Skip to main content

suit_decode

suit_validator

Function suit_decode 

Source 
pub fn suit_decode<H, C>(
    data: &[u8],
    handler: &mut H,
    crypto: &mut C,
) -> Result<(), SuitError>
where
    H: SuitStartHandler,
    C: SuitCrypto,
Expand description

Decodes a SUIT manifest from CBOR bytes and dispatches to a handler.

This is the primary public API for manifest processing. It handles both authenticated manifests (SUIT_Envelope with COSE signatures) and bare manifests (for testing).

§Parameters

  • data - Raw CBOR-encoded bytes containing either:

    • SUIT_Envelope (Tag 107): Authenticated manifest with optional severable elements
    • SUIT_Manifest (Tag 1070): Bare manifest (testing only, no signature verification)

  • handler - Struct implementing handler::SuitStartHandler to process the decoded manifest. The handler is called with either the envelope or manifest depending on the input format.

  • key_buf - COSE KeySet encoded as CBOR bytes for signature verification. This must be a CBOR-encoded array of COSE_Key objects (built using cose_minicbor::cose_keys::CoseKeySetBuilder as shown in Cryptographic Signature Verification).

    • Required for authenticated manifests (SUIT_Envelope, Tag 107)
    • Ignored for bare manifests (SUIT_Manifest, Tag 1070)
    • Must not be empty for authenticated manifests or SuitError::KeysDecodeError is returned

§Returns

  • Ok(()) - Successfully decoded and verified the manifest
  • Err(SuitError) - Decoding, verification, or processing failed (see SuitError variants)

§Security Requirements

For authenticated manifests:

  1. CBOR decoding is performed safely with type validation
  2. Signature is verified against trusted keys in key_buf
  3. Digest verification occurs before cryptographic operations (TOCTOU protection)
  4. Handler rejects the manifest on any error

§Handler Implementation

Implement handler::SuitStartHandler:

use suit_validator::handler::*;
use suit_validator::suit_manifest::*;
use suit_validator::SuitError;

struct MyManifestProcessor;
impl SuitStartHandler for MyManifestProcessor {
    fn on_envelope<'a>(&mut self, envelope: SuitEnvelope<'a>) -> Result<(), SuitError> {
        // Process authenticated signed manifest
        Ok(())
    }
    fn on_manifest<'a>(&mut self, manifest: SuitManifest<'a>) -> Result<(), SuitError> {
        // Process bare manifest
        Ok(())
    }
}

§References