pub trait CryptographicPlugin: Send + Sync {
// Required methods
fn register_local_participant(
&mut self,
identity: IdentityHandle,
properties: &[(&str, &str)],
) -> SecurityResult<CryptoHandle>;
fn register_matched_remote_participant(
&mut self,
local: CryptoHandle,
remote_identity: IdentityHandle,
shared_secret: SharedSecretHandle,
) -> SecurityResult<CryptoHandle>;
fn register_local_endpoint(
&mut self,
participant: CryptoHandle,
is_writer: bool,
properties: &[(&str, &str)],
) -> SecurityResult<CryptoHandle>;
fn create_local_participant_crypto_tokens(
&mut self,
local: CryptoHandle,
remote: CryptoHandle,
) -> SecurityResult<Vec<u8>>;
fn set_remote_participant_crypto_tokens(
&mut self,
local: CryptoHandle,
remote: CryptoHandle,
tokens: &[u8],
) -> SecurityResult<()>;
fn encrypt_submessage(
&self,
local: CryptoHandle,
remote_list: &[CryptoHandle],
plaintext: &[u8],
aad_extension: &[u8],
) -> SecurityResult<Vec<u8>>;
fn decrypt_submessage(
&self,
local: CryptoHandle,
remote: CryptoHandle,
ciphertext: &[u8],
aad_extension: &[u8],
) -> SecurityResult<Vec<u8>>;
fn plugin_class_id(&self) -> &str;
// Provided methods
fn encrypt_submessage_multi(
&self,
local: CryptoHandle,
receivers: &[(CryptoHandle, u32)],
plaintext: &[u8],
aad_extension: &[u8],
) -> SecurityResult<(Vec<u8>, Vec<ReceiverMac>)> { ... }
fn decrypt_submessage_with_receiver_mac(
&self,
local: CryptoHandle,
remote: CryptoHandle,
own_key_id: u32,
own_mac_key_handle: CryptoHandle,
ciphertext: &[u8],
macs: &[ReceiverMac],
aad_extension: &[u8],
) -> SecurityResult<Vec<u8>> { ... }
}Expand description
Cryptographic-Plugin (Spec §8.5.1). In v1.3 ist das ein reines
Interface — Produktions-Impls leben in zerodds-security-crypto
(AES-GCM + HMAC), zerodds-security-keyexchange (DH-Keyexchange,
Spec §9.5.3) und zerodds-security-rtps (RTPS-Header-AAD-Wrapper,
Spec §7.3.5).
Required Methods§
Sourcefn register_local_participant(
&mut self,
identity: IdentityHandle,
properties: &[(&str, &str)],
) -> SecurityResult<CryptoHandle>
fn register_local_participant( &mut self, identity: IdentityHandle, properties: &[(&str, &str)], ) -> SecurityResult<CryptoHandle>
Erzeugt Participant-Crypto-Material aus dem Handshake- SharedSecret.
Sourcefn register_matched_remote_participant(
&mut self,
local: CryptoHandle,
remote_identity: IdentityHandle,
shared_secret: SharedSecretHandle,
) -> SecurityResult<CryptoHandle>
fn register_matched_remote_participant( &mut self, local: CryptoHandle, remote_identity: IdentityHandle, shared_secret: SharedSecretHandle, ) -> SecurityResult<CryptoHandle>
Erzeugt Crypto-Material fuer einen Remote-Participant.
Sourcefn register_local_endpoint(
&mut self,
participant: CryptoHandle,
is_writer: bool,
properties: &[(&str, &str)],
) -> SecurityResult<CryptoHandle>
fn register_local_endpoint( &mut self, participant: CryptoHandle, is_writer: bool, properties: &[(&str, &str)], ) -> SecurityResult<CryptoHandle>
Erzeugt Crypto-Material fuer einen lokalen DataWriter/Reader.
Sourcefn create_local_participant_crypto_tokens(
&mut self,
local: CryptoHandle,
remote: CryptoHandle,
) -> SecurityResult<Vec<u8>>
fn create_local_participant_crypto_tokens( &mut self, local: CryptoHandle, remote: CryptoHandle, ) -> SecurityResult<Vec<u8>>
Erzeugt das ParticipantCryptoTokens-Blob, das an den Remote-
Participant gesendet wird (enthaelt verschluesseltes
Key-Material).
Sourcefn set_remote_participant_crypto_tokens(
&mut self,
local: CryptoHandle,
remote: CryptoHandle,
tokens: &[u8],
) -> SecurityResult<()>
fn set_remote_participant_crypto_tokens( &mut self, local: CryptoHandle, remote: CryptoHandle, tokens: &[u8], ) -> SecurityResult<()>
Verarbeitet die Tokens vom Remote-Participant. Danach sind die Keys fuer encrypted Submessages wechselseitig bekannt.
Sourcefn encrypt_submessage(
&self,
local: CryptoHandle,
remote_list: &[CryptoHandle],
plaintext: &[u8],
aad_extension: &[u8],
) -> SecurityResult<Vec<u8>>
fn encrypt_submessage( &self, local: CryptoHandle, remote_list: &[CryptoHandle], plaintext: &[u8], aad_extension: &[u8], ) -> SecurityResult<Vec<u8>>
Encrypt + Sign einer RTPS-Submessage. Input: plain submessage
bytes. Output: SecureSubmessage-Payload (ciphertext + tag).
aad_extension ist die Spec-konforme AAD-Extension (Spec §10.5.2
Tab.78). Submessage-Protection (§8.5.1.9.2) liefert hier
SubmessageHeader || SecureSubmessageHeader-Bytes;
RTPS-Message-Protection (§8.5.1.9.7) den RTPS-Header (20 Byte) +
SecureRTPSSubmessageHeader. Leer (&[]) ist nur spec-konform
wenn der Caller explizit Spec-§8.1 Tab.78 ohne Header-Coverage
akzeptiert (z.B. Pre-Shared-Key-Pfad ohne Header-Auth).
Spec §8.5.1.9.1 encode_serialized_payload.
Sourcefn decrypt_submessage(
&self,
local: CryptoHandle,
remote: CryptoHandle,
ciphertext: &[u8],
aad_extension: &[u8],
) -> SecurityResult<Vec<u8>>
fn decrypt_submessage( &self, local: CryptoHandle, remote: CryptoHandle, ciphertext: &[u8], aad_extension: &[u8], ) -> SecurityResult<Vec<u8>>
Decrypt + Verify. Output: plain submessage bytes. aad_extension
muss byte-identisch zur Sender-AAD sein (sonst Tag-Mismatch).
Spec §8.5.1.9.4 decode_serialized_payload.
Sourcefn plugin_class_id(&self) -> &str
fn plugin_class_id(&self) -> &str
Plugin-Class-Id (z.B. “DDS:Crypto:AES-GCM-GMAC:1.2”).
Provided Methods§
Sourcefn encrypt_submessage_multi(
&self,
local: CryptoHandle,
receivers: &[(CryptoHandle, u32)],
plaintext: &[u8],
aad_extension: &[u8],
) -> SecurityResult<(Vec<u8>, Vec<ReceiverMac>)>
fn encrypt_submessage_multi( &self, local: CryptoHandle, receivers: &[(CryptoHandle, u32)], plaintext: &[u8], aad_extension: &[u8], ) -> SecurityResult<(Vec<u8>, Vec<ReceiverMac>)>
Encrypt+Sign mit Receiver-Specific-MACs (Spec
§7.3.6.3). Produziert einen Ciphertext (Sender-Key) plus
pro Remote einen 16-byte Truncated-HMAC.
Die receivers-Liste enthaelt pro Empfaenger (handle, key_id):
handle— CryptoHandle auf den MAC-Key im Plugin-Slot (typisch der ausregister_matched_remote_participantabgeleitete Per-Peer-Key).key_id— 4-byte Wire-Identifier, den der Empfaenger in der MAC-Liste sucht (muss zwischen Sender und Empfaenger synchronisiert sein, typisch low-32-bits des Peer-GuidPrefix).
Default-Impl: faellt auf encrypt_submessage zurueck und
liefert leere MAC-Liste — Plugins ohne Multi-MAC-Support
signalisieren dem Caller damit “bitte Multi-Cipher-Fan-Out
nutzen”.
Sourcefn decrypt_submessage_with_receiver_mac(
&self,
local: CryptoHandle,
remote: CryptoHandle,
own_key_id: u32,
own_mac_key_handle: CryptoHandle,
ciphertext: &[u8],
macs: &[ReceiverMac],
aad_extension: &[u8],
) -> SecurityResult<Vec<u8>>
fn decrypt_submessage_with_receiver_mac( &self, local: CryptoHandle, remote: CryptoHandle, own_key_id: u32, own_mac_key_handle: CryptoHandle, ciphertext: &[u8], macs: &[ReceiverMac], aad_extension: &[u8], ) -> SecurityResult<Vec<u8>>
Verify Receiver-Specific-MAC + Decrypt.
own_key_id ist die Wire-Id, unter der der Empfaenger in der
MAC-Liste zu finden ist; own_mac_key_handle ist der Slot mit
dem dazugehoerigen HMAC-Key.
Wenn macs.is_empty() wird auf Self::decrypt_submessage
delegiert (Backward-Compat).
§Errors
CryptoFailedwenn kein MAC-Eintrag zurown_key_idpasst oder der MAC-Vergleich fehlschlaegt.