/// We don't need COSE signing at the moment. But we need to generate test files. /// This module implements basic COSE signing. use nss; use {CoseError, Signature, SignatureAlgorithm, SignatureParameters}; use std::collections::BTreeMap; use cbor::CborType; use cose::util::get_sig_struct_bytes; use cose::decoder::decode_signature; use cose::decoder::{COSE_TYPE_ES256, COSE_TYPE_ES384, COSE_TYPE_ES512, COSE_TYPE_PS256};
/// Converts a `SignatureAlgorithm` to its corresponding `CborType`. /// See RFC 8152 section 8.1 and RFC 8230 section 5.1. pubfn signature_type_to_cbor_value(signature_type: &SignatureAlgorithm) -> CborType {
CborType::SignedInteger(match signature_type {
&SignatureAlgorithm::ES256 => COSE_TYPE_ES256,
&SignatureAlgorithm::ES384 => COSE_TYPE_ES384,
&SignatureAlgorithm::ES512 => COSE_TYPE_ES512,
&SignatureAlgorithm::PS256 => COSE_TYPE_PS256,
})
}
// The unprotected signature header is empty. let empty_map: BTreeMap<CborType, CborType> = BTreeMap::new();
signature_item.push(CborType::Map(empty_map));
// And finally the signature bytes.
signature_item.push(CborType::Bytes(sig_bytes.clone()));
CborType::Array(signature_item)
}
letmut signatures: Vec<Signature> = Vec::new(); for param in parameters { // Build the signature structure containing the protected headers and the // payload to generate the payload that is actually signed. let protected_sig_header_serialized =
build_protected_sig_header(param.certificate, ¶m.algorithm); let protected_header_serialized = build_protected_header(cert_chain); let payload = get_sig_struct_bytes(
protected_header_serialized,
protected_sig_header_serialized,
payload,
);
let signature_bytes = match nss::sign(¶m.algorithm, ¶m.pkcs8, &payload) {
Err(_) => return Err(CoseError::SigningFailed),
Ok(signature) => signature,
}; let signature = Signature {
parameter: param,
signature_bytes: signature_bytes,
};
signatures.push(signature);
}
for signature in cose_signatures { let signature_algorithm = &signature.signature_type; let signature_bytes = &signature.signature; let real_payload = &signature.to_verify;
// Verify the parsed signatures. // We ignore the certs field here because we don't verify the certificate. let verify_result = nss::verify_signature(
&signature_algorithm,
&signature.signer_cert,
real_payload,
signature_bytes,
); if !verify_result.is_ok() { return Err(CoseError::VerificationFailed);
}
}
Ok(())
}
Messung V0.5 in Prozent
¤ Dauer der Verarbeitung: 0.10 Sekunden
(vorverarbeitet am 2026-06-21)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.