ockam_identity/models/
purpose_key_attestation.rs

1use ockam_core::compat::vec::Vec;
2
3use crate::models::{ChangeHash, Identifier, TimestampInSeconds};
4
5use minicbor::{CborLen, Decode, Encode};
6use ockam_vault::{
7    ECDSASHA256CurveP256PublicKey, ECDSASHA256CurveP256Signature, EdDSACurve25519PublicKey,
8    EdDSACurve25519Signature, X25519PublicKey,
9};
10
11/// `data_type` value in [`VersionedData`] struct when used with [`PurposeKeyAttestation`]
12pub const PURPOSE_KEY_ATTESTATION_DATA_TYPE: u8 = 2;
13
14/// Self-signed Attestation of an [`super::super::identity::Identity`] associating
15/// a [`super::super::purpose_key::PurposeKey`] with itself
16#[derive(Clone, Debug, PartialEq, Eq, Encode, Decode, CborLen)]
17#[rustfmt::skip]
18pub struct PurposeKeyAttestation {
19    /// CBOR serialized [`super::VersionedData`]
20    /// where VersionedData::data is CBOR serialized [`PurposeKeyAttestationData`]
21    /// and VersionedData::data_type is [`PURPOSE_KEY_ATTESTATION_DATA_TYPE`]
22    #[cbor(with = "minicbor::bytes")]
23    #[n(0)] pub data: Vec<u8>,
24    /// Signature over data field using a key from [`super::super::identity::Identity`]
25    #[n(1)] pub signature: PurposeKeyAttestationSignature,
26}
27
28/// Signature over data field using a key from [`super::super::identity::Identity`]
29#[derive(Clone, Debug, PartialEq, Eq, Encode, Decode, CborLen)]
30#[rustfmt::skip]
31pub enum PurposeKeyAttestationSignature {
32    /// Signature using EdDSA Ed25519 key from the corresponding [`super::super::identity::Identity`]
33    #[n(0)] EdDSACurve25519(#[n(0)] EdDSACurve25519Signature),
34    /// Signature using ECDSA P256 key from the corresponding [`super::super::identity::Identity`]
35    #[n(1)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256Signature),
36}
37
38/// Data inside a [`PurposeKeyAttestation`]
39#[derive(Clone, Debug, PartialEq, Eq, Encode, Decode, CborLen)]
40#[rustfmt::skip]
41pub struct PurposeKeyAttestationData {
42    /// [`Identifier`] of the [`super::super::identity::Identity`] this Purpose Key belongs to
43    #[n(0)] pub subject: Identifier,
44    /// Latest [`ChangeHash`] (at the moment of issuing) of the [`super::super::identity::Identity`]
45    /// this Purpose Key belongs to
46    #[n(1)] pub subject_latest_change_hash: ChangeHash,
47    /// Public key of this Purpose Key
48    #[n(2)] pub public_key: PurposePublicKey,
49    /// Creation [`TimestampInSeconds`] (UTC)
50    #[n(3)] pub created_at: TimestampInSeconds,
51    /// Expiration [`TimestampInSeconds`] (UTC)
52    #[n(4)] pub expires_at: TimestampInSeconds,
53}
54
55/// [`PurposeKeyAttestation`]'s public key
56#[derive(Clone, Debug, PartialEq, Eq, Encode, Decode, CborLen)]
57#[rustfmt::skip]
58pub enum PurposePublicKey {
59    /// Key dedicated to creation of Secure Channels
60    /// This key is used as a static key in Noise XX handshake
61    #[n(0)] SecureChannelStatic(#[n(0)] X25519PublicKey),
62    /// Key dedicated to signing [`super::Credential`]s
63    #[n(1)] CredentialSigning(#[n(0)] CredentialVerifyingKey),
64}
65
66/// Key dedicated to signing [`super::Credential`]s
67#[derive(Clone, Debug, PartialEq, Eq, Encode, Decode, CborLen)]
68#[rustfmt::skip]
69pub enum CredentialVerifyingKey {
70    /// Curve25519 Public Key for verifying EdDSA signatures.
71    #[n(0)] EdDSACurve25519(#[n(0)] EdDSACurve25519PublicKey),
72    /// Curve P-256 Public Key for verifying ECDSA SHA256 signatures.
73    #[n(1)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256PublicKey),
74}