Trait mls_rs_crypto_traits::DhType
source · pub trait DhType: Send + Sync {
type Error: IntoAnyError + Send + Sync;
// Required methods
fn dh(
&self,
secret_key: &HpkeSecretKey,
public_key: &HpkePublicKey
) -> Result<Vec<u8>, Self::Error>;
fn generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>;
fn to_public(
&self,
secret_key: &HpkeSecretKey
) -> Result<HpkePublicKey, Self::Error>;
fn bitmask_for_rejection_sampling(&self) -> Option<u8>;
fn secret_key_size(&self) -> usize;
fn public_key_validate(
&self,
key: &HpkePublicKey
) -> Result<(), Self::Error>;
}Expand description
A trait that provides the required DH functions, as in RFC 9180,Section 4.1
Required Associated Types§
type Error: IntoAnyError + Send + Sync
Required Methods§
fn dh( &self, secret_key: &HpkeSecretKey, public_key: &HpkePublicKey ) -> Result<Vec<u8>, Self::Error>
sourcefn generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
fn generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>
Generate a fresh key pair. This is the only place where randomness is used in this
module. The function could be implemented in the same way as derive with random
ikm, but it could also be implemented directly with a crypto provider like OpenSSL.
sourcefn to_public(
&self,
secret_key: &HpkeSecretKey
) -> Result<HpkePublicKey, Self::Error>
fn to_public( &self, secret_key: &HpkeSecretKey ) -> Result<HpkePublicKey, Self::Error>
Outputs the public key corresponding to the given secret key bytes. If the secret key is malformed, the function should return an error.
sourcefn bitmask_for_rejection_sampling(&self) -> Option<u8>
fn bitmask_for_rejection_sampling(&self) -> Option<u8>
If the output is Some(bitmask), then the Kem::derive function will generate
the secret key by rejection sampling over random byte sequences with bitmask
applied to the most significant byte.
Typical outputs for ECDH are:
Nonefor curves 25519 and X448 (no rejection sampling is needed),Some(0x01)for curve P-521 (all bits of the first byte except the least significant one are filtered out),Some(0xFF)for curves P-256 and P-384 (rejection sampling is needed but no bits need to be filtered).