p2panda-rs 0.5.0

All the things a panda needs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

// SPDX-License-Identifier: AGPL-3.0-or-later

use openmls_traits::crypto::OpenMlsCrypto;
use openmls_traits::OpenMlsCryptoProvider;

use crate::secret_group::lts::error::LongTermSecretError;
use crate::secret_group::lts::LongTermSecretCiphersuite;

/// Encrypt data using the AEAD algorithm given by ciphersuite. Returns ciphertext with
/// authenticated plaintext HMAC (tag).
pub fn encrypt(
    provider: &impl OpenMlsCryptoProvider,
    ciphersuite: &LongTermSecretCiphersuite,
    value: &[u8],
    data: &[u8],
    nonce: &[u8],
    aad: &[u8],
) -> Result<Vec<u8>, LongTermSecretError> {
    let ciphertext_tag =
        match ciphersuite {
            LongTermSecretCiphersuite::PANDA10_AES128GCM
            | LongTermSecretCiphersuite::PANDA10_AES256GCM
            | LongTermSecretCiphersuite::PANDA10_CHACHA20POLY1305 => provider
                .crypto()
                .aead_encrypt(ciphersuite.mls_aead_type(), value, data, nonce, aad)?,
        };

    Ok(ciphertext_tag)
}

/// Decrypt tagged ciphertext using the AEAD algorithm given by ciphersuite.
pub fn decrypt(
    provider: &impl OpenMlsCryptoProvider,
    ciphersuite: &LongTermSecretCiphersuite,
    value: &[u8],
    ciphertext_tag: &[u8],
    nonce: &[u8],
    aad: &[u8],
) -> Result<Vec<u8>, LongTermSecretError> {
    let plaintext = match ciphersuite {
        LongTermSecretCiphersuite::PANDA10_AES128GCM
        | LongTermSecretCiphersuite::PANDA10_AES256GCM
        | LongTermSecretCiphersuite::PANDA10_CHACHA20POLY1305 => provider.crypto().aead_decrypt(
            ciphersuite.mls_aead_type(),
            value,
            ciphertext_tag,
            nonce,
            aad,
        )?,
    };

    Ok(plaintext)
}