Struct mls_rs_crypto_openssl::OpensslCipherSuite

source · 
pub struct OpensslCipherSuite<KEM, KDF, AEAD>
where
    KEM: KemType + Clone,
    KDF: KdfType + Clone,
    AEAD: AeadType + Clone,
{ /* private fields */ }

Implementations§

source§

impl<KEM, KDF, AEAD> OpensslCipherSuite<KEM, KDF, AEAD>
where KEM: KemType + Clone, KDF: KdfType + Clone, AEAD: AeadType + Clone,

source

pub fn new( cipher_suite: CipherSuite, kem: KEM, kdf: KDF, aead: AEAD ) -> Option<Self>

source

pub fn random_bytes(&self, out: &mut [u8]) -> Result<(), OpensslCryptoError>

source

pub fn import_der_public_signing_key( &self, der_data: &[u8] ) -> Result<SignaturePublicKey, OpensslCryptoError>

source

pub fn import_der_private_signing_key( &self, der_data: &[u8] ) -> Result<SignatureSecretKey, OpensslCryptoError>

Trait Implementations§

source§

impl<KEM, KDF, AEAD> CipherSuiteProvider for OpensslCipherSuite<KEM, KDF, AEAD>
where KEM: KemType + Clone + Send + Sync, KDF: KdfType + Clone + Send + Sync, AEAD: AeadType + Clone + Send + Sync,

§

type Error = OpensslCryptoError

§

type HpkeContextS = ContextS<KDF, AEAD>

§

type HpkeContextR = ContextR<KDF, AEAD>

source§

fn hash(&self, data: &[u8]) -> Result<Vec<u8>, Self::Error>

Compute the hash of data.
source§

fn mac(&self, key: &[u8], data: &[u8]) -> Result<Vec<u8>, Self::Error>

Compute the MAC tag of data using the key of length kdf_extract_size. Verifying a MAC tag of data using key is done by calling this function and checking that the result matches the tag.
source§

fn aead_seal( &self, key: &[u8], data: &[u8], aad: Option<&[u8]>, nonce: &[u8] ) -> Result<Vec<u8>, Self::Error>

Encrypt data with public additional authenticated data aad, using additional nonce (sometimes called the initialization vector, IV). The output should include the authentication tag, if used by the given AEAD implementation (for example, the tag can be appended to the ciphertext).
source§

fn aead_open( &self, key: &[u8], cipher_text: &[u8], aad: Option<&[u8]>, nonce: &[u8] ) -> Result<Zeroizing<Vec<u8>>, Self::Error>

Decrypt the ciphertext generated by aead_seal. This function should return an error if any of the inputs key, aad or nonce does not match the corresponding input passed to aead_seal to generate ciphertext.
source§

fn aead_key_size(&self) -> usize

Return the length of the secret key key passed to aead_seal and aead_open.
source§

fn aead_nonce_size(&self) -> usize

Return the length of the nonce passed to aead_seal and aead_open.
source§

fn kdf_expand( &self, prk: &[u8], info: &[u8], len: usize ) -> Result<Zeroizing<Vec<u8>>, Self::Error>

Generate key material of the desired length len by expanding the given pseudo-random key prk of length kdf_extract_size. The additional input info contains optional context data. Read more
source§

fn kdf_extract( &self, salt: &[u8], ikm: &[u8] ) -> Result<Zeroizing<Vec<u8>>, Self::Error>

Generate a pseudo-random key prk extracted from the initial key material ikm, using an optional random salt. The outputted prk should have kdf_extract_size bytes. It can be used as input to kdf_expand. Read more
source§

fn kdf_extract_size(&self) -> usize

Return the size of pseudo-random key prk outputted by kdf_extract and inputted to kdf_expand.
source§

fn hpke_seal( &self, remote_key: &HpkePublicKey, info: &[u8], aad: Option<&[u8]>, pt: &[u8] ) -> Result<HpkeCiphertext, Self::Error>

Encrypt the plaintext pt with optional public additional authenticated data aad to the public key remote_key using additional context information info (which can be empty if not needed). This function combines the action of the hpke_setup_s and then calling seal on the resulting HpkeContextS. Read more
source§

fn hpke_open( &self, ciphertext: &HpkeCiphertext, local_secret: &HpkeSecretKey, local_public: &HpkePublicKey, info: &[u8], aad: Option<&[u8]> ) -> Result<Vec<u8>, Self::Error>

Decrypt the ciphertext generated by hpke_seal. This function combines the action of the hpke_setup_r and then calling open on the resulting HpkeContextR. Read more
source§

fn hpke_setup_r( &self, enc: &[u8], local_secret: &HpkeSecretKey, local_public: &HpkePublicKey, info: &[u8] ) -> Result<Self::HpkeContextR, Self::Error>

Receive the ciphertext kem_output generated by hpke_setup_s and the local_secret corresponding to the remote_key used as input to hpke_setup_s. The ouput is the receiver context HpkeContextR that can be used to decrypt AEAD ciphertexts generated by the sender context HpkeContextS outputted by hpke_setup_r and export the same keys as that context. Read more
source§

fn hpke_setup_s( &self, remote_key: &HpkePublicKey, info: &[u8] ) -> Result<(Vec<u8>, Self::HpkeContextS), Self::Error>

Generate a tuple containing the ciphertext kem_output that can be used as the input to hpke_setup_r, as well as the sender context HpkeContextS that can be used to generate AEAD ciphertexts and export keys. Read more
source§

fn kem_derive( &self, ikm: &[u8] ) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>

Derive from the initial key material ikm the KEM keys used as inputs to hpke_setup_r, hpke_setup_s, hpke_seal and hpke_open.
source§

fn kem_generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>

Generate fresh KEM keys to be used as inputs to hpke_setup_r, hpke_setup_s, hpke_seal and hpke_open.
source§

fn kem_public_key_validate( &self, key: &HpkePublicKey ) -> Result<(), Self::Error>

Verify that the given byte vector key can be decoded as an HPKE public key.
source§

fn random_bytes(&self, out: &mut [u8]) -> Result<(), Self::Error>

Fill out with random bytes.
source§

fn cipher_suite(&self) -> CipherSuite

Return the implemented MLS CipherSuite.
source§

fn sign( &self, secret_key: &SignatureSecretKey, data: &[u8] ) -> Result<Vec<u8>, Self::Error>

Sign data using secret_key.
source§

fn verify( &self, public_key: &SignaturePublicKey, signature: &[u8], data: &[u8] ) -> Result<(), Self::Error>

Verify that the secret key corresponding to public_key created the signature over data.
source§

fn signature_key_generate( &self ) -> Result<(SignatureSecretKey, SignaturePublicKey), Self::Error>

Generate fresh signature keys to be used as inputs to sign and verify
source§

fn signature_key_derive_public( &self, secret_key: &SignatureSecretKey ) -> Result<SignaturePublicKey, Self::Error>

Output a public key corresponding to secret_key.
source§

fn random_bytes_vec(&self, count: usize) -> Result<Vec<u8>, Self::Error>

Generate count bytes of pseudorandom bytes as a vector. This is a shortcut for creating a Vec<u8> of count bytes and calling random_bytes.
source§

impl<KEM, KDF, AEAD> Clone for OpensslCipherSuite<KEM, KDF, AEAD>
where KEM: KemType + Clone + Clone, KDF: KdfType + Clone + Clone, AEAD: AeadType + Clone + Clone,

source§

fn clone(&self) -> OpensslCipherSuite<KEM, KDF, AEAD>

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations§

§

impl<KEM, KDF, AEAD> RefUnwindSafe for OpensslCipherSuite<KEM, KDF, AEAD>
where AEAD: RefUnwindSafe, KDF: RefUnwindSafe, KEM: RefUnwindSafe,

§

impl<KEM, KDF, AEAD> Send for OpensslCipherSuite<KEM, KDF, AEAD>

§

impl<KEM, KDF, AEAD> Sync for OpensslCipherSuite<KEM, KDF, AEAD>

§

impl<KEM, KDF, AEAD> Unpin for OpensslCipherSuite<KEM, KDF, AEAD>
where AEAD: Unpin, KDF: Unpin, KEM: Unpin,

§

impl<KEM, KDF, AEAD> UnwindSafe for OpensslCipherSuite<KEM, KDF, AEAD>
where AEAD: UnwindSafe, KDF: UnwindSafe, KEM: UnwindSafe,

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.