logos-blockchain/lssa
1
0
Fork 0
mirror of https://github.com/logos-blockchain/lssa.git synced 2026-06-02 07:09:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
lssa/key_protocol/src/key_management/ephemeral_key_holder.rs
jonesmarvin8 f246ebe0fa fix unit tests
2026-05-20 17:40:02 -04:00

62 lines
2.2 KiB
Rust
Raw Blame History

use nssa_core::{
SharedSecretKey,
encryption::{EphemeralPublicKey, ViewingPublicKey},
};
/// Ephemeral key holder for the sender side of a KEM-based shared-secret exchange.
///
/// Non-clonable as intended for one-time use: construction encapsulates once and
/// stores both the shared secret and the ciphertext (`EphemeralPublicKey`) that must
/// be sent to the receiver.
pub struct EphemeralKeyHolder {
shared_secret: SharedSecretKey,
ephemeral_public_key: EphemeralPublicKey,
}
// SharedSecretKey does not implement Debug (intentional — leaking key material via
// debug output would be a security risk). We implement Debug manually here, redacting the
// shared secret while still allowing the ephemeral public key (KEM ciphertext) to be inspected.
impl std::fmt::Debug for EphemeralKeyHolder {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.debug_struct("EphemeralKeyHolder")
.field("shared_secret", &"<redacted>")
.field("ephemeral_public_key", &self.ephemeral_public_key)
.finish()
}
}
impl EphemeralKeyHolder {
#[must_use]
pub fn new(receiver_viewing_public_key: &ViewingPublicKey) -> Self {
let (shared_secret, ephemeral_public_key) =
SharedSecretKey::encapsulate(receiver_viewing_public_key);
Self {
shared_secret,
ephemeral_public_key,
}
}
/// Returns the KEM ciphertext to be transmitted to the receiver as the `EphemeralPublicKey`.
#[must_use]
pub const fn ephemeral_public_key(&self) -> &EphemeralPublicKey {
&self.ephemeral_public_key
}
/// Returns the sender-side shared secret (established at construction time).
#[must_use]
pub const fn calculate_shared_secret_sender(&self) -> SharedSecretKey {
self.shared_secret
}
}
/// Encapsulates a fresh shared secret toward `vpk` and returns `(shared_secret, ciphertext)`.
///
/// Used when the local side is acting as an "ephemeral receiver" — i.e. generating a
/// one-sided encryption that only the holder of the VSK can decrypt.
#[must_use]
pub fn produce_one_sided_shared_secret_receiver(
vpk: &ViewingPublicKey,
) -> (SharedSecretKey, EphemeralPublicKey) {
SharedSecretKey::encapsulate(vpk)
}
Reference in New Issue View Git Blame Copy Permalink