Struct MlsCryptoProvider 

pub struct MlsCryptoProvider { /* private fields */ }

The MLS crypto provider

Implementations

impl MlsCryptoProvider

pub fn new(key_store: Database) -> Self

Construct a crypto provider with defaults and a given Database.

See also:

• Database::open

pub fn new_with_pki_env( key_store: Database, pki_env: PkiEnvironmentProvider, ) -> Self

Construct a crypto provider with the given database and the PKI environment.

pub async fn new_transaction(&self) -> Result<(), MlsProviderError>

Clones the references of the PkiEnvironment and the CryptoProvider into a transaction keystore to pass to openmls as the OpenMlsCryptoProvider

pub async fn update_pki_env(&self, pki_env: Option<PkiEnvironment>)

Replaces the PKI env currently in place

pub async fn set_pki_environment_provider( &mut self, pki_env: Option<PkiEnvironmentProvider>, )

Set pki_env to a new shared pki environment provider

pub async fn is_pki_env_setup(&self) -> bool

Returns whether we have a PKI env setup

pub fn reseed( &self, entropy_seed: Option<EntropySeed>, ) -> Result<(), MlsProviderError>

Reseeds the internal CSPRNG entropy pool with a brand new one.

If None is provided, the new entropy will be pulled through the current OS target’s capabilities

pub async fn close(&self) -> Result<(), MlsProviderError>

Wait for any keystore transaction to finish, then close the database connection.

Note: This does not destroy the data on-disk in case of persistent backing store

Trait Implementations

impl Clone for MlsCryptoProvider

fn clone(&self) -> MlsCryptoProvider

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for MlsCryptoProvider

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl OpenMlsCrypto for &MlsCryptoProvider

Passthrough implementation of crypto functionality for references to MlsCryptoProvider.

fn supports(&self, ciphersuite: Ciphersuite) -> Result<(), CryptoError>

Check whether the Ciphersuite is supported by the backend or not.

fn supported_ciphersuites(&self) -> Vec<Ciphersuite>

Returns the list of supported Ciphersuites.

fn hkdf_extract( &self, hash_type: HashType, salt: &[u8], ikm: &[u8], ) -> Result<SecretVLBytes, CryptoError>

HKDF extract.

fn hkdf_expand( &self, hash_type: HashType, prk: &[u8], info: &[u8], okm_len: usize, ) -> Result<SecretVLBytes, CryptoError>

HKDF expand.

fn hash(&self, hash_type: HashType, data: &[u8]) -> Result<Vec<u8>, CryptoError>

Hash the data.

fn aead_encrypt( &self, alg: AeadType, key: &[u8], data: &[u8], nonce: &[u8], aad: &[u8], ) -> Result<Vec<u8>, CryptoError>

AEAD encrypt with the given parameters.

fn aead_decrypt( &self, alg: AeadType, key: &[u8], ct_tag: &[u8], nonce: &[u8], aad: &[u8], ) -> Result<Vec<u8>, CryptoError>

AEAD decrypt with the given parameters.

fn signature_key_gen( &self, alg: SignatureScheme, ) -> Result<(Vec<u8>, Vec<u8>), CryptoError>

Generate a signature key.

fn signature_public_key_len(&self, alg: SignatureScheme) -> usize

Gives the length of a signature public key, in bytes

fn validate_signature_key( &self, alg: SignatureScheme, key: &[u8], ) -> Result<(), CryptoError>

Parses and validate a signature public key

fn verify_signature( &self, alg: SignatureScheme, data: &[u8], pk: &[u8], signature: &[u8], ) -> Result<(), CryptoError>

Verify the signature

fn sign( &self, alg: SignatureScheme, data: &[u8], key: &[u8], ) -> Result<Vec<u8>, CryptoError>

Sign with the given parameters.

fn hpke_seal( &self, config: HpkeConfig, pk_r: &[u8], info: &[u8], aad: &[u8], ptxt: &[u8], ) -> Result<HpkeCiphertext, CryptoError>

HPKE single-shot encryption of ptxt to pk_r, using info and aad.

fn hpke_open( &self, config: HpkeConfig, input: &HpkeCiphertext, sk_r: &[u8], info: &[u8], aad: &[u8], ) -> Result<Vec<u8>, CryptoError>

HPKE single-shot decryption of input with sk_r, using info and aad.

fn hpke_setup_sender_and_export( &self, config: HpkeConfig, pk_r: &[u8], info: &[u8], exporter_context: &[u8], exporter_length: usize, ) -> Result<(KemOutput, ExporterSecret), CryptoError>

HPKE single-shot setup of a sender and immediate export a secret.

fn hpke_setup_receiver_and_export( &self, config: HpkeConfig, enc: &[u8], sk_r: &[u8], info: &[u8], exporter_context: &[u8], exporter_length: usize, ) -> Result<ExporterSecret, CryptoError>

HPKE single-shot setup of a receiver and immediate export a secret.

fn derive_hpke_keypair( &self, config: HpkeConfig, ikm: &[u8], ) -> Result<HpkeKeyPair, CryptoError>

Derive a new HPKE keypair from a given input key material.

impl OpenMlsCryptoProvider for MlsCryptoProvider

type CryptoProvider = RustCrypto

type RandProvider = RustCrypto

type KeyStoreProvider = Database

type AuthenticationServiceProvider = PkiEnvironmentProvider

fn crypto(&self) -> &Self::CryptoProvider

Get the crypto provider.

fn rand(&self) -> &Self::RandProvider

Get the randomness provider.

fn key_store(&self) -> &Self::KeyStoreProvider

Get the key store provider.

fn authentication_service(&self) -> &Self::AuthenticationServiceProvider

Get the authentication service