miden-crypto 0.27.0

Miden Cryptographic primitives
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

//! ECDH (Elliptic Curve Diffie-Hellman) key agreement implementations.

use alloc::vec::Vec;

use hkdf::Hkdf;
use rand::CryptoRng;
use sha2::{Sha256, digest::OutputSizeUser};
use thiserror::Error;

use crate::utils::{
    Deserializable, Serializable,
    zeroize::{Zeroize, ZeroizeOnDrop},
};

pub mod k256;
pub mod x25519;

// KEY AGREEMENT TRAIT
// ================================================================================================

pub(crate) trait KeyAgreementScheme {
    type EphemeralSecretKey: ZeroizeOnDrop;
    type EphemeralPublicKey: Serializable + Deserializable;

    type SecretKey;
    type PublicKey: Clone;

    type SharedSecret: AsRef<[u8]> + Zeroize + ZeroizeOnDrop;

    /// Returns an ephemeral key pair generated from the provided RNG.
    fn generate_ephemeral_keypair<R: CryptoRng>(
        rng: &mut R,
    ) -> (Self::EphemeralSecretKey, Self::EphemeralPublicKey);

    /// Performs key exchange between ephemeral secret and static public key.
    fn exchange_ephemeral_static(
        ephemeral_sk: Self::EphemeralSecretKey,
        static_pk: &Self::PublicKey,
    ) -> Result<Self::SharedSecret, KeyAgreementError>;

    /// Performs key exchange between static secret and ephemeral public key.
    fn exchange_static_ephemeral(
        static_sk: &Self::SecretKey,
        ephemeral_pk: &Self::EphemeralPublicKey,
    ) -> Result<Self::SharedSecret, KeyAgreementError>;

    /// Extracts key material from shared secret.
    ///
    /// `info` is the HKDF context string for domain separation and binding to the IES scheme and
    /// ephemeral public key (see `CryptoBox::build_kdf_info`).
    fn extract_key_material(
        shared_secret: &Self::SharedSecret,
        length: usize,
        info: &[u8],
    ) -> Result<Vec<u8>, KeyAgreementError>;
}

/// Extracts key material from shared secret bytes with HKDF-SHA256.
///
/// This is the KDF used by the integrated encryption scheme after ECDH key agreement.
pub fn extract_key_material(
    shared_secret: &[u8],
    salt: Option<&[u8]>,
    length: usize,
    info: &[u8],
) -> Result<Vec<u8>, KeyAgreementError> {
    if length > 255 * Sha256::output_size() {
        return Err(KeyAgreementError::HkdfExpansionFailed);
    }
    let hkdf = Hkdf::<Sha256>::new(salt, shared_secret);
    let mut buf = vec![0_u8; length];
    hkdf.expand(info, &mut buf)
        .map_err(|_| KeyAgreementError::HkdfExpansionFailed)?;
    Ok(buf)
}

// ERROR TYPES
// ================================================================================================

/// Errors that can occur during encryption/decryption operations
#[derive(Debug, Error)]
pub enum KeyAgreementError {
    #[error("hkdf expansion failed")]
    HkdfExpansionFailed,
    #[error("shared secret is invalid")]
    InvalidSharedSecret,
}