Module crypto

Expand description

Cryptographic primitives used by the DNODE peer protocol.

The engine encrypts inter-node payloads with a per-pool symmetric AES key. The key itself is wrapped with the recipient’s RSA public key and exchanged during the DNODE handshake. This module exposes:

Crypto - bundle of an RSA key pair (loaded from PEM) and a freshly generated 32-byte AES key buffer. Construct it with Crypto::from_pem at process startup.
AES-128-CBC encryption and decryption (the cipher consumes the first 16 bytes of the 32-byte key buffer; the IV is the same 16 bytes), including helpers that pipe through the MbufQueue chain the rest of the engine uses.
RSA wrap and unwrap of the symmetric key, using PKCS#1 OAEP padding.
Base64 encoding and decoding wrappers around the workspace base64 crate.
PEM key loading for both PKCS#1 (-----BEGIN RSA PRIVATE KEY-----) and PKCS#8 (-----BEGIN PRIVATE KEY-----) framings.

§Examples

use dynomite::crypto::Crypto;

let key = Crypto::generate_aes_key().unwrap();
let plain = b"hello dnode";
let cipher = Crypto::aes_encrypt(plain, &key).unwrap();
assert_ne!(cipher.as_slice(), plain);
let round = Crypto::aes_decrypt(&cipher, &key).unwrap();
assert_eq!(round, plain);

Re-exports§

pub use self::aes::AES_BLOCK_SIZE;
pub use self::aes::AES_KEYLEN;
pub use self::base64::base64_decode;
pub use self::base64::base64_encode;

Modules§

aes: AES-128-CBC primitives used by the DNODE peer protocol.
base64: Base64 encoding helpers.
pem: PEM key file loading.
rsa: RSA wrap and unwrap for AES session keys.

Structs§

Crypto: Bundle of crypto state used by a Dynomite peer instance.

Enums§

CryptoError: Errors produced by the crypto module.

Module crypto

Module crypto Copy item path

§Examples

Re-exports§

Modules§

Structs§

Enums§

Module crypto