coffio/src/scheme.rs

#[cfg(feature = "encryption")]
use crate::encrypted_data::EncryptedData;
#[cfg(feature = "encryption")]
use crate::error::Result;
#[cfg(feature = "encryption")]
use crate::kdf::KdfFunction;
use crate::Error;

#[cfg(feature = "encryption")]
mod aes;
#[cfg(feature = "encryption")]
mod blake3;
#[cfg(feature = "encryption")]
mod sha2;
#[cfg(feature = "encryption")]
mod xchacha20poly1305;

#[cfg(feature = "encryption")]
pub(crate) type DecryptionFunction = dyn Fn(&[u8], &EncryptedData, &str) -> Result<Vec<u8>>;
#[cfg(feature = "encryption")]
pub(crate) type EncryptionFunction = dyn Fn(&[u8], &[u8], &[u8], &str) -> Result<EncryptedData>;
#[cfg(feature = "encryption")]
pub(crate) type GenNonceFunction = dyn Fn() -> Result<Vec<u8>>;
pub(crate) type SchemeSerializeType = u32;

/// The cryptographic primitives used to encrypt the data.
///
/// Coffio does not impose an unique way to encrypt data. You can therefore choose between one of
/// the supported scheme. Each scheme has advantages and drawbacks.
///
/// Before choosing a scheme, you should run the benchmark on the hardware where the encryption and
/// decryption process will take place. Some scheme may have hardware optimizations that you want
/// to take advantage of. Regarding the key length, the following website may help you choose one
/// that suits your requirements: [https://www.keylength.com/](https://www.keylength.com/)
///
/// In the following scheme description, the following terms are used:
/// - `Max data size` describes the maximal size of data that can safely be encrypted using a
/// single key and nonce, which means you should never pass a `data` parameter to
/// [encrypt][crate::CipherBox::encrypt] that has a higher size. Coffio will not enforce this
/// limit, it is your responsibility to do so.
/// - `Max invocations` describes the maximal number of times you can safely call
/// [encrypt][crate::CipherBox::encrypt] with a single key, which means you should either rotate
/// your IKM or use an appropriate key periodicity before reaching this number. Coffio will neither
/// enforce this limit nor count the number of invocations, it is your responsibility to do so.
#[derive(Copy, Clone, Debug, PartialEq)]
pub enum Scheme {
	/// `default`
	/// - Key derivation: BLAKE3 derive_key mode
	/// - Encryption: XChaCha20-Poly1305
	/// - Key size: 256 bits
	/// - Nonce size: 192 bits
	/// - Max data size: 256 GB
	/// - Max invocations: no limitation
	/// - Resources: [RFC 7539](https://doi.org/10.17487/RFC7539)
	/// [draft-irtf-cfrg-xchacha](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha)
	XChaCha20Poly1305WithBlake3 = 1,
	/// - Key derivation: HKDF-SHA256
	/// - Encryption: AES-GCM
	/// - Key size: 128 bits
	/// - Nonce size: 96 bits
	/// - Max data size: 64 GB
	/// - Max invocations: 2<sup>32</sup>
	/// - Resources: [NIST SP 800-38D](https://doi.org/10.6028/NIST.SP.800-38D)
	Aes128GcmWithSha256 = 2,
}

impl Scheme {
	pub(crate) fn get_ikm_size(&self) -> usize {
		match self {
			Scheme::XChaCha20Poly1305WithBlake3 => 32,
			Scheme::Aes128GcmWithSha256 => 32,
		}
	}
}

#[cfg(feature = "encryption")]
impl Scheme {
	pub(crate) fn get_kdf(&self) -> Box<KdfFunction> {
		match self {
			Scheme::XChaCha20Poly1305WithBlake3 => Box::new(blake3::blake3_derive),
			Scheme::Aes128GcmWithSha256 => Box::new(sha2::sha256_derive),
		}
	}

	pub(crate) fn get_decryption(&self) -> Box<DecryptionFunction> {
		match self {
			Scheme::XChaCha20Poly1305WithBlake3 => {
				Box::new(xchacha20poly1305::xchacha20poly1305_decrypt)
			}
			Scheme::Aes128GcmWithSha256 => Box::new(aes::aes128gcm_decrypt),
		}
	}

	pub(crate) fn get_encryption(&self) -> Box<EncryptionFunction> {
		match self {
			Scheme::XChaCha20Poly1305WithBlake3 => {
				Box::new(xchacha20poly1305::xchacha20poly1305_encrypt)
			}
			Scheme::Aes128GcmWithSha256 => Box::new(aes::aes128gcm_encrypt),
		}
	}

	pub(crate) fn get_gen_nonce(&self) -> Box<GenNonceFunction> {
		match self {
			Scheme::XChaCha20Poly1305WithBlake3 => {
				Box::new(xchacha20poly1305::xchacha20poly1305_gen_nonce)
			}
			Scheme::Aes128GcmWithSha256 => Box::new(aes::aes128gcm_gen_nonce),
		}
	}
}

impl TryFrom<SchemeSerializeType> for Scheme {
	type Error = Error;

	fn try_from(value: SchemeSerializeType) -> Result<Self, Self::Error> {
		match value {
			1 => Ok(Scheme::XChaCha20Poly1305WithBlake3),
			2 => Ok(Scheme::Aes128GcmWithSha256),
			_ => Err(Error::ParsingSchemeUnknownScheme(value)),
		}
	}
}
Fix the features 2024-03-02 14:55:14 +01:00			`#[cfg(feature = "encryption")]`
Move the EncryptedData struct to a dedicated module 2024-03-17 14:45:18 +01:00			`use crate::encrypted_data::EncryptedData;`
Move the scheme return fn type definitions to the scheme module 2024-03-17 14:35:26 +01:00			`#[cfg(feature = "encryption")]`
			`use crate::error::Result;`
Fix the features 2024-03-02 14:55:14 +01:00			`#[cfg(feature = "encryption")]`
Refactor the context canonicalization 2024-02-17 16:29:54 +01:00			`use crate::kdf::KdfFunction;`
Improve the error management 2024-02-15 10:56:21 +01:00			`use crate::Error;`

Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`#[cfg(feature = "encryption")]`
			`mod aes;`
Fix the features 2024-03-02 14:55:14 +01:00			`#[cfg(feature = "encryption")]`
Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00			`mod blake3;`
Fix the features 2024-03-02 14:55:14 +01:00			`#[cfg(feature = "encryption")]`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`mod sha2;`
			`#[cfg(feature = "encryption")]`
Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00			`mod xchacha20poly1305;`

Move the scheme return fn type definitions to the scheme module 2024-03-17 14:35:26 +01:00			`#[cfg(feature = "encryption")]`
			`pub(crate) type DecryptionFunction = dyn Fn(&[u8], &EncryptedData, &str) -> Result<Vec<u8>>;`
			`#[cfg(feature = "encryption")]`
			`pub(crate) type EncryptionFunction = dyn Fn(&[u8], &[u8], &[u8], &str) -> Result<EncryptedData>;`
			`#[cfg(feature = "encryption")]`
			`pub(crate) type GenNonceFunction = dyn Fn() -> Result<Vec<u8>>;`
Add a type alias for the scheme serialize type 2024-02-25 12:03:06 +01:00			`pub(crate) type SchemeSerializeType = u32;`

Add some basic documentation 2024-04-05 00:17:01 +02:00			`/// The cryptographic primitives used to encrypt the data.`
			`///`
			`/// Coffio does not impose an unique way to encrypt data. You can therefore choose between one of`
			`/// the supported scheme. Each scheme has advantages and drawbacks.`
			`///`
			`/// Before choosing a scheme, you should run the benchmark on the hardware where the encryption and`
			`/// decryption process will take place. Some scheme may have hardware optimizations that you want`
			`/// to take advantage of. Regarding the key length, the following website may help you choose one`
			`/// that suits your requirements: [https://www.keylength.com/](https://www.keylength.com/)`
			`///`
			`/// In the following scheme description, the following terms are used:`
			/// - `Max data size` describes the maximal size of data that can safely be encrypted using a
			/// single key and nonce, which means you should never pass a `data` parameter to
			`/// [encrypt][crate::CipherBox::encrypt] that has a higher size. Coffio will not enforce this`
			`/// limit, it is your responsibility to do so.`
			/// - `Max invocations` describes the maximal number of times you can safely call
			`/// [encrypt][crate::CipherBox::encrypt] with a single key, which means you should either rotate`
			`/// your IKM or use an appropriate key periodicity before reaching this number. Coffio will neither`
			`/// enforce this limit nor count the number of invocations, it is your responsibility to do so.`
Add a cryptographic scheme to the IKM 2024-02-15 10:00:06 +01:00			`#[derive(Copy, Clone, Debug, PartialEq)]`
			`pub enum Scheme {`
Add some basic documentation 2024-04-05 00:17:01 +02:00			/// `default`
			`/// - Key derivation: BLAKE3 derive_key mode`
			`/// - Encryption: XChaCha20-Poly1305`
			`/// - Key size: 256 bits`
			`/// - Nonce size: 192 bits`
			`/// - Max data size: 256 GB`
			`/// - Max invocations: no limitation`
Use the DOI Foundation links 2024-04-07 11:01:46 +02:00			`/// - Resources: [RFC 7539](https://doi.org/10.17487/RFC7539)`
Add some basic documentation 2024-04-05 00:17:01 +02:00			`/// [draft-irtf-cfrg-xchacha](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha)`
Add a cryptographic scheme to the IKM 2024-02-15 10:00:06 +01:00			`XChaCha20Poly1305WithBlake3 = 1,`
Add some basic documentation 2024-04-05 00:17:01 +02:00			`/// - Key derivation: HKDF-SHA256`
			`/// - Encryption: AES-GCM`
			`/// - Key size: 128 bits`
			`/// - Nonce size: 96 bits`
			`/// - Max data size: 64 GB`
			`/// - Max invocations: 2<sup>32</sup>`
			`/// - Resources: [NIST SP 800-38D](https://doi.org/10.6028/NIST.SP.800-38D)`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`Aes128GcmWithSha256 = 2,`
Add a cryptographic scheme to the IKM 2024-02-15 10:00:06 +01:00			`}`

Derive the key 2024-02-15 23:45:21 +01:00			`impl Scheme {`
Refactor the IKM storage format 2024-03-02 11:00:59 +01:00			`pub(crate) fn get_ikm_size(&self) -> usize {`
			`match self {`
			`Scheme::XChaCha20Poly1305WithBlake3 => 32,`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`Scheme::Aes128GcmWithSha256 => 32,`
Refactor the IKM storage format 2024-03-02 11:00:59 +01:00			`}`
			`}`
Fix the features 2024-03-16 11:22:08 +01:00			`}`
Refactor the IKM storage format 2024-03-02 11:00:59 +01:00
Fix the features 2024-03-16 11:22:08 +01:00			`#[cfg(feature = "encryption")]`
			`impl Scheme {`
Refactor the context canonicalization 2024-02-17 16:29:54 +01:00			`pub(crate) fn get_kdf(&self) -> Box<KdfFunction> {`
Derive the key 2024-02-15 23:45:21 +01:00			`match self {`
Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00			`Scheme::XChaCha20Poly1305WithBlake3 => Box::new(blake3::blake3_derive),`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`Scheme::Aes128GcmWithSha256 => Box::new(sha2::sha256_derive),`
Derive the key 2024-02-15 23:45:21 +01:00			`}`
			`}`
Implement encryption 2024-02-17 20:26:45 +01:00
Implement decryption 2024-02-25 13:40:19 +01:00			`pub(crate) fn get_decryption(&self) -> Box<DecryptionFunction> {`
			`match self {`
			`Scheme::XChaCha20Poly1305WithBlake3 => {`
Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00			`Box::new(xchacha20poly1305::xchacha20poly1305_decrypt)`
Implement decryption 2024-02-25 13:40:19 +01:00			`}`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`Scheme::Aes128GcmWithSha256 => Box::new(aes::aes128gcm_decrypt),`
Implement decryption 2024-02-25 13:40:19 +01:00			`}`
			`}`

Implement encryption 2024-02-17 20:26:45 +01:00			`pub(crate) fn get_encryption(&self) -> Box<EncryptionFunction> {`
			`match self {`
			`Scheme::XChaCha20Poly1305WithBlake3 => {`
Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00			`Box::new(xchacha20poly1305::xchacha20poly1305_encrypt)`
Implement encryption 2024-02-17 20:26:45 +01:00			`}`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`Scheme::Aes128GcmWithSha256 => Box::new(aes::aes128gcm_encrypt),`
Implement encryption 2024-02-17 20:26:45 +01:00			`}`
			`}`
Add the IKM id and the nonce to the AAD 2024-03-11 14:55:08 +01:00
			`pub(crate) fn get_gen_nonce(&self) -> Box<GenNonceFunction> {`
			`match self {`
			`Scheme::XChaCha20Poly1305WithBlake3 => {`
			`Box::new(xchacha20poly1305::xchacha20poly1305_gen_nonce)`
			`}`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`Scheme::Aes128GcmWithSha256 => Box::new(aes::aes128gcm_gen_nonce),`
Add the IKM id and the nonce to the AAD 2024-03-11 14:55:08 +01:00			`}`
			`}`
Derive the key 2024-02-15 23:45:21 +01:00			`}`

Add a type alias for the scheme serialize type 2024-02-25 12:03:06 +01:00			`impl TryFrom<SchemeSerializeType> for Scheme {`
Improve the error management 2024-02-15 10:56:21 +01:00			`type Error = Error;`
Add a cryptographic scheme to the IKM 2024-02-15 10:00:06 +01:00
Add a type alias for the scheme serialize type 2024-02-25 12:03:06 +01:00			`fn try_from(value: SchemeSerializeType) -> Result<Self, Self::Error> {`
Add a cryptographic scheme to the IKM 2024-02-15 10:00:06 +01:00			`match value {`
			`1 => Ok(Scheme::XChaCha20Poly1305WithBlake3),`
Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00			`2 => Ok(Scheme::Aes128GcmWithSha256),`
Rename the parsing errors using the module name 2024-02-25 11:46:08 +01:00			`_ => Err(Error::ParsingSchemeUnknownScheme(value)),`
Add a cryptographic scheme to the IKM 2024-02-15 10:00:06 +01:00			`}`
			`}`
			`}`
No results found.