[−][src]Trait double_ratchet::CryptoProvider
Provider of the required cryptographic types and functions.
The implementer of this trait provides the DoubleRatchet
with the required external functions
as given in the specification.
Security considerations
The details of the CryptoProvider
are critical for providing security of the communication.
The DoubleRatchet
can only guarantee security of communication when instantiated with a
CryptoProvider
with secure types and functions. The specification provides some sensible
recommendations and for example code using the DoubleRatchet
see tests/signal.rs
.
Associated Types
type PublicKey: AsRef<[u8]> + Clone + Eq + Hash
A public key for use in the Diffie-Hellman calculation.
It is assumed that a PublicKey
holds a valid key, so if any verification is required the
constructor of this type would be a good place to do so.
type KeyPair: KeyPair<PublicKey = Self::PublicKey>
A private/public key-pair for use in the Diffie-Hellman calculation.
type SharedSecret
The result of a Diffie-Hellman calculation.
type RootKey
A RootKey
is used in the outer Diffie-Hellman ratchet.
type ChainKey
A ChainKey
is used in the inner symmetric ratchets.
type MessageKey
A MessageKey
is used to encrypt/decrypt messages.
The implementation of this type could be a complex type: for example an implementation that works by the encrypt-then-MAC paradigm may require a tuple consisting of an encryption key and a MAC key.
Required methods
fn diffie_hellman(
us: &Self::KeyPair,
them: &Self::PublicKey
) -> Self::SharedSecret
us: &Self::KeyPair,
them: &Self::PublicKey
) -> Self::SharedSecret
Perform the Diffie-Hellman operation.
fn kdf_rk(
root_key: &Self::RootKey,
shared_secret: &Self::SharedSecret
) -> (Self::RootKey, Self::ChainKey)
root_key: &Self::RootKey,
shared_secret: &Self::SharedSecret
) -> (Self::RootKey, Self::ChainKey)
Derive a new root-key/chain-key pair from the old root-key and a fresh shared secret.
fn kdf_ck(chain_key: &Self::ChainKey) -> (Self::ChainKey, Self::MessageKey)
Derive a new chain-key/message-key pair from the old chain-key.
fn encrypt(
key: &Self::MessageKey,
plaintext: &[u8],
associated_data: &[u8]
) -> Vec<u8>
key: &Self::MessageKey,
plaintext: &[u8],
associated_data: &[u8]
) -> Vec<u8>
Authenticate-encrypt the plaintext and associated data.
This method MUST authenticate the associated data, as it contains the header bytes
fn decrypt(
key: &Self::MessageKey,
ciphertext: &[u8],
associated_data: &[u8]
) -> Result<Vec<u8>, DecryptError>
key: &Self::MessageKey,
ciphertext: &[u8],
associated_data: &[u8]
) -> Result<Vec<u8>, DecryptError>
Verify-decrypt the ciphertext and associated data.