Struct aws_nitro_enclaves_cose::CoseSign1
source · pub struct CoseSign1 { /* private fields */ }
Expand description
Implementation of the COSE_Sign1 structure as defined in RFC8152.
The COSE_Sign1 signature structure is used when only one signature is going to be placed on a message. The parameters dealing with the content and the signature are placed in the same pair of buckets rather than having the separation of COSE_Sign.
The structure can be encoded as either tagged or untagged depending on the context it will be used in. A tagged COSE_Sign1 structure is identified by the CBOR tag 18. The CDDL fragment that represents this is:
COSE_Sign1_Tagged = #6.18(COSE_Sign1)
The CBOR object that carries the body, the signature, and the information about the body and signature is called the COSE_Sign1 structure. Examples of COSE_Sign1 messages can be found in Appendix C.2.
The COSE_Sign1 structure is a CBOR array. The fields of the array in order are:
protected: This is as described in Section 3.
unprotected: This is as described in Section 3.
payload: This is as described in Section 4.1.
signature: This field contains the computed signature value. The type of the field is a bstr.
The CDDL fragment that represents the above text for COSE_Sign1 follows.
COSE_Sign1 = [ Headers, payload : bstr / nil, signature : bstr ]
§https://tools.ietf.org/html/rfc8152#section-3
Headers = ( protected : empty_or_serialized_map, unprotected : header_map )
header_map = { Generic_Headers, * label => values }
empty_or_serialized_map = bstr .cbor header_map / bstr .size 0
Generic_Headers = ( ? 1 => int / tstr, ; algorithm identifier ? 2 => [+label], ; criticality ? 3 => tstr / int, ; content type ? 4 => bstr, ; key identifier ? 5 => bstr, ; IV ? 6 => bstr, ; Partial IV ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature )
Note: Currently, the structures are not tagged, since it isn’t required by the spec and the only way to achieve this is to add the token at the start of the serialized object, since the serde_cbor library doesn’t support custom tags.
Implementations§
source§impl CoseSign1
impl CoseSign1
sourcepub fn new<H: Hash>(
payload: &[u8],
unprotected: &HeaderMap,
key: &dyn SigningPrivateKey
) -> Result<Self, CoseError>
pub fn new<H: Hash>( payload: &[u8], unprotected: &HeaderMap, key: &dyn SigningPrivateKey ) -> Result<Self, CoseError>
Creates a CoseSign1 structure from the given payload and some unprotected data in the form of a HeaderMap. Signs the content with the given key using the recommedations from the spec and sets the protected part of the document to reflect the algorithm used.
sourcepub fn new_with_protected<H: Hash>(
payload: &[u8],
protected: &HeaderMap,
unprotected: &HeaderMap,
key: &dyn SigningPrivateKey
) -> Result<Self, CoseError>
pub fn new_with_protected<H: Hash>( payload: &[u8], protected: &HeaderMap, unprotected: &HeaderMap, key: &dyn SigningPrivateKey ) -> Result<Self, CoseError>
Creates a CoseSign1 structure from the given payload and some protected and unprotected data in the form of a HeaderMap. Signs the content with the given key using the recommedations from the spec and sets the algorithm used into the protected header.
sourcepub fn as_bytes(&self, tagged: bool) -> Result<Vec<u8>, CoseError>
pub fn as_bytes(&self, tagged: bool) -> Result<Vec<u8>, CoseError>
Serializes the structure for transport / storage. If tagged
is true, the optional #6.18
tag is added to the output.
sourcepub fn from_bytes(bytes: &[u8]) -> Result<Self, CoseError>
pub fn from_bytes(bytes: &[u8]) -> Result<Self, CoseError>
This function deserializes the structure, but doesn’t check the contents for correctness at all. Accepts untagged structures or structures with tag 18.
sourcepub fn from_bytes_tagged(bytes: &[u8]) -> Result<Self, CoseError>
pub fn from_bytes_tagged(bytes: &[u8]) -> Result<Self, CoseError>
This function deserializes the structure, but doesn’t check the contents for correctness at all. Accepts structures with tag 18.
sourcepub fn verify_signature<H: Hash>(
&self,
key: &dyn SigningPublicKey
) -> Result<bool, CoseError>
pub fn verify_signature<H: Hash>( &self, key: &dyn SigningPublicKey ) -> Result<bool, CoseError>
This checks the signature included in the structure against the given public key and returns true if the signature matches the given key.
sourcepub fn get_protected_and_payload<H: Hash>(
&self,
key: Option<&dyn SigningPublicKey>
) -> Result<(HeaderMap, Vec<u8>), CoseError>
pub fn get_protected_and_payload<H: Hash>( &self, key: Option<&dyn SigningPublicKey> ) -> Result<(HeaderMap, Vec<u8>), CoseError>
This gets the payload
and protected
data of the document.
If key
is provided, it only gets the data if the signature is correctly verified,
otherwise returns Err(CoseError::UnverifiedSignature)
.
sourcepub fn get_payload<H: Hash>(
&self,
key: Option<&dyn SigningPublicKey>
) -> Result<Vec<u8>, CoseError>
pub fn get_payload<H: Hash>( &self, key: Option<&dyn SigningPublicKey> ) -> Result<Vec<u8>, CoseError>
This gets the payload
of the document. If key
is provided, it only gets the payload
if the signature is correctly verified, otherwise returns
Err(CoseError::UnverifiedSignature)
.
sourcepub fn get_unprotected(&self) -> &HeaderMap
pub fn get_unprotected(&self) -> &HeaderMap
This gets the unprotected
headers from the document.