ytls-traits 0.0.2

yolox TLS traits
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

//! ytls Crypto traits

//----------------------------------------------------------
// Providers
//----------------------------------------------------------

#[doc(inline)]
pub use rand_core::CryptoRng;

/// Cryptography configuration is provied through implmenting
/// this trait. Typically providers provide implementation or
/// implementer can provide a mix of used primitives.
pub trait CryptoConfig {
    type PrkError;
    // TODO: cfg-gate supported hashers
    type Hasher: CryptoSha256TranscriptProcessor;
    type X25519: CryptoX25519Processor;
    /// Provide the concrete ECDHE providing the X25519
    fn ecdhe_x25519<R: CryptoRng>(_: &mut R) -> Self::X25519;
    /// Provide the concrete hasher containing SHA256 hasher
    fn hasher_sha256() -> Self::Hasher;
    /// ECDSA secp256p1 Signature processor
    fn sign_p256_init(_key: &[u8]) -> Option<impl CryptoSignerP256Processor>;
    /// AEAD ChaCha20Poly1305 with Key and Nonce / IV
    fn aead_chaha20poly1305(_key: &[u8; 32]) -> impl CryptoChaCha20Poly1305Processor;
    /// Hkdf256 Sha256 from strong pre-existing prk
    fn hkdf_sha256_from_prk(
        _prk: &[u8],
    ) -> Result<impl CryptoSha256HkdfGenProcessor, Self::PrkError>;
    /// Provide the configured Hkdf Sha256 impl
    fn hkdf_sha256_init() -> impl CryptoSha256HkdfExtractProcessor;
    /// Provide the configured Hmac Sha384 impl
    fn hmac_sha384_init_with_key(_key: &[u8; 48]) -> impl CryptoSha384HmacProcessor;
    /// Provide the configured Hmac Sha256 impl
    fn hmac_sha256_init_with_key(_key: &[u8; 32]) -> impl CryptoSha256HmacProcessor;
    /// Provide the configured SHA256 Hasher impl
    fn sha256_init() -> impl CryptoSha256TranscriptProcessor;
    /// Provide the configured SHA384 Hasher impl
    fn sha384_init() -> impl CryptoSha384TranscriptProcessor;
    /// Provide the configured Ephemeral X25519 impl
    fn x25519_init<R: CryptoRng>(&mut self, _: &mut R) -> impl CryptoX25519Processor;
}

/// ECDSA Signature Processor secp256p1
pub trait CryptoSignerP256Processor {
    /// Sign the content and indicate the output length of the signature if the
    /// output buffer was long enough.
    /// The output is DER encoded raw bytes as supplied through certificate verify.
    /// The success of the operation always returns Some(written)
    ///
    /// ## Warning
    ///
    /// In case the output buffer is too small the result is None and must be
    /// handled by increasing the output buffer size and retried.
    ///
    /// Given the output is variable sized, the output must be always
    /// cut to size with the indicated return length.
    #[must_use]
    fn sign_p256(&self, _content: &[u8], _output: &mut [u8]) -> Option<usize>;
}

/// HMAC (Hash-based Message Authentication Code) SHA256.
/// @At Handshake Finished
pub trait CryptoSha256HmacProcessor {
    /// Update HMAC based on data of content
    fn hmac_sha256_update(&mut self, _content: &[u8]) -> ();
    /// Fork from the current
    fn hmac_sha256_fork(&self) -> Self;
    /// Finalize HMAC
    fn hmac_sha256_finalize(self) -> [u8; 32];
}

/// HMAC (Hash-based Message Authentication Code) SHA384.
/// @At Handshake Finished
pub trait CryptoSha384HmacProcessor {
    /// Update HMAC based on data of content
    fn hmac_sha384_update(&mut self, _content: &[u8]) -> ();
    /// Fork from the current
    fn hmac_sha384_fork(&self) -> Self;
    /// Finalize HMAC
    fn hmac_sha384_finalize(self) -> [u8; 48];
}

/// HKDF (Hashing Key Derivation Function) Extract Processor
pub trait CryptoSha256HkdfExtractProcessor {
    /// HKDF Using SHA256
    fn hkdf_sha256_extract(
        &self,
        _salt: Option<&[u8]>,
        _ikm: &[u8],
    ) -> ([u8; 32], impl CryptoSha256HkdfGenProcessor);
}

/// HKDF Gen Processor, e.g. to Expand
pub trait CryptoSha256HkdfGenProcessor {
    /// Associated error
    type Error;
    /// HKDF Using SHA256.
    fn hkdf_sha256_expand(&self, _info: &[u8], _okm: &mut [u8]) -> Result<(), Self::Error>;
}

/// X25519 processor used to calculate the shared secret with
/// the given input public key and returning the shared secret.
pub trait CryptoX25519Processor {
    /// Provide the associated public key
    fn x25519_public_key(&self) -> [u8; 32];
    /// Typically performns Diffie Hellman with the given public key
    fn x25519_shared_secret(self, _pub_key: &[u8; 32]) -> [u8; 32];
}

/// Transcript processor used to hash handshakes.
/// Typically implemented by the crypto provider.
pub trait CryptoSha256TranscriptProcessor {
    /// Update the SHA256 Transcript with the given data
    fn sha256_update(&mut self, _: &[u8]) -> ();
    /// Clone ourselves
    fn sha256_fork(&self) -> Self;
    /// Finalize the current SHA384 digest
    fn sha256_finalize(self) -> [u8; 32];
}

/// Transcript processor used to hash handshakes.
/// Typically implemented by the crypto provider.
pub trait CryptoSha384TranscriptProcessor {
    /// Update the SHA384 Transcript with the given data
    fn sha384_update(&mut self, _: &[u8]) -> ();
    /// Finalize the current SHA384 digest
    fn sha384_finalize(self) -> [u8; 48];
}

#[derive(Debug)]
pub enum AeadError {
    Opaque,
}

/// ChaCha20Poly1305 AEAD Processor
pub trait CryptoChaCha20Poly1305Processor {
    fn encrypt_in_place(
        &self,
        _nonce: &[u8; 12],
        _additional_data: &[u8],
        _to_encrypt: &mut [u8],
    ) -> Result<[u8; 16], AeadError>;
    fn decrypt_in_place(
        &self,
        _nonce: &[u8; 12],
        _additional_data: &[u8],
        _to_decrypt: &mut [u8],
        _tag: &[u8; 16],
    ) -> Result<(), AeadError>;
}