Skip to main content

CoseEncryptCipher

Trait CoseEncryptCipher 

Source
pub(crate) trait CoseEncryptCipher: Aead {
    const COSE_ALGORITHM: Algorithm;

    // Required methods
    fn encrypt_cose(
        builder: CoseEncryptBuilder,
        protected_header: Header,
        plaintext: &[u8],
        cek: &Self::Key,
    ) -> CoseEncrypt;
    fn decrypt_cose(
        cose_encrypt: &CoseEncrypt,
        cek: &Self::Key,
    ) -> Result<Vec<u8>, CryptoError>;
    fn encrypt_cose0(
        builder: CoseEncrypt0Builder,
        protected_header: Header,
        plaintext: &[u8],
        cek: &Self::Key,
    ) -> CoseEncrypt0;
    fn decrypt_cose0(
        cose_encrypt0: &CoseEncrypt0,
        cek: &Self::Key,
    ) -> Result<Vec<u8>, CryptoError>;
}
Expand description

Encrypts and decrypts the content of COSE [CoseEncrypt]/[CoseEncrypt0] messages with an Aead cipher, using the cipher’s key as the content-encryption key (CEK).

Required Associated Constants§

Source

const COSE_ALGORITHM: Algorithm

The COSE algorithm identifier for this content-encryption cipher. It is written to the protected header by the encrypt_* methods and validated by the decrypt_* methods.

Required Methods§

Source

fn encrypt_cose( builder: CoseEncryptBuilder, protected_header: Header, plaintext: &[u8], cek: &Self::Key, ) -> CoseEncrypt

Encrypts plaintext under cek into a [CoseEncrypt], declaring COSE_ALGORITHM in the (authenticated) protected header and storing the freshly generated nonce in the unprotected iv header.

The caller is expected to have already configured the recipient(s) on the builder. A fresh random nonce is generated on every call; combined with a per-message CEK this avoids nonce reuse.

Source

fn decrypt_cose( cose_encrypt: &CoseEncrypt, cek: &Self::Key, ) -> Result<Vec<u8>, CryptoError>

Authenticates and decrypts the ciphertext of cose_encrypt under cek, reading the nonce from the unprotected iv header.

Returns an error if the protected header does not declare COSE_ALGORITHM, the iv header is missing or malformed, the ciphertext is missing, or authentication fails (wrong key, tampered ciphertext, or wrong associated data).

Source

fn encrypt_cose0( builder: CoseEncrypt0Builder, protected_header: Header, plaintext: &[u8], cek: &Self::Key, ) -> CoseEncrypt0

Encrypts plaintext under cek into a [CoseEncrypt0]. Behaves like encrypt_cose, but produces a single-recipient message.

Source

fn decrypt_cose0( cose_encrypt0: &CoseEncrypt0, cek: &Self::Key, ) -> Result<Vec<u8>, CryptoError>

Authenticates and decrypts the ciphertext of cose_encrypt0 under cek. Behaves like decrypt_cose, but for a single-recipient message.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§