pub trait CryptoProvider: Send + Sync {
Show 20 methods
// Required methods
fn verify_ed25519<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
pubkey: &'life1 [u8],
message: &'life2 [u8],
signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait;
fn sign_ed25519<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
seed: &'life1 SecureSeed,
message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait;
fn generate_ed25519_keypair<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<(SecureSeed, [u8; 32]), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
Self: 'async_trait;
fn ed25519_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
seed: &'life1 SecureSeed,
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
// Provided methods
fn verify_p256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_pubkey: &'life1 [u8],
_message: &'life2 [u8],
_signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait { ... }
fn sign_p256<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_seed: &'life1 SecureSeed,
_message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait { ... }
fn generate_p256_keypair<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<(SecureSeed, Vec<u8>), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
Self: 'async_trait { ... }
fn p256_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
_seed: &'life1 SecureSeed,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait { ... }
fn aead_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_key: &'life1 [u8; 32],
_nonce: &'life2 [u8; 12],
_aad: &'life3 [u8],
_plaintext: &'life4 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait { ... }
fn aead_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_key: &'life1 [u8; 32],
_nonce: &'life2 [u8; 12],
_aad: &'life3 [u8],
_ciphertext: &'life4 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait { ... }
fn hkdf_sha256_expand<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_ikm: &'life1 [u8],
_salt: &'life2 [u8],
_info: &'life3 [u8],
_out_len: usize,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait { ... }
fn hkdf_sha384_expand<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_ikm: &'life1 [u8],
_salt: &'life2 [u8],
_info: &'life3 [u8],
_out_len: usize,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait { ... }
fn hmac_sha256_compute<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait { ... }
fn hmac_sha256_verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
_tag: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait { ... }
fn hmac_sha384_compute<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<[u8; 48], CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait { ... }
fn hmac_sha384_verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
_tag: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait { ... }
fn sign_typed<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
seed: &'life1 TypedSeed,
message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait { ... }
fn verify_typed<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
curve: CurveType,
pubkey: &'life1 [u8],
message: &'life2 [u8],
signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait { ... }
fn generate_typed_keypair<'life0, 'async_trait>(
&'life0 self,
curve: CurveType,
) -> Pin<Box<dyn Future<Output = Result<(TypedSeed, Vec<u8>), CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
Self: 'async_trait { ... }
fn typed_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
seed: &'life1 TypedSeed,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait { ... }
}Expand description
Curve-agnostic abstraction for cryptographic operations across target architectures.
All method signatures use primitive Rust types or SecureSeed — no
ring-specific types. This ensures domain crates (auths-core, auths-sdk)
compile without any ring dependency.
Usage:
use auths_crypto::CryptoProvider;
async fn roundtrip(provider: &dyn CryptoProvider) {
let (seed, pk) = provider.generate_ed25519_keypair().await.unwrap();
let sig = provider.sign_ed25519(&seed, b"msg").await.unwrap();
provider.verify_ed25519(&pk, b"msg", &sig).await.unwrap();
}Required Methods§
Sourcefn verify_ed25519<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
pubkey: &'life1 [u8],
message: &'life2 [u8],
signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn verify_ed25519<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
pubkey: &'life1 [u8],
message: &'life2 [u8],
signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Verify an Ed25519 signature against a public key and message.
Sourcefn sign_ed25519<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
seed: &'life1 SecureSeed,
message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn sign_ed25519<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
seed: &'life1 SecureSeed,
message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Sign a message using a raw 32-byte Ed25519 seed.
The provider materializes the internal keypair from the seed on each call. This trades minor CPU overhead for a pure, ring-free domain layer.
Args:
seed: Raw 32-byte Ed25519 private key seed.message: The data to sign.
Usage:
let sig = provider.sign_ed25519(&seed, b"hello").await?;
assert_eq!(sig.len(), 64);Sourcefn generate_ed25519_keypair<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<(SecureSeed, [u8; 32]), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
Self: 'async_trait,
fn generate_ed25519_keypair<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<(SecureSeed, [u8; 32]), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
Self: 'async_trait,
Generate a fresh Ed25519 keypair.
Returns the raw 32-byte seed and 32-byte public key.
Usage:
let (seed, pubkey) = provider.generate_ed25519_keypair().await?;
assert_eq!(pubkey.len(), 32);Sourcefn ed25519_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
seed: &'life1 SecureSeed,
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn ed25519_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
seed: &'life1 SecureSeed,
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Derive the 32-byte public key from a raw seed.
Args:
seed: Raw 32-byte Ed25519 private key seed.
Usage:
let pk = provider.ed25519_public_key_from_seed(&seed).await?;
assert_eq!(pk.len(), 32);Provided Methods§
Sourcefn verify_p256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_pubkey: &'life1 [u8],
_message: &'life2 [u8],
_signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn verify_p256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_pubkey: &'life1 [u8],
_message: &'life2 [u8],
_signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Verify an ECDSA P-256 signature (r||s, 64 bytes) against a public key (33-byte compressed or 65-byte uncompressed SEC1) and message.
Default impl returns UnsupportedTarget; override in providers that
support P-256 (RingCryptoProvider via p256 crate on native,
WebCryptoProvider via SubtleCrypto.verify("ECDSA", …) on WASM).
Sourcefn sign_p256<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_seed: &'life1 SecureSeed,
_message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn sign_p256<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_seed: &'life1 SecureSeed,
_message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Sign a message using a raw 32-byte P-256 scalar seed. Deterministic ECDSA per RFC 6979. Returns a 64-byte compact r||s signature.
Args:
seed: Raw 32-byte P-256 private scalar.message: The data to sign.
Usage:
let sig = provider.sign_p256(&seed, b"hello").await?;
assert_eq!(sig.len(), P256_SIGNATURE_LEN);Sourcefn generate_p256_keypair<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<(SecureSeed, Vec<u8>), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
Self: 'async_trait,
fn generate_p256_keypair<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<(SecureSeed, Vec<u8>), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
Self: 'async_trait,
Generate a fresh P-256 keypair. Returns the raw 32-byte scalar seed and the 33-byte SEC1 compressed public key.
Usage:
let (seed, pubkey) = provider.generate_p256_keypair().await?;
assert_eq!(pubkey.len(), P256_PUBLIC_KEY_LEN);Sourcefn p256_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
_seed: &'life1 SecureSeed,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn p256_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
_seed: &'life1 SecureSeed,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Derive the 33-byte SEC1 compressed P-256 public key from a raw seed.
Args:
seed: Raw 32-byte P-256 private scalar.
Usage:
let pk = provider.p256_public_key_from_seed(&seed).await?;
assert_eq!(pk.len(), P256_PUBLIC_KEY_LEN);Sourcefn aead_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_key: &'life1 [u8; 32],
_nonce: &'life2 [u8; 12],
_aad: &'life3 [u8],
_plaintext: &'life4 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
fn aead_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_key: &'life1 [u8; 32],
_nonce: &'life2 [u8; 12],
_aad: &'life3 [u8],
_plaintext: &'life4 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
Encrypt plaintext under a 256-bit symmetric key with a 96-bit
nonce and Additional Authenticated Data (AAD). Output is
ciphertext || tag (tag is 16 bytes for both ChaCha20-Poly1305 and
AES-256-GCM).
Algorithm selection is compile-time via Cargo feature:
- default build: ChaCha20-Poly1305
cnsafeature (fn-128.T4): AES-256-GCM
Args:
key: 32-byte symmetric key.nonce: 12-byte per-message nonce; MUST NOT repeat under the same key.aad: Additional authenticated data (authenticated but not encrypted).plaintext: Bytes to encrypt.
Usage:
let ct = provider.aead_encrypt(&key, &nonce, b"session:1", b"secret").await?;Sourcefn aead_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_key: &'life1 [u8; 32],
_nonce: &'life2 [u8; 12],
_aad: &'life3 [u8],
_ciphertext: &'life4 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
fn aead_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_key: &'life1 [u8; 32],
_nonce: &'life2 [u8; 12],
_aad: &'life3 [u8],
_ciphertext: &'life4 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
Decrypt ciphertext (ct || tag) under a 256-bit symmetric key,
96-bit nonce, and matching AAD. Returns the plaintext on success;
InvalidSignature on tag mismatch.
Args:
key: 32-byte symmetric key.nonce: 12-byte nonce (must match the one used at encryption).aad: Additional authenticated data (must match encryption AAD byte-for-byte).ciphertext:encryptoutput (ct || tag).
Usage:
let pt = provider.aead_decrypt(&key, &nonce, b"session:1", &ct).await?;Sourcefn hkdf_sha256_expand<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_ikm: &'life1 [u8],
_salt: &'life2 [u8],
_info: &'life3 [u8],
_out_len: usize,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn hkdf_sha256_expand<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_ikm: &'life1 [u8],
_salt: &'life2 [u8],
_info: &'life3 [u8],
_out_len: usize,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
One-shot HKDF-SHA256 extract-then-expand (RFC 5869).
Args:
ikm: Input keying material (secret).salt: Non-secret salt (empty slice is acceptable).info: Domain-separating context tag.out_len: Desired output length in bytes (max 255 × 32 = 8160).
Usage:
let okm = provider.hkdf_sha256_expand(&ikm, &salt, b"my-proto-v1", 32).await?;Sourcefn hkdf_sha384_expand<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_ikm: &'life1 [u8],
_salt: &'life2 [u8],
_info: &'life3 [u8],
_out_len: usize,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn hkdf_sha384_expand<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_ikm: &'life1 [u8],
_salt: &'life2 [u8],
_info: &'life3 [u8],
_out_len: usize,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
One-shot HKDF-SHA384 extract-then-expand. Same shape as
[hkdf_sha256_expand] but with SHA-384 as the underlying hash. CNSA 2.0
requires SHA-384 for NSS workloads; default builds may return
CryptoError::UnsupportedTarget if SHA-384 is not available.
Max output length is 255 × 48 = 12240 bytes.
Sourcefn hmac_sha256_compute<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn hmac_sha256_compute<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Compute HMAC-SHA256 over msg under key. Returns a 32-byte tag.
Args:
key: MAC key (any length; HMAC hashes over-long keys internally).msg: Bytes to authenticate.
Usage:
let tag = provider.hmac_sha256_compute(&key, b"GET\n/path\n...").await?;Sourcefn hmac_sha256_verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
_tag: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn hmac_sha256_verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
_tag: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Verify an HMAC-SHA256 tag over msg under key, constant-time.
Returns Ok(()) on match, Err(CryptoError::InvalidSignature) on
mismatch. Implementations MUST use a constant-time comparator
(subtle::ct_eq, ring::constant_time, or equivalent).
Args:
key: MAC key used at compute time.msg: Bytes whose authenticity is being checked.tag: Claimed 32-byte tag.
Usage:
provider.hmac_sha256_verify(&key, &msg, &claimed_tag).await?;Sourcefn hmac_sha384_compute<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<[u8; 48], CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn hmac_sha384_compute<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<[u8; 48], CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Compute HMAC-SHA384 over msg under key. Returns a 48-byte tag.
CNSA counterpart of [hmac_sha256_compute].
Sourcefn hmac_sha384_verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
_tag: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn hmac_sha384_verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
_key: &'life1 [u8],
_msg: &'life2 [u8],
_tag: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Verify an HMAC-SHA384 tag over msg under key, constant-time.
CNSA counterpart of [hmac_sha256_verify].
Sourcefn sign_typed<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
seed: &'life1 TypedSeed,
message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn sign_typed<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
seed: &'life1 TypedSeed,
message: &'life2 [u8],
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Sign a message using a curve-carrying seed. Dispatches internally based
on seed.curve(); the caller never sees a curve-specific method.
Args:
seed: Typed seed carrying its curve tag.message: Bytes to sign.
Usage:
let sig = provider.sign_typed(&typed_seed, message).await?;Sourcefn verify_typed<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
curve: CurveType,
pubkey: &'life1 [u8],
message: &'life2 [u8],
signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn verify_typed<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
curve: CurveType,
pubkey: &'life1 [u8],
message: &'life2 [u8],
signature: &'life3 [u8],
) -> Pin<Box<dyn Future<Output = Result<(), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Verify a signature using a curve and raw public-key bytes. Dispatches internally; callers never see a curve-specific method.
Args:
curve: The curve the public key belongs to.pubkey: Raw public-key bytes (length validated by the curve-specific primitive).message: Bytes the signature is over.signature: Signature bytes to verify.
Usage:
provider.verify_typed(curve, &pk_bytes, msg, &sig).await?;Sourcefn generate_typed_keypair<'life0, 'async_trait>(
&'life0 self,
curve: CurveType,
) -> Pin<Box<dyn Future<Output = Result<(TypedSeed, Vec<u8>), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
Self: 'async_trait,
fn generate_typed_keypair<'life0, 'async_trait>(
&'life0 self,
curve: CurveType,
) -> Pin<Box<dyn Future<Output = Result<(TypedSeed, Vec<u8>), CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
Self: 'async_trait,
Generate a keypair for the requested curve. Returns a curve-tagged
crate::key_ops::TypedSeed plus raw public-key bytes.
Args:
curve: Which curve to generate for.
Usage:
let (typed_seed, pubkey_bytes) = provider.generate_typed_keypair(curve).await?;Sourcefn typed_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
seed: &'life1 TypedSeed,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn typed_public_key_from_seed<'life0, 'life1, 'async_trait>(
&'life0 self,
seed: &'life1 TypedSeed,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, CryptoError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Derive the public key from a curve-tagged seed.
Args:
seed: Typed seed.
Usage:
let pk_bytes = provider.typed_public_key_from_seed(&typed_seed).await?;Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".