/// # Errors /// /// Failure to generate a new HKDF key using NSS results in an error. pubfn new(version: Version, cipher: Cipher) -> Res<Self> { let key = hkdf::generate_key(version, cipher)?;
Ok(Self {
version,
cipher,
key_id: 0,
key,
old_key: None,
})
}
fn make_aead(&self, k: &SymKey, salt: &[u8]) -> Res<Aead> {
debug_assert_eq!(salt.len(), Self::SALT_LENGTH); let salt = hkdf::import_key(self.version, salt)?; let secret = hkdf::extract(self.version, self.cipher, Some(&salt), k)?;
Aead::new(self.version, self.cipher, &secret, "neqo self")
}
/// Rotate keys. This causes any previous key that is being held to be replaced by the current /// key. /// /// # Errors /// /// Failure to generate a new HKDF key using NSS results in an error. pubfn rotate(&mutself) -> Res<()> { let new_key = hkdf::generate_key(self.version, self.cipher)?; self.old_key = Some(mem::replace(&mutself.key, new_key)); let (kid, _) = self.key_id.overflowing_add(1); self.key_id = kid;
qinfo!(["SelfEncrypt"], "Rotated keys to {}", self.key_id);
Ok(())
}
/// Seal an item using the underlying key. This produces a single buffer that contains /// the encrypted `plaintext`, plus a version number and salt. /// `aad` is only used as input to the AEAD, it is not included in the output; the /// caller is responsible for carrying the AAD as appropriate. /// /// # Errors /// /// Failure to protect using NSS AEAD APIs produces an error. pubfn seal(&self, aad: &[u8], plaintext: &[u8]) -> Res<Vec<u8>> { // Format is: // struct { // uint8 version; // uint8 key_id; // uint8 salt[16]; // opaque aead_encrypted(plaintext)[length as expanded]; // }; // AAD covers the entire header, plus the value of the AAD parameter that is provided. let salt = random::<{ Self::SALT_LENGTH }>(); let cipher = self.make_aead(&self.key, &salt)?; let encoded_len = 2 + salt.len() + plaintext.len() + cipher.expansion();
/// Open the protected `ciphertext`. /// /// # Errors /// /// Returns an error when the self-encrypted object is invalid; /// when the keys have been rotated; or when NSS fails. #[allow(clippy::similar_names)] // aad is similar to aead pubfn open(&self, aad: &[u8], ciphertext: &[u8]) -> Res<Vec<u8>> { if ciphertext[0] != Self::VERSION { return Err(Error::SelfEncryptFailure);
} let Some(key) = self.select_key(ciphertext[1]) else { return Err(Error::SelfEncryptFailure);
}; let offset = 2 + Self::SALT_LENGTH;
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.