Struct Crypto 

pub struct Crypto {
    pub keys: Keys,
}

Main cryptographic operations instance.

Holds the keys and provides methods for encryption, decryption, and metadata extraction.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let keys = Keys::new(&[0u8; 32], &[0u8; 32])?;
let crypto = Crypto::new(keys);

Fields

keys: Keys

The encryption and integrity keys.

Implementations

impl Crypto

pub const IV_BASE: usize = 0

Offset of the initialization vector in a package.

pub const IV_SIZE: usize = 16

Size of the initialization vector in bytes.

pub const IV_TIME_OFFSET: usize = 0

Offset of the timestamp within the IV.

pub const IV_TIME_SIZE: usize = 8

Size of the timestamp in bytes.

pub const IV_SERVER_ID_OFFSET: usize = 8

Offset of the server ID within the IV.

pub const IV_SERVER_ID_SIZE: usize = 8

Size of the server ID in bytes.

pub const SIGNATURE_SIZE: usize = 4

Size of the HMAC signature in bytes.

pub const PAYLOAD_BASE: usize

Offset where the payload begins.

pub const OVERHEAD_SIZE: usize

Total overhead size (IV + signature) in bytes.

pub fn new(keys: Keys) -> Self

Creates a new Crypto instance.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let keys = Keys::new(&[0u8; 32], &[0u8; 32])?;
let crypto = Crypto::new(keys);

pub fn decode<T>(&self, data: T) -> Result<Vec<u8>, CryptoError>

where T: AsRef<[u8]>,

Decodes a URL-safe Base64 encoded string.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let encoded = "SGVsbG8=";
let decoded = crypto.decode(encoded)?;

pub fn encode<T>(&self, data: T) -> String

where T: AsRef<[u8]>,

Encodes data as a URL-safe Base64 string.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let data = b"Hello";
let encoded = crypto.encode(data);

pub fn decrypt(&self, cipher_data: &[u8]) -> Result<Vec<u8>, CryptoError>

Decrypts a package and verifies the HMAC signature.

Errors

Returns CryptoError::InvalidSign if signature verification fails.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let mut pkg = crypto.init_plain_data(5, None)?;
crypto.set_payload(&mut pkg, b"Hello")?;
let encrypted = crypto.encrypt(&pkg)?;
let decrypted = crypto.decrypt(&encrypted)?;

pub fn encrypt(&self, plain_data: &[u8]) -> Result<Vec<u8>, CryptoError>

Encrypts a package in-place.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let mut pkg = crypto.init_plain_data(5, None)?;
crypto.set_payload(&mut pkg, b"Hello")?;
let encrypted = crypto.encrypt(&pkg)?;

pub fn create_init_vector( &self, timestamp: OffsetDateTime, server_id: i64, ) -> Vec<u8>

Creates a custom initialization vector.

Arguments

• timestamp - The timestamp to embed
• server_id - The server ID to embed

Example

use signed_crypto::{Crypto, Keys};
use time::OffsetDateTime;

let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let iv = crypto.create_init_vector(OffsetDateTime::now_utc(), 12345);

pub fn timestamp(&self, data: &[u8]) -> Option<OffsetDateTime>

Extracts the timestamp from a package’s initialization vector.

Returns None if the data is too short.

Example

use signed_crypto::{Crypto, Keys};
use time::OffsetDateTime;

let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let mut pkg = crypto.init_plain_data(5, None)?;
crypto.set_payload(&mut pkg, b"Hello")?;
let encrypted = crypto.encrypt(&pkg)?;
let ts = crypto.timestamp(&encrypted).unwrap();

pub fn server_id(&self, data: &[u8]) -> Option<i64>

Extracts the server ID from a package’s initialization vector.

Returns None if the data is too short.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let mut pkg = crypto.init_plain_data(5, None)?;
crypto.set_payload(&mut pkg, b"Hello")?;
let encrypted = crypto.encrypt(&pkg)?;
let server_id = crypto.server_id(&encrypted).unwrap();

pub fn payload<'a>(&self, data: &'a [u8]) -> Option<&'a [u8]>

Extracts the payload from a package without decryption.

Returns None if the data is too short.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let mut pkg = crypto.init_plain_data(5, None)?;
crypto.set_payload(&mut pkg, b"Hello")?;
let payload = crypto.payload(&pkg).unwrap();
assert_eq!(payload, b"Hello");

pub fn init_plain_data( &self, payload_size: usize, iv: Option<&[u8]>, ) -> Result<Vec<u8>, CryptoError>

Initializes a plain data package buffer.

If iv is None, generates a random IV with current timestamp.

Arguments

• payload_size - Size of the payload in bytes
• iv - Optional custom initialization vector

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let pkg = crypto.init_plain_data(10, None)?;

pub fn set_payload( &self, plain_data: &mut [u8], payload: &[u8], ) -> Result<(), CryptoError>

Sets the payload in a plain data package buffer.

Errors

Returns CryptoError::PayloadSizeMismatch if the payload size does not match the expected size.

Example

use signed_crypto::{Crypto, Keys};

// WARNING: Never use all-zero keys in production!
let crypto = Crypto::new(Keys::new(&[0u8; 32], &[0u8; 32])?);
let mut pkg = crypto.init_plain_data(5, None)?;
crypto.set_payload(&mut pkg, b"Hello")?;