pub trait CryptoProvider: Send + Sync {
// Required methods
fn rsa_size(&self) -> usize;
fn aes_key(&self) -> [u8; 32];
fn aes_encrypt(
&self,
plaintext: &[u8],
) -> Result<Vec<u8>, CryptoProviderError>;
fn aes_decrypt(
&self,
ciphertext: &[u8],
) -> Result<Vec<u8>, CryptoProviderError>;
fn rsa_encrypt(
&self,
plaintext: &[u8],
) -> Result<Vec<u8>, CryptoProviderError>;
fn rsa_decrypt(
&self,
ciphertext: &[u8],
) -> Result<Vec<u8>, CryptoProviderError>;
}Expand description
Pluggable AES + RSA provider for the DNODE peer protocol.
The default in-crate provider RustCryptoProvider wraps
crate::crypto::Crypto. HSM / KMS integrations implement
the trait against their hardware bridge.
§Examples
use dynomite::embed::hooks::{CryptoProvider, RustCryptoProvider};
use dynomite::crypto::Crypto;
// Construct the underlying Crypto from a PEM file at runtime.
let crypto = Crypto::from_pem("/etc/dynomite/dynomite.pem").unwrap();
let provider = RustCryptoProvider::new(crypto);
assert!(provider.rsa_size() > 0);Required Methods§
Sourcefn aes_encrypt(&self, plaintext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
fn aes_encrypt(&self, plaintext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
AES-encrypt plaintext under the provider’s key.
Sourcefn aes_decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
fn aes_decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
AES-decrypt ciphertext under the provider’s key.
Sourcefn rsa_encrypt(&self, plaintext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
fn rsa_encrypt(&self, plaintext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
RSA-encrypt plaintext under the provider’s public key.
Sourcefn rsa_decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
fn rsa_decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>, CryptoProviderError>
RSA-decrypt ciphertext under the provider’s private key.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".