pub struct RustCryptoCipherSuite<KEM, KDF, AEAD>{ /* private fields */ }
Implementations§
source§impl<KEM, KDF, AEAD> RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> RustCryptoCipherSuite<KEM, KDF, AEAD>
pub fn new( cipher_suite: CipherSuite, kem: KEM, kdf: KDF, aead: AEAD ) -> Option<Self>
pub fn random_bytes(&self, out: &mut [u8]) -> Result<(), RustCryptoError>
Trait Implementations§
source§impl<KEM, KDF, AEAD> CipherSuiteProvider for RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> CipherSuiteProvider for RustCryptoCipherSuite<KEM, KDF, AEAD>
type Error = RustCryptoError
type HpkeContextR = ContextR<KDF, AEAD>
type HpkeContextS = ContextS<KDF, AEAD>
source§fn mac(&self, key: &[u8], data: &[u8]) -> Result<Vec<u8>, Self::Error>
fn mac(&self, key: &[u8], data: &[u8]) -> Result<Vec<u8>, Self::Error>
Compute the MAC tag of
data
using the key
of length kdf_extract_size.
Verifying a MAC tag of data
using key
is done by calling this function
and checking that the result matches the tag.source§fn aead_seal(
&self,
key: &[u8],
data: &[u8],
aad: Option<&[u8]>,
nonce: &[u8]
) -> Result<Vec<u8>, Self::Error>
fn aead_seal( &self, key: &[u8], data: &[u8], aad: Option<&[u8]>, nonce: &[u8] ) -> Result<Vec<u8>, Self::Error>
Encrypt
data
with public additional authenticated data aad
, using additional nonce
(sometimes called the initialization vector, IV). The output should include
the authentication tag, if used by the given AEAD implementation (for example,
the tag can be appended to the ciphertext).source§fn aead_open(
&self,
key: &[u8],
cipher_text: &[u8],
aad: Option<&[u8]>,
nonce: &[u8]
) -> Result<Zeroizing<Vec<u8>>, Self::Error>
fn aead_open( &self, key: &[u8], cipher_text: &[u8], aad: Option<&[u8]>, nonce: &[u8] ) -> Result<Zeroizing<Vec<u8>>, Self::Error>
source§fn aead_key_size(&self) -> usize
fn aead_key_size(&self) -> usize
source§fn aead_nonce_size(&self) -> usize
fn aead_nonce_size(&self) -> usize
source§fn kdf_expand(
&self,
prk: &[u8],
info: &[u8],
len: usize
) -> Result<Zeroizing<Vec<u8>>, Self::Error>
fn kdf_expand( &self, prk: &[u8], info: &[u8], len: usize ) -> Result<Zeroizing<Vec<u8>>, Self::Error>
Generate key material of the desired length
len
by expanding the given pseudo-random key
prk
of length kdf_extract_size.
The additional input info
contains optional context data. Read moresource§fn kdf_extract(
&self,
salt: &[u8],
ikm: &[u8]
) -> Result<Zeroizing<Vec<u8>>, Self::Error>
fn kdf_extract( &self, salt: &[u8], ikm: &[u8] ) -> Result<Zeroizing<Vec<u8>>, Self::Error>
Generate a pseudo-random key
prk
extracted from the initial key
material ikm
, using an optional random salt
. The outputted prk
should have
kdf_extract_size bytes. It can be used
as input to kdf_expand. Read moresource§fn kdf_extract_size(&self) -> usize
fn kdf_extract_size(&self) -> usize
source§fn hpke_seal(
&self,
remote_key: &HpkePublicKey,
info: &[u8],
aad: Option<&[u8]>,
pt: &[u8]
) -> Result<HpkeCiphertext, Self::Error>
fn hpke_seal( &self, remote_key: &HpkePublicKey, info: &[u8], aad: Option<&[u8]>, pt: &[u8] ) -> Result<HpkeCiphertext, Self::Error>
Encrypt the plaintext
pt
with optional public additional authenticated data aad
to the
public key remote_key
using additional context information info
(which can be empty if
not needed). This function combines the action
of the hpke_setup_s and then calling seal
on the resulting HpkeContextS. Read moresource§fn hpke_open(
&self,
ciphertext: &HpkeCiphertext,
local_secret: &HpkeSecretKey,
local_public: &HpkePublicKey,
info: &[u8],
aad: Option<&[u8]>
) -> Result<Vec<u8>, Self::Error>
fn hpke_open( &self, ciphertext: &HpkeCiphertext, local_secret: &HpkeSecretKey, local_public: &HpkePublicKey, info: &[u8], aad: Option<&[u8]> ) -> Result<Vec<u8>, Self::Error>
Decrypt the
ciphertext
generated by hpke_seal.
This function combines the action of the hpke_setup_r
and then calling open on the resulting HpkeContextR. Read moresource§fn hpke_setup_r(
&self,
enc: &[u8],
local_secret: &HpkeSecretKey,
local_public: &HpkePublicKey,
info: &[u8]
) -> Result<Self::HpkeContextR, Self::Error>
fn hpke_setup_r( &self, enc: &[u8], local_secret: &HpkeSecretKey, local_public: &HpkePublicKey, info: &[u8] ) -> Result<Self::HpkeContextR, Self::Error>
Receive the ciphertext
kem_output
generated by hpke_setup_s
and the local_secret
corresponding to the remote_key
used as input to
hpke_setup_s. The ouput is the receiver context
HpkeContextR that can be used to decrypt AEAD ciphertexts
generated by the sender context HpkeContextS outputted by
hpke_setup_r
and export the same keys as that context. Read moresource§fn hpke_setup_s(
&self,
remote_key: &HpkePublicKey,
info: &[u8]
) -> Result<(Vec<u8>, Self::HpkeContextS), Self::Error>
fn hpke_setup_s( &self, remote_key: &HpkePublicKey, info: &[u8] ) -> Result<(Vec<u8>, Self::HpkeContextS), Self::Error>
Generate a tuple containing the ciphertext
kem_output
that can
be used as the input to hpke_setup_r,
as well as the sender context HpkeContextS that can be
used to generate AEAD ciphertexts and export keys. Read moresource§fn kem_derive(
&self,
ikm: &[u8]
) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
fn kem_derive( &self, ikm: &[u8] ) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
Derive from the initial key material
ikm
the KEM keys used as inputs to
hpke_setup_r,
hpke_setup_s, hpke_seal
and hpke_open.source§fn kem_generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
fn kem_generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
Generate fresh KEM keys to be used as inputs to hpke_setup_r,
hpke_setup_s, hpke_seal
and hpke_open.
source§fn kem_public_key_validate(
&self,
key: &HpkePublicKey
) -> Result<(), Self::Error>
fn kem_public_key_validate( &self, key: &HpkePublicKey ) -> Result<(), Self::Error>
Verify that the given byte vector
key
can be decoded as an HPKE public key.source§fn cipher_suite(&self) -> CipherSuite
fn cipher_suite(&self) -> CipherSuite
Return the implemented MLS CipherSuite.
source§fn sign(
&self,
secret_key: &SignatureSecretKey,
data: &[u8]
) -> Result<Vec<u8>, Self::Error>
fn sign( &self, secret_key: &SignatureSecretKey, data: &[u8] ) -> Result<Vec<u8>, Self::Error>
Sign
data
using secret_key
.source§fn verify(
&self,
public_key: &SignaturePublicKey,
signature: &[u8],
data: &[u8]
) -> Result<(), Self::Error>
fn verify( &self, public_key: &SignaturePublicKey, signature: &[u8], data: &[u8] ) -> Result<(), Self::Error>
Verify that the secret key corresponding to
public_key
created the signature
over data
.source§fn signature_key_generate(
&self
) -> Result<(SignatureSecretKey, SignaturePublicKey), Self::Error>
fn signature_key_generate( &self ) -> Result<(SignatureSecretKey, SignaturePublicKey), Self::Error>
source§fn signature_key_derive_public(
&self,
secret_key: &SignatureSecretKey
) -> Result<SignaturePublicKey, Self::Error>
fn signature_key_derive_public( &self, secret_key: &SignatureSecretKey ) -> Result<SignaturePublicKey, Self::Error>
Output a public key corresponding to
secret_key
.source§fn random_bytes_vec(&self, count: usize) -> Result<Vec<u8>, Self::Error>
fn random_bytes_vec(&self, count: usize) -> Result<Vec<u8>, Self::Error>
Generate
count
bytes of pseudorandom bytes as a vector. This is a shortcut for
creating a Vec<u8>
of count
bytes and calling random_bytes.source§impl<KEM, KDF, AEAD> Clone for RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> Clone for RustCryptoCipherSuite<KEM, KDF, AEAD>
source§fn clone(&self) -> RustCryptoCipherSuite<KEM, KDF, AEAD>
fn clone(&self) -> RustCryptoCipherSuite<KEM, KDF, AEAD>
Returns a copy of the value. Read more
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source
. Read moreAuto Trait Implementations§
impl<KEM, KDF, AEAD> Freeze for RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> RefUnwindSafe for RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> Send for RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> Sync for RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> Unpin for RustCryptoCipherSuite<KEM, KDF, AEAD>
impl<KEM, KDF, AEAD> UnwindSafe for RustCryptoCipherSuite<KEM, KDF, AEAD>
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more