ruma_events/secret_storage/
secret.rs

1//! Types for events used for secrets to be stored in the user's account_data.
2
3use std::collections::BTreeMap;
4
5use ruma_common::serde::Base64;
6use serde::{Deserialize, Serialize};
7
8/// A secret and its encrypted contents.
9#[derive(Clone, Debug, Serialize, Deserialize)]
10#[cfg_attr(not(ruma_unstable_exhaustive_types), non_exhaustive)]
11pub struct SecretEventContent {
12    /// Map from key ID to the encrypted data.
13    ///
14    /// The exact format for the encrypted data is dependent on the key algorithm.
15    pub encrypted: BTreeMap<String, SecretEncryptedData>,
16}
17
18impl SecretEventContent {
19    /// Create a new `SecretEventContent` with the given encrypted content.
20    pub fn new(encrypted: BTreeMap<String, SecretEncryptedData>) -> Self {
21        Self { encrypted }
22    }
23}
24
25/// Encrypted data for a corresponding secret storage encryption algorithm.
26#[derive(Clone, Debug, Serialize, Deserialize)]
27#[cfg_attr(not(ruma_unstable_exhaustive_types), non_exhaustive)]
28#[serde(untagged)]
29pub enum SecretEncryptedData {
30    /// Data encrypted using the *m.secret_storage.v1.aes-hmac-sha2* algorithm.
31    AesHmacSha2EncryptedData {
32        /// The 16-byte initialization vector, encoded as base64.
33        iv: Base64,
34
35        /// The AES-CTR-encrypted data, encoded as base64.
36        ciphertext: Base64,
37
38        /// The MAC, encoded as base64.
39        mac: Base64,
40    },
41}
42
43#[cfg(test)]
44mod tests {
45    use std::collections::BTreeMap;
46
47    use assert_matches2::assert_matches;
48    use ruma_common::serde::Base64;
49    use serde_json::{from_value as from_json_value, json, to_value as to_json_value};
50
51    use super::{SecretEncryptedData, SecretEventContent};
52
53    #[test]
54    fn test_secret_serialization() {
55        let key_one_data = SecretEncryptedData::AesHmacSha2EncryptedData {
56            iv: Base64::parse("YWJjZGVmZ2hpamtsbW5vcA").unwrap(),
57            ciphertext: Base64::parse("dGhpc2lzZGVmaW5pdGVseWNpcGhlcnRleHQ").unwrap(),
58            mac: Base64::parse("aWRvbnRrbm93d2hhdGFtYWNsb29rc2xpa2U").unwrap(),
59        };
60
61        let mut encrypted = BTreeMap::<String, SecretEncryptedData>::new();
62        encrypted.insert("key_one".to_owned(), key_one_data);
63
64        let content = SecretEventContent::new(encrypted);
65
66        let json = json!({
67            "encrypted": {
68                "key_one" : {
69                    "iv": "YWJjZGVmZ2hpamtsbW5vcA",
70                    "ciphertext": "dGhpc2lzZGVmaW5pdGVseWNpcGhlcnRleHQ",
71                    "mac": "aWRvbnRrbm93d2hhdGFtYWNsb29rc2xpa2U"
72                }
73            }
74        });
75
76        assert_eq!(to_json_value(content).unwrap(), json);
77    }
78
79    #[test]
80    fn test_secret_deserialization() {
81        let json = json!({
82            "encrypted": {
83                "key_one" : {
84                    "iv": "YWJjZGVmZ2hpamtsbW5vcA",
85                    "ciphertext": "dGhpc2lzZGVmaW5pdGVseWNpcGhlcnRleHQ",
86                    "mac": "aWRvbnRrbm93d2hhdGFtYWNsb29rc2xpa2U"
87                }
88            }
89        });
90
91        let deserialized: SecretEventContent = from_json_value(json).unwrap();
92        let secret_data = deserialized.encrypted.get("key_one").unwrap();
93
94        assert_matches!(
95            secret_data,
96            SecretEncryptedData::AesHmacSha2EncryptedData { iv, ciphertext, mac }
97        );
98        assert_eq!(iv.encode(), "YWJjZGVmZ2hpamtsbW5vcA");
99        assert_eq!(ciphertext.encode(), "dGhpc2lzZGVmaW5pdGVseWNpcGhlcnRleHQ");
100        assert_eq!(mac.encode(), "aWRvbnRrbm93d2hhdGFtYWNsb29rc2xpa2U");
101    }
102}
ruma_events/secret_storage/secret.rs

ruma_events/secret_storage/
secret.rs
