1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132
//! IronOxide - IronCore Labs Rust SDK //! //! The IronOxide Rust SDK is a pure Rust library that integrates IronCore's privacy, security, and data control solution into //! your Rust application. Operations in the IronOxide SDK are performed in the context of a user or backend service account. This //! SDK supports all possible operations that work in the IronCore platform including creating and managing users and groups, encrypting //! and decrypting document bytes, and granting and revoking access to documents to users and groups. //! //! ## [User Operations](user/trait.UserOps.html) //! //! The IronOxide SDK user methods allow for multiple operations to manage your synced users/service accounts from your application //! into the IronCore platform: //! //! + Lookup existing synced users in the IronCore system given their unique account IDs //! + Sync and generate cryptographic keys for authenticated users from your application into IronCore //! + List, create, and delete cryptographic device keys for synced users //! + List a users devices //! //! ## [Document Operations](document/trait.DocumentOps.html) //! //! All secret data that is encrypted using the IronCore platform are referred to as documents. Documents wrap the raw bytes of //! secret data to encrypt along with various metadata that helps convey access information to that data. Documents can be encrypted, //! decrypted, updated, granted to users and groups, and revoked from users and groups. //! //! ## [Group Operations](group/trait.GroupOps.html) //! //! Groups are one of the many differentiating features of the IronCore platform. This SDK allows for easy management of your cryptographic //! groups. Groups can be created, updated, and deleted along with management of a groups administrators and members. //! // required by quick_error or IronOxideErr #![recursion_limit = "128"] #[macro_use] extern crate serde_derive; #[macro_use] extern crate base64_serde; #[macro_use] extern crate quick_error; #[macro_use] extern crate lazy_static; #[cfg(test)] #[macro_use] extern crate galvanic_assert; mod crypto; mod internal; mod proto; /// SDK document operations pub mod document; /// SDK group operations pub mod group; /// SDK user operations pub mod user; /// Policy types pub mod policy; /// Convenience re-export of essential IronOxide types pub mod prelude; pub use crate::internal::{ DeviceContext, DeviceSigningKeyPair, IronOxideErr, KeyPair, PrivateKey, PublicKey, }; use rand::rngs::adapter::ReseedingRng; use rand::rngs::EntropyRng; use rand::FromEntropy; use rand_chacha::ChaChaCore; use recrypt::api::{Ed25519, RandomBytes, Recrypt, Sha256}; use std::sync::Mutex; use tokio::runtime::current_thread::Runtime; /// Result of an Sdk operation pub type Result<T> = std::result::Result<T, IronOxideErr>; /// Struct that is used to make authenticated requests to the IronCore API. Instantiated with the details /// of an account's various ids, device, and signing keys. Once instantiated all operations will be /// performed in the context of the account provided. pub struct IronOxide { pub(crate) recrypt: Recrypt<Sha256, Ed25519, RandomBytes<recrypt::api::DefaultRng>>, /// Master public key for the user identified by `account_id` pub(crate) user_master_pub_key: PublicKey, pub(crate) device: DeviceContext, pub(crate) rng: Mutex<ReseedingRng<ChaChaCore, EntropyRng>>, } /// Initialize the IronOxide SDK with a device. Verifies that the provided user/segment exists and the provided device /// keys are valid and exist for the provided account. If successful returns an instance of the IronOxide SDK pub fn initialize(device_context: &DeviceContext) -> Result<IronOxide> { // 1 MB const BYTES_BEFORE_RESEEDING: u64 = 1 * 1024 * 1024; let mut rt = Runtime::new().unwrap(); let account_id = device_context.account_id(); rt.block_on(crate::internal::user_api::user_key_list( &device_context.auth(), &vec![account_id.clone()], )) .and_then(|mut users| { users //We're using remove here because we don't actually need this HashMap anymore and remove //returns us ownership so we can avoid a clone. .remove(&device_context.account_id()) .map(|current_user_public_key| IronOxide { recrypt: Recrypt::new(), device: device_context.clone(), user_master_pub_key: current_user_public_key, rng: Mutex::new(ReseedingRng::new( rand_chacha::ChaChaCore::from_entropy(), BYTES_BEFORE_RESEEDING, EntropyRng::new(), )), }) .ok_or(IronOxideErr::InitializeError) }) } impl IronOxide { /// Get the `DeviceContext` instance that was used to create this SDK instance pub fn device(&self) -> &DeviceContext { &self.device } } /// A way to turn IronSdkErr into Strings for the Java binding impl From<IronOxideErr> for String { fn from(err: IronOxideErr) -> Self { format!("{}", err) } }