trelent-hyok 0.1.12

A Rust library implementing Hold Your Own Key (HYOK) encryption patterns with support for multiple cloud providers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

//! Data encryption strategies and implementations.
//!
//! This module provides a flexible system for encrypting and decrypting data
//! using Data Encryption Keys (DEKs). It supports:
//!
//! - AES-GCM-256 authenticated encryption
//! - Custom encryption implementations
//! - Additional authenticated data (AAD)
//! - Flexible metadata handling
//!
//! The module ensures consistent encryption operations while allowing for
//! customization when needed.

pub mod aes_gcm;
pub mod custom;

use crate::dek::DEK;
use crate::error::encryption::EncryptionError;
use async_trait::async_trait;

/// A trait for implementing data encryption strategies.
///
/// This trait provides a consistent interface for encryption operations
/// while allowing different implementations to handle their own metadata
/// and algorithm-specific details. Implementations should ensure:
///
/// - Secure encryption/decryption
/// - Proper key handling
/// - Metadata management
/// - Error handling
///
/// # Security
///
/// Implementations should:
/// - Use strong encryption algorithms
/// - Protect key material
/// - Handle metadata securely
/// - Follow cryptographic best practices
///
/// # Example
/// ```no_run
/// use async_trait::async_trait;
/// use hyokashi::{EncryptionStrategy, DEK, EncryptionError};
///
/// struct MyStrategy;
///
/// #[async_trait]
/// impl EncryptionStrategy for MyStrategy {
///     type EncryptionData = Vec<u8>;
///
///     async fn encrypt(
///         &self,
///         dek: DEK,
///         plaintext: Vec<u8>,
///         encryption_data: Self::EncryptionData
///     ) -> Result<Vec<u8>, EncryptionError> {
///         // Implement secure encryption...
///         # Ok(vec![])
///     }
///
///     async fn decrypt(
///         &self,
///         dek: DEK,
///         ciphertext: Vec<u8>,
///         encryption_data: Self::EncryptionData
///     ) -> Result<Vec<u8>, EncryptionError> {
///         // Implement secure decryption...
///         # Ok(vec![])
///     }
/// }
/// ```
#[async_trait]
pub trait EncryptionStrategy {
    /// Type containing metadata needed for encryption/decryption operations
    type EncryptionData;

    /// Encrypts data using the provided DEK and encryption metadata.
    ///
    /// # Arguments
    ///
    /// * `dek` - Data Encryption Key to use
    /// * `plaintext` - Data to encrypt
    /// * `encryption_data` - Algorithm-specific metadata
    async fn encrypt(
        &self,
        dek: DEK,
        plaintext: Vec<u8>,
        encryption_data: Self::EncryptionData
    ) -> Result<Vec<u8>, EncryptionError>;

    /// Decrypts data using the provided DEK and encryption metadata.
    ///
    /// # Arguments
    ///
    /// * `dek` - Data Encryption Key to use
    /// * `ciphertext` - Data to decrypt
    /// * `encryption_data` - Algorithm-specific metadata
    async fn decrypt(
        &self,
        dek: DEK,
        ciphertext: Vec<u8>,
        encryption_data: Self::EncryptionData
    ) -> Result<Vec<u8>, EncryptionError>;
}