pub trait CryptoProvider {
// Required methods
fn encrypt(
&self,
sa: &SecurityAssociation,
iv: &[u8],
aad: &[u8],
data: &mut [u8],
tag_out: &mut [u8],
) -> Result<usize, Error>;
fn decrypt(
&self,
sa: &SecurityAssociation,
iv: &[u8],
aad: &[u8],
data: &mut [u8],
tag: &[u8],
) -> Result<usize, Error>;
fn compute_mac(
&self,
sa: &SecurityAssociation,
iv: &[u8],
payload: &[u8],
mac_out: &mut [u8],
) -> Result<(), Error>;
}Expand description
Trait for pluggable cryptographic backends.
Implementations provide the actual encryption, decryption, and MAC computation. The SDLS framing layer is algorithm-agnostic; concrete algorithms (AES-GCM, CMAC, etc.) are supplied here.
For AEAD ciphers (AES-GCM), encrypt and decrypt handle
both confidentiality and authentication via aad and tag.
For authentication-only mode (CMAC), use compute_mac.
Required Methods§
Sourcefn encrypt(
&self,
sa: &SecurityAssociation,
iv: &[u8],
aad: &[u8],
data: &mut [u8],
tag_out: &mut [u8],
) -> Result<usize, Error>
fn encrypt( &self, sa: &SecurityAssociation, iv: &[u8], aad: &[u8], data: &mut [u8], tag_out: &mut [u8], ) -> Result<usize, Error>
Encrypt data in place (AEAD). aad is additional
authenticated data (frame headers). The authentication
tag is written to tag_out. Returns padding byte count
(0 for GCM/CTR).
Sourcefn decrypt(
&self,
sa: &SecurityAssociation,
iv: &[u8],
aad: &[u8],
data: &mut [u8],
tag: &[u8],
) -> Result<usize, Error>
fn decrypt( &self, sa: &SecurityAssociation, iv: &[u8], aad: &[u8], data: &mut [u8], tag: &[u8], ) -> Result<usize, Error>
Decrypt data in place (AEAD). Verifies the authentication
tag against aad and ciphertext. Returns padding byte
count.
Sourcefn compute_mac(
&self,
sa: &SecurityAssociation,
iv: &[u8],
payload: &[u8],
mac_out: &mut [u8],
) -> Result<(), Error>
fn compute_mac( &self, sa: &SecurityAssociation, iv: &[u8], payload: &[u8], mac_out: &mut [u8], ) -> Result<(), Error>
Compute a MAC for authentication-only mode. The iv is
passed for algorithms that need it (e.g. GMAC).