Trait Crypto

pub trait Crypto: Debug {
    // Required methods
    fn sha256_digest(
        &mut self,
        message: &BytesMaxBuffer,
        message_len: usize,
    ) -> BytesHashLen;
    fn hkdf_expand(
        &mut self,
        prk: &BytesHashLen,
        info: &BytesMaxInfoBuffer,
        info_len: usize,
        length: usize,
    ) -> BytesMaxBuffer;
    fn hkdf_extract(
        &mut self,
        salt: &BytesHashLen,
        ikm: &BytesP256ElemLen,
    ) -> BytesHashLen;
    fn aes_ccm_encrypt_tag_8(
        &mut self,
        key: &BytesCcmKeyLen,
        iv: &BytesCcmIvLen,
        ad: &[u8],
        plaintext: &BufferPlaintext3,
    ) -> BufferCiphertext3;
    fn aes_ccm_decrypt_tag_8(
        &mut self,
        key: &BytesCcmKeyLen,
        iv: &BytesCcmIvLen,
        ad: &[u8],
        ciphertext: &BufferCiphertext3,
    ) -> Result<BufferPlaintext3, EDHOCError>;
    fn p256_ecdh(
        &mut self,
        private_key: &BytesP256ElemLen,
        public_key: &BytesP256ElemLen,
    ) -> BytesP256ElemLen;
    fn get_random_byte(&mut self) -> u8;
    fn p256_generate_key_pair(&mut self) -> (BytesP256ElemLen, BytesP256ElemLen);

    // Provided method
    fn supported_suites(&self) -> EdhocBuffer<MAX_SUITES_LEN> { ... }
}

Interface between the lakers crate and any implementations of the required crypto primitives.

Sending cryptographic operations through a trait gives the library the flexibility to use hardware acceleration on microcontrollers, implementations that facilitate hacspec/hax verification, or software implementations.

The crypto trait itself operates on an exclusive reference, which is useful for the hardware implementations that can only perform a single operation at a time.

Many implementations will have a Default constructor or will be Clone (even Copy); either facilitates storing multiple EDHOC exchanges at a time. When neither is an option, the remaining options are to wrap a Crypto implementation into interior mutability using the platform’s mutex, or to refactor the main initiator and responder objects into a form where the cryptography implementation can be taken out and stored separately.

Required Methods

fn sha256_digest( &mut self, message: &BytesMaxBuffer, message_len: usize, ) -> BytesHashLen

fn hkdf_expand( &mut self, prk: &BytesHashLen, info: &BytesMaxInfoBuffer, info_len: usize, length: usize, ) -> BytesMaxBuffer

fn hkdf_extract( &mut self, salt: &BytesHashLen, ikm: &BytesP256ElemLen, ) -> BytesHashLen

fn aes_ccm_encrypt_tag_8( &mut self, key: &BytesCcmKeyLen, iv: &BytesCcmIvLen, ad: &[u8], plaintext: &BufferPlaintext3, ) -> BufferCiphertext3

fn aes_ccm_decrypt_tag_8( &mut self, key: &BytesCcmKeyLen, iv: &BytesCcmIvLen, ad: &[u8], ciphertext: &BufferCiphertext3, ) -> Result<BufferPlaintext3, EDHOCError>

fn p256_ecdh( &mut self, private_key: &BytesP256ElemLen, public_key: &BytesP256ElemLen, ) -> BytesP256ElemLen

fn get_random_byte(&mut self) -> u8

fn p256_generate_key_pair(&mut self) -> (BytesP256ElemLen, BytesP256ElemLen)

Provided Methods

fn supported_suites(&self) -> EdhocBuffer<MAX_SUITES_LEN>

Returns the list of cryptographic suites supported by the backend implementation.

Implementors