ate_crypto/crypto/
derived_encrypt_key.rs

1use serde::{Deserialize, Serialize};
2use std::result::Result;
3#[allow(unused_imports)]
4use tracing::{debug, error, info, instrument, span, trace, warn, Level};
5
6use super::*;
7
8/// Encrypt key material is used to transform an encryption key using
9/// derivation which should allow encryption keys to be changed without
10/// having to decrypt and reencrypt the data itself.
11#[derive(Serialize, Deserialize, Debug, Clone, Hash, PartialEq, Eq, PartialOrd, Ord)]
12pub struct DerivedEncryptKey {
13    pub(crate) inner: EncryptResult,
14}
15
16impl DerivedEncryptKey {
17    pub fn new(key: &EncryptKey) -> DerivedEncryptKey {
18        let inner = EncryptKey::generate(key.size());
19        DerivedEncryptKey {
20            inner: key.encrypt(inner.value()),
21        }
22    }
23
24    pub fn reverse(key: &EncryptKey, inner: &EncryptKey) -> DerivedEncryptKey {
25        DerivedEncryptKey {
26            inner: key.encrypt(inner.value()),
27        }
28    }
29
30    pub fn transmute(&self, key: &EncryptKey) -> Result<EncryptKey, std::io::Error> {
31        // Decrypt the derived key
32        let bytes = key.decrypt(&self.inner.iv, &self.inner.data[..]);
33        Ok(EncryptKey::from_bytes(&bytes[..])?)
34    }
35
36    #[cfg(feature = "quantum")]
37    pub fn transmute_private(&self, key: &PrivateEncryptKey) -> Result<EncryptKey, std::io::Error> {
38        // Decrypt the derived key
39        let bytes = key.decrypt(&self.inner.iv, &self.inner.data[..])?;
40        Ok(EncryptKey::from_bytes(&bytes[..])?)
41    }
42
43    pub fn change(&mut self, old: &EncryptKey, new: &EncryptKey) -> Result<(), std::io::Error> {
44        // First derive the key, then replace the inner with a newly encrypted value
45        let inner = self.transmute(old)?;
46        self.inner = new.encrypt(inner.value());
47        Ok(())
48    }
49
50    #[cfg(feature = "quantum")]
51    pub fn change_private(
52        &mut self,
53        old: &PrivateEncryptKey,
54        new: &PublicEncryptKey,
55    ) -> Result<(), std::io::Error> {
56        // First derive the key, then replace the inner with a newly encrypted value
57        let inner = self.transmute_private(old)?;
58        self.inner = new.encrypt(inner.value());
59        Ok(())
60    }
61}