1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
//! Key wrapping operations.
//!
//! This module provides symmetric key wrapping using the PIE protocol.
//! Key wrapping allows a symmetric key to be encrypted with another
//! symmetric key for secure storage or transmission.
//!
//! Types:
//! - `local-wrap.pie` - Symmetric key wrapped with symmetric key
//! - `secret-wrap.pie` - Secret key wrapped with symmetric key
//!
//! # PIE Protocol
//!
//! PIE (Platform-Independent Encryption) is the standard key wrapping
//! protocol for PASERK. It provides authenticated encryption:
//!
//! - For K2/K4: Uses `XChaCha20` for encryption and `BLAKE2b` for authentication (32-byte tag)
//! - For K1/K3: Uses AES-256-CTR for encryption and HMAC-SHA384 for authentication (48-byte tag)
//!
//! # Example
//!
//! ```rust
//! use paserk::core::types::{PaserkLocal, PaserkLocalWrap};
//! use paserk::core::operations::wrap::Pie;
//! use paserk::core::version::K4;
//!
//! // Create keys
//! let wrapping_key = PaserkLocal::<K4>::from([0x42u8; 32]);
//! let key_to_wrap = PaserkLocal::<K4>::from([0x13u8; 32]);
//!
//! // Wrap the key
//! let wrapped = PaserkLocalWrap::<K4, Pie>::try_wrap(&key_to_wrap, &wrapping_key)
//! .expect("wrap should succeed");
//!
//! // Serialize to PASERK string
//! let paserk_string = wrapped.to_string();
//! assert!(paserk_string.starts_with("k4.local-wrap.pie."));
//!
//! // Parse and unwrap
//! let parsed = PaserkLocalWrap::<K4, Pie>::try_from(paserk_string.as_str())
//! .expect("parse should succeed");
//! let unwrapped = parsed.try_unwrap(&wrapping_key)
//! .expect("unwrap should succeed");
//!
//! assert_eq!(unwrapped.as_bytes(), key_to_wrap.as_bytes());
//! ```
pub use ;
pub use ;
// K1/K3 PIE constants and functions (use different tag size - 48 bytes for HMAC-SHA384)
pub use ;
// Re-export internal functions for use by types module
pub use ;
pub use ;
pub use ;