Trait mls_rs::CipherSuiteProvider

pub trait CipherSuiteProvider: Send + Sync {
    type Error: IntoAnyError;
    type HpkeContextS: HpkeContextS + Send + Sync;
    type HpkeContextR: HpkeContextR + Send + Sync;

    // Required methods
    fn cipher_suite(&self) -> CipherSuite;
    fn hash(&self, data: &[u8]) -> Result<Vec<u8>, Self::Error>;
    fn mac(&self, key: &[u8], data: &[u8]) -> Result<Vec<u8>, Self::Error>;
    fn aead_seal(
        &self,
        key: &[u8],
        data: &[u8],
        aad: Option<&[u8]>,
        nonce: &[u8],
    ) -> Result<Vec<u8>, Self::Error>;
    fn aead_open(
        &self,
        key: &[u8],
        ciphertext: &[u8],
        aad: Option<&[u8]>,
        nonce: &[u8],
    ) -> Result<Zeroizing<Vec<u8>>, Self::Error>;
    fn aead_key_size(&self) -> usize;
    fn aead_nonce_size(&self) -> usize;
    fn kdf_extract(
        &self,
        salt: &[u8],
        ikm: &[u8],
    ) -> Result<Zeroizing<Vec<u8>>, Self::Error>;
    fn kdf_expand(
        &self,
        prk: &[u8],
        info: &[u8],
        len: usize,
    ) -> Result<Zeroizing<Vec<u8>>, Self::Error>;
    fn kdf_extract_size(&self) -> usize;
    fn hpke_seal(
        &self,
        remote_key: &HpkePublicKey,
        info: &[u8],
        aad: Option<&[u8]>,
        pt: &[u8],
    ) -> Result<HpkeCiphertext, Self::Error>;
    fn hpke_open(
        &self,
        ciphertext: &HpkeCiphertext,
        local_secret: &HpkeSecretKey,
        local_public: &HpkePublicKey,
        info: &[u8],
        aad: Option<&[u8]>,
    ) -> Result<Vec<u8>, Self::Error>;
    fn hpke_setup_s(
        &self,
        remote_key: &HpkePublicKey,
        info: &[u8],
    ) -> Result<(Vec<u8>, Self::HpkeContextS), Self::Error>;
    fn hpke_setup_r(
        &self,
        kem_output: &[u8],
        local_secret: &HpkeSecretKey,
        local_public: &HpkePublicKey,
        info: &[u8],
    ) -> Result<Self::HpkeContextR, Self::Error>;
    fn kem_derive(
        &self,
        ikm: &[u8],
    ) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>;
    fn kem_generate(
        &self,
    ) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>;
    fn kem_public_key_validate(
        &self,
        key: &HpkePublicKey,
    ) -> Result<(), Self::Error>;
    fn random_bytes(&self, out: &mut [u8]) -> Result<(), Self::Error>;
    fn signature_key_generate(
        &self,
    ) -> Result<(SignatureSecretKey, SignaturePublicKey), Self::Error>;
    fn signature_key_derive_public(
        &self,
        secret_key: &SignatureSecretKey,
    ) -> Result<SignaturePublicKey, Self::Error>;
    fn sign(
        &self,
        secret_key: &SignatureSecretKey,
        data: &[u8],
    ) -> Result<Vec<u8>, Self::Error>;
    fn verify(
        &self,
        public_key: &SignaturePublicKey,
        signature: &[u8],
        data: &[u8],
    ) -> Result<(), Self::Error>;

    // Provided method
    fn random_bytes_vec(&self, count: usize) -> Result<Vec<u8>, Self::Error> { ... }
}

Provides all cryptographic operations required by MLS for a given cipher suite.

Required Associated Types

type Error: IntoAnyError

type HpkeContextS: HpkeContextS + Send + Sync

type HpkeContextR: HpkeContextR + Send + Sync

Required Methods

fn cipher_suite(&self) -> CipherSuite

Return the implemented MLS CipherSuite.

fn hash(&self, data: &[u8]) -> Result<Vec<u8>, Self::Error>

Compute the hash of data.

fn mac(&self, key: &[u8], data: &[u8]) -> Result<Vec<u8>, Self::Error>

Compute the MAC tag of data using the key of length kdf_extract_size. Verifying a MAC tag of data using key is done by calling this function and checking that the result matches the tag.

fn aead_seal( &self, key: &[u8], data: &[u8], aad: Option<&[u8]>, nonce: &[u8], ) -> Result<Vec<u8>, Self::Error>

Encrypt data with public additional authenticated data aad, using additional nonce (sometimes called the initialization vector, IV). The output should include the authentication tag, if used by the given AEAD implementation (for example, the tag can be appended to the ciphertext).

fn aead_open( &self, key: &[u8], ciphertext: &[u8], aad: Option<&[u8]>, nonce: &[u8], ) -> Result<Zeroizing<Vec<u8>>, Self::Error>

Decrypt the ciphertext generated by aead_seal. This function should return an error if any of the inputs key, aad or nonce does not match the corresponding input passed to aead_seal to generate ciphertext.

fn aead_key_size(&self) -> usize

Return the length of the secret key key passed to aead_seal and aead_open.

fn aead_nonce_size(&self) -> usize

Return the length of the nonce passed to aead_seal and aead_open.

fn kdf_extract( &self, salt: &[u8], ikm: &[u8], ) -> Result<Zeroizing<Vec<u8>>, Self::Error>

Generate a pseudo-random key prk extracted from the initial key material ikm, using an optional random salt. The outputted prk should have kdf_extract_size bytes. It can be used as input to kdf_expand.

This function corresponds to the HKDF-Extract function from RFC 5869.

fn kdf_expand( &self, prk: &[u8], info: &[u8], len: usize, ) -> Result<Zeroizing<Vec<u8>>, Self::Error>

Generate key material of the desired length len by expanding the given pseudo-random key prk of length kdf_extract_size. The additional input info contains optional context data.

This function corresponds to the HKDF-Expand function from RFC 5869.

fn kdf_extract_size(&self) -> usize

Return the size of pseudo-random key prk outputted by kdf_extract and inputted to kdf_expand.

fn hpke_seal( &self, remote_key: &HpkePublicKey, info: &[u8], aad: Option<&[u8]>, pt: &[u8], ) -> Result<HpkeCiphertext, Self::Error>

Encrypt the plaintext pt with optional public additional authenticated data aad to the public key remote_key using additional context information info (which can be empty if not needed). This function combines the action of the hpke_setup_s and then calling seal on the resulting HpkeContextS.

This function corresponds to the one-shot API in base mode in RFC 9180.

fn hpke_open( &self, ciphertext: &HpkeCiphertext, local_secret: &HpkeSecretKey, local_public: &HpkePublicKey, info: &[u8], aad: Option<&[u8]>, ) -> Result<Vec<u8>, Self::Error>

Decrypt the ciphertext generated by hpke_seal. This function combines the action of the hpke_setup_r and then calling open on the resulting HpkeContextR.

This function corresponds to the one-shot API in base mode in RFC 9180.

fn hpke_setup_s( &self, remote_key: &HpkePublicKey, info: &[u8], ) -> Result<(Vec<u8>, Self::HpkeContextS), Self::Error>

Generate a tuple containing the ciphertext kem_output that can be used as the input to hpke_setup_r, as well as the sender context HpkeContextS that can be used to generate AEAD ciphertexts and export keys.

The inputted remote_key will normally be generated using kem_derive or kem_generate. However, the function should return an error if the format is incorrect.

This function corresponds to the SetupBaseS function from RFC 9180.

fn hpke_setup_r( &self, kem_output: &[u8], local_secret: &HpkeSecretKey, local_public: &HpkePublicKey, info: &[u8], ) -> Result<Self::HpkeContextR, Self::Error>

Receive the ciphertext kem_output generated by hpke_setup_s and the local_secret corresponding to the remote_key used as input to hpke_setup_s. The ouput is the receiver context HpkeContextR that can be used to decrypt AEAD ciphertexts generated by the sender context HpkeContextS outputted by hpke_setup_r and export the same keys as that context.

The inputted local_secret will normally be generated using kem_derive or kem_generate. However, the function should return an error if the format is incorrect.

This function corresponds to the SetupBaseR function from RFC 9180.

fn kem_derive( &self, ikm: &[u8], ) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>

Derive from the initial key material ikm the KEM keys used as inputs to hpke_setup_r, hpke_setup_s, hpke_seal and hpke_open.

fn kem_generate(&self) -> Result<(HpkeSecretKey, HpkePublicKey), Self::Error>

Generate fresh KEM keys to be used as inputs to hpke_setup_r, hpke_setup_s, hpke_seal and hpke_open.

fn kem_public_key_validate( &self, key: &HpkePublicKey, ) -> Result<(), Self::Error>

Verify that the given byte vector key can be decoded as an HPKE public key.

fn random_bytes(&self, out: &mut [u8]) -> Result<(), Self::Error>

Fill out with random bytes.

fn signature_key_generate( &self, ) -> Result<(SignatureSecretKey, SignaturePublicKey), Self::Error>

Generate fresh signature keys to be used as inputs to sign and verify

fn signature_key_derive_public( &self, secret_key: &SignatureSecretKey, ) -> Result<SignaturePublicKey, Self::Error>

Output a public key corresponding to secret_key.

fn sign( &self, secret_key: &SignatureSecretKey, data: &[u8], ) -> Result<Vec<u8>, Self::Error>

Sign data using secret_key.

fn verify( &self, public_key: &SignaturePublicKey, signature: &[u8], data: &[u8], ) -> Result<(), Self::Error>

Verify that the secret key corresponding to public_key created the signature over data.

Provided Methods

fn random_bytes_vec(&self, count: usize) -> Result<Vec<u8>, Self::Error>

Generate count bytes of pseudorandom bytes as a vector. This is a shortcut for creating a Vec<u8> of count bytes and calling random_bytes.

Implementors