mls-spec 2.0.0

This crate is a repository of MLS / RFC9420-related data structures.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

use crate::{SensitiveBytes, ToPrefixedLabel, defs::CiphersuiteId, key_schedule::PreSharedKeyId};

pub type Mac = SensitiveBytes;
pub type HpkePublicKey = SensitiveBytes;
pub type HpkePublicKeyRef<'a> = &'a SensitiveBytes;
pub type HpkePrivateKey = SensitiveBytes;
pub type HpkePrivateKeyRef<'a> = &'a SensitiveBytes;
pub type SignaturePublicKey = SensitiveBytes;
pub type SignaturePublicKeyRef<'a> = &'a SensitiveBytes;
pub type SignaturePrivateKey = SensitiveBytes;

#[derive(Debug, PartialEq, Eq, Clone, zeroize::Zeroize, zeroize::ZeroizeOnDrop)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct KeyPair {
    #[zeroize(skip)]
    pub kem_id: u16,
    #[zeroize(skip)]
    pub ciphersuite: CiphersuiteId,
    pub pk: SensitiveBytes,
    pub sk: SensitiveBytes,
}

macro_rules! impl_keypair_alias {
    ($newtype:ident) => {
        #[derive(Debug, PartialEq, Eq, Clone)]
        #[repr(transparent)]
        #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
        #[cfg_attr(feature = "serde", serde(transparent))]
        pub struct $newtype(KeyPair);

        impl $newtype {
            pub fn extract_public_key(&mut self) -> SensitiveBytes {
                std::mem::take(&mut self.0.pk)
            }

            pub fn extract_secret_key(&mut self) -> SensitiveBytes {
                std::mem::take(&mut self.0.sk)
            }
        }

        impl From<KeyPair> for $newtype {
            fn from(value: KeyPair) -> Self {
                Self(value)
            }
        }

        impl std::ops::Deref for $newtype {
            type Target = KeyPair;
            fn deref(&self) -> &Self::Target {
                &self.0
            }
        }
    };
}

impl_keypair_alias!(SignatureKeyPair);
impl_keypair_alias!(HpkeKeyPair);
impl_keypair_alias!(KeyPackageKeyPair);

impl From<HpkeKeyPair> for KeyPackageKeyPair {
    fn from(mut value: HpkeKeyPair) -> Self {
        Self(KeyPair {
            kem_id: value.0.kem_id,
            ciphersuite: value.0.ciphersuite,
            pk: std::mem::take(&mut value.0.pk),
            sk: std::mem::take(&mut value.0.sk),
        })
    }
}

#[derive(Debug, Clone, PartialEq, Eq, zeroize::Zeroize, zeroize::ZeroizeOnDrop)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct PreSharedKeyPair {
    pub psk_id: PreSharedKeyId,
    pub psk_secret: SensitiveBytes,
}

#[derive(Debug, Clone, PartialEq, Eq, zeroize::Zeroize, zeroize::ZeroizeOnDrop)]
pub struct HpkeExport {
    pub kem_output: SensitiveBytes,
    pub export: SensitiveBytes,
}

#[derive(Debug, Clone, Eq, PartialEq)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct ExternalInitSecret;
impl std::fmt::Display for ExternalInitSecret {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "external init secret")
    }
}
impl ToPrefixedLabel for ExternalInitSecret {}

#[derive(
    Debug,
    Clone,
    Eq,
    PartialEq,
    tls_codec::TlsSerialize,
    tls_codec::TlsDeserialize,
    tls_codec::TlsSize,
)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct HpkeCiphertext {
    pub kem_output: SensitiveBytes,
    pub ciphertext: SensitiveBytes,
}

#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct SignContent<'a> {
    #[tls_codec(with = "crate::tlspl::string")]
    pub label: &'a str,
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub content: &'a [u8],
}

#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct EncryptContext<'a> {
    #[tls_codec(with = "crate::tlspl::string")]
    pub label: &'a str,
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub context: &'a [u8],
}

#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct HashReferenceInput<'a> {
    #[tls_codec(with = "crate::tlspl::string")]
    pub label: &'a str,
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub value: &'a [u8],
}

#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize))]
pub struct KdfLabel<'a> {
    pub length: u16,
    #[tls_codec(with = "crate::tlspl::string")]
    pub label: &'a str,
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub context: &'a [u8],
}