Function dcaf::token::decrypt_access_token_multiple

source ·

pub fn decrypt_access_token_multiple<K, C>(
    kek: &CoseKey,
    token: &ByteString,
    external_aad: Option<&[u8]>
) -> Result<ClaimsSet, AccessTokenError<MultipleCoseError<K::Error, C::Error>>>where
    K: CoseEncryptCipher,
    C: CoseEncryptCipher,

Expand description

Decrypts the given token and external_aad using the Key Encryption Key kek and the cipher given by type parameter T, returning the decrypted ClaimsSet.

Note that the given kek must have an associated kid (key ID) field when converted to a COSE key, as the recipient inside the CoseEncrypt is identified in this way.

This method should be used when the given token is a CoseEncrypt rather than CoseEncrypt0 (i.e., if it is intended for multiple recipients). In case the token is an instance of the latter, use decrypt_access_token instead.

Errors

When there’s a CoseError while deserializing the given token to a CoseEncrypt structure (e.g., if it’s not in fact a CoseEncrypt structure but rather something else).
When there’s a decryption error coming from the cipher given by T.
When the deserialized and decrypted CoseEncrypt structure does not contain a valid ClaimsSet.
When the CoseEncrypt contains either multiple matching recipients or none at all for the given kek.