Struct aws_nitro_enclaves_cose::sign::CoseSign1

source · 
pub struct CoseSign1 { /* private fields */ }
Expand description

Implementation of the COSE_Sign1 structure as defined in RFC8152.

The COSE_Sign1 signature structure is used when only one signature is going to be placed on a message. The parameters dealing with the content and the signature are placed in the same pair of buckets rather than having the separation of COSE_Sign.

The structure can be encoded as either tagged or untagged depending on the context it will be used in. A tagged COSE_Sign1 structure is identified by the CBOR tag 18. The CDDL fragment that represents this is:

COSE_Sign1_Tagged = #6.18(COSE_Sign1)

The CBOR object that carries the body, the signature, and the information about the body and signature is called the COSE_Sign1 structure. Examples of COSE_Sign1 messages can be found in Appendix C.2.

The COSE_Sign1 structure is a CBOR array. The fields of the array in order are:

protected: This is as described in Section 3.

unprotected: This is as described in Section 3.

payload: This is as described in Section 4.1.

signature: This field contains the computed signature value. The type of the field is a bstr.

The CDDL fragment that represents the above text for COSE_Sign1 follows.

COSE_Sign1 = [ Headers, payload : bstr / nil, signature : bstr ]

§https://tools.ietf.org/html/rfc8152#section-3

Headers = ( protected : empty_or_serialized_map, unprotected : header_map )

header_map = { Generic_Headers, * label => values }

empty_or_serialized_map = bstr .cbor header_map / bstr .size 0

Generic_Headers = ( ? 1 => int / tstr, ; algorithm identifier ? 2 => [+label], ; criticality ? 3 => tstr / int, ; content type ? 4 => bstr, ; key identifier ? 5 => bstr, ; IV ? 6 => bstr, ; Partial IV ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature )

Note: Currently, the structures are not tagged, since it isn’t required by the spec and the only way to achieve this is to add the token at the start of the serialized object, since the serde_cbor library doesn’t support custom tags.

Implementations§

source§

impl CoseSign1

source

pub fn new<H: Hash>( payload: &[u8], unprotected: &HeaderMap, key: &dyn SigningPrivateKey ) -> Result<Self, CoseError>

Creates a CoseSign1 structure from the given payload and some unprotected data in the form of a HeaderMap. Signs the content with the given key using the recommedations from the spec and sets the protected part of the document to reflect the algorithm used.

source

pub fn new_with_protected<H: Hash>( payload: &[u8], protected: &HeaderMap, unprotected: &HeaderMap, key: &dyn SigningPrivateKey ) -> Result<Self, CoseError>

Creates a CoseSign1 structure from the given payload and some protected and unprotected data in the form of a HeaderMap. Signs the content with the given key using the recommedations from the spec and sets the algorithm used into the protected header.

source

pub fn as_bytes(&self, tagged: bool) -> Result<Vec<u8>, CoseError>

Serializes the structure for transport / storage. If tagged is true, the optional #6.18 tag is added to the output.

source

pub fn from_bytes(bytes: &[u8]) -> Result<Self, CoseError>

This function deserializes the structure, but doesn’t check the contents for correctness at all. Accepts untagged structures or structures with tag 18.

source

pub fn from_bytes_tagged(bytes: &[u8]) -> Result<Self, CoseError>

This function deserializes the structure, but doesn’t check the contents for correctness at all. Accepts structures with tag 18.

source

pub fn verify_signature<H: Hash>( &self, key: &dyn SigningPublicKey ) -> Result<bool, CoseError>

This checks the signature included in the structure against the given public key and returns true if the signature matches the given key.

source

pub fn get_protected_and_payload<H: Hash>( &self, key: Option<&dyn SigningPublicKey> ) -> Result<(HeaderMap, Vec<u8>), CoseError>

This gets the payload and protected data of the document. If key is provided, it only gets the data if the signature is correctly verified, otherwise returns Err(CoseError::UnverifiedSignature).

source

pub fn get_payload<H: Hash>( &self, key: Option<&dyn SigningPublicKey> ) -> Result<Vec<u8>, CoseError>

This gets the payload of the document. If key is provided, it only gets the payload if the signature is correctly verified, otherwise returns Err(CoseError::UnverifiedSignature).

source

pub fn get_unprotected(&self) -> &HeaderMap

This gets the unprotected headers from the document.

Trait Implementations§

source§

impl Clone for CoseSign1

source§

fn clone(&self) -> CoseSign1

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for CoseSign1

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'de> Deserialize<'de> for CoseSign1

source§

fn deserialize<D>(deserializer: D) -> Result<CoseSign1, D::Error>
where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl Serialize for CoseSign1

source§

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,