klave 0.5.0

A Rust SDK for the Klave platform.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

use serde::{Deserialize, Serialize};
use std::error::Error;
use std::fmt::Display;

use super::random;
use super::sdk_wrapper::CryptoImpl;
use super::sdk_wrapper::Key;
use super::subtle::{AesKeyGenParams, CryptoKey};
use super::subtle_idl_v1::AesGcmEncryptionMetadata;
use super::subtle_idl_v1_enums::{AesTagLength, EncryptionAlgorithm, KeyAlgorithm};

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KeyAES {
    key: Key,
    #[allow(dead_code)]
    length: u32,
}

impl Default for KeyAES {
    fn default() -> Self {
        KeyAES {
            key: Key::new(""),
            length: 256,
        }
    }
}

impl Display for KeyAES {
    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
        write!(
            f,
            "KeyAES: name: {}, length: {}",
            self.key.name(),
            self.length
        )
    }
}

impl KeyAES {
    pub fn new(name: &str, length: u32) -> KeyAES {
        KeyAES {
            key: Key::new(name),
            length,
        }
    }

    pub fn encrypt(&self, data: &[u8]) -> Result<Vec<u8>, Box<dyn Error>> {
        let iv = random::get_random_bytes(12)?;
        let aes_gcm_params = AesGcmEncryptionMetadata {
            iv: iv.clone(),
            additional_data: vec![],
            tag_length: AesTagLength::Tag96,
        };

        match CryptoImpl::encrypt(
            &self.key.name(),
            EncryptionAlgorithm::AesGcm as u32,
            &serde_json::to_string(&aes_gcm_params)?,
            data,
        ) {
            Ok(result) => {
                //Prepend iv to the result
                let result = iv.iter().copied().chain(result).collect::<Vec<u8>>();
                Ok(result)
            }
            Err(err) => Err(err),
        }
    }

    pub fn decrypt(&self, data: &[u8]) -> Result<Vec<u8>, Box<dyn Error>> {
        let iv = &data[0..12];
        let data = &data[12..];
        let aes_gcm_params = AesGcmEncryptionMetadata {
            iv: iv.to_vec(),
            additional_data: vec![],
            tag_length: AesTagLength::Tag96,
        };

        match CryptoImpl::decrypt(
            &self.key.name(),
            EncryptionAlgorithm::AesGcm as u32,
            &serde_json::to_string(&aes_gcm_params)?,
            data,
        ) {
            Ok(result) => Ok(result),
            Err(err) => Err(err),
        }
    }
}

pub fn get_key(name: &str) -> Result<KeyAES, Box<dyn Error>> {
    match CryptoImpl::key_exists(name) {
        Ok(_) => Ok(KeyAES::new(name, 256)),
        Err(err) => Err(err),
    }
}

pub fn generate_key(name: &str) -> Result<KeyAES, Box<dyn Error>> {
    if name.is_empty() {
        return Err("Invalid key name: key name cannot be empty".into());
    }

    match CryptoImpl::key_exists(name) {
        Ok(exists) => {
            if exists {
                return Err(format!("Invalid key name: key name {name} already exists").into());
            }
        }
        Err(e) => return Err(e),
    }

    let metadata = AesKeyGenParams { length: 256 };
    let key = CryptoImpl::generate_key(
        name,
        KeyAlgorithm::Aes as u32,
        &serde_json::to_string(&metadata)?,
        true,
        &["encrypt", "decrypt"],
    )?;

    match CryptoImpl::save_key(name) {
        Ok(_) => (),
        Err(e) => return Err(e),
    };

    match serde_json::from_str::<CryptoKey>(&String::from_utf8(key)?) {
        Ok(_) => (),
        Err(e) => return Err(e.into()),
    };

    Ok(KeyAES::new(name, 256))
}