Set a default key periodicity of 1 year

src/encryption.rs

@@ -68,6 +68,18 @@ mod tests {
 	const TEST_DATA_CTX: &[&str] = &["018db876-3d9d-79af-9460-55d17da991d8"];
 	const EMPTY_DATA_CTX: &[[u8; 0]] = &[];
 
+	fn get_static_key_ctx() -> KeyContext {
+		let mut ctx: KeyContext = TEST_KEY_CTX.into();
+		ctx.set_static();
+		ctx
+	}
+
+	fn get_static_empty_key_ctx() -> KeyContext {
+		let mut ctx = KeyContext::from([]);
+		ctx.set_static();
+		ctx
+	}
+
 	fn get_ikm_lst() -> InputKeyMaterialList {
 		InputKeyMaterialList::import(
 			"AQAAAA:AQAAAAEAAAC_vYEw1ujVG5i-CtoPYSzik_6xaAq59odjPm5ij01-e6zz4mUAAAAALJGBiwAAAAAA",
@@ -77,7 +89,7 @@ mod tests {
 
 	#[test]
 	fn encrypt_decrypt_no_context() {
-		let ctx = KeyContext::from([]);
+		let ctx = get_static_empty_key_ctx();
 
 		// Encrypt
 		let lst = get_ikm_lst();
@@ -95,17 +107,38 @@ mod tests {
 	}
 
 	#[test]
-	fn encrypt_decrypt_with_context() {
+	fn encrypt_decrypt_with_static_context() {
-		// Encrypt
 		let lst = get_ikm_lst();
-		let res = encrypt(&lst, &TEST_KEY_CTX.into(), TEST_DATA, TEST_DATA_CTX);
+		let key_ctx = get_static_key_ctx();
+
+		// Encrypt
+		let res = encrypt(&lst, &key_ctx, TEST_DATA, TEST_DATA_CTX);
 		assert!(res.is_ok(), "res: {res:?}");
 		let ciphertext = res.unwrap();
 		assert!(ciphertext.starts_with("AQAAAA:"));
 		assert_eq!(ciphertext.len(), 98);
 
 		// Decrypt
-		let res = decrypt(&lst, &TEST_KEY_CTX.into(), &ciphertext, TEST_DATA_CTX);
+		let res = decrypt(&lst, &key_ctx, &ciphertext, TEST_DATA_CTX);
+		assert!(res.is_ok(), "res: {res:?}");
+		let plaintext = res.unwrap();
+		assert_eq!(plaintext, TEST_DATA);
+	}
+
+	#[test]
+	fn encrypt_decrypt_with_context() {
+		let lst = get_ikm_lst();
+		let key_ctx = KeyContext::from(TEST_KEY_CTX);
+
+		// Encrypt
+		let res = encrypt(&lst, &key_ctx, TEST_DATA, TEST_DATA_CTX);
+		assert!(res.is_ok(), "res: {res:?}");
+		let ciphertext = res.unwrap();
+		assert!(ciphertext.starts_with("AQAAAA:"));
+		assert_eq!(ciphertext.len(), 110);
+
+		// Decrypt
+		let res = decrypt(&lst, &key_ctx, &ciphertext, TEST_DATA_CTX);
 		assert!(res.is_ok(), "res: {res:?}");
 		let plaintext = res.unwrap();
 		assert_eq!(plaintext, TEST_DATA);

src/kdf.rs

@@ -9,6 +9,10 @@ pub struct KeyContext {
 }
 
 impl KeyContext {
+	pub fn set_static(&mut self) {
+		self.periodicity = None;
+	}
+
 	pub fn set_periodicity(&mut self, periodicity: u64) {
 		self.periodicity = Some(periodicity);
 	}
@@ -34,7 +38,7 @@ impl<const N: usize> From<[&str; N]> for KeyContext {
 	fn from(ctx: [&str; N]) -> Self {
 		Self {
 			ctx: ctx.iter().map(|s| s.to_string()).collect(),
-			periodicity: None,
+			periodicity: Some(crate::DEFAULT_KEY_CTX_PERIODICITY),
 		}
 	}
 }

src/lib.rs

@@ -31,6 +31,15 @@ pub use scheme::Scheme;
 /// [tropical_year]: https://en.wikipedia.org/wiki/Tropical_year
 #[cfg(feature = "ikm-management")]
 pub const DEFAULT_IKM_DURATION: u64 = 315_569_252;
+/// Default amount of time during which a key is valid.
+/// This is used for automatic periodic key rotation.
+/// This value is expressed in seconds.
+///
+/// Considering that a day is composed of 86400 seconds (60×60×24) and a year is 365.24219 days (approximate value of the [mean tropical year][tropical_year]), this value is equivalent to 1 year.
+///
+/// [tropical_year]: https://en.wikipedia.org/wiki/Tropical_year
+#[cfg(feature = "encryption")]
+pub const DEFAULT_KEY_CTX_PERIODICITY: u64 = 31_556_925;
 #[cfg(feature = "ikm-management")]
 const DEFAULT_SCHEME: Scheme = Scheme::XChaCha20Poly1305WithBlake3;