Lib.rs

Encoding
#cose #rfc #serde #format #serialization #8152

serde_cose

The COSE (RFC #8152) serialization format

by Mason Fischer

3 releases

0.1.4 Oct 26, 2020
0.1.3 Oct 20, 2020
0.1.0 Sep 22, 2020

#2032 in Encoding


Used in dcc-decode

MIT/Apache

95KB
361 lines

Contains (Zip file, 11KB) what-do-i-have.xlsx

Serde COSE


COSE (RFC #8152) support for Serde

Project Status

Currently serde_cose only supports decoding ed25519 Sign1 messsages. No future work is planned but adding signature formats should be fairly straightfoward.

Usage

Add this to your Cargo.toml:

serde_cose = "0.1.0"

Use serde_cose::from_slice to decode COSE messages:

use ed25519_dalek::PublicKey;

struct User {
    public_key: ed25519_dalek::PublicKey,
}

fn main() {
    let cose_message = hex::decode("D28445A201270300A10442313154546869732069732074686520636F6E74656E742E58407142FD2FF96D56DB85BEE905A76BA1D0B7321A95C8C4D3607C5781932B7AFB8711497DFA751BF40B58B3BCC32300B1487F3DB34085EEF013BF08F4A44D6FEF0D").unwrap();

    // First decode the `Sign1` message type
    // https://tools.ietf.org/html/rfc8152#section-4.2
    let sign1 = serde_cose::from_slice(&cose_message);

    // Next Lookup the user using the key id (`kid`) field
    // https://tools.ietf.org/html/rfc8152#section-3.1
    let user = lookup_user(&sign1.kid());

    // Convert the users public key into a COSE key
    let key: serde_cose::Key = user.public_key.into();
    
    // Verify the signature
    if key.verify(&sign1) {
        println!("Valid Signature!")
    } else {
        println!("Invalid Signature :(")
    }
}

fn lookup_user(user_id: &[u8]) -> User {
    match std::str::from_utf8(&user_id).unwrap() {
        "11" => User {
            public_key: PublicKey::from_bytes(
                &hex::decode(&"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")
                    .unwrap(),
            )
            .unwrap(),
        },
        id => panic!(format!("user {} not found", id)),
    }
}

Contributing

Want to join us? Check out our The "Contributing" section of the guide and take a look at some of these issues:

Conduct

The Serde COSE project adheres to the Contributor Covenant Code of Conduct. This describes the minimum behavior expected from all contributors.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~3.5MB
~74K SLoC