miden_crypto/ies/
mod.rs

1//! Integrated Encryption Scheme (IES) utilities.
2//!
3//! This module combines elliptic-curve Diffie–Hellman (ECDH) key agreement with authenticated
4//! encryption (AEAD) to provide sealed boxes that offer confidentiality and integrity for messages.
5//! It exposes a simple API via [`SealingKey`], [`UnsealingKey`], [`SealedMessage`], and
6//! [`IesError`].
7//!
8//! # Examples
9//!
10//! ```
11//! use miden_crypto::{
12//!     dsa::eddsa_25519::SecretKey,
13//!     ies::{SealingKey, UnsealingKey},
14//! };
15//! use rand::rng;
16//!
17//! let mut rng = rng();
18//! let secret_key = SecretKey::with_rng(&mut rng);
19//! let public_key = secret_key.public_key();
20//!
21//! let sealing_key = SealingKey::X25519XChaCha20Poly1305(public_key);
22//! let unsealing_key = UnsealingKey::X25519XChaCha20Poly1305(secret_key);
23//!
24//! let sealed = sealing_key.seal_bytes(&mut rng, b"hello world").unwrap();
25//! let opened = unsealing_key.unseal_bytes(sealed).unwrap();
26//!
27//! assert_eq!(opened.as_slice(), b"hello world");
28//! ```
29
30mod crypto_box;
31mod keys;
32mod message;
33
34#[cfg(test)]
35mod tests;
36
37pub use keys::{SealingKey, UnsealingKey};
38pub use message::SealedMessage;
39use thiserror::Error;
40
41// IES SCHEME
42// ================================================================================================
43
44/// Supported schemes for IES
45#[derive(Debug, Clone, Copy, PartialEq, Eq)]
46#[repr(u8)]
47enum IesScheme {
48    K256XChaCha20Poly1305 = 0,
49    X25519XChaCha20Poly1305 = 1,
50    K256AeadRpo = 2,
51    X25519AeadRpo = 3,
52}
53
54impl TryFrom<u8> for IesScheme {
55    type Error = IesError;
56    fn try_from(value: u8) -> Result<Self, Self::Error> {
57        match value {
58            0 => Ok(IesScheme::K256XChaCha20Poly1305),
59            1 => Ok(IesScheme::X25519XChaCha20Poly1305),
60            2 => Ok(IesScheme::K256AeadRpo),
61            3 => Ok(IesScheme::X25519AeadRpo),
62            _ => Err(IesError::UnsupportedScheme),
63        }
64    }
65}
66
67impl From<IesScheme> for u8 {
68    fn from(algo: IesScheme) -> Self {
69        algo as u8
70    }
71}
72
73impl core::fmt::Display for IesScheme {
74    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
75        write!(f, "{}", self.name())
76    }
77}
78
79impl IesScheme {
80    pub fn name(self) -> &'static str {
81        match self {
82            IesScheme::K256XChaCha20Poly1305 => "K256+XChaCha20-Poly1305",
83            IesScheme::X25519XChaCha20Poly1305 => "X25519+XChaCha20-Poly1305",
84            IesScheme::K256AeadRpo => "K256+AeadRpo",
85            IesScheme::X25519AeadRpo => "X25519+AeadRpo",
86        }
87    }
88}
89
90// IES ERROR
91// ================================================================================================
92
93/// Error type for the Integrated Encryption Scheme (IES)
94#[derive(Debug, Error)]
95pub enum IesError {
96    #[error("key agreement failed")]
97    KeyAgreementFailed,
98    #[error("encryption failed")]
99    EncryptionFailed,
100    #[error("decryption failed")]
101    DecryptionFailed,
102    #[error("invalid key size")]
103    InvalidKeySize,
104    #[error("invalid nonce")]
105    InvalidNonce,
106    #[error("ephemeral public key deserialization failed")]
107    EphemeralPublicKeyDeserializationFailed,
108    #[error("scheme mismatch")]
109    SchemeMismatch,
110    #[error("unsupported scheme")]
111    UnsupportedScheme,
112    #[error("failed to extract key material for encryption/decryption")]
113    FailedExtractKeyMaterial,
114    #[error("failed to construct the encryption/decryption key from the provided bytes")]
115    EncryptionKeyCreationFailed,
116}
miden_crypto/ies/mod.rs

miden_crypto/ies/
mod.rs
