Crate coset

Set of types for supporting CBOR Object Signing and Encryption (COSE).

Builds on the ciborium crate for underlying CBOR support.

Usage

use coset::{iana, CborSerializable};

// Inputs.
let pt = b"This is the content";
let aad = b"this is additional data";

// Build a `CoseSign1` object.
let protected = coset::HeaderBuilder::new()
    .algorithm(iana::Algorithm::ES256)
    .key_id(b"11".to_vec())
    .build();
let sign1 = coset::CoseSign1Builder::new()
    .protected(protected)
    .payload(pt.to_vec())
    .create_signature(aad, |pt| signer.sign(pt)) // closure to do sign operation
    .build();

// Serialize to bytes.
let sign1_data = sign1.to_vec().unwrap();
println!(
    "'{}' + '{}' => {}",
    String::from_utf8_lossy(pt),
    String::from_utf8_lossy(aad),
    hex::encode(&sign1_data)
);

// At the receiving end, deserialize the bytes back to a `CoseSign1` object.
let mut sign1 = coset::CoseSign1::from_slice(&sign1_data).unwrap();

// At this point, real code would validate the protected headers.

// Check the signature, which needs to have the same `aad` provided, by
// providing a closure that can do the verify operation.
let result = sign1.verify_signature(aad, |sig, data| verifier.verify(sig, data));
println!("Signature verified: {:?}.", result);
assert!(result.is_ok());

// Changing an unprotected header leaves the signature valid.
sign1.unprotected.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
    .verify_signature(aad, |sig, data| verifier.verify(sig, data))
    .is_ok());

// Providing a different `aad` means the signature won't validate.
assert!(sign1
    .verify_signature(b"not aad", |sig, data| verifier.verify(sig, data))
    .is_err());

// Changing a protected header invalidates the signature.
sign1.protected.original_data = None;
sign1.protected.header.content_type = Some(coset::ContentType::Text("text/plain".to_owned()));
assert!(sign1
    .verify_signature(aad, |sig, data| verifier.verify(sig, data))
    .is_err());

Re-exports

• pub use ciborium as cbor;

Modules

• cwt
  CBOR Web Token functionality.
• iana
  Enumerations for IANA-managed values.

Structs

• CoseEncrypt
  Structure representing an encrypted object.
• CoseEncrypt0
  Structure representing an encrypted object.
• CoseEncrypt0Builder
  Builder for CoseEncrypt0 objects.
• CoseEncryptBuilder
  Builder for CoseEncrypt objects.
• CoseKdfContext
  Structure representing a a key derivation context.
• CoseKdfContextBuilder
  Builder for CoseKdfContext objects.
• CoseKey
  Structure representing a cryptographic key.
• CoseKeyBuilder
  Builder for CoseKey objects.
• CoseKeySet
  A collection of CoseKey objects.
• CoseMac
  Structure representing a message with authentication code (MAC).
• CoseMac0
  Structure representing a message with authentication code (MAC) where the relevant key is implicit.
• CoseMac0Builder
  Builder for CoseMac0 objects.
• CoseMacBuilder
  Builder for CoseMac objects.
• CoseRecipient
  Structure representing the recipient of encrypted data.
• CoseRecipientBuilder
  Builder for CoseRecipient objects.
• CoseSign
  Signed payload with signatures.
• CoseSign1
  Signed payload with a single signature.
• CoseSign1Builder
  Builder for CoseSign1 objects.
• CoseSignBuilder
  Builder for CoseSign objects.
• CoseSignature
  Structure representing a cryptographic signature.
• CoseSignatureBuilder
  Builder for CoseSignature objects.
• EndOfFile
  Marker structure indicating that the EOF was encountered when reading CBOR data.
• Header
  Structure representing a common COSE header map.
• HeaderBuilder
  Builder for Header objects.
• PartyInfo
  Structure representing a party involved in key derivation.
• PartyInfoBuilder
  Builder for PartyInfo objects.
• ProtectedHeader
  Structure representing a protected COSE header map.
• SuppPubInfo
  Structure representing supplemental public information.
• SuppPubInfoBuilder
  Builder for SuppPubInfo objects.

Enums

• CoseError
  Error type for failures in encoding or decoding COSE types.
• EncryptionContext
  Possible encryption contexts.
• Label
  A COSE label may be either a signed integer value or a string.
• MacContext
  Possible MAC contexts.
• Nonce
  A nonce value.
• RegisteredLabel
  A COSE label which can be either a signed integer value or a string, but where the allowed integer values are governed by IANA.
• RegisteredLabelWithPrivate
  A COSE label which can be either a signed integer value or a string, and where the allowed integer values are governed by IANA but include a private use range.
• SignatureContext
  Possible signature contexts.

Traits

• AsCborValue
  Trait for types that can be converted to/from a [Value].
• CborSerializable
  Extension trait that adds serialization/deserialization methods.
• TaggedCborSerializable
  Extension trait that adds tagged serialization/deserialization methods.

Functions

• enc_structure_data
  Create a binary blob that will be signed.
• mac_structure_data
  Create a binary blob that will be signed.
• sig_structure_data
  Create a binary blob that will be signed.

Type Definitions

• Algorithm
  Algorithm identifier.
• ContentType
  Content type.
• KeyOperation
  Key operation.
• KeyType
  Key type.
• Result
  Crate-specific Result type