CoseSigned

pic::pca

Struct CoseSigned 

Source 
pub struct CoseSigned<T> { /* private fields */ }
Expand description

Generic COSE_Sign1 signed envelope.

Wraps any serializable payload T with a COSE_Sign1 signature.

Implementations§

Source§

impl<T> CoseSigned<T>
where T: Serialize + DeserializeOwned,

Source

pub fn kid(&self) -> Option<String>

Returns the key identifier (kid) from the protected header.

The kid can be a SPIFFE ID, DID, URL, or any resolvable identifier that can be used to obtain the public key for verification.

Source

pub fn issuer(&self) -> Option<String>

👎Deprecated since 0.2.0: Use kid() instead

Returns the issuer (kid) from the protected header.

Alias for kid() for backward compatibility.

Source

pub fn algorithm(&self) -> Option<SigningAlgorithm>

Returns the signing algorithm from the protected header.

Source

pub fn challenge(&self) -> Option<Vec<u8>>

Returns the challenge from the protected header (if present).

The challenge is used for freshness binding in PIC PoC. It is included in the protected header and covered by the signature.

Source

pub fn to_bytes(&self) -> Result<Vec<u8>, CoseError>

Serializes the signed envelope to CBOR bytes.

Source

pub fn from_bytes(bytes: &[u8]) -> Result<CoseSigned<T>, CoseError>

Deserializes a signed envelope from CBOR bytes.

Source

pub fn payload_unverified(&self) -> Result<T, CoseError>

Extracts the payload without verifying the signature.

Use with caution: this bypasses signature verification.

Source

pub fn sign_with<F>( payload: &T, kid: &str, alg: SigningAlgorithm, sign_fn: F, ) -> Result<CoseSigned<T>, CoseError>
where F: FnOnce(&[u8]) -> Result<Vec<u8>, CoseError>,

Signs a payload using a custom signing function (crypto-agnostic).

The closure receives the to-be-signed bytes and returns the signature.

Source

pub fn sign_with_challenge<F>( payload: &T, kid: &str, alg: SigningAlgorithm, challenge: Option<&[u8]>, sign_fn: F, ) -> Result<CoseSigned<T>, CoseError>
where F: FnOnce(&[u8]) -> Result<Vec<u8>, CoseError>,

Signs a payload with an optional challenge in the protected header.

The challenge is included in the protected header and covered by the signature, providing freshness binding for PIC PoC.

§Arguments
  • payload - The payload to sign
  • kid - Key identifier (SPIFFE ID, DID, URL, etc.)
  • alg - Signing algorithm
  • challenge - Optional challenge bytes (PCC nonce)
  • sign_fn - Signing function
Source

pub fn verify_with<F>(&self, verify_fn: F) -> Result<T, CoseError>
where F: FnOnce(&[u8], &[u8]) -> Result<(), CoseError>,

Verifies the signature using a custom verification function (crypto-agnostic).

The closure receives (data, signature) and returns Ok(()) if valid.

Source§

impl<T> CoseSigned<T>
where T: Serialize + DeserializeOwned,

Source

pub fn sign_ed25519( payload: &T, kid: &str, signing_key: &SigningKey, ) -> Result<CoseSigned<T>, CoseError>

Signs payload with Ed25519. Algorithm is set to EdDSA automatically.

Source

pub fn sign_ed25519_with_challenge( payload: &T, kid: &str, challenge: Option<&[u8]>, signing_key: &SigningKey, ) -> Result<CoseSigned<T>, CoseError>

Signs payload with Ed25519 and an optional challenge.

Source

pub fn verify_ed25519( &self, verifying_key: &VerifyingKey, ) -> Result<T, CoseError>

Verifies Ed25519 signature and returns the payload.

Trait Implementations§

Source§

impl<T> Clone for CoseSigned<T>
where T: Clone,

Source§

fn clone(&self) -> CoseSigned<T>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T> Debug for CoseSigned<T>
where T: Debug,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<T> Freeze for CoseSigned<T>

§

impl<T> RefUnwindSafe for CoseSigned<T>
where T: RefUnwindSafe,

§

impl<T> Send for CoseSigned<T>
where T: Send,

§

impl<T> Sync for CoseSigned<T>
where T: Sync,

§

impl<T> Unpin for CoseSigned<T>
where T: Unpin,

§

impl<T> UnwindSafe for CoseSigned<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.