Trait EncryptionScheme

pub trait EncryptionScheme: Send {
    // Required methods
    fn public_key(&self) -> &[u8] ;
    fn receiver_public_key(
        &mut self,
        receiver_index: usize,
        public_key: &[u8],
    ) -> Result<(), PublicKeyError>;
    fn encrypt(
        &mut self,
        associated_data: &[u8],
        buffer: &mut [u8],
        tail: &mut [u8],
        receive: usize,
    ) -> Result<(), EncryptionError>;
    fn decrypt(
        &self,
        associated_data: &[u8],
        buffer: &mut [u8],
        tail: &[u8],
        sender: usize,
    ) -> Result<(), EncryptionError>;
    fn overhead(&self) -> usize;
}

Represents an encryption scheme interface for in-place AEAD and managing key exchange.

A type implementing EncryptionScheme encapsulates two functionalities:

• An AEAD algorithm such as ChaCha20 or AES-GCM and its implementation details, such as nonce generation.

• The derivation of encryption keys for one or more pairs of parties. The concrete type of public/private key pair and key exchange is an implementation detail.

Security Considerations

Implementations must ensure:

• Forward secrecy through proper key exchange
• Nonce uniqueness for each encryption
• Secure key derivation
• Proper authentication of messages

Required Methods

fn public_key(&self) -> &[u8]

Return external representation of own public key

fn receiver_public_key( &mut self, receiver_index: usize, public_key: &[u8], ) -> Result<(), PublicKeyError>

Sets or updates the public key for a specified receiver index.

This function is used to associate a public key with a designated receiver identified by an index. It facilitates secure communication setup by ensuring that messages can be encrypted such that only the receiver with the corresponding private key can decrypt them.

Parameters

• receiver_index: An integer value that uniquely identifies the receiver within the system. This index is used to specify which receiver the public key is associated with.

• public_key: A byte slice representing the public key of the receiver. This key is used in cryptographic operations to ensure that only the intended receiver can decrypt messages encrypted with this key.

Errors

• PublicKeyError: An error is returned if the public key cannot be set due to invalid formatting, an invalid receiver index, or any other issue encountered in the operation.

fn encrypt( &mut self, associated_data: &[u8], buffer: &mut [u8], tail: &mut [u8], receive: usize, ) -> Result<(), EncryptionError>

Encrypts the provided data buffer using associated data and manages an associated tail segment.

Parameters

• associated_data: A byte slice containing additional authenticated data (AAD) that will be used to ensure the integrity and authenticity of the encrypted data. This data is not encrypted but is included in the integrity check.

• buffer: A mutable byte slice containing the plaintext data that will be encrypted in place. Upon successful encryption, this buffer will contain the ciphertext data.

• tail: A mutable byte slice representing the trailing segment of the data buffer that may be used to store for trailing portion of the data that should be considered during decryption.

• receive: An index or identifier associated with the receiver of the message. This may be used for deriving encryption keys.

Errors

EncryptionError if issues arise such as missing keys, incorrect buffer lengths, or any other problems during the encryption process.

fn decrypt( &self, associated_data: &[u8], buffer: &mut [u8], tail: &[u8], sender: usize, ) -> Result<(), EncryptionError>

Decrypts the provided data buffer using associated data and a tail segment.

Parameters

• associated_data: A byte slice containing additional authenticated data (AAD) that will be used along with the buffer to ensure the integrity and authenticity of the decryption process.

• buffer: A mutable byte slice holding the encrypted data that will be decrypted in place. Upon successful decryption, this buffer will contain the plaintext data.

• tail: A byte slice representing the trailing portion of the data that should be considered during decryption. This is typically used nonce and/or authentication tag.

• sender: An index or identifier representing the sender of the message. This might be used to retrieve or derive encryption keys.

Errors

• EncryptionError: This function may return an EncryptionError in several situations such as when the decryption key is not found, when the input data is tampered with or if the cryptographic verification of the AAD fails.

fn overhead(&self) -> usize

Return size of trailing segment. See method encrypt() and decrypt().

Implementors