1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#![deny(
missing_docs,
trivial_casts,
trivial_numeric_casts,
unsafe_code,
unused_import_braces,
unused_qualifications,
warnings
)]
use ockam_vault_core::{PublicKey, Secret};
use zeroize::Zeroize;
pub trait KeyExchanger {
fn process(&mut self, data: &[u8]) -> ockam_core::Result<Vec<u8>>;
fn is_complete(&self) -> bool;
fn finalize(self) -> ockam_core::Result<CompletedKeyExchange>;
}
pub trait NewKeyExchanger<I: KeyExchanger = Self, R: KeyExchanger = Self> {
fn initiator(&self) -> I;
fn responder(&self) -> R;
}
#[derive(Debug, Zeroize)]
pub struct CompletedKeyExchange {
h: [u8; 32],
encrypt_key: Secret,
decrypt_key: Secret,
local_static_secret: Secret,
remote_static_public_key: PublicKey,
}
impl CompletedKeyExchange {
pub fn h(&self) -> &[u8; 32] {
&self.h
}
pub fn encrypt_key(&self) -> &Secret {
&self.encrypt_key
}
pub fn decrypt_key(&self) -> &Secret {
&self.decrypt_key
}
pub fn local_static_secret(&self) -> &Secret {
&self.local_static_secret
}
pub fn remote_static_public_key(&self) -> &PublicKey {
&self.remote_static_public_key
}
}
impl CompletedKeyExchange {
pub fn new(
h: [u8; 32],
encrypt_key: Secret,
decrypt_key: Secret,
local_static_secret: Secret,
remote_static_public_key: PublicKey,
) -> Self {
CompletedKeyExchange {
h,
encrypt_key,
decrypt_key,
local_static_secret,
remote_static_public_key,
}
}
}