indispensable-cosef/at.asitplus.signum.indispensable.cosef

Package-level declarations

Types

@Serializable

data class CborWebToken(val issuer: String? = null, val subject: String? = null, val audience: String? = null, val expiration: Instant? = null, val notBefore: Instant? = null, val issuedAt: Instant? = null, val cwtId: ByteArray? = null, val nonce: ByteArray? = null)

CBOR Web Token (CWT)

CoseAlgorithm

@Serializable(with = CoseAlgorithmSerializer::class)

enum CoseAlgorithm : Enum<CoseAlgorithm> , SpecializedSignatureAlgorithm

See COSE Algorithm Registry

CoseAlgorithmSerializer

object CoseAlgorithmSerializer : KSerializer<CoseAlgorithm>

CoseEllipticCurve

@Serializable(with = CoseEllipticCurveSerializer::class)

enum CoseEllipticCurve : Enum<CoseEllipticCurve>

CoseEllipticCurveSerializer

object CoseEllipticCurveSerializer : KSerializer<CoseEllipticCurve?>

CoseHeader

@Serializable

data class CoseHeader(val algorithm: CoseAlgorithm? = null, val criticalHeaders: String? = null, val contentType: String? = null, val kid: ByteArray? = null, val iv: ByteArray? = null, val partialIv: ByteArray? = null, val coseKey: ByteArray? = null, val certificateChain: ByteArray? = null, val type: String? = null)

Protected header of a CoseSigned.

CoseKey

@Serializable(with = CoseKeySerializer::class)

data class CoseKey(val type: CoseKeyType, val keyId: ByteArray? = null, val algorithm: CoseAlgorithm? = null, val operations: Array<CoseKeyOperation>? = null, val baseIv: ByteArray? = null, val keyParams: CoseKeyParams?) : SpecializedCryptoPublicKey

COSE public key as per RFC 8152. Since this is used as part of a COSE-specific DTO, every property is nullable

CoseKeyOperation

@Serializable(with = CoseKeyOperationSerializer::class)

enum CoseKeyOperation : Enum<CoseKeyOperation>

CoseKeyOperationSerializer

object CoseKeyOperationSerializer : KSerializer<CoseKeyOperation>

CoseKeyParams

sealed class CoseKeyParams : SpecializedCryptoPublicKey

Wrapper to handle parameters for different COSE public key types.

CoseKeySerializer

object CoseKeySerializer : KSerializer<CoseKey>

Encapsulates serializing and deserializing all types of COSE keys. Actually, no CoseKey object is ever directly (de)serialized. Instead, all the whole structure of a CoseKey is duplicated into a discrete class used solely for (de)serialization. For EC keys using point compression, this wrapper is CompressedCompoundCoseKeySerialContainer, for all other key types, it is UncompressedCompoundCoseKeySerialContainer Both od these are flattened mammoth data structures devoid of encapsulation, as demanded by the COSE spec. Internally, deserialization employs a map to as a lookup table for CborLabels to reconstruct the correct key using the flattened mammoth.

CoseKeyType

@Serializable(with = CoseKeyTypeSerializer::class)

enum CoseKeyType : Enum<CoseKeyType>

CoseKeyTypeSerializer

object CoseKeyTypeSerializer : KSerializer<CoseKeyType>

CoseSignatureInput

@Serializable

data class CoseSignatureInput(val contextString: String, val protectedHeader: ByteArray, val externalAad: ByteArray, val payload: ByteArray?)

CoseSigned

@Serializable(with = CoseSignedSerializer::class)

data class CoseSigned<P>

Representation of a signed COSE_Sign1 object, i.e. consisting of protected header, unprotected header and payload.

CoseSignedBytes

@Serializable

data class CoseSignedBytes(val protectedHeader: ByteArray, val unprotectedHeader: CoseHeader?, val payload: ByteArray?, val rawSignature: ByteArray)

Representation of a signed COSE_Sign1 object, i.e. consisting of protected header, unprotected header and payload. It represents the bytes of the object as it has been transferred, i.e. useful for signature verification.

CoseSignedSerializer

class CoseSignedSerializer<P>(parameterSerializer: KSerializer<P>) : KSerializer<CoseSigned<P>>

Serializes CoseSigned with a typed payload, by using its CoseSigned.wireFormat. Also handles deserialization of the bytes.

InstantLongSerializer

object InstantLongSerializer : KSerializer<Instant>

Properties

coseKid

var CryptoPublicKey.coseKid: ByteArray?

Functions

toCoseAlgorithm

fun SignatureAlgorithm.toCoseAlgorithm(): KmmResult<CoseAlgorithm>

fun SpecializedSignatureAlgorithm.toCoseAlgorithm(): KmmResult<CoseAlgorithm>

Tries to find a matching COSE algorithm. Note that COSE imposes curve restrictions on ECDSA based on the digest.

toCoseCurve

fun ECCurve.toCoseCurve(): CoseEllipticCurve

toCoseKey

fun CryptoPublicKey.toCoseKey(algorithm: CoseAlgorithm? = null, keyId: ByteArray? = this.coseKid): KmmResult<CoseKey>

Converts CryptoPublicKey into a KmmResult wrapped CoseKey If algorithm is not set then key can be used for any algorithm with same kty (RFC 8152), returns IllegalArgumentException for invalid kty/algorithm pairs