Struct CryptoEngine 

pub struct CryptoEngine<A: AesProvider, S: Sha256Provider> { /* private fields */ }

UMSH protocol crypto engine.

Implementations

impl<A: AesProvider, S: Sha256Provider> CryptoEngine<A, S>

pub fn new(aes: A, sha: S) -> Self

Create a new engine from algorithm providers.

pub fn derive_pairwise_keys(&self, shared_secret: &SharedSecret) -> PairwiseKeys

Derive stable pairwise encryption and MIC keys from a shared secret.

pub fn derive_channel_id(&self, channel_key: &ChannelKey) -> ChannelId

Derive the channel identifier from a raw channel key.

pub fn derive_channel_keys( &self, channel_key: &ChannelKey, ) -> DerivedChannelKeys

Derive multicast transport keys and the channel identifier.

pub fn derive_blind_keys( &self, pairwise: &PairwiseKeys, channel: &DerivedChannelKeys, ) -> PairwiseKeys

Combine pairwise and channel keys for blind-unicast payload protection.

pub fn derive_named_channel_key(&self, name: &str) -> ChannelKey

Derive a channel key from a human-readable channel name.

pub fn seal_packet( &self, packet: &mut UnsealedPacket<'_>, keys: &PairwiseKeys, ) -> Result<usize, CryptoError>

Seal a unicast or multicast packet in place.

pub fn seal_blind_packet( &self, packet: &mut UnsealedPacket<'_>, blind_keys: &PairwiseKeys, channel_keys: &DerivedChannelKeys, ) -> Result<usize, CryptoError>

Seal a blind-unicast packet, including its hidden address block.

pub fn open_packet( &self, buf: &mut [u8], header: &PacketHeader, keys: &PairwiseKeys, ) -> Result<Range<usize>, CryptoError>

Verify and, if needed, decrypt a received secure packet in place.

pub fn decrypt_blind_addr( &self, buf: &mut [u8], header: &PacketHeader, channel_keys: &DerivedChannelKeys, ) -> Result<(NodeHint, SourceAddrRef), CryptoError>

Decrypt the blinded destination/source address block of a blind unicast.

pub fn compute_ack_tag(&self, full_cmac: &[u8; 16], k_enc: &[u8; 16]) -> [u8; 8]

Compute the 8-byte transport ACK tag from a full CMAC and k_enc.

pub fn cmac_state(&self, key: &[u8; 16]) -> CmacState<A::Cipher>

Create a reusable incremental CMAC state.

pub fn aes_cmac(&self, key: &[u8; 16], data: &[&[u8]]) -> [u8; 16]

Convenience wrapper for AES-CMAC over concatenated slices.

pub fn aes_ctr(&self, key: &[u8; 16], iv: &[u8; 16], data: &mut [u8])

Apply AES-CTR using iv as the initial counter block.

pub fn build_ctr_iv(&self, mic: &[u8], sec_info_bytes: &[u8]) -> [u8; 16]

Construct the CTR IV from MIC bytes and SECINFO bytes.

pub fn hkdf(&self, ikm: &[u8], salt: &[u8], info: &[u8], okm: &mut [u8])

Run HKDF-SHA256 and write the output into okm.