; Adapted from the CDDL fragments in RFC 8152 (https://datatracker.ietf.org/doc/html/rfc8152)

Headers = (
	protected : empty_or_serialized_map,
	unprotected : header_map
)

label = int / tstr
values = any

header_map = {
	Generic_Headers,
	* label => values
}

empty_or_serialized_map = bstr .cbor header_map / bstr .size 0

Generic_Headers = (
	? 1 => int / tstr,  ; algorithm identifier
	? 2 => [+label],    ; criticality
	? 3 => tstr / int,  ; content type
	? 4 => bstr,        ; key identifier
	? 5 => bstr,        ; IV
	? 6 => bstr,        ; Partial IV

	; Comment out the counter signature since it creates a circular type.
	; It is optional, so commenting it out is still conformant.
	;? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature
)

COSE_Sign_Tagged = #6.98(COSE_Sign)

COSE_Sign = [
	Headers,
	payload : bstr / nil,
	signatures : [+ COSE_Signature]
]

COSE_Signature =  [
	Headers,
	signature : bstr
]

COSE_Sign1_Tagged = #6.18(COSE_Sign1)

COSE_Sign1 = [
	Headers,
	payload : bstr / nil,
	signature : bstr
]

Sig_structure = [
	context : "Signature" / "Signature1" / "CounterSignature",
	body_protected : empty_or_serialized_map,
	? sign_protected : empty_or_serialized_map,
	external_aad : bstr,
	payload : bstr
]

COSE_Encrypt_Tagged = #6.96(COSE_Encrypt)

COSE_Encrypt = [
	Headers,
	ciphertext : bstr / nil,
	recipients : [+COSE_recipient]
]

COSE_recipient = [
	Headers,
	ciphertext : bstr / nil,

	; Comment out the recipient list since it creates a circular type.
	; It is optional, so commenting it out is still conformant.
	;? recipients : [+COSE_recipient]
]

COSE_Encrypt0_Tagged = #6.16(COSE_Encrypt0)

COSE_Encrypt0 = [
	Headers,
	ciphertext : bstr / nil,
]

Enc_structure = [
	context : "Encrypt" / "Encrypt0" / "Enc_Recipient" /
		"Mac_Recipient" / "Rec_Recipient",
	protected : empty_or_serialized_map,
	external_aad : bstr
]

COSE_Mac_Tagged = #6.97(COSE_Mac)

COSE_Mac = [
	Headers,
	payload : bstr / nil,
	tag : bstr,
	recipients :[+COSE_recipient]
]

COSE_Mac0_Tagged = #6.17(COSE_Mac0)

COSE_Mac0 = [
	Headers,
	payload : bstr / nil,
	tag : bstr,
]

MAC_structure = [
	context : "MAC" / "MAC0",
	protected : empty_or_serialized_map,
	external_aad : bstr,
	payload : bstr
]

COSE_Key = {
	1 => tstr / int,          ; kty
	? 2 => bstr,              ; kid
	? 3 => tstr / int,        ; alg
	? 4 => [+ (tstr / int) ], ; key_ops
	? 5 => bstr,              ; Base IV
	* label => values
}

COSE_KeySet = [+COSE_Key]

PartyInfo = (
	identity : bstr / nil,
	nonce : bstr / int / nil,
	other : bstr / nil
)

COSE_KDF_Context = [
	AlgorithmID : int / tstr,
	PartyUInfo : [ PartyInfo ],
	PartyVInfo : [ PartyInfo ],
	SuppPubInfo : [
		keyDataLength : uint,
		protected : empty_or_serialized_map,
		? other : bstr
	],
	? SuppPrivInfo : bstr
]

COSE_Messages = COSE_Untagged_Message / COSE_Tagged_Message

COSE_Untagged_Message = COSE_Sign / COSE_Sign1 /
	COSE_Encrypt / COSE_Encrypt0 /
	COSE_Mac / COSE_Mac0

COSE_Tagged_Message = COSE_Sign_Tagged / COSE_Sign1_Tagged /
	COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged /
	COSE_Mac_Tagged / COSE_Mac0_Tagged