prople_crypto/keysecure/
builder.rs

1//! `builder` provides main object of [`Builder`] which will be used to generate
2//! a [`KeySecure`] format based on some parameters
3use rst_common::with_cryptography::hex;
4
5use crate::keysecure::objects::{KdfParams as KeySecureKdfParams, KeySecureCrypto};
6use crate::keysecure::types::errors::KeySecureError;
7use crate::keysecure::types::ToKeySecure;
8use crate::keysecure::KeySecure;
9
10use crate::aead::{Key, KeyEncryption, KeyNonce, MessagePlain, AEAD};
11use crate::passphrase::prelude::*;
12use crate::types::{StringValue, VectorValue};
13
14use super::types::{ContextOptions, Password};
15
16/// `Builder` used to generate a [`KeySecure`] data structure based on some context
17///
18/// This object will depends on three important parameters:
19/// - password
20/// - context
21/// - message
22///
23/// The `message` property will depends on it's context. If the context is `ED25519`
24/// the given message will be generated `PEM` format from it's private key
25///
26/// If the context is `ECDH` or `X25519`, the given message will be hex-ed string value of
27/// it's private key in bytes
28#[derive(Clone, Debug)]
29pub struct Builder {
30    password: Password,
31    context: ContextOptions,
32}
33
34impl Builder {
35    pub fn new(context: ContextOptions, password: Password) -> Self {
36        Self { password, context }
37    }
38
39    pub fn build(
40        password: Password,
41        entity: impl ToKeySecure,
42    ) -> Result<KeySecure, KeySecureError> {
43        entity.to_keysecure(password)
44    }
45
46    pub fn secure(&self, message: String) -> Result<KeySecure, KeySecureError> {
47        let passphrase_salt = Salt::generate();
48        let passphrase_kdf_params = KdfParams::default();
49        let passphrase = Passphrase::new(passphrase_kdf_params.clone());
50
51        let password_hashed = passphrase
52            .hash(self.password.get_string(), passphrase_salt.clone())
53            .map_err(|err| KeySecureError::BuildKeySecureError(err.to_string()))?;
54
55        let aead_nonce = AEAD::nonce();
56        let try_aead_nonce: Result<[u8; 24], _> = aead_nonce.vec().try_into();
57        let aead_nonce_value = try_aead_nonce.map_err(|_| {
58            KeySecureError::BuildKeySecureError("unable to generate nonce".to_string())
59        })?;
60
61        let aead_key = Key::new(
62            KeyEncryption::from(password_hashed),
63            KeyNonce::from(aead_nonce_value),
64        );
65        let ciphertext_pem = AEAD::encrypt(
66            &aead_key,
67            &MessagePlain::from(message.as_bytes().to_vec()),
68        )
69        .map_err(|_| {
70            KeySecureError::BuildKeySecureError("unable to encrypt given message".to_string())
71        })?;
72
73        let passphrase_salt_value = Salt::from_vec(passphrase_salt.clone())
74            .map_err(|err| KeySecureError::BuildKeySecureError(err.to_string()))?;
75
76        let keysecure_kdf_params =
77            KeySecureKdfParams::new(passphrase_kdf_params.clone(), passphrase_salt_value);
78        let keysecure_ciphertext = hex::encode(ciphertext_pem.vec());
79        let keysecure_nonce = hex::encode(aead_nonce_value);
80        let keysecure_crypto =
81            KeySecureCrypto::new(keysecure_nonce, keysecure_ciphertext, keysecure_kdf_params);
82        let keysecure = KeySecure::new(self.context.clone(), keysecure_crypto);
83
84        Ok(keysecure)
85    }
86}