u8]) -> Result<Self, EDHOCError>

Parse a CCS style credential.

If the given value matches the shape lakers expects of a CCS, i.e. credentials from RFC9529, its public key and key ID are extracted into a full credential.

pub fn parse_ccs_symmetric(value: &[u8]) -> Result<Self, EDHOCError>

Parse a CCS style credential, but the key is a symmetric key.

NOTE: For now this is only useful for the experimental PSK method.

pub fn parse_and_dress_naked_cosekey(cosekey: &[u8]) -> Result<Self, EDHOCError>

Dress a naked COSE_Key as a CCS by prepending 0xA108A101 as specified in Section 3.5.2 of RFC9528

Usage example

let key = hex!("a301022001215820bac5b11cad8f99f9c72b05cf4b9e26d244dc189f745228255a219a86d6a09eff");
let ccs = lakers_shared::Credential::parse_and_dress_naked_cosekey(&key).unwrap();
// The key bytes that are part of the input
assert!(ccs.public_key().unwrap().as_slice().starts_with(&hex!("bac5b1")));
// This particular key does not contain a KID
assert!(ccs.kid.is_none());
// This is true for all dressed naked COSE keys
assert!(ccs.bytes.as_slice().starts_with(&hex!("a108a101")));

pub fn by_value(&self) -> Result<IdCred, EDHOCError>

Returns a COSE_Header map with a single entry representing a credential by value.

For example, if the credential is a CCS: { /kccs/ 14: bytes }

pub fn by_kid(&self) -> Result<IdCred, EDHOCError>

Returns a COSE_Header map with a single entry representing a credential by reference.

For example, if the reference is a kid: { /kid/ 4: kid }

TODO: accept a parameter to specify the type of reference, e.g. kid, x5t, etc.

Trait Implementations

impl Clone for Credential

fn clone(&self) -> Credential

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Credential

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for Credential

fn eq(&self, other: &Credential) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Copy for Credential

impl StructuralPartialEq for Credential