Trait mls_rs_crypto_traits::DhType
source · pub trait DhType: Send + Sync {
type Error: IntoAnyError + Send + Sync;
// Required methods
fn dh(
&self,
secret_key: &HpkeSecretKey,
public_key: &HpkePublicKey
) -> Result<Vec<u8>, Self::Error>;
fn generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>;
fn to_public(
&self,
secret_key: &HpkeSecretKey
) -> Result<HpkePublicKey, Self::Error>;
fn bitmask_for_rejection_sampling(&self) -> Option<u8>;
fn secret_key_size(&self) -> usize;
fn public_key_validate(
&self,
key: &HpkePublicKey
) -> Result<(), Self::Error>;
}
Expand description
A trait that provides the required DH functions, as in RFC 9180,Section 4.1
Required Associated Types§
type Error: IntoAnyError + Send + Sync
Required Methods§
fn dh( &self, secret_key: &HpkeSecretKey, public_key: &HpkePublicKey ) -> Result<Vec<u8>, Self::Error>
sourcefn generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
fn generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
Generate a fresh key pair. This is the only place where randomness is used in this
module. The function could be implemented in the same way as derive
with random
ikm
, but it could also be implemented directly with a crypto provider like OpenSSL.
sourcefn to_public(
&self,
secret_key: &HpkeSecretKey
) -> Result<HpkePublicKey, Self::Error>
fn to_public( &self, secret_key: &HpkeSecretKey ) -> Result<HpkePublicKey, Self::Error>
Outputs the public key corresponding to the given secret key bytes. If the secret key is malformed, the function should return an error.
sourcefn bitmask_for_rejection_sampling(&self) -> Option<u8>
fn bitmask_for_rejection_sampling(&self) -> Option<u8>
If the output is Some(bitmask)
, then the Kem::derive
function will generate
the secret key by rejection sampling over random byte sequences with bitmask
applied to the most significant byte.
Typical outputs for ECDH are:
None
for curves 25519 and X448 (no rejection sampling is needed),Some(0x01)
for curve P-521 (all bits of the first byte except the least significant one are filtered out),Some(0xFF)
for curves P-256 and P-384 (rejection sampling is needed but no bits need to be filtered).