gose/cose/encrypt0
COSE_Encrypt0 single-recipient encryption and decryption (RFC 9052).
Example
import gose/algorithm
import gose/cose/encrypt0
import gose/key
let k = key.generate_enc_key(algorithm.AesGcm(algorithm.Aes128))
let plaintext = <<"hello COSE":utf8>>
let assert Ok(message) = encrypt0.new(algorithm.AesGcm(algorithm.Aes128))
let assert Ok(encrypted) = encrypt0.encrypt(message, k, plaintext)
let data = encrypt0.serialize(encrypted)
let assert Ok(parsed) = encrypt0.parse(data)
let assert Ok(decryptor) = encrypt0.decryptor(algorithm.AesGcm(algorithm.Aes128), key: k)
let assert Ok(decrypted) = encrypt0.decrypt(decryptor, parsed)
Phantom Types
Encrypt0(state) uses a phantom type to track encryption state:
Unencrypted: created vianew, ready to encryptEncrypted: encrypted or parsed, can be serialized or decrypted
Types
A decryptor pinned to a content encryption algorithm and a single symmetric key.
pub opaque type DecryptorA COSE_Encrypt0 message parameterized by encryption state.
pub opaque type Encrypt0(state)Phantom type for a COSE_Encrypt0 message that has been encrypted or parsed.
pub type EncryptedPhantom type for a COSE_Encrypt0 message that has not yet been encrypted.
pub type UnencryptedValues
pub fn content_type(
message: Encrypt0(Encrypted),
) -> Result(cose.ContentType, gose.GoseError)Extract the content type from the message headers.
pub fn critical(
message: Encrypt0(Encrypted),
) -> Result(List(Int), gose.GoseError)Extract the critical header labels from the message headers.
pub fn decrypt(
decryptor: Decryptor,
message: Encrypt0(Encrypted),
) -> Result(BitArray, gose.GoseError)Decrypt a COSE_Encrypt0 message, returning the plaintext.
pub fn decrypt_with_aad(
decryptor: Decryptor,
message message: Encrypt0(Encrypted),
aad aad: BitArray,
) -> Result(BitArray, gose.GoseError)Decrypt with additional externally-supplied authenticated data (AAD).
pub fn decryptor(
alg: algorithm.ContentAlg,
key key: key.Key(BitArray),
) -> Result(Decryptor, gose.GoseError)Build a decryptor pinned to a single algorithm and key.
pub fn encrypt(
message: Encrypt0(Unencrypted),
key key: key.Key(BitArray),
plaintext plaintext: BitArray,
) -> Result(Encrypt0(Encrypted), gose.GoseError)Encrypt the plaintext with the given symmetric key.
pub fn kid(
message: Encrypt0(Encrypted),
) -> Result(BitArray, gose.GoseError)Extract the key ID from the message headers.
pub fn new(
alg: algorithm.ContentAlg,
) -> Result(Encrypt0(Unencrypted), gose.GoseError)Create a new unencrypted COSE_Encrypt0 message with the given content encryption algorithm.
pub fn parse(
data: BitArray,
) -> Result(Encrypt0(Encrypted), gose.GoseError)Decode a CBOR-encoded COSE_Encrypt0 message, accepting both tagged and untagged forms.
pub fn protected_headers(
message: Encrypt0(Encrypted),
) -> List(cose.Header)Return the raw protected headers.
pub fn serialize(message: Encrypt0(Encrypted)) -> BitArrayEncode an encrypted message as an untagged CBOR COSE_Encrypt0 array.
pub fn serialize_tagged(message: Encrypt0(Encrypted)) -> BitArrayEncode an encrypted message as a CBOR-tagged (tag 16) COSE_Encrypt0 structure.
pub fn unprotected_headers(
message: Encrypt0(Encrypted),
) -> List(cose.Header)Return the raw unprotected headers.
pub fn with_aad(
message: Encrypt0(Unencrypted),
aad aad: BitArray,
) -> Encrypt0(Unencrypted)Set external additional authenticated data (AAD) for the encryption operation.
pub fn with_content_type(
message: Encrypt0(Unencrypted),
ct ct: cose.ContentType,
) -> Encrypt0(Unencrypted)Add a content type to the protected headers.
RFC 9052 permits either bucket. Encrypted messages place it in protected so it is covered by the AEAD authentication.
pub fn with_critical(
message: Encrypt0(Unencrypted),
labels: List(Int),
) -> Encrypt0(Unencrypted)Add critical header labels to the protected headers.
pub fn with_kid(
message: Encrypt0(Unencrypted),
kid: BitArray,
) -> Encrypt0(Unencrypted)Add a key ID to the unprotected headers.