paseto_core/
version.rs

1//! Various helper traits
2
3use alloc::vec::Vec;
4
5use crate::PasetoError;
6use crate::key::{HasKey, KeyInner, KeyType, SealingKey};
7use crate::sealed::Sealed;
8
9/// An implementation of the PASETO cryptographic schemes.
10pub trait Version: Send + Sync + Sized + 'static {
11    /// Header for PASETO
12    const HEADER: &'static str;
13    /// Header for PASERK
14    const PASERK_HEADER: &'static str = "k3";
15}
16
17type SealingKeyInner<V, P> = KeyInner<V, <P as Purpose>::SealingKey>;
18
19/// This PASETO implementation can decrypt/verify tokens.
20pub trait UnsealingVersion<P: Purpose>: HasKey<P> {
21    /// Do not call this method directly. Use [`SealedToken::unseal`](crate::tokens::SealedToken::unseal) instead.
22    fn unseal<'a>(
23        key: &KeyInner<Self, P>,
24        encoding: &'static str,
25        payload: &'a mut [u8],
26        footer: &[u8],
27        aad: &[u8],
28    ) -> Result<&'a [u8], PasetoError>;
29}
30
31/// This PASETO implementation can sign/encrypt tokens.
32pub trait SealingVersion<P: Purpose>: UnsealingVersion<P> + HasKey<P::SealingKey> {
33    /// Generate the key that can unseal the tokens this key will seal.
34    fn unsealing_key(key: &SealingKeyInner<Self, P>) -> KeyInner<Self, P>;
35
36    /// Generate a random key
37    fn random() -> Result<SealingKeyInner<Self, P>, PasetoError>;
38
39    /// Do not call this method directly.
40    fn nonce() -> Result<Vec<u8>, PasetoError>;
41
42    /// Do not call this method directly. Use [`UnsealedToken::seal`](crate::tokens::UnsealedToken::seal) instead.
43    fn dangerous_seal_with_nonce(
44        key: &SealingKeyInner<Self, P>,
45        encoding: &'static str,
46        payload: Vec<u8>,
47        footer: &[u8],
48        aad: &[u8],
49    ) -> Result<Vec<u8>, PasetoError>;
50}
51
52/// Marks a key as secret
53#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, PartialOrd, Ord)]
54pub struct Secret;
55/// Marks a key as public and tokens as signed
56#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, PartialOrd, Ord)]
57pub struct Public;
58/// Marks a key as symmetric and tokens as encrypted
59#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, PartialOrd, Ord)]
60pub struct Local;
61/// Marks a key as secret for unsealing keys
62#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, PartialOrd, Ord)]
63pub struct PkeSecret;
64/// Marks a key as public for sealing keys
65#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, PartialOrd, Ord)]
66pub struct PkePublic;
67
68impl Sealed for Secret {}
69impl Sealed for Public {}
70impl Sealed for Local {}
71
72impl Sealed for PkeSecret {}
73impl Sealed for PkePublic {}
74
75/// A marker for [`Public`] and [`Local`], used for token encodings.
76pub trait Purpose: KeyType {
77    /// The key used to sign/encrypt tokens.
78    type SealingKey: SealingKey;
79}
80
81impl Purpose for Public {
82    type SealingKey = Secret;
83}
84
85impl Purpose for Local {
86    type SealingKey = Local;
87}