mls_spec/
crypto.rs

1use crate::{SensitiveBytes, ToPrefixedLabel, defs::CiphersuiteId, key_schedule::PreSharedKeyId};
2
3pub type Mac = SensitiveBytes;
4pub type HpkePublicKey = SensitiveBytes;
5pub type HpkePublicKeyRef<'a> = &'a SensitiveBytes;
6pub type HpkePrivateKey = SensitiveBytes;
7pub type HpkePrivateKeyRef<'a> = &'a SensitiveBytes;
8pub type SignaturePublicKey = SensitiveBytes;
9pub type SignaturePublicKeyRef<'a> = &'a SensitiveBytes;
10pub type SignaturePrivateKey = SensitiveBytes;
11
12#[derive(Debug, PartialEq, Eq, Clone, zeroize::Zeroize, zeroize::ZeroizeOnDrop)]
13#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
14pub struct KeyPair {
15    #[zeroize(skip)]
16    pub kem_id: u16,
17    #[zeroize(skip)]
18    pub ciphersuite: CiphersuiteId,
19    pub pk: SensitiveBytes,
20    pub sk: SensitiveBytes,
21}
22
23macro_rules! impl_keypair_alias {
24    ($newtype:ident) => {
25        #[derive(Debug, PartialEq, Eq, Clone)]
26        #[repr(transparent)]
27        #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
28        #[cfg_attr(feature = "serde", serde(transparent))]
29        pub struct $newtype(KeyPair);
30
31        impl $newtype {
32            pub fn extract_public_key(&mut self) -> SensitiveBytes {
33                std::mem::take(&mut self.0.pk)
34            }
35
36            pub fn extract_secret_key(&mut self) -> SensitiveBytes {
37                std::mem::take(&mut self.0.sk)
38            }
39        }
40
41        impl From<KeyPair> for $newtype {
42            fn from(value: KeyPair) -> Self {
43                Self(value)
44            }
45        }
46
47        impl std::ops::Deref for $newtype {
48            type Target = KeyPair;
49            fn deref(&self) -> &Self::Target {
50                &self.0
51            }
52        }
53    };
54}
55
56impl_keypair_alias!(SignatureKeyPair);
57impl_keypair_alias!(HpkeKeyPair);
58impl_keypair_alias!(KeyPackageKeyPair);
59
60impl From<HpkeKeyPair> for KeyPackageKeyPair {
61    fn from(mut value: HpkeKeyPair) -> Self {
62        Self(KeyPair {
63            kem_id: value.0.kem_id,
64            ciphersuite: value.0.ciphersuite,
65            pk: std::mem::take(&mut value.0.pk),
66            sk: std::mem::take(&mut value.0.sk),
67        })
68    }
69}
70
71#[derive(Debug, Clone, PartialEq, Eq, zeroize::Zeroize, zeroize::ZeroizeOnDrop)]
72#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
73pub struct PreSharedKeyPair {
74    pub psk_id: PreSharedKeyId,
75    pub psk_secret: SensitiveBytes,
76}
77
78#[derive(Debug, Clone, PartialEq, Eq, zeroize::Zeroize, zeroize::ZeroizeOnDrop)]
79pub struct HpkeExport {
80    pub kem_output: SensitiveBytes,
81    pub export: SensitiveBytes,
82}
83
84#[derive(Debug, Clone, Eq, PartialEq)]
85#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
86pub struct ExternalInitSecret;
87impl std::fmt::Display for ExternalInitSecret {
88    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
89        write!(f, "external init secret")
90    }
91}
92impl ToPrefixedLabel for ExternalInitSecret {}
93
94#[derive(
95    Debug,
96    Clone,
97    Eq,
98    PartialEq,
99    tls_codec::TlsSerialize,
100    tls_codec::TlsDeserialize,
101    tls_codec::TlsSize,
102)]
103#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
104pub struct HpkeCiphertext {
105    pub kem_output: SensitiveBytes,
106    pub ciphertext: SensitiveBytes,
107}
108
109#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
110#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
111pub struct SignContent<'a> {
112    #[tls_codec(with = "crate::tlspl::string")]
113    pub label: &'a str,
114    #[tls_codec(with = "crate::tlspl::bytes")]
115    pub content: &'a [u8],
116}
117
118#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
119#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
120pub struct EncryptContext<'a> {
121    #[tls_codec(with = "crate::tlspl::string")]
122    pub label: &'a str,
123    #[tls_codec(with = "crate::tlspl::bytes")]
124    pub context: &'a [u8],
125}
126
127#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
128#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
129pub struct HashReferenceInput<'a> {
130    #[tls_codec(with = "crate::tlspl::string")]
131    pub label: &'a str,
132    #[tls_codec(with = "crate::tlspl::bytes")]
133    pub value: &'a [u8],
134}
135
136#[derive(Debug, Clone, Eq, PartialEq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
137#[cfg_attr(feature = "serde", derive(serde::Serialize))]
138pub struct KdfLabel<'a> {
139    pub length: u16,
140    #[tls_codec(with = "crate::tlspl::string")]
141    pub label: &'a str,
142    #[tls_codec(with = "crate::tlspl::bytes")]
143    pub context: &'a [u8],
144}
mls_spec/crypto.rs

mls_spec/
crypto.rs
