pub struct PairingSession {
pub token: PairingToken,
/* private fields */
}Expand description
Ephemeral keypair for a pairing session.
The P-256 ephemeral secret is consumed once during ECDH key exchange.
EphemeralSecret is !Clone + !Serialize — sessions cannot be persisted.
The ECDH curve (P-256) is independent of the device’s signing curve.
Fields§
§token: PairingTokenImplementations§
Source§impl PairingSession
impl PairingSession
Sourcepub fn complete_exchange(
&mut self,
responder_ephemeral_pubkey: &[u8],
) -> Result<Zeroizing<[u8; 32]>, ProtocolError>
pub fn complete_exchange( &mut self, responder_ephemeral_pubkey: &[u8], ) -> Result<Zeroizing<[u8; 32]>, ProtocolError>
Complete the P-256 ECDH exchange with the responder’s ephemeral public key.
Consumes the ephemeral secret (one-time use). Returns the 32-byte shared secret. The ECDH curve (P-256) is independent of the device’s signing curve — ephemeral keys are fresh per session and never reused.
Sourcepub fn ephemeral_pubkey_bytes(&self) -> Result<Vec<u8>, ProtocolError>
pub fn ephemeral_pubkey_bytes(&self) -> Result<Vec<u8>, ProtocolError>
Decode the ephemeral P-256 ECDH public key from the token’s base64url field.
Sourcepub fn verify_response(
&self,
device_signing_pubkey: &[u8],
device_ephemeral_pubkey: &[u8],
signature: &[u8],
curve: CurveType,
) -> Result<(), ProtocolError>
pub fn verify_response( &self, device_signing_pubkey: &[u8], device_ephemeral_pubkey: &[u8], signature: &[u8], curve: CurveType, ) -> Result<(), ProtocolError>
Verify a pairing response’s signature.
The curve argument carries the signing curve in-band — callers must
read it from the wire (e.g. PairingResponse.curve) or from a sibling
typed source, never infer from pubkey byte length.