rustls::crypto::cipher

Trait Tls12AeadAlgorithm

Source
pub trait Tls12AeadAlgorithm:
    Send
    + Sync
    + 'static {
    // Required methods
    fn encrypter(
        &self,
        key: AeadKey,
        iv: &[u8],
        extra: &[u8],
    ) -> Box<dyn MessageEncrypter>;
    fn decrypter(&self, key: AeadKey, iv: &[u8]) -> Box<dyn MessageDecrypter>;
    fn key_block_shape(&self) -> KeyBlockShape;
    fn extract_keys(
        &self,
        key: AeadKey,
        iv: &[u8],
        explicit: &[u8],
    ) -> Result<ConnectionTrafficSecrets, UnsupportedOperationError>;

    // Provided method
    fn fips(&self) -> bool { ... }
}
Expand description

Factory trait for building MessageEncrypter and MessageDecrypter for a TLS1.2 cipher suite.

Required Methods§

Source

fn encrypter( &self, key: AeadKey, iv: &[u8], extra: &[u8], ) -> Box<dyn MessageEncrypter>

Build a MessageEncrypter for the given key/iv and extra key block (which can be used for improving explicit nonce size security, if needed).

The length of key is set by KeyBlockShape::enc_key_len.

The length of iv is set by KeyBlockShape::fixed_iv_len.

The length of extra is set by KeyBlockShape::explicit_nonce_len.

Source

fn decrypter(&self, key: AeadKey, iv: &[u8]) -> Box<dyn MessageDecrypter>

Build a MessageDecrypter for the given key/iv.

The length of key is set by KeyBlockShape::enc_key_len.

The length of iv is set by KeyBlockShape::fixed_iv_len.

Source

fn key_block_shape(&self) -> KeyBlockShape

Return a KeyBlockShape that defines how large the key_block is and how it is split up prior to calling encrypter(), decrypter() and/or extract_keys().

Source

fn extract_keys( &self, key: AeadKey, iv: &[u8], explicit: &[u8], ) -> Result<ConnectionTrafficSecrets, UnsupportedOperationError>

Convert the key material from key/iv, into a ConnectionTrafficSecrets item.

The length of key is set by KeyBlockShape::enc_key_len.

The length of iv is set by KeyBlockShape::fixed_iv_len.

The length of extra is set by KeyBlockShape::explicit_nonce_len.

May return UnsupportedOperationError if the AEAD algorithm is not a supported variant of ConnectionTrafficSecrets.

Provided Methods§

Source

fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

Implementors§