cortexai_encryption/traits.rs
1//! Core traits for encryption operations.
2
3use crate::error::CryptoResult;
4
5/// Trait for symmetric encryption ciphers.
6///
7/// Implementors provide authenticated encryption with associated data (AEAD).
8pub trait Cipher: Send + Sync {
9 /// Encrypt plaintext with optional associated data.
10 ///
11 /// Returns the ciphertext with embedded nonce and authentication tag.
12 fn encrypt(&self, plaintext: &[u8], associated_data: Option<&[u8]>) -> CryptoResult<Vec<u8>>;
13
14 /// Decrypt ciphertext with optional associated data.
15 ///
16 /// The ciphertext must include the nonce and authentication tag.
17 fn decrypt(&self, ciphertext: &[u8], associated_data: Option<&[u8]>) -> CryptoResult<Vec<u8>>;
18
19 /// Get the cipher algorithm name.
20 fn algorithm(&self) -> &'static str;
21
22 /// Get the key size in bytes.
23 fn key_size(&self) -> usize;
24
25 /// Get the nonce size in bytes.
26 fn nonce_size(&self) -> usize;
27
28 /// Get the authentication tag size in bytes.
29 fn tag_size(&self) -> usize;
30}
31
32/// Trait for key derivation functions.
33pub trait KeyDerivation: Send + Sync {
34 /// Derive a key from a password and salt.
35 fn derive_key(&self, password: &[u8], salt: &[u8], key_length: usize) -> CryptoResult<Vec<u8>>;
36
37 /// Generate a random salt of the specified length.
38 fn generate_salt(&self, length: usize) -> Vec<u8>;
39
40 /// Get the algorithm name.
41 fn algorithm(&self) -> &'static str;
42}
43
44/// Trait for encrypting typed data with serialization.
45pub trait DataEncryptor: Send + Sync {
46 /// Encrypt a serializable value.
47 fn encrypt_data<T: serde::Serialize>(&self, data: &T) -> CryptoResult<Vec<u8>>;
48
49 /// Decrypt to a deserializable value.
50 fn decrypt_data<T: serde::de::DeserializeOwned>(&self, ciphertext: &[u8]) -> CryptoResult<T>;
51}