rusty_vault 0.2.1

RustyVault is a powerful identity-based secrets management software, providing features such as cryptographic key management, encryption as a service, public key cryptography, certificates management, identity credentials management and so forth. RustyVault's RESTful API is designed to be fully compatible with Hashicorp Vault.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

//! This is the OpenSSL adaptor.

use crate::errors::RvError;
use crate::modules::crypto::{AEADCipher, AESKeySize, BlockCipher, CipherMode, AES};
use openssl::symm::{Cipher, Crypter, Mode, encrypt, encrypt_aead, decrypt, decrypt_aead};
use openssl::rand::rand_priv_bytes;
use crate::modules::crypto::crypto_adaptors::common;

pub struct AdaptorCTX {
    ctx: Crypter,
    tag_set: bool,
    aad_set: bool,
}

impl AES {
    /// This function is the constructor of the AES struct, it returns a new AES object on success.
    ///
    /// keygen: true stands for generating a key and iv; if false, then the caller needs to feed in
    /// the specific key and iv values through the parameters.
    /// size: bit-length of AES. If omitted, AESKeySize::AES128 is used as default.
    /// mode: cipher mode of AES, such as CBC, GCM, etc. If omitted, CipherMode::CBC is default.
    /// key: symmetric key that is used to encrypt and decrypt data.
    /// iv: initialization vector. This depends on specific mode, for instance, ECB requires no IV.
    pub fn new(
        keygen: bool,
        size: Option<AESKeySize>,
        mode: Option<CipherMode>,
        key: Option<Vec<u8>>,
        iv: Option<Vec<u8>>,
    ) -> Result<Self, RvError> {
        common_aes_new!(keygen, size, mode, key, iv);
    }

    /// This function returns the key and iv vaule stored in one AES object.
    ///
    /// Two values are returned in a tuple: the first element represents the key, and the second
    /// element represents the IV. Elements may be None if unset.
    pub fn get_key_iv(&self) -> (Vec<u8>, Vec<u8>) {
        common_get_key_iv!(self);
    }
}

impl BlockCipher for AES {
    fn encrypt(&mut self, plaintext: &Vec<u8>) -> Result<Vec<u8>, RvError> {
        common_aes_encrypt!(self, plaintext);
    }

    fn encrypt_update(&mut self, plaintext: Vec<u8>, ciphertext: &mut Vec<u8>
        ) -> Result<usize, RvError> {
        common_aes_encrypt_update!(self, plaintext, ciphertext);
    }

    fn encrypt_final(&mut self, ciphertext: &mut Vec<u8>
        ) -> Result<usize, RvError> {
        common_aes_encrypt_final!(self, ciphertext);
    }

    fn decrypt(&mut self, ciphertext: &Vec<u8>) -> Result<Vec<u8>, RvError> {
        common_aes_decrypt!(self, ciphertext);
    }

    fn decrypt_update(&mut self, ciphertext: Vec<u8>, plaintext: &mut Vec<u8>
        ) -> Result<usize, RvError> {
        common_aes_decrypt_update!(self, ciphertext, plaintext);
    }

    fn decrypt_final(&mut self, plaintext: &mut Vec<u8>
        ) -> Result<usize, RvError> {
        common_aes_decrypt_final!(self, plaintext);
    }
}

impl AEADCipher for AES {
    fn set_aad(&mut self, aad: Vec<u8>) -> Result<(), RvError> {
        common_aes_set_aad!(self, aad);
    }
    fn get_tag(&mut self) -> Result<Vec<u8>, RvError> {
        common_aes_get_tag!(self);
    }
    fn set_tag(&mut self, tag: Vec<u8>) -> Result<(), RvError> {
        common_aes_set_tag!(self, tag);
    }
}