securestore 0.100.2

SecureStore API for creating or decrypting user secrets
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

use super::TempFile;
use crate::crypto::rand_bytes;
use crate::shared::*;
use crate::*;
use std::io::Read;

/// Verifies that exporting keys derived from a password results in keys
/// dependent on the IV.
#[test]
fn key_derivation_iv() {
    let mut iv1 = [0u8; IV_SIZE];
    rand_bytes(&mut iv1);

    let mut iv2 = [0u8; IV_SIZE];
    rand_bytes(&mut iv2);

    let derived1 = KeySource::Password("foo").extract_keys(&iv1).unwrap();
    let derived2 = KeySource::Password("foo").extract_keys(&iv1).unwrap();

    assert_eq!(
        derived1, derived2,
        "Two keys derived from same password and same IV should not differ"
    );

    let derived3 = KeySource::Password("foo").extract_keys(&iv2).unwrap();
    assert_ne!(
        derived1, derived3,
        "Two keys derived from the same password but different IVs should differ"
    );
}

/// Validates that [`KeySource::Buffer`] can be used to read a secret out of a
/// file.
#[test]
fn buffer_key_source() {
    let vault = TempFile::new();
    let keyfile = TempFile::new();

    // Create a vault, write to it, and export it and its keys
    let mut sman = SecretsManager::new(KeySource::Csprng).unwrap();
    sman.set("foo", "bar");
    sman.export_key(&keyfile).unwrap();
    sman.save_as(&vault).unwrap();

    let mut buffer = Vec::new();
    File::open(keyfile)
        .unwrap()
        .read_to_end(&mut buffer)
        .unwrap();
    let keysource = KeySource::Buffer(&buffer);
    let sman = SecretsManager::load(&vault, keysource).expect("Failed to load keys from buffer!");
    assert_eq!(&sman.get_as::<Vec<u8>>("foo").unwrap(), b"bar");
}