reddb-io-crypto 1.15.0

RedDB cryptographic authority: the canonical per-page encryption-at-rest envelope (AES-256-GCM), mandatory encrypt parameters, and key parsing.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

//! OS-backed CSPRNG helper used to draw per-page nonces.
//!
//! Drawing the 96-bit GCM nonce straight from the OS CSPRNG gives a
//! full-entropy random nonce. (The retired `PageEncryptor` truncated
//! a UUIDv4 to 12 bytes; this is the cleaner source carried forward
//! from the retired RDEP envelope.)

#[cfg(unix)]
use std::io::Read;

/// Fill the buffer using the OS CSPRNG.
pub fn fill_bytes(buf: &mut [u8]) -> Result<(), String> {
    if buf.is_empty() {
        return Ok(());
    }

    #[cfg(unix)]
    {
        let mut file =
            std::fs::File::open("/dev/urandom").map_err(|e| format!("CSPRNG open failed: {e}"))?;
        file.read_exact(buf)
            .map_err(|e| format!("CSPRNG read failed: {e}"))?;
        Ok(())
    }

    #[cfg(windows)]
    {
        fill_bytes_windows(buf)
    }

    #[cfg(not(any(unix, windows)))]
    {
        let _ = buf;
        Err("OS CSPRNG not supported on this platform".to_string())
    }
}

#[cfg(windows)]
fn fill_bytes_windows(buf: &mut [u8]) -> Result<(), String> {
    if buf.is_empty() {
        return Ok(());
    }

    let ok = unsafe { SystemFunction036(buf.as_mut_ptr(), buf.len() as u32) };
    if ok == 0 {
        return Err("OS CSPRNG failed".to_string());
    }

    Ok(())
}

#[cfg(windows)]
#[allow(non_snake_case)]
#[link(name = "advapi32")]
extern "system" {
    fn SystemFunction036(RandomBuffer: *mut u8, RandomBufferLength: u32) -> u8;
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn empty_buffer_is_a_noop() {
        let mut buf = [];
        fill_bytes(&mut buf).unwrap();
    }
}