enigma-storage 0.0.1

Encrypted local storage for Enigma with mandatory at-rest encryption and cross-platform key vault providers.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

use rand::RngCore;
use tempfile::tempdir;

use crate::error::{EnigmaStorageError, Result};
use crate::key_provider::{
    FileSealedKeyProvider, ForeignKeyProvider, KeyProvider, PasswordKeyProvider,
};

#[test]
fn file_sealed_roundtrip() -> Result<()> {
    let dir = tempdir().map_err(|e| EnigmaStorageError::BackendError(e.to_string()))?;
    let provider = FileSealedKeyProvider::new(dir.path());
    let key1 = provider.get_or_create_master_key()?;
    let provider2 = FileSealedKeyProvider::new(dir.path());
    let key2 = provider2.get_master_key()?;
    assert_eq!(key1.as_bytes(), key2.as_bytes());
    Ok(())
}

#[test]
fn password_provider_rejects_wrong_password() -> Result<()> {
    let dir = tempdir().map_err(|e| EnigmaStorageError::BackendError(e.to_string()))?;
    let provider = PasswordKeyProvider::new(dir.path(), b"correct");
    let key = provider.get_or_create_master_key()?;
    let wrong = PasswordKeyProvider::new(dir.path(), b"wrong");
    let result = wrong.get_master_key();
    assert!(matches!(result, Err(EnigmaStorageError::KeyProviderError(_))));
    let again = provider.get_master_key()?;
    assert_eq!(key.as_bytes(), again.as_bytes());
    Ok(())
}

#[test]
fn foreign_provider_returns_given_key() -> Result<()> {
    let mut key_bytes = [0u8; 32];
    rand::thread_rng().fill_bytes(&mut key_bytes);
    let provider = ForeignKeyProvider::new(key_bytes);
    let key = provider.get_master_key()?;
    assert_eq!(key_bytes, *key.as_bytes());
    Ok(())
}