garnet/bin/kms/src/crypto_provider/mod.rs - fuchsia - Git at Google

 // Copyright 2019 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #[cfg(test)]
 pub mod mock_provider;
 pub mod mundane_provider;

 use fidl_fuchsia_kms::AsymmetricKeyAlgorithm;
 use std::error::Error;
 use std::fmt;
 use std::fmt::Debug;

 /// The general error type returned by crypto provider.
 #[derive(Clone, Debug)]
 pub struct CryptoProviderError {
     error_message: String,
 }

 impl fmt::Display for CryptoProviderError {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         write!(f, "{:?}", self)
     }
 }

 impl Error for CryptoProviderError {}

 impl CryptoProviderError {
     pub fn new(error_message: &str) -> Self {
         CryptoProviderError { error_message: error_message.to_string() }
     }
 }

 /// A cryptography provider that could support cryptography operations.
 pub trait CryptoProvider: Debug + Send + Sync {
     /// Return a list of supported algorithms.
     fn supported_asymmetric_algorithms(&self) -> Vec<AsymmetricKeyAlgorithm>;

     /// Return a human-friendly name for this provider.
     fn get_name(&self) -> &'static str;

     /// Get a clone of the boxed trait object.
     fn box_clone(&self) -> Box<dyn CryptoProvider>;

     /// Generate an Asymmetric key pair. Return the generated key object.
     ///
     /// # Arguments:
     ///
     /// * `key_algorithm` - The algorithm for the key to be generated.
     /// * `key_name` - The name for the key in case the provider need to keep record.
     fn generate_asymmetric_key(
         &self,
         key_algorithm: AsymmetricKeyAlgorithm,
         key_name: &str,
     ) -> Result<Box<dyn AsymmetricProviderKey>, CryptoProviderError>;

     /// Import a key. Return the key data representing the imported key.
     ///
     /// # Arguments:
     ///
     /// * `key_data`- The key data to be imported by the provider.
     /// * `key_algorithm` - The algorithm for the key to be imported.
     /// * `key_name` - The name for the key in case the provider need to keep record.
     fn import_asymmetric_key(
         &self,
         key_data: &[u8],
         key_algorithm: AsymmetricKeyAlgorithm,
         key_name: &str,
     ) -> Result<Box<dyn AsymmetricProviderKey>, CryptoProviderError>;

     /// Check the correctness of key material and turn it into an AsymmetricProviderKey object.
     ///
     /// # Arguments:
     ///
     /// * `key_data`- The key data to be parsed by the provider.
     /// * `key_algorithm` - The algorithm for the key to be parsed.
     fn parse_asymmetric_key(
         &self,
         key_data: &[u8],
         key_algorithm: AsymmetricKeyAlgorithm,
     ) -> Result<Box<dyn AsymmetricProviderKey>, CryptoProviderError>;

     /// Generate a symmetric key for sealing. Return the generated key object.
     ///
     /// # Arguments:
     ///
     /// * `key_name` - The name for the key in case the provider need to keep record.
     fn generate_sealing_key(
         &self,
         key_name: &str,
     ) -> Result<Box<dyn SealingProviderKey>, CryptoProviderError>;

     /// Check the correctness of key material and turn it into an SealingProviderKey object.
     ///
     /// # Arguments:
     ///
     /// * `key_data`- The key data to be parsed by the provider.
     fn parse_sealing_key(
         &self,
         key_data: &[u8],
     ) -> Result<Box<dyn SealingProviderKey>, CryptoProviderError>;

     /// Calculate the size of the sealed data based on the original data size.
     ///
     /// # Arguments:
     ///
     /// * 'original_data_size' - The size of the original data.
     fn calculate_sealed_data_size(&self, original_data_size: u64) -> u64;
 }

 impl Clone for Box<dyn CryptoProvider> {
     fn clone(&self) -> Self {
         self.box_clone()
     }
 }

 /// A key object in a generated by a crypto provider.
 pub trait ProviderKey: Send {
     /// Delete a key.
     fn delete(&mut self) -> Result<(), CryptoProviderError>;
     /// Get the data for the key.
     fn get_key_data(&self) -> Vec<u8>;
     /// Get the crypto provider name for the key.
     fn get_provider_name(&self) -> &'static str;
 }

 /// An asymmetric key object generated by a crypto provider.
 pub trait AsymmetricProviderKey: ProviderKey {
     /// Sign a piece of data using asymmetric key. Return the signature.
     ///
     /// # Arguments:
     ///
     /// * `data` - The data to be signed.
     fn sign(&self, _data: &[u8]) -> Result<Vec<u8>, CryptoProviderError>;

     /// Get a DER encoded SubjectPublicKeyInfo structured public key data.
     fn get_der_public_key(&self) -> Result<Vec<u8>, CryptoProviderError>;

     /// Get the key algorithm.
     fn get_key_algorithm(&self) -> AsymmetricKeyAlgorithm;
 }

 /// An asymmetric key object generated by a crypto provider.
 pub trait SealingProviderKey: ProviderKey {
     /// Encrypt data using symmetric key. Return the encrypted data.
     ///
     /// # Arguments:
     ///
     /// * `data` - The data to be encrypted.
     fn encrypt(&self, data: &[u8]) -> Result<Vec<u8>, CryptoProviderError>;

     /// Decrypt data using symmetric key. Return the original data.
     ///
     /// # Arguments:
     ///
     /// * `data` - The data to be decrypted.
     fn decrypt(&self, data: &[u8]) -> Result<Vec<u8>, CryptoProviderError>;
 }
	// Copyright 2019 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#[cfg(test)]
	pub mod mock_provider;
	pub mod mundane_provider;

	use fidl_fuchsia_kms::AsymmetricKeyAlgorithm;
	use std::error::Error;
	use std::fmt;
	use std::fmt::Debug;

	/// The general error type returned by crypto provider.
	#[derive(Clone, Debug)]
	pub struct CryptoProviderError {
	error_message: String,
	}

	impl fmt::Display for CryptoProviderError {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	write!(f, "{:?}", self)
	}
	}

	impl Error for CryptoProviderError {}

	impl CryptoProviderError {
	pub fn new(error_message: &str) -> Self {
	CryptoProviderError { error_message: error_message.to_string() }
	}
	}

	/// A cryptography provider that could support cryptography operations.
	pub trait CryptoProvider: Debug + Send + Sync {
	/// Return a list of supported algorithms.
	fn supported_asymmetric_algorithms(&self) -> Vec<AsymmetricKeyAlgorithm>;

	/// Return a human-friendly name for this provider.
	fn get_name(&self) -> &'static str;

	/// Get a clone of the boxed trait object.
	fn box_clone(&self) -> Box<dyn CryptoProvider>;

	/// Generate an Asymmetric key pair. Return the generated key object.
	///
	/// # Arguments:
	///
	/// * `key_algorithm` - The algorithm for the key to be generated.
	/// * `key_name` - The name for the key in case the provider need to keep record.
	fn generate_asymmetric_key(
	&self,
	key_algorithm: AsymmetricKeyAlgorithm,
	key_name: &str,
	) -> Result<Box<dyn AsymmetricProviderKey>, CryptoProviderError>;

	/// Import a key. Return the key data representing the imported key.
	///
	/// # Arguments:
	///
	/// * `key_data`- The key data to be imported by the provider.
	/// * `key_algorithm` - The algorithm for the key to be imported.
	/// * `key_name` - The name for the key in case the provider need to keep record.
	fn import_asymmetric_key(
	&self,
	key_data: &[u8],
	key_algorithm: AsymmetricKeyAlgorithm,
	key_name: &str,
	) -> Result<Box<dyn AsymmetricProviderKey>, CryptoProviderError>;

	/// Check the correctness of key material and turn it into an AsymmetricProviderKey object.
	///
	/// # Arguments:
	///
	/// * `key_data`- The key data to be parsed by the provider.
	/// * `key_algorithm` - The algorithm for the key to be parsed.
	fn parse_asymmetric_key(
	&self,
	key_data: &[u8],
	key_algorithm: AsymmetricKeyAlgorithm,
	) -> Result<Box<dyn AsymmetricProviderKey>, CryptoProviderError>;

	/// Generate a symmetric key for sealing. Return the generated key object.
	///
	/// # Arguments:
	///
	/// * `key_name` - The name for the key in case the provider need to keep record.
	fn generate_sealing_key(
	&self,
	key_name: &str,
	) -> Result<Box<dyn SealingProviderKey>, CryptoProviderError>;

	/// Check the correctness of key material and turn it into an SealingProviderKey object.
	///
	/// # Arguments:
	///
	/// * `key_data`- The key data to be parsed by the provider.
	fn parse_sealing_key(
	&self,
	key_data: &[u8],
	) -> Result<Box<dyn SealingProviderKey>, CryptoProviderError>;

	/// Calculate the size of the sealed data based on the original data size.
	///
	/// # Arguments:
	///
	/// * 'original_data_size' - The size of the original data.
	fn calculate_sealed_data_size(&self, original_data_size: u64) -> u64;
	}

	impl Clone for Box<dyn CryptoProvider> {
	fn clone(&self) -> Self {
	self.box_clone()
	}
	}

	/// A key object in a generated by a crypto provider.
	pub trait ProviderKey: Send {
	/// Delete a key.
	fn delete(&mut self) -> Result<(), CryptoProviderError>;
	/// Get the data for the key.
	fn get_key_data(&self) -> Vec<u8>;
	/// Get the crypto provider name for the key.
	fn get_provider_name(&self) -> &'static str;
	}

	/// An asymmetric key object generated by a crypto provider.
	pub trait AsymmetricProviderKey: ProviderKey {
	/// Sign a piece of data using asymmetric key. Return the signature.
	///
	/// # Arguments:
	///
	/// * `data` - The data to be signed.
	fn sign(&self, _data: &[u8]) -> Result<Vec<u8>, CryptoProviderError>;

	/// Get a DER encoded SubjectPublicKeyInfo structured public key data.
	fn get_der_public_key(&self) -> Result<Vec<u8>, CryptoProviderError>;

	/// Get the key algorithm.
	fn get_key_algorithm(&self) -> AsymmetricKeyAlgorithm;
	}

	/// An asymmetric key object generated by a crypto provider.
	pub trait SealingProviderKey: ProviderKey {
	/// Encrypt data using symmetric key. Return the encrypted data.
	///
	/// # Arguments:
	///
	/// * `data` - The data to be encrypted.
	fn encrypt(&self, data: &[u8]) -> Result<Vec<u8>, CryptoProviderError>;

	/// Decrypt data using symmetric key. Return the original data.
	///
	/// # Arguments:
	///
	/// * `data` - The data to be decrypted.
	fn decrypt(&self, data: &[u8]) -> Result<Vec<u8>, CryptoProviderError>;
	}