encdec.rs - mozsearch

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

use crate::{JwCryptoError, Jwk};

use serde::{de::DeserializeOwned, Serialize};

/// High-level struct for handling Encryption/Decryption

pub struct EncryptorDecryptor {

    jwk: Jwk,

impl EncryptorDecryptor {

    /// Create a key that can be used to construct an EncryptorDecryptor

    pub fn create_key() -> Result<String, JwCryptoError> {

        let key = crate::Jwk::new_direct_key(None)?;

        Ok(serde_json::to_string(&key)?)

    pub fn new(key: &str) -> Result<Self, JwCryptoError> {

        match serde_json::from_str(key) {

            Ok(jwk) => Ok(Self { jwk }),

            Err(_) => Err(JwCryptoError::InvalidKey),

    pub fn new_with_random_key() -> Result<Self, JwCryptoError> {

        Self::new(&Self::create_key()?)

    /// Encrypt a string

///

    /// `description` is a developer-friendly description of the operation that gets reported to Sentry

    /// on crypto errors.

    pub fn encrypt(&self, cleartext: &str) -> Result<String, JwCryptoError> {

        crate::encrypt_to_jwe(

            cleartext.as_bytes(),

            crate::EncryptionParameters::Direct {

                enc: crate::EncryptionAlgorithm::A256GCM,

                jwk: &self.jwk,

},

    /// Encrypt a struct

///

    /// `description` is a developer-friendly description of the operation that gets reported to Sentry

    /// on crypto errors.

    pub fn encrypt_struct<T: Serialize>(&self, fields: &T) -> Result<String, JwCryptoError> {

        let str = serde_json::to_string(fields)?;

        self.encrypt(&str)

    /// Decrypt a string

///

    /// `description` is a developer-friendly description of the operation that gets reported to Sentry

    /// on crypto errors.

    pub fn decrypt(&self, ciphertext: &str) -> Result<String, JwCryptoError> {

        if ciphertext.is_empty() {

            return Err(JwCryptoError::EmptyCyphertext);

        crate::decrypt_jwe(

            ciphertext,

            crate::DecryptionParameters::Direct {

                jwk: self.jwk.clone(),

},

    /// Decrypt a struct

///

    /// `description` is a developer-friendly description of the operation that gets reported to Sentry

    /// on crypto errors.

    pub fn decrypt_struct<T: DeserializeOwned>(

        &self,

        ciphertext: &str,

    ) -> Result<T, JwCryptoError> {

        let json = self.decrypt(ciphertext)?;

        Ok(serde_json::from_str(&json)?)

    // Create canary text.

//

    // These are used to check if a key is still valid for a database.  Call this when opening a

    // database for the first time and save the result.

    pub fn create_canary(&self, text: &str) -> Result<String, JwCryptoError> {

        self.encrypt(text)

    // Create canary text.

//

    // These are used to check if a key is still valid for a database.  Call this when re-opening a

    // database, using the same text parameter and the return value of the initial check_canary call.

//

    // - If check_canary() returns true, then it's safe to assume the key can decrypt the DB data

    // - If check_canary() returns false, then the key is no longer valid.  It should be

    // regenerated and the DB data should be wiped since we can no longer read it properly

    pub fn check_canary(&self, canary: &str, text: &str) -> Result<bool, JwCryptoError> {

        Ok(self.decrypt(canary)? == text)