diff options
| -rw-r--r-- | lockchain-crypto/src/engine.rs | 68 | ||||
| -rw-r--r-- | lockchain-crypto/src/keyfold.rs | 48 |
2 files changed, 91 insertions, 25 deletions
diff --git a/lockchain-crypto/src/engine.rs b/lockchain-crypto/src/engine.rs index 45470c1..e80c846 100644 --- a/lockchain-crypto/src/engine.rs +++ b/lockchain-crypto/src/engine.rs @@ -17,53 +17,71 @@ impl Encryptable for DataBody {} pub struct AesEngine { ctx: Aes256Siv, - _key: Key, + _key: Option<Key>, iv: Vec<u8>, } impl AesEngine { - /// Generate new key and encryption engine - #[deprecated] - pub fn generate() -> Self { - let key = Key::new(KeyType::Aes256); - let len = key.len(); + /// Initialise an AesEngine and take ownership of a raw key + pub fn new(key: Key) -> Self { + assert!(key.len() == 64); + Self { ctx: Aes256Siv::new(&key.as_slice()), - _key: key, - iv: random::bytes(len), + _key: Some(key), + iv: random::bytes(64), } } + /// Generate new key and encryption engine + #[deprecated] + pub fn generate() -> Self { + // let key = Key::new(KeyType::Aes256); + // let len = key.len(); + // Self { + // ctx: Aes256Siv::new(&key.as_slice()), + // _key: key, + // new_key: None, + // iv: random::bytes(len), + // } + unimplemented!() + } + /// Generate an Aes context from password #[deprecated] pub fn from_pw(pw: &str, salt: &str) -> Self { - let key = Key::from_pw(KeyType::Aes256, pw, salt); - let len = key.len(); - Self { - ctx: Aes256Siv::new(&key.as_slice()), - _key: key, - iv: random::bytes(len), - } + // let key = Key::from_pw(KeyType::Aes256, pw, salt); + // let len = key.len(); + // Self { + // ctx: Aes256Siv::new(&key.as_slice()), + // _key: key, + // new_key: None, + // iv: random::bytes(len), + // } + unimplemented!() } /// Load a packed data object which contains an Aes context #[deprecated] pub fn load(packed: PackedData, pw: &str, salt: &str) -> Option<Self> { - let mut temp = Self::from_pw(pw, salt); - let k: Key = Key::decode(&String::from_utf8(temp.decrypt_primitive(&packed)?).ok()?).ok()?; - - Some(Self { - ctx: Aes256Siv::new(&k.as_slice()), - _key: k, - iv: packed.iv, - }) + // let mut temp = Self::from_pw(pw, salt); + // let k: Key = Key::decode(&String::from_utf8(temp.decrypt_primitive(&packed)?).ok()?).ok()?; + + // Some(Self { + // ctx: Aes256Siv::new(&k.as_slice()), + // _key: k, + // new_key: None, + // iv: packed.iv, + // }) + unimplemented!() } /// Serialise the current context to save it somewhere #[deprecated] pub fn save(&mut self) -> PackedData { - let k = self._key.as_slice().into(); - self.encrypt_primitive(&k) + // let k = self._key.as_slice().into(); + // self.encrypt_primitive(&k) + unimplemented!() } fn encrypt_primitive(&mut self, data: &Vec<u8>) -> PackedData { diff --git a/lockchain-crypto/src/keyfold.rs b/lockchain-crypto/src/keyfold.rs new file mode 100644 index 0000000..2339a32 --- /dev/null +++ b/lockchain-crypto/src/keyfold.rs @@ -0,0 +1,48 @@ +//! Keyfolds map keys to encrypted keys + +use lcc::crypto::{Key, KeyType}; +use lcc::traits::EncryptionHandler; +use lcc::EncryptedBody; + +use AesEngine; + +/// Transparent key-encrypter utility +/// +/// This structure acts as a mapper between the +/// encrypted keys that are stored in a vault and +/// the decrypted keys that need to exist in order +/// for the `AesEngine` (and similar) to work. +/// +/// This means that it is initialised with a +/// user passphrase (and name for salt purposes) +/// and is subsequently able to encrypt keys +/// to be stored in a vault persistence medium +/// or decrypt keys that are retrieved via a +/// Vault metadata API. +pub struct Keyfold { + engine: Option<AesEngine>, +} + +impl Keyfold { + /// Take ownership of the AesEngine for transactions + pub fn begin(&mut self, engine: AesEngine) { + self.engine = Some(engine); + } + + /// Return ownership o the AesEngine + pub fn end(mut self) -> AesEngine { + let engine = self.engine.unwrap(); + self.engine = None; + engine + } +} + +impl EncryptionHandler<Key> for Keyfold { + fn encrypt(&mut self, item: Key) -> EncryptedBody { + unimplemented!() + } + + fn decrypt(&mut self, item: EncryptedBody) -> Option<Key> { + unimplemented!() + } +} |