serde_encrypt/traits/
serde_encrypt_shared_key_deterministic.rs

1use crate::{
2    encrypt::plain_message_shared_key_deterministic::PlainMessageSharedKeyDeterministic,
3    serialize::TypedSerialized, shared_key::SharedKey, EncryptedMessage, Error,
4};
5use serde::{de::DeserializeOwned, Deserialize, Serialize};
6use serde_encrypt_core::encrypt::plain_message_shared_key::PlainMessageSharedKeyDeterministicCore;
7
8/// Shared-key authenticated **deterministic** encryption for serde-serializable types.
9///
10/// # Features
11///
12/// - Message authentication.
13/// - Same cipher-text for the same plain-text for eq-match in cipher-text.
14///   Note that this is more vulnerable than [SerdeEncryptSharedKey](crate::traits::SerdeEncryptSharedKey)
15///   because, for example, attackers can find repeated patterns in cipher-text and then guess
16///   repeated patterns in plain-text.
17/// - Uses small (32-byte) key.
18///
19/// # Anti-features
20///
21/// - Identity authentication of sender nor receiver.
22///
23/// # Popular use cases
24///
25/// Good for both large and small message encryption / decryption.
26///
27/// Eq-match feature is used in encrypted indexes in RDBMS, for example.
28///
29/// # Examples
30///
31/// See: [SerdeEncryptSharedKey](crate::traits::SerdeEncryptSharedKey), who has nearly the same usage.
32///
33/// # Algorithm
34///
35/// - Encryption: XChaCha20
36/// - Message authentication: Poly1305 MAC
37/// - Fixed nonce.
38pub trait SerdeEncryptSharedKeyDeterministic {
39    /// Serializer implementation
40    type S: TypedSerialized<T = Self>;
41
42    /// Serialize and encrypt.
43    ///
44    /// # Failures
45    ///
46    /// - [SerializationError](serde_encrypt_core::error::ErrorKind::SerializationError) when failed to serialize message.
47    /// - [EncryptionError](serde_encrypt_core::error::ErrorKind::EncryptionError) when failed to encrypt serialized message.
48    fn encrypt(&self, shared_key: &SharedKey) -> Result<EncryptedMessage, Error>
49    where
50        Self: Serialize,
51    {
52        let serialized = Self::S::serialize(self)?;
53        let plain_msg = PlainMessageSharedKeyDeterministic::new(serialized.into_vec());
54        plain_msg.encrypt(shared_key)
55    }
56
57    /// Decrypt and deserialize into DeserializeOwned type.
58    ///
59    /// # Failures
60    ///
61    /// - [DecryptionError](serde_encrypt_core::error::ErrorKind::DecryptionError) when failed to decrypt message.
62    /// - [DeserializationError](serde_encrypt_core::error::ErrorKind::DeserializationError) when failed to deserialize decrypted message.
63    fn decrypt_owned(
64        encrypted_message: &EncryptedMessage,
65        shared_key: &SharedKey,
66    ) -> Result<Self, Error>
67    where
68        Self: DeserializeOwned,
69    {
70        let serialized = Self::decrypt_ref(encrypted_message, shared_key)?;
71        serialized.deserialize()
72    }
73
74    /// Just decrypts cipher-text. Returned data must be deserialized later.
75    /// Types implementing `serde::Deserialize<'de>` (not `serde::de::DeserializeOwned`) should use
76    /// this function to resolve lifetime.
77    ///
78    /// # Failures
79    ///
80    /// - [DecryptionError](serde_encrypt_core::error::ErrorKind::DecryptionError) when failed to decrypt message.
81    fn decrypt_ref<'de>(
82        encrypted_message: &EncryptedMessage,
83        shared_key: &SharedKey,
84    ) -> Result<Self::S, Error>
85    where
86        Self: Deserialize<'de>,
87    {
88        let plain_msg = PlainMessageSharedKeyDeterministic::decrypt(encrypted_message, shared_key)?;
89        Ok(Self::S::new(plain_msg.into_vec()))
90    }
91}