hexvault 1.1.2

Cascading cell-partitioned encryption architecture.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

//! Error types for hexvault.
//!
//! Every error variant is a distinct failure mode in the encryption
//! architecture. Error messages are intentionally minimal — they signal
//! *what* failed without revealing *why* in ways that could leak
//! cryptographic state.

use std::fmt;

/// The single error type for all hexvault operations.
#[derive(Debug)]
pub enum HexvaultError {
    /// A cryptographic key was invalid (wrong length, malformed, etc.).
    InvalidKey,

    /// Encryption failed. The underlying `ring` operation returned an error.
    EncryptionFailure,

    /// Decryption failed. This includes: wrong key, tampered ciphertext,
    /// or corrupted GCM authentication tag.
    DecryptionFailure,

    /// Key derivation (HKDF) failed.
    KeyDerivationFailure,

    /// The system's random number generator failed to produce bytes.
    RandomnessFailure,

    /// A cell with the given ID does not exist in the vault.
    CellNotFound(String),

    /// A cell with the given ID already exists in the vault.
    CellAlreadyExists(String),

    /// The requested stack layer does not exist or is out of range.
    InvalidLayer,

    /// A required layer context (access policy ID or session ID) was not
    /// provided, or the provided context does not match the expected value.
    MissingOrInvalidContext,

    /// An edge traversal was attempted but the source or destination cell
    /// is not valid for the operation.
    InvalidTraversal(String),

    /// A cell ID was empty. Empty cell IDs collapse key isolation because
    /// HKDF would derive identical keys for all empty-ID cells.
    InvalidCellId,

    /// A partition ID was empty.
    InvalidPartitionId,
}

impl fmt::Display for HexvaultError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::InvalidKey => write!(f, "invalid key"),
            Self::EncryptionFailure => write!(f, "encryption failed"),
            Self::DecryptionFailure => write!(f, "decryption failed"),
            Self::KeyDerivationFailure => write!(f, "key derivation failed"),
            Self::RandomnessFailure => write!(f, "randomness source failed"),
            Self::CellNotFound(id) => write!(f, "cell not found: {}", id),
            Self::CellAlreadyExists(id) => write!(f, "cell already exists: {}", id),
            Self::InvalidLayer => write!(f, "invalid layer"),
            Self::MissingOrInvalidContext => write!(f, "missing or invalid layer context"),
            Self::InvalidTraversal(reason) => write!(f, "invalid traversal: {}", reason),
            Self::InvalidCellId => write!(f, "cell ID must not be empty"),
            Self::InvalidPartitionId => write!(f, "partition ID must not be empty"),
        }
    }
}

impl std::error::Error for HexvaultError {}