wolfcose 0.1.0

Safe Rust API for wolfSSL wolfCOSE.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326

use crate::raw;

/// CBOR major type.
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub struct CborMajorType(u8);

impl CborMajorType {
    /// Unsigned integer.
    pub const UINT: Self = Self(raw::WOLFCOSE_CBOR_UINT as u8);
    /// Negative integer.
    pub const NEGATIVE_INT: Self = Self(raw::WOLFCOSE_CBOR_NEGINT as u8);
    /// Byte string.
    pub const BYTES: Self = Self(raw::WOLFCOSE_CBOR_BSTR as u8);
    /// Text string.
    pub const TEXT: Self = Self(raw::WOLFCOSE_CBOR_TSTR as u8);
    /// Array.
    pub const ARRAY: Self = Self(raw::WOLFCOSE_CBOR_ARRAY as u8);
    /// Map.
    pub const MAP: Self = Self(raw::WOLFCOSE_CBOR_MAP as u8);
    /// Semantic tag.
    pub const TAG: Self = Self(raw::WOLFCOSE_CBOR_TAG as u8);
    /// Simple value or float.
    pub const SIMPLE: Self = Self(raw::WOLFCOSE_CBOR_SIMPLE as u8);

    /// Convert from a raw major type value.
    pub fn from_raw(value: u8) -> Option<Self> {
        if value <= raw::WOLFCOSE_CBOR_SIMPLE as u8 {
            Some(Self(value))
        } else {
            None
        }
    }

    /// Raw major type value.
    pub fn raw(self) -> u8 {
        self.0
    }
}

/// COSE algorithm identifier.
#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
pub struct Algorithm(i32);

/// Broad COSE algorithm family.
#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
pub enum AlgorithmClass {
    /// Signature algorithm.
    Signature,
    /// Content encryption algorithm.
    Encryption,
    /// Message authentication algorithm.
    Mac,
    /// Key management algorithm.
    KeyManagement,
    /// Unknown or unset algorithm.
    Unknown,
}

/// Intended COSE use for an algorithm.
#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
pub enum AlgorithmUse {
    /// Signing or signature verification.
    Sign,
    /// Content encryption or decryption.
    Encrypt,
    /// MAC creation or verification.
    Mac,
    /// Recipient key management.
    KeyManagement,
}

impl Algorithm {
    /// No algorithm selected.
    pub const UNSET: Self = Self(0);
    /// ECDSA w/ SHA-256.
    pub const ES256: Self = Self(raw::WOLFCOSE_ALG_ES256);
    /// ECDSA w/ SHA-384.
    pub const ES384: Self = Self(raw::WOLFCOSE_ALG_ES384);
    /// ECDSA w/ SHA-512.
    pub const ES512: Self = Self(raw::WOLFCOSE_ALG_ES512);
    /// EdDSA.
    pub const EDDSA: Self = Self(raw::WOLFCOSE_ALG_EDDSA);
    /// RSA-PSS w/ SHA-256.
    pub const PS256: Self = Self(raw::WOLFCOSE_ALG_PS256);
    /// RSA-PSS w/ SHA-384.
    pub const PS384: Self = Self(raw::WOLFCOSE_ALG_PS384);
    /// RSA-PSS w/ SHA-512.
    pub const PS512: Self = Self(raw::WOLFCOSE_ALG_PS512);
    /// AES-128-GCM.
    pub const A128GCM: Self = Self(raw::WOLFCOSE_ALG_A128GCM as i32);
    /// AES-192-GCM.
    pub const A192GCM: Self = Self(raw::WOLFCOSE_ALG_A192GCM as i32);
    /// AES-256-GCM.
    pub const A256GCM: Self = Self(raw::WOLFCOSE_ALG_A256GCM as i32);
    /// HMAC SHA-256 with 256-bit tag.
    pub const HMAC256: Self = Self(raw::WOLFCOSE_ALG_HMAC_256_256 as i32);
    /// HMAC SHA-384 with 384-bit tag.
    pub const HMAC384: Self = Self(raw::WOLFCOSE_ALG_HMAC_384_384 as i32);
    /// HMAC SHA-512 with 512-bit tag.
    pub const HMAC512: Self = Self(raw::WOLFCOSE_ALG_HMAC_512_512 as i32);
    /// ChaCha20-Poly1305.
    pub const CHACHA20_POLY1305: Self = Self(raw::WOLFCOSE_ALG_CHACHA20_POLY1305 as i32);
    /// AES-CCM-16-64-128.
    pub const AES_CCM_16_64_128: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_16_64_128 as i32);
    /// AES-CCM-16-64-256.
    pub const AES_CCM_16_64_256: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_16_64_256 as i32);
    /// AES-CCM-64-64-128.
    pub const AES_CCM_64_64_128: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_64_64_128 as i32);
    /// AES-CCM-64-64-256.
    pub const AES_CCM_64_64_256: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_64_64_256 as i32);
    /// AES-CCM-16-128-128.
    pub const AES_CCM_16_128_128: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_16_128_128 as i32);
    /// AES-CCM-16-128-256.
    pub const AES_CCM_16_128_256: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_16_128_256 as i32);
    /// AES-CCM-64-128-128.
    pub const AES_CCM_64_128_128: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_64_128_128 as i32);
    /// AES-CCM-64-128-256.
    pub const AES_CCM_64_128_256: Self = Self(raw::WOLFCOSE_ALG_AES_CCM_64_128_256 as i32);
    /// AES-CBC-MAC 128-bit key, 64-bit tag.
    pub const AES_MAC_128_64: Self = Self(raw::WOLFCOSE_ALG_AES_MAC_128_64 as i32);
    /// AES-CBC-MAC 256-bit key, 64-bit tag.
    pub const AES_MAC_256_64: Self = Self(raw::WOLFCOSE_ALG_AES_MAC_256_64 as i32);
    /// AES-CBC-MAC 128-bit key, 128-bit tag.
    pub const AES_MAC_128_128: Self = Self(raw::WOLFCOSE_ALG_AES_MAC_128_128 as i32);
    /// AES-CBC-MAC 256-bit key, 128-bit tag.
    pub const AES_MAC_256_128: Self = Self(raw::WOLFCOSE_ALG_AES_MAC_256_128 as i32);
    /// AES-128 key wrap.
    pub const A128KW: Self = Self(raw::WOLFCOSE_ALG_A128KW);
    /// AES-192 key wrap.
    pub const A192KW: Self = Self(raw::WOLFCOSE_ALG_A192KW);
    /// AES-256 key wrap.
    pub const A256KW: Self = Self(raw::WOLFCOSE_ALG_A256KW);
    /// Direct key use.
    pub const DIRECT: Self = Self(raw::WOLFCOSE_ALG_DIRECT);
    /// ECDH-ES HKDF-256.
    pub const ECDH_ES_HKDF_256: Self = Self(raw::WOLFCOSE_ALG_ECDH_ES_HKDF_256);
    /// ECDH-ES HKDF-512.
    pub const ECDH_ES_HKDF_512: Self = Self(raw::WOLFCOSE_ALG_ECDH_ES_HKDF_512);
    /// ECDH-SS HKDF-256.
    pub const ECDH_SS_HKDF_256: Self = Self(raw::WOLFCOSE_ALG_ECDH_SS_HKDF_256);
    /// ECDH-SS HKDF-512.
    pub const ECDH_SS_HKDF_512: Self = Self(raw::WOLFCOSE_ALG_ECDH_SS_HKDF_512);
    /// ECDH-ES AES-128 key wrap.
    pub const ECDH_ES_A128KW: Self = Self(raw::WOLFCOSE_ALG_ECDH_ES_A128KW);
    /// ECDH-ES AES-192 key wrap.
    pub const ECDH_ES_A192KW: Self = Self(raw::WOLFCOSE_ALG_ECDH_ES_A192KW);
    /// ECDH-ES AES-256 key wrap.
    pub const ECDH_ES_A256KW: Self = Self(raw::WOLFCOSE_ALG_ECDH_ES_A256KW);
    /// ML-DSA-44.
    pub const ML_DSA_44: Self = Self(raw::WOLFCOSE_ALG_ML_DSA_44);
    /// ML-DSA-65.
    pub const ML_DSA_65: Self = Self(raw::WOLFCOSE_ALG_ML_DSA_65);
    /// ML-DSA-87.
    pub const ML_DSA_87: Self = Self(raw::WOLFCOSE_ALG_ML_DSA_87);

    /// Build an algorithm from a raw COSE ID.
    pub const fn from_id(id: i32) -> Self {
        Self(id)
    }

    /// Raw COSE algorithm identifier.
    pub const fn id(self) -> i32 {
        self.0
    }

    /// Broad algorithm family.
    pub const fn class(self) -> AlgorithmClass {
        match self {
            Self::ES256
            | Self::ES384
            | Self::ES512
            | Self::EDDSA
            | Self::PS256
            | Self::PS384
            | Self::PS512
            | Self::ML_DSA_44
            | Self::ML_DSA_65
            | Self::ML_DSA_87 => AlgorithmClass::Signature,
            Self::A128GCM
            | Self::A192GCM
            | Self::A256GCM
            | Self::CHACHA20_POLY1305
            | Self::AES_CCM_16_64_128
            | Self::AES_CCM_16_64_256
            | Self::AES_CCM_64_64_128
            | Self::AES_CCM_64_64_256
            | Self::AES_CCM_16_128_128
            | Self::AES_CCM_16_128_256
            | Self::AES_CCM_64_128_128
            | Self::AES_CCM_64_128_256 => AlgorithmClass::Encryption,
            Self::HMAC256
            | Self::HMAC384
            | Self::HMAC512
            | Self::AES_MAC_128_64
            | Self::AES_MAC_256_64
            | Self::AES_MAC_128_128
            | Self::AES_MAC_256_128 => AlgorithmClass::Mac,
            Self::A128KW
            | Self::A192KW
            | Self::A256KW
            | Self::DIRECT
            | Self::ECDH_ES_HKDF_256
            | Self::ECDH_ES_HKDF_512
            | Self::ECDH_SS_HKDF_256
            | Self::ECDH_SS_HKDF_512
            | Self::ECDH_ES_A128KW
            | Self::ECDH_ES_A192KW
            | Self::ECDH_ES_A256KW => AlgorithmClass::KeyManagement,
            _ => AlgorithmClass::Unknown,
        }
    }

    /// Whether this is a signing algorithm.
    pub const fn is_signing(self) -> bool {
        matches!(self.class(), AlgorithmClass::Signature)
    }

    /// Whether this is a content encryption algorithm.
    pub const fn is_encryption(self) -> bool {
        matches!(self.class(), AlgorithmClass::Encryption)
    }

    /// Whether this is a MAC algorithm.
    pub const fn is_mac(self) -> bool {
        matches!(self.class(), AlgorithmClass::Mac)
    }

    /// Whether this is a key management algorithm.
    pub const fn is_key_management(self) -> bool {
        matches!(self.class(), AlgorithmClass::KeyManagement)
    }

    /// Expected key size in bits for symmetric algorithms, where fixed.
    pub const fn key_bits_hint(self) -> Option<usize> {
        match self {
            Self::A128GCM
            | Self::AES_CCM_16_64_128
            | Self::AES_CCM_64_64_128
            | Self::AES_CCM_16_128_128
            | Self::AES_CCM_64_128_128
            | Self::AES_MAC_128_64
            | Self::AES_MAC_128_128
            | Self::A128KW => Some(128),
            Self::A192GCM | Self::A192KW => Some(192),
            Self::A256GCM
            | Self::CHACHA20_POLY1305
            | Self::AES_CCM_16_64_256
            | Self::AES_CCM_64_64_256
            | Self::AES_CCM_16_128_256
            | Self::AES_CCM_64_128_256
            | Self::AES_MAC_256_64
            | Self::AES_MAC_256_128
            | Self::A256KW
            | Self::HMAC256 => Some(256),
            Self::HMAC384 => Some(384),
            Self::HMAC512 => Some(512),
            _ => None,
        }
    }

    /// Expected IV length in bytes for common content encryption algorithms.
    pub const fn iv_len_hint(self) -> Option<usize> {
        match self {
            Self::A128GCM | Self::A192GCM | Self::A256GCM | Self::CHACHA20_POLY1305 => Some(12),
            _ => None,
        }
    }
}

/// COSE key type.
#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
pub struct KeyType(i32);

impl KeyType {
    /// Octet key pair.
    pub const OKP: Self = Self(raw::WOLFCOSE_KTY_OKP as i32);
    /// Elliptic curve key pair.
    pub const EC2: Self = Self(raw::WOLFCOSE_KTY_EC2 as i32);
    /// RSA key.
    pub const RSA: Self = Self(raw::WOLFCOSE_KTY_RSA as i32);
    /// Symmetric key.
    pub const SYMMETRIC: Self = Self(raw::WOLFCOSE_KTY_SYMMETRIC as i32);

    /// Raw key type.
    pub const fn id(self) -> i32 {
        self.0
    }

    /// Build from a raw COSE key type ID.
    pub const fn from_id(id: i32) -> Self {
        Self(id)
    }
}

/// COSE curve identifier.
#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
pub struct Curve(i32);

impl Curve {
    /// NIST P-256.
    pub const P256: Self = Self(raw::WOLFCOSE_CRV_P256 as i32);
    /// NIST P-384.
    pub const P384: Self = Self(raw::WOLFCOSE_CRV_P384 as i32);
    /// NIST P-521.
    pub const P521: Self = Self(raw::WOLFCOSE_CRV_P521 as i32);
    /// Ed25519.
    pub const ED25519: Self = Self(raw::WOLFCOSE_CRV_ED25519 as i32);
    /// Ed448.
    pub const ED448: Self = Self(raw::WOLFCOSE_CRV_ED448 as i32);
    /// ML-DSA-44.
    pub const ML_DSA_44: Self = Self(raw::WOLFCOSE_CRV_ML_DSA_44);
    /// ML-DSA-65.
    pub const ML_DSA_65: Self = Self(raw::WOLFCOSE_CRV_ML_DSA_65);
    /// ML-DSA-87.
    pub const ML_DSA_87: Self = Self(raw::WOLFCOSE_CRV_ML_DSA_87);

    /// Raw curve identifier.
    pub const fn id(self) -> i32 {
        self.0
    }

    /// Build from a raw COSE curve ID.
    pub const fn from_id(id: i32) -> Self {
        Self(id)
    }
}