pub trait ServerSecurityConfig: Sealed {
type GeneralClaims: GeneralClaims;
const PARSES_TOKENS: bool;
const HAS_EDHOC: bool;
// Provided methods
fn decrypt_symmetric_token<'buf>(
&self,
headers: &HeaderMap<'_>,
aad: &[u8],
ciphertext_buffer: &'buf mut [u8],
_: PrivateMethod,
) -> Result<(Self::GeneralClaims, CwtClaimsSet<'buf>), CredentialError> { ... }
fn verify_asymmetric_token<'b>(
&self,
headers: &HeaderMap<'_>,
signed_data: &[u8],
signature: &[u8],
signed_payload: &'b [u8],
_: PrivateMethod,
) -> Result<(Self::GeneralClaims, CwtClaimsSet<'b>), CredentialError> { ... }
fn own_edhoc_credential(&self) -> Option<(Credential, BytesP256ElemLen)> { ... }
fn expand_id_cred_x(
&self,
id_cred_x: IdCred,
) -> Option<(Credential, Self::GeneralClaims)> { ... }
fn nosec_authorization(&self) -> Option<Self::GeneralClaims> { ... }
fn render_not_allowed<M: MutableWritableMessage>(
&self,
message: &mut M,
) -> Result<(), NotAllowedRenderingFailed> { ... }
}
Expand description
A single or collection of authorization servers that a handler trusts to create ACE tokens.
Required Associated Constants§
Sourceconst PARSES_TOKENS: bool
const PARSES_TOKENS: bool
True if the type will at any time need to process tokens at /authz-info
This is used by the handler implementation to shortcut through some message processing paths.
Required Associated Types§
Sourcetype GeneralClaims: GeneralClaims
type GeneralClaims: GeneralClaims
The way scopes issued with this system as audience by this AS are expressed here.
Provided Methods§
Sourcefn decrypt_symmetric_token<'buf>(
&self,
headers: &HeaderMap<'_>,
aad: &[u8],
ciphertext_buffer: &'buf mut [u8],
_: PrivateMethod,
) -> Result<(Self::GeneralClaims, CwtClaimsSet<'buf>), CredentialError>
fn decrypt_symmetric_token<'buf>( &self, headers: &HeaderMap<'_>, aad: &[u8], ciphertext_buffer: &'buf mut [u8], _: PrivateMethod, ) -> Result<(Self::GeneralClaims, CwtClaimsSet<'buf>), CredentialError>
Unprotects a symmetriclly encrypted token and processes the contained [CWT Claims
Set][crate::ace::CwtClaimsSet] into a Self::GeneralClaims
and returns the full claims.
The steps are performed together rather than in separate functions because it is yet
unclear how data would precisely be carried around. (Previous iterations of this API had a
ScopeGenerator
associated type that would carry such data, but that did not scale well to
different kinds of tokens; for example, it would need a TimeConstraintGenerator
in
parallel because while the token may indicate some time, the issuer’s trusted time might be
more limited).
As part of such a dissection it would be preferable to return a decryption key and let the
ace
module do the decryption, but the key is not dyn safe, and
aead::AeadInPlace
can not be
enum’d around different potential key types because the associated types are fixed length.
(Returning a key in some COSE crypto abstraction may work better).
Note that the full AAD (COSE’s AAD including the external AAD) is built by the caller; the headers are only passed in to enable the AS to select the right key.
The buffer is given as heapless buffer rather than an an
aead::Buffer
because the latter is
not on the latest heaples version in its released version.
Sourcefn verify_asymmetric_token<'b>(
&self,
headers: &HeaderMap<'_>,
signed_data: &[u8],
signature: &[u8],
signed_payload: &'b [u8],
_: PrivateMethod,
) -> Result<(Self::GeneralClaims, CwtClaimsSet<'b>), CredentialError>
fn verify_asymmetric_token<'b>( &self, headers: &HeaderMap<'_>, signed_data: &[u8], signature: &[u8], signed_payload: &'b [u8], _: PrivateMethod, ) -> Result<(Self::GeneralClaims, CwtClaimsSet<'b>), CredentialError>
Verify the signature on a symmetrically encrypted token
signed_payload
is the payload part of the signed CWT; while it is part of signed_data
and
can be recovered from it, signed_data
currently typically resides in a copied buffer
created for signature verification, and signed_payload is around inside the caller for
longer. As common with signed data, it should only be parsed once the signature has been
verified.
Like Self::decrypt_symmetric_token()
, this conflates a few aspects, which is tolerated
for the time being.
fn own_edhoc_credential(&self) -> Option<(Credential, BytesP256ElemLen)>
Sourcefn expand_id_cred_x(
&self,
id_cred_x: IdCred,
) -> Option<(Credential, Self::GeneralClaims)>
fn expand_id_cred_x( &self, id_cred_x: IdCred, ) -> Option<(Credential, Self::GeneralClaims)>
Expands an EDHOC ID_CRED_x
into a parsed CRED_x
along with the associated
authorizations.
This is currently used for statically configured known static keys, might also be used in situations when a new EDHOC session is run with a credential previously stored, for example after an ACE token was submitted.
Generates the scope representing unauthenticated access.
Their time aspect is typically unbounded.
Sourcefn render_not_allowed<M: MutableWritableMessage>(
&self,
message: &mut M,
) -> Result<(), NotAllowedRenderingFailed>
fn render_not_allowed<M: MutableWritableMessage>( &self, message: &mut M, ) -> Result<(), NotAllowedRenderingFailed>
Render the “not allowed” message in this scenario.
The default (or any error) renderer produces a generic 4.01 Unauthorized in the handler; specifics can be useful in ACE scenarios to return a Request Creation Hint.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.