trelent-hyok 0.1.12

A Rust library implementing Hold Your Own Key (HYOK) encryption patterns with support for multiple cloud providers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

//! Custom key management implementation.
//!
//! This module enables integration with any key management system by allowing
//! users to provide their own encryption and decryption functions. It supports:
//!
//! - Custom key management systems
//! - Flexible encryption algorithms
//! - Error handling
//! - Thread-safe operations

use crate::cmk::CMKTrait;
use crate::error::cmk::CMKError;
use async_trait::async_trait;
use std::sync::Arc;

/// A customizable Customer Managed Key implementation.
///
/// This CMK implementation allows integration with any key management system
/// by accepting closures for encryption and decryption. Features include:
///
/// - Flexible key management
/// - Custom algorithms
/// - Error handling
/// - Thread-safe operations
///
/// # Security
///
/// When implementing custom operations, ensure:
/// - Strong encryption algorithms
/// - Proper key management
/// - Secure key storage
/// - Access control
/// - Audit logging
///
/// # Example
/// ```no_run
/// use hyokashi::{CustomCMK, CMKError};
///
/// // Define custom encryption/decryption functions
/// let encrypt = |data: Vec<u8>| Box::pin(async move {
///     // Implement secure encryption...
///     Ok(data)
/// });
///
/// let decrypt = |data: Vec<u8>| Box::pin(async move {
///     // Implement secure decryption...
///     Ok(data)
/// });
///
/// // Create the custom CMK
/// let cmk = CustomCMK::new(encrypt, decrypt);
///
/// // Use the CMK
/// async {
///     let data = vec![1, 2, 3];
///     let encrypted = cmk.encrypt(data).await?;
///     let decrypted = cmk.decrypt(encrypted).await?;
///     # Ok::<(), Box<dyn std::error::Error>>(())
/// };
/// ```
pub struct CustomCMK {
    encrypt_fn: Arc<
        dyn (Fn(Vec<u8>) -> futures::future::BoxFuture<'static, Result<Vec<u8>, CMKError>>) +
            Send +
            Sync
    >,
    decrypt_fn: Arc<
        dyn (Fn(Vec<u8>) -> futures::future::BoxFuture<'static, Result<Vec<u8>, CMKError>>) +
            Send +
            Sync
    >,
}

impl CustomCMK {
    /// Creates a new `CustomCMK` from the provided encryption and decryption closures.
    ///
    /// # Arguments
    ///
    /// * `encrypt_fn` - A closure or function pointer returning a future that encrypts data.
    /// * `decrypt_fn` - A closure or function pointer returning a future that decrypts data.
    ///
    /// # Returns
    ///
    /// A new `CustomCMK` that delegates encryption and decryption to the provided closures.
    pub fn new<E, D>(encrypt_fn: E, decrypt_fn: D) -> Self
        where
            E: Fn(Vec<u8>) -> futures::future::BoxFuture<'static, Result<Vec<u8>, CMKError>> +
                Send +
                Sync +
                'static,
            D: Fn(Vec<u8>) -> futures::future::BoxFuture<'static, Result<Vec<u8>, CMKError>> +
                Send +
                Sync +
                'static
    {
        CustomCMK {
            encrypt_fn: Arc::new(encrypt_fn),
            decrypt_fn: Arc::new(decrypt_fn),
        }
    }
}

#[async_trait]
impl CMKTrait for CustomCMK {
    /// Encrypts the specified plaintext data by calling the user-provided `encrypt_fn`.
    ///
    /// # Arguments
    ///
    /// * `plaintext` - The plaintext bytes to be encrypted.
    ///
    /// # Errors
    ///
    /// Returns a `CMKError` if `encrypt_fn` returns an error.
    ///
    /// # Example
    /// ```no_run
    /// let custom_cmk = CustomCMK::new(/* ... */);
    /// let encrypted = custom_cmk.encrypt(vec![0x01, 0x02]).await?;
    /// ```
    async fn encrypt(&self, plaintext: Vec<u8>) -> Result<Vec<u8>, CMKError> {
        (self.encrypt_fn)(plaintext).await
    }

    /// Decrypts the specified ciphertext data by calling the user-provided `decrypt_fn`.
    ///
    /// # Arguments
    ///
    /// * `ciphertext` - The ciphertext bytes to be decrypted.
    ///
    /// # Errors
    ///
    /// Returns a `CMKError` if `decrypt_fn` returns an error.
    ///
    /// # Example
    /// ```no_run
    /// let custom_cmk = CustomCMK::new(/* ... */);
    /// let decrypted = custom_cmk.decrypt(encrypted_data).await?;
    /// ```
    async fn decrypt(&self, ciphertext: Vec<u8>) -> Result<Vec<u8>, CMKError> {
        (self.decrypt_fn)(ciphertext).await
    }
}