Mountain/IPC/Enhanced/SecureMessageChannel/
EncryptionKey.rs

1#![allow(non_snake_case)]
2
3//! Wrapper around `ring::aead::LessSafeKey` plus metadata -
4//! creation timestamp, random key id, and a usage counter the
5//! channel bumps on each encrypt. Private constructors are
6//! exposed via `pub(super)` so the channel can manage rotation
7//! while keeping callers out of the raw key material.
8
9use std::time::{Duration, SystemTime};
10
11use ring::{
12	aead::{AES_256_GCM, LessSafeKey, UnboundKey},
13	rand::{SecureRandom, SystemRandom},
14};
15
16#[derive(Debug, Clone)]
17pub struct Struct {
18	pub(super) key:LessSafeKey,
19	pub(super) created_at:SystemTime,
20	pub(super) key_id:String,
21	pub(super) usage_count:usize,
22}
23
24impl Struct {
25	pub(super) fn new(key_bytes:&[u8]) -> Result<Self, String> {
26		let unbound_key =
27			UnboundKey::new(&AES_256_GCM, key_bytes).map_err(|e| format!("Failed to create unbound key: {}", e))?;
28
29		Ok(Self {
30			key:LessSafeKey::new(unbound_key),
31			created_at:SystemTime::now(),
32			key_id:Self::generate_key_id(),
33			usage_count:0,
34		})
35	}
36
37	fn generate_key_id() -> String {
38		let rng = SystemRandom::new();
39		let mut id_bytes = [0u8; 8];
40		rng.fill(&mut id_bytes).unwrap();
41		hex::encode(id_bytes)
42	}
43
44	pub(super) fn is_expired(&self, rotation_interval:Duration) -> bool {
45		self.created_at.elapsed().unwrap_or_default() > rotation_interval
46	}
47
48	pub(super) fn increment_usage(&mut self) { self.usage_count += 1; }
49}

Mountain/IPC/Enhanced/SecureMessageChannel/EncryptionKey.rs

Mountain/IPC/Enhanced/SecureMessageChannel/
EncryptionKey.rs