|
| 1 | +//! Types for the ACE OSCORE profile (RFC 9203) |
| 2 | +
|
| 3 | +use crate::{ |
| 4 | + cbor::value::Value, |
| 5 | + common::AsCborValue, |
| 6 | + iana, |
| 7 | + util::ValueTryAs, |
| 8 | + Algorithm, CoseError, Label, Result, |
| 9 | +}; |
| 10 | +use alloc::{collections::BTreeSet, vec::Vec}; |
| 11 | + |
| 12 | +/// OSCORE_Input_Material, suitable to produce OSCORE keys when applying the ACE OSCORE profile |
| 13 | +/// (RFC 9203) |
| 14 | +/// |
| 15 | +/// This is typically transported in a token response as a variant of the cnf. |
| 16 | +#[derive(Clone, Debug, PartialEq, Default)] |
| 17 | +pub struct OscoreInputMaterial { |
| 18 | + /// OSCORE Input Material Identifier |
| 19 | + pub id: Option<Vec<u8>>, |
| 20 | + /// OSCORE Version |
| 21 | + pub version: Option<ciborium::value::Integer>, |
| 22 | + /// OSCORE Master Secret value |
| 23 | + pub ms: Option<Vec<u8>>, |
| 24 | + /// OSCORE HKDF value |
| 25 | + pub hkdf: Option<Algorithm>, |
| 26 | + /// OSCORE AEAD Algorithm value |
| 27 | + pub alg: Option<Algorithm>, |
| 28 | + /// an input to OSCORE Master Salt value |
| 29 | + pub salt: Option<Vec<u8>>, |
| 30 | + /// OSCORE ID Context value |
| 31 | + pub context_id: Option<Vec<u8>>, |
| 32 | +} |
| 33 | + |
| 34 | +const ID: Label = Label::Int(iana::OscoreSecurityContextParameter::Id as i64); |
| 35 | +const VERSION: Label = Label::Int(iana::OscoreSecurityContextParameter::Version as i64); |
| 36 | +const MS: Label = Label::Int(iana::OscoreSecurityContextParameter::Ms as i64); |
| 37 | +const HKDF: Label = Label::Int(iana::OscoreSecurityContextParameter::Hkdf as i64); |
| 38 | +const ALG: Label = Label::Int(iana::OscoreSecurityContextParameter::Alg as i64); |
| 39 | +const SALT: Label = Label::Int(iana::OscoreSecurityContextParameter::Salt as i64); |
| 40 | +const CONTEXTID: Label = Label::Int(iana::OscoreSecurityContextParameter::ContextId as i64); |
| 41 | + |
| 42 | +impl AsCborValue for OscoreInputMaterial { |
| 43 | + fn from_cbor_value(value: Value) -> Result<Self> { |
| 44 | + |
| 45 | + let m = value.try_as_map()?; |
| 46 | + let mut material = Self::default(); |
| 47 | + let mut seen = BTreeSet::new(); |
| 48 | + for (l, value) in m.into_iter() { |
| 49 | + // The `ciborium` CBOR library does not police duplicate map keys. |
| 50 | + // RFC 8152 section 14 requires that COSE does police duplicates, so do it here. |
| 51 | + let label = Label::from_cbor_value(l)?; |
| 52 | + if seen.contains(&label) { |
| 53 | + return Err(CoseError::DuplicateMapKey); |
| 54 | + } |
| 55 | + seen.insert(label.clone()); |
| 56 | + match label { |
| 57 | + ID => material.id = Some(value.try_as_bytes()?), |
| 58 | + VERSION => material.version = Some(value.try_as_integer()?), |
| 59 | + MS => material.ms = Some(value.try_as_bytes()?), |
| 60 | + HKDF => material.hkdf = Some(Algorithm::from_cbor_value(value)?), |
| 61 | + ALG => material.alg = Some(Algorithm::from_cbor_value(value)?), |
| 62 | + SALT => material.salt = Some(value.try_as_bytes()?), |
| 63 | + CONTEXTID => material.context_id = Some(value.try_as_bytes()?), |
| 64 | + _label => { |
| 65 | + return Err(CoseError::UnregisteredIanaValue); |
| 66 | + }, |
| 67 | + } |
| 68 | + } |
| 69 | + // No checks for required properties: All parameters are (at least formally, not |
| 70 | + // practically) optional |
| 71 | + |
| 72 | + Ok(material) |
| 73 | + } |
| 74 | + |
| 75 | + fn to_cbor_value(self) -> Result<Value> { |
| 76 | + todo!() |
| 77 | + } |
| 78 | +} |
0 commit comments