Expand description
Contains methods for encrypting, decrypting, signing and verifying access tokens.
NOTE: The APIs in this module are experimental and likely to change in the future! This is because we plan to move much of the code here to the coset library, since much of this just builds on COSE functionality and isn’t ACE-OAuth specific.
In order to use any of these methods, you will need to provide a cipher which handles
the cryptographic operations by implementing either CoseEncryptCipher,
CoseMacCipher or CoseSignCipher, depending on the intended operation.
If you plan to support CoseEncrypt or CoseSign rather than just CoseEncrypt0 or
CoseSign1 (i.e., if you have multiple recipients with separate keys), you will also need to
implement MultipleEncryptCipher or MultipleSignCipher.
See the respective traits for details.
§Example
The following shows how to create and sign an access token (assuming a cipher named
FakeCrypto which implements CoseSignCipher exists.):
use dcaf::token::CoseCipher;
let rng = FakeRng;
let key = CoseKeyBuilder::new_symmetric_key(vec![1,2,3,4,5]).key_id(vec![0xDC, 0xAF]).build();
let claims = ClaimsSetBuilder::new()
.audience(String::from("coaps://rs.example.com"))
.issuer(String::from("coaps://as.example.com"))
.claim(CwtClaimName::Cnf, key.clone().to_cbor_value()?)
.build();
let token = sign_access_token::<FakeCrypto, FakeRng>(&key, claims, None, None, None, rng)?;
assert!(verify_access_token::<FakeCrypto>(&key, &token, None).is_ok());Traits§
- Cose
Cipher - Trait for common parts required for
CoseSignCipher,CoseEncryptCipherandCoseMacCipher. - Cose
Encrypt Cipher - Provides basic operations for encrypting and decrypting COSE structures.
- Cose
MacCipher - Provides basic operations for generating and verifying MAC tags for COSE structures.
- Cose
Sign Cipher - Provides basic operations for signing and verifying COSE structures.
- Multiple
Encrypt Cipher - Intended for ciphers which can encrypt for multiple recipients. For this purpose, a method must be provided which generates the Content Encryption Key.
- Multiple
MacCipher - Marker trait intended for ciphers which can create MAC tags for multiple recipients.
- Multiple
Sign Cipher - Marker trait intended for ciphers which can create signatures for multiple recipients.
Functions§
- decrypt_
access_ token - Decrypts the given
tokenandexternal_aadusing thekeyand the cipher given by type parameterT, returning the decryptedClaimsSet. - decrypt_
access_ token_ multiple - Decrypts the given
tokenandexternal_aadusing the Key Encryption Keykekand the cipher given by type parameterT, returning the decryptedClaimsSet. - encrypt_
access_ token - Encrypts the given
claimswith the given headers andexternal_aadusing thekeyand the cipher given by type parameterT, returning the token as a serialized bytestring of theCoseEncrypt0structure. - encrypt_
access_ token_ multiple - Encrypts the given
claimswith the given headers andexternal_aadfor each recipient by using thekeyswith the cipher given by type parameterT, returning the token as a serialized bytestring of theCoseEncryptstructure. - get_
token_ headers - Returns the headers of the given signed (
CoseSign1/CoseSign), MAC tagged (CoseMac0/CoseMac), or encrypted (CoseEncrypt0/CoseEncrypt) access token. - sign_
access_ token - Signs the given
claimswith the given headers andexternal_aadusing thekeyand the cipher given by type parameterT, returning the token as a serialized bytestring of theCoseSign1structure. - sign_
access_ token_ multiple - Signs the given
claimswith the given headers andexternal_aadfor each recipient by using thekeyswith the cipher given by type parameterT, returning the token as a serialized bytestring of theCoseSignstructure. - verify_
access_ token - Verifies the given
tokenandexternal_aadwith thekeyusing the cipher given by type parameterT, returning an error in case it could not be verified. - verify_
access_ token_ multiple - Verifies the given
tokenandexternal_aadwith thekeyusing the cipher given by type parameterT, returning an error in case it could not be verified.