sentinel_crypto/encrypt_trait.rs
1use crate::error::CryptoError;
2
3/// Core trait for encryption algorithms used in sentinel-crypto.
4/// This trait abstracts encryption operations to allow easy switching between
5/// different encryption algorithms while maintaining a consistent interface.
6///
7/// Design choice: Trait-based design enables compile-time algorithm selection
8/// and allows for future extensions (e.g., ChaCha20-Poly1305, AES-GCM-SIV) without changing
9/// the API. The trait is sealed to prevent external implementations that
10/// might not meet security requirements.
11pub trait EncryptionAlgorithm: private::Sealed {
12 /// Encrypts the given data using the provided key.
13 /// Returns a hex-encoded string containing nonce + ciphertext.
14 ///
15 /// # Arguments
16 /// * `data` - The data to encrypt
17 /// * `key` - The encryption key
18 ///
19 /// # Returns
20 /// A hex-encoded string with nonce + ciphertext
21 ///
22 /// # Errors
23 /// Returns `CryptoError::Encryption` if encryption fails
24 fn encrypt_data(data: &[u8], key: &[u8; 32]) -> Result<String, CryptoError>;
25
26 /// Decrypts the given encrypted data using the provided key.
27 /// Expects the input to be a hex-encoded string with nonce + ciphertext.
28 ///
29 /// # Arguments
30 /// * `encrypted_data` - The hex-encoded nonce + ciphertext
31 /// * `key` - The decryption key
32 ///
33 /// # Returns
34 /// The decrypted data
35 ///
36 /// # Errors
37 /// Returns `CryptoError::Decryption` if decryption fails
38 fn decrypt_data(encrypted_data: &str, key: &[u8; 32]) -> Result<Vec<u8>, CryptoError>;
39}
40
41// Sealing the trait to prevent external implementations
42pub(crate) mod private {
43 pub trait Sealed {}
44}