veilid_core/crypto/
crypto_system.rs

1use super::*;
2
3pub(crate) const VEILID_DOMAIN_API: &[u8] = b"VEILID_API";
4
5pub trait CryptoSystem {
6    // Accessors
7    fn kind(&self) -> CryptoKind;
8    fn crypto(&self) -> VeilidComponentGuard<'_, Crypto>;
9
10    // Cached Operations
11    fn cached_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret>;
12
13    // Generation
14    fn random_bytes(&self, len: u32) -> Vec<u8>;
15    fn default_salt_length(&self) -> u32;
16    fn hash_password(&self, password: &[u8], salt: &[u8]) -> VeilidAPIResult<String>;
17    fn verify_password(&self, password: &[u8], password_hash: &str) -> VeilidAPIResult<bool>;
18    fn derive_shared_secret(&self, password: &[u8], salt: &[u8]) -> VeilidAPIResult<SharedSecret>;
19    fn random_nonce(&self) -> Nonce;
20    fn random_shared_secret(&self) -> SharedSecret;
21    fn compute_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret>;
22    fn generate_shared_secret(
23        &self,
24        key: &PublicKey,
25        secret: &SecretKey,
26        domain: &[u8],
27    ) -> VeilidAPIResult<SharedSecret> {
28        let dh = self.compute_dh(key, secret)?;
29        Ok(SharedSecret::from(self.generate_hash(
30            &[&dh.bytes, domain, VEILID_DOMAIN_API].concat(),
31        )))
32    }
33    fn generate_keypair(&self) -> KeyPair;
34    fn generate_hash(&self, data: &[u8]) -> HashDigest;
35    fn generate_hash_reader(&self, reader: &mut dyn std::io::Read) -> VeilidAPIResult<PublicKey>;
36
37    // Validation
38    fn validate_keypair(&self, key: &PublicKey, secret: &SecretKey) -> bool;
39    fn validate_hash(&self, data: &[u8], hash: &HashDigest) -> bool;
40    fn validate_hash_reader(
41        &self,
42        reader: &mut dyn std::io::Read,
43        hash: &HashDigest,
44    ) -> VeilidAPIResult<bool>;
45
46    // Distance Metric
47    fn distance(&self, hash1: &HashDigest, hash2: &HashDigest) -> HashDistance;
48
49    // Authentication
50    fn sign(&self, key: &PublicKey, secret: &SecretKey, data: &[u8]) -> VeilidAPIResult<Signature>;
51    fn verify(&self, key: &PublicKey, data: &[u8], signature: &Signature) -> VeilidAPIResult<bool>;
52
53    // AEAD Encrypt/Decrypt
54    fn aead_overhead(&self) -> usize;
55    fn decrypt_in_place_aead(
56        &self,
57        body: &mut Vec<u8>,
58        nonce: &Nonce,
59        shared_secret: &SharedSecret,
60        associated_data: Option<&[u8]>,
61    ) -> VeilidAPIResult<()>;
62    fn decrypt_aead(
63        &self,
64        body: &[u8],
65        nonce: &Nonce,
66        shared_secret: &SharedSecret,
67        associated_data: Option<&[u8]>,
68    ) -> VeilidAPIResult<Vec<u8>>;
69    fn encrypt_in_place_aead(
70        &self,
71        body: &mut Vec<u8>,
72        nonce: &Nonce,
73        shared_secret: &SharedSecret,
74        associated_data: Option<&[u8]>,
75    ) -> VeilidAPIResult<()>;
76    fn encrypt_aead(
77        &self,
78        body: &[u8],
79        nonce: &Nonce,
80        shared_secret: &SharedSecret,
81        associated_data: Option<&[u8]>,
82    ) -> VeilidAPIResult<Vec<u8>>;
83
84    // NoAuth Encrypt/Decrypt
85    fn crypt_in_place_no_auth(&self, body: &mut [u8], nonce: &Nonce, shared_secret: &SharedSecret);
86    fn crypt_b2b_no_auth(
87        &self,
88        in_buf: &[u8],
89        out_buf: &mut [u8],
90        nonce: &Nonce,
91        shared_secret: &SharedSecret,
92    );
93    fn crypt_no_auth_aligned_8(
94        &self,
95        body: &[u8],
96        nonce: &Nonce,
97        shared_secret: &SharedSecret,
98    ) -> Vec<u8>;
99    fn crypt_no_auth_unaligned(
100        &self,
101        body: &[u8],
102        nonce: &Nonce,
103        shared_secret: &SharedSecret,
104    ) -> Vec<u8>;
105}