pub(crate) trait CoseEncryptCipher: Aead {
const COSE_ALGORITHM: Algorithm;
// Required methods
fn encrypt_cose(
builder: CoseEncryptBuilder,
protected_header: Header,
plaintext: &[u8],
cek: &Self::Key,
) -> CoseEncrypt;
fn decrypt_cose(
cose_encrypt: &CoseEncrypt,
cek: &Self::Key,
) -> Result<Vec<u8>, CryptoError>;
fn encrypt_cose0(
builder: CoseEncrypt0Builder,
protected_header: Header,
plaintext: &[u8],
cek: &Self::Key,
) -> CoseEncrypt0;
fn decrypt_cose0(
cose_encrypt0: &CoseEncrypt0,
cek: &Self::Key,
) -> Result<Vec<u8>, CryptoError>;
}Expand description
Encrypts and decrypts the content of COSE [CoseEncrypt]/[CoseEncrypt0] messages with an
Aead cipher, using the cipher’s key as the content-encryption key (CEK).
Required Associated Constants§
Sourceconst COSE_ALGORITHM: Algorithm
const COSE_ALGORITHM: Algorithm
The COSE algorithm identifier for this content-encryption cipher. It is written to the
protected header by the encrypt_* methods and validated by the decrypt_* methods.
Required Methods§
Sourcefn encrypt_cose(
builder: CoseEncryptBuilder,
protected_header: Header,
plaintext: &[u8],
cek: &Self::Key,
) -> CoseEncrypt
fn encrypt_cose( builder: CoseEncryptBuilder, protected_header: Header, plaintext: &[u8], cek: &Self::Key, ) -> CoseEncrypt
Encrypts plaintext under cek into a [CoseEncrypt], declaring
COSE_ALGORITHM in the (authenticated) protected header and storing
the freshly generated nonce in the unprotected iv header.
The caller is expected to have already configured the recipient(s) on the builder. A fresh random nonce is generated on every call; combined with a per-message CEK this avoids nonce reuse.
Sourcefn decrypt_cose(
cose_encrypt: &CoseEncrypt,
cek: &Self::Key,
) -> Result<Vec<u8>, CryptoError>
fn decrypt_cose( cose_encrypt: &CoseEncrypt, cek: &Self::Key, ) -> Result<Vec<u8>, CryptoError>
Authenticates and decrypts the ciphertext of cose_encrypt under cek, reading the nonce
from the unprotected iv header.
Returns an error if the protected header does not declare
COSE_ALGORITHM, the iv header is missing or malformed, the
ciphertext is missing, or authentication fails (wrong key, tampered ciphertext, or wrong
associated data).
Sourcefn encrypt_cose0(
builder: CoseEncrypt0Builder,
protected_header: Header,
plaintext: &[u8],
cek: &Self::Key,
) -> CoseEncrypt0
fn encrypt_cose0( builder: CoseEncrypt0Builder, protected_header: Header, plaintext: &[u8], cek: &Self::Key, ) -> CoseEncrypt0
Encrypts plaintext under cek into a [CoseEncrypt0]. Behaves like
encrypt_cose, but produces a single-recipient message.
Sourcefn decrypt_cose0(
cose_encrypt0: &CoseEncrypt0,
cek: &Self::Key,
) -> Result<Vec<u8>, CryptoError>
fn decrypt_cose0( cose_encrypt0: &CoseEncrypt0, cek: &Self::Key, ) -> Result<Vec<u8>, CryptoError>
Authenticates and decrypts the ciphertext of cose_encrypt0 under cek. Behaves like
decrypt_cose, but for a single-recipient message.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.