samehabouelsaad/sal-modular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Refactor kvstore and vault to use features and logging

Browse Source 
- Remove hardcoded dependencies in kvstore Cargo.toml; use features
  instead. This allows for more flexible compilation for different
  targets (native vs. WASM).
- Improve logging in vault crate using the `log` crate. This makes
  debugging easier and provides more informative output during
  execution.  Native tests use `env_logger`, WASM tests use
  `console_log`.
- Update README to reflect new logging best practices.
- Add cfg attributes to native and wasm modules to improve clarity.
- Update traits.rs to specify Send + Sync behavior expectations.
This commit is contained in:
Sameh Abouelsaad
2025-05-15 16:42:19 +03:00
parent 7d7f94f114
commit cea2d7e655
17 changed files with 843 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
vault/src/lib.rs
View File

@@ -18,22 +18,7 @@ use crate::crypto::random_salt;
use crate::crypto::cipher::{encrypt_chacha20, decrypt_chacha20, encrypt_aes_gcm, decrypt_aes_gcm};
use signature::SignatureEncoding;
// TEMP: File-based debug logger for crypto troubleshooting
#[cfg(not(target_arch = "wasm32"))]
fn debug_log(msg: &str) {
use std::fs::OpenOptions;
use std::io::Write;
let mut f = OpenOptions::new()
.create(true)
.append(true)
.open("/tmp/vault_crypto_debug.log")
.unwrap();
writeln!(f, "{}", msg).unwrap();
}
#[cfg(target_arch = "wasm32")]
fn debug_log(_msg: &str) {
// No-op in WASM
}
use log::{debug, info, error};
/// Vault: Cryptographic keyspace and operations
pub struct Vault<S: KVStore> {
@@ -46,30 +31,30 @@ fn encrypt_with_nonce_prepended(key: &[u8], plaintext: &[u8], cipher: &str) -> R
use crate::crypto::random_salt;
use crate::crypto;
let nonce = random_salt(12);
debug_log(&format!("[DEBUG][ENCRYPT_HELPER] nonce: {}", hex::encode(&nonce)));
debug!("nonce: {}", hex::encode(&nonce));
let (ct, _key_hex) = match cipher {
"chacha20poly1305" => {
let ct = encrypt_chacha20(key, plaintext, &nonce)
.map_err(|e| VaultError::Crypto(e))?;
debug_log(&format!("[DEBUG][ENCRYPT_HELPER] ct: {}", hex::encode(&ct)));
debug_log(&format!("[DEBUG][ENCRYPT_HELPER] key: {}", hex::encode(key)));
debug!("ct: {}", hex::encode(&ct));
debug!("key: {}", hex::encode(key));
(ct, hex::encode(key))
},
"aes-gcm" => {
let ct = encrypt_aes_gcm(key, plaintext, &nonce)
.map_err(|e| VaultError::Crypto(e))?;
debug_log(&format!("[DEBUG][ENCRYPT_HELPER] ct: {}", hex::encode(&ct)));
debug_log(&format!("[DEBUG][ENCRYPT_HELPER] key: {}", hex::encode(key)));
debug!("ct: {}", hex::encode(&ct));
debug!("key: {}", hex::encode(key));
(ct, hex::encode(key))
},
_ => {
debug_log(&format!("[DEBUG][ENCRYPT_HELPER] unsupported cipher: {}", cipher));
debug!("unsupported cipher: {}", cipher);
return Err(VaultError::Other(format!("Unsupported cipher: {cipher}")));
}
};
let mut blob = nonce.clone();
blob.extend_from_slice(&ct);
debug_log(&format!("[DEBUG][ENCRYPT_HELPER] ENCRYPTED (nonce|ct): {}", hex::encode(&blob)));
debug!("ENCRYPTED (nonce|ct): {}", hex::encode(&blob));
Ok(blob)
}
@@ -82,50 +67,50 @@ impl<S: KVStore> Vault<S> {
pub async fn create_keyspace(&mut self, name: &str, password: &[u8], kdf: &str, cipher: &str, tags: Option<Vec<String>>) -> Result<(), VaultError> {
// Check if keyspace already exists
if self.storage.get(name).await.map_err(|e| VaultError::Storage(format!("{e:?}")))?.is_some() {
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] ERROR: keyspace '{}' already exists", name));
debug!("keyspace '{}' already exists", name);
return Err(VaultError::Crypto("Keyspace already exists".to_string()));
}
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] entry: name={}", name));
debug!("entry: name={}", name);
use crate::crypto::{random_salt, kdf};
use crate::data::{KeyspaceMetadata, KeyspaceData};
use serde_json;
// 1. Generate salt
let salt = random_salt(16);
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] salt: {:?}", salt));
debug!("salt: {:?}", salt);
// 2. Derive key
let key = match kdf {
"scrypt" => match kdf::derive_key_scrypt(password, &salt, 32) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] kdf scrypt error: {}", e));
debug!("kdf scrypt error: {}", e);
return Err(VaultError::Crypto(e));
}
},
"pbkdf2" => kdf::derive_key_pbkdf2(password, &salt, 32, 10_000),
_ => {
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] unsupported KDF: {}", kdf));
debug!("unsupported KDF: {}", kdf);
return Err(VaultError::Other(format!("Unsupported KDF: {kdf}")));
}
};
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] derived key: {} bytes", key.len()));
debug!("derived key: {} bytes", key.len());
// 3. Prepare initial keyspace data
let keyspace_data = KeyspaceData { keypairs: vec![] };
let plaintext = match serde_json::to_vec(&keyspace_data) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] serde_json error: {}", e));
debug!("serde_json error: {}", e);
return Err(VaultError::Serialization(e.to_string()));
}
};
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] plaintext serialized: {} bytes", plaintext.len()));
debug!("plaintext serialized: {} bytes", plaintext.len());
// 4. Generate nonce (12 bytes for both ciphers)
let nonce = random_salt(12);
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] nonce: {}", hex::encode(&nonce)));
debug!("nonce: {}", hex::encode(&nonce));
// 5. Encrypt
let encrypted_blob = encrypt_with_nonce_prepended(&key, &plaintext, cipher)?;
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] encrypted_blob: {} bytes", encrypted_blob.len()));
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] encrypted_blob (hex): {}", hex::encode(&encrypted_blob)));
debug!("encrypted_blob: {} bytes", encrypted_blob.len());
debug!("encrypted_blob (hex): {}", hex::encode(&encrypted_blob));
// 6. Compose metadata
let metadata = KeyspaceMetadata {
name: name.to_string(),
@@ -140,12 +125,12 @@ impl<S: KVStore> Vault<S> {
let meta_bytes = match serde_json::to_vec(&metadata) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][CREATE_KEYSPACE] serde_json metadata error: {}", e));
debug!("serde_json metadata error: {}", e);
return Err(VaultError::Serialization(e.to_string()));
}
};
self.storage.set(name, &meta_bytes).await.map_err(|e| VaultError::Storage(format!("{e:?}")))?;
debug_log("[DEBUG][CREATE_KEYSPACE] success");
debug!("success");
Ok(())
}
@@ -167,18 +152,15 @@ impl<S: KVStore> Vault<S> {
/// Unlock a keyspace by name and password, returning the decrypted data
pub async fn unlock_keyspace(&self, name: &str, password: &[u8]) -> Result<KeyspaceData, VaultError> {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] entry: name={} password={}", name, hex::encode(password)));
debug!("unlock_keyspace entry: name={}", name);
use crate::crypto::{kdf};
use serde_json;
// 1. Fetch keyspace metadata
let meta_bytes = self.storage.get(name).await.map_err(|e| VaultError::Storage(format!("{e:?}")))?;
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] got meta_bytes: {}", meta_bytes.as_ref().map(|v| v.len()).unwrap_or(0)));
let meta_bytes = meta_bytes.ok_or(VaultError::KeyspaceNotFound(name.to_string()))?;
let metadata: KeyspaceMetadata = serde_json::from_slice(&meta_bytes).map_err(|e| VaultError::Serialization(e.to_string()))?;
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] metadata: kdf={} cipher={} salt={:?} encrypted_blob_len={}", metadata.kdf, metadata.cipher, metadata.salt, metadata.encrypted_blob.len()));
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] ENCRYPTED_BLOB (hex): {}", hex::encode(&metadata.encrypted_blob)));
if metadata.salt.len() != 16 {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] ERROR: salt length {} != 16", metadata.salt.len()));
debug!("salt length {} != 16", metadata.salt.len());
return Err(VaultError::Crypto("Salt length must be 16 bytes".to_string()));
}
// 2. Derive key
@@ -186,57 +168,57 @@ impl<S: KVStore> Vault<S> {
"scrypt" => match kdf::derive_key_scrypt(password, &metadata.salt, 32) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] kdf scrypt error: {}", e));
debug!("kdf scrypt error: {}", e);
return Err(VaultError::Crypto(e));
}
},
"pbkdf2" => kdf::derive_key_pbkdf2(password, &metadata.salt, 32, 10_000),
_ => {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] unsupported KDF: {}", metadata.kdf));
debug!("unsupported KDF: {}", metadata.kdf);
return Err(VaultError::Other(format!("Unsupported KDF: {}", metadata.kdf)));
}
};
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] derived key: {} bytes", key.len()));
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] derived key (hex): {}", hex::encode(&key)));
debug!("derived key: {} bytes", key.len());
debug!("derived key (hex): {}", hex::encode(&key));
// 3. Split nonce and ciphertext
let ciphertext = &metadata.encrypted_blob;
if ciphertext.len() < 12 {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] ciphertext too short: {}", ciphertext.len()));
debug!("ciphertext too short: {}", ciphertext.len());
return Err(VaultError::Crypto("Ciphertext too short".to_string()));
}
let (nonce, ct) = ciphertext.split_at(12);
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] nonce: {} ct: {}", hex::encode(nonce), hex::encode(ct)));
debug!("nonce: {}", hex::encode(nonce));
// 4. Decrypt
let plaintext = match metadata.cipher.as_str() {
"chacha20poly1305" => match decrypt_chacha20(&key, ct, nonce) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] chacha20poly1305 error: {}", e));
debug!("chacha20poly1305 error: {}", e);
return Err(VaultError::Crypto(e));
}
},
"aes-gcm" => match decrypt_aes_gcm(&key, ct, nonce) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] aes-gcm error: {}", e));
debug!("aes-gcm error: {}", e);
return Err(VaultError::Crypto(e));
}
},
_ => {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] unsupported cipher: {}", metadata.cipher));
debug!("unsupported cipher: {}", metadata.cipher);
return Err(VaultError::Other(format!("Unsupported cipher: {}", metadata.cipher)));
}
};
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] plaintext decrypted: {} bytes", plaintext.len()));
debug!("plaintext decrypted: {} bytes", plaintext.len());
// 4. Deserialize keyspace data
let keyspace_data: KeyspaceData = match serde_json::from_slice(&plaintext) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][UNLOCK_KEYSPACE] serde_json data error: {}", e));
debug!("serde_json data error: {}", e);
return Err(VaultError::Serialization(e.to_string()));
}
};
debug_log("[DEBUG][UNLOCK_KEYSPACE] success");
debug!("success");
Ok(keyspace_data)
}
@@ -316,17 +298,17 @@ impl<S: KVStore> Vault<S> {
/// Save the updated keyspace data (helper)
async fn save_keyspace(&mut self, keyspace: &str, password: &[u8], data: &KeyspaceData) -> Result<(), VaultError> {
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] entry: keyspace={} password={}", keyspace, hex::encode(password)));
debug!("save_keyspace entry: keyspace={}", keyspace);
use crate::crypto::kdf;
use serde_json;
// 1. Fetch metadata
let meta_bytes = self.storage.get(keyspace).await.map_err(|e| VaultError::Storage(format!("{e:?}")))?;
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] got meta_bytes: {}", meta_bytes.as_ref().map(|v| v.len()).unwrap_or(0)));
debug!("got meta_bytes: {}", meta_bytes.as_ref().map(|v| v.len()).unwrap_or(0));
let meta_bytes = meta_bytes.ok_or(VaultError::KeyspaceNotFound(keyspace.to_string()))?;
let mut metadata: KeyspaceMetadata = serde_json::from_slice(&meta_bytes).map_err(|e| VaultError::Serialization(e.to_string()))?;
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] metadata: kdf={} cipher={} salt={:?}", metadata.kdf, metadata.cipher, metadata.salt));
debug!("metadata: kdf={} cipher={} salt={:?}", metadata.kdf, metadata.cipher, metadata.salt);
if metadata.salt.len() != 16 {
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] ERROR: salt length {} != 16", metadata.salt.len()));
debug!("salt length {} != 16", metadata.salt.len());
return Err(VaultError::Crypto("Salt length must be 16 bytes".to_string()));
}
// 2. Derive key
@@ -334,43 +316,43 @@ impl<S: KVStore> Vault<S> {
"scrypt" => match kdf::derive_key_scrypt(password, &metadata.salt, 32) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] kdf scrypt error: {}", e));
debug!("kdf scrypt error: {}", e);
return Err(VaultError::Crypto(e));
}
},
"pbkdf2" => kdf::derive_key_pbkdf2(password, &metadata.salt, 32, 10_000),
_ => {
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] unsupported KDF: {}", metadata.kdf));
debug!("unsupported KDF: {}", metadata.kdf);
return Err(VaultError::Other(format!("Unsupported KDF: {}", metadata.kdf)));
}
};
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] derived key: {} bytes", key.len()));
debug!("derived key: {} bytes", key.len());
// 3. Serialize plaintext
let plaintext = match serde_json::to_vec(data) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] serde_json data error: {}", e));
debug!("serde_json data error: {}", e);
return Err(VaultError::Serialization(e.to_string()));
}
};
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] plaintext serialized: {} bytes", plaintext.len()));
debug!("plaintext serialized: {} bytes", plaintext.len());
// 4. Generate nonce
let nonce = random_salt(12);
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] nonce: {}", hex::encode(&nonce)));
debug!("nonce: {}", hex::encode(&nonce));
// 5. Encrypt
let encrypted_blob = encrypt_with_nonce_prepended(&key, &plaintext, &metadata.cipher)?;
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] encrypted_blob: {} bytes", encrypted_blob.len()));
debug!("encrypted_blob: {} bytes", encrypted_blob.len());
// 6. Store new encrypted blob
metadata.encrypted_blob = encrypted_blob;
let meta_bytes = match serde_json::to_vec(&metadata) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][SAVE_KEYSPACE] serde_json metadata error: {}", e));
debug!("serde_json metadata error: {}", e);
return Err(VaultError::Serialization(e.to_string()));
}
};
self.storage.set(keyspace, &meta_bytes).await.map_err(|e| VaultError::Storage(format!("{e:?}")))?;
debug_log("[DEBUG][SAVE_KEYSPACE] success");
debug!("success");
Ok(())
}
@@ -433,62 +415,62 @@ impl<S: KVStore> Vault<S> {
/// Encrypt a message using the keyspace symmetric cipher
/// (for simplicity, uses keyspace password-derived key)
pub async fn encrypt(&self, keyspace: &str, password: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, VaultError> {
debug_log("[DEBUG][ENTER] encrypt");
debug_log(&format!("[DEBUG][encrypt] keyspace={}", keyspace));
debug!("encrypt");
debug!("keyspace={}", keyspace);
use crate::crypto::{kdf};
// 1. Load keyspace metadata
let meta_bytes = self.storage.get(keyspace).await.map_err(|e| VaultError::Storage(format!("{e:?}")))?;
let meta_bytes = match meta_bytes {
Some(val) => val,
None => {
debug_log("[DEBUG][ERR] encrypt: keyspace not found");
debug!("keyspace not found");
return Err(VaultError::Other("Keyspace not found".to_string()));
}
};
let meta: KeyspaceMetadata = match serde_json::from_slice(&meta_bytes) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][ERR] encrypt: serialization error: {}", e));
debug!("serialization error: {}", e);
return Err(VaultError::Serialization(e.to_string()));
}
};
debug_log(&format!("[DEBUG][encrypt] salt={:?} cipher={} (hex salt: {})", meta.salt, meta.cipher, hex::encode(&meta.salt)));
debug!("salt={:?} cipher={} (hex salt: {})", meta.salt, meta.cipher, hex::encode(&meta.salt));
// 2. Derive key
let key = match meta.kdf.as_str() {
"scrypt" => match kdf::derive_key_scrypt(password, &meta.salt, 32) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][ERR] encrypt: kdf scrypt error: {}", e));
debug!("kdf scrypt error: {}", e);
return Err(VaultError::Crypto(e));
}
},
"pbkdf2" => kdf::derive_key_pbkdf2(password, &meta.salt, 32, 10_000),
_ => {
debug_log(&format!("[DEBUG][ERR] encrypt: unsupported KDF: {}", meta.kdf));
debug!("unsupported KDF: {}", meta.kdf);
return Err(VaultError::Other(format!("Unsupported KDF: {}", meta.kdf)));
}
};
// 3. Generate nonce
let nonce = random_salt(12);
debug_log(&format!("[DEBUG][encrypt] nonce={:?} (hex nonce: {})", nonce, hex::encode(&nonce)));
debug!("nonce={:?} (hex nonce: {})", nonce, hex::encode(&nonce));
// 4. Encrypt
let ciphertext = match meta.cipher.as_str() {
"chacha20poly1305" => match encrypt_chacha20(&key, plaintext, &nonce) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][ERR] encrypt: chacha20poly1305 error: {}", e));
debug!("chacha20poly1305 error: {}", e);
return Err(VaultError::Crypto(e));
}
},
"aes-gcm" => match encrypt_aes_gcm(&key, plaintext, &nonce) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][ERR] encrypt: aes-gcm error: {}", e));
debug!("aes-gcm error: {}", e);
return Err(VaultError::Crypto(e));
}
},
_ => {
debug_log(&format!("[DEBUG][ERR] encrypt: unsupported cipher: {}", meta.cipher));
debug!("unsupported cipher: {}", meta.cipher);
return Err(VaultError::Other(format!("Unsupported cipher: {}", meta.cipher)));
}
};
@@ -501,58 +483,57 @@ pub async fn encrypt(&self, keyspace: &str, password: &[u8], plaintext: &[u8]) -
/// Decrypt a message using the keyspace symmetric cipher
/// (for simplicity, uses keyspace password-derived key)
pub async fn decrypt(&self, keyspace: &str, password: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>, VaultError> {
debug_log("[DEBUG][ENTER] decrypt");
debug_log(&format!("[DEBUG][decrypt] keyspace={}", keyspace));
debug!("decrypt");
debug!("keyspace={}", keyspace);
use crate::crypto::{kdf};
// 1. Fetch metadata
let meta_bytes = self.storage.get(keyspace).await.map_err(|e| VaultError::Storage(format!("{e:?}")))?;
let meta_bytes = meta_bytes.ok_or(VaultError::KeyspaceNotFound(keyspace.to_string()))?;
let metadata: KeyspaceMetadata = serde_json::from_slice(&meta_bytes).map_err(|e| VaultError::Serialization(e.to_string()))?;
debug_log(&format!("[DEBUG][decrypt] salt={:?} cipher={} (hex salt: {})", metadata.salt, metadata.cipher, hex::encode(&metadata.salt)));
debug!("salt={:?} cipher={} (hex salt: {})", metadata.salt, metadata.cipher, hex::encode(&metadata.salt));
// 2. Derive key
let key = match metadata.kdf.as_str() {
"scrypt" => match kdf::derive_key_scrypt(password, &metadata.salt, 32) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][ERR] decrypt: storage error: {:?}", e));
debug!("storage error: {:?}", e);
return Err(VaultError::Crypto(e));
}
},
"pbkdf2" => kdf::derive_key_pbkdf2(password, &metadata.salt, 32, 10_000),
_ => {
debug_log(&format!("[DEBUG][ERR] decrypt: unsupported KDF: {}", metadata.kdf));
debug!("unsupported KDF: {}", metadata.kdf);
return Err(VaultError::Other(format!("Unsupported KDF: {}", metadata.kdf)));
}
};
// 3. Split nonce and ciphertext
if ciphertext.len() < 12 {
debug_log(&format!("[DEBUG][ERR] decrypt: ciphertext too short: {}", ciphertext.len()));
debug!("ciphertext too short: {}", ciphertext.len());
return Err(VaultError::Crypto("Ciphertext too short".to_string()));
}
let (nonce, ct) = ciphertext.split_at(12);
debug_log(&format!("[DEBUG][decrypt] nonce={:?} (hex nonce: {})", nonce, hex::encode(nonce)));
debug!("nonce={:?} (hex nonce: {})", nonce, hex::encode(nonce));
// 4. Decrypt
let plaintext = match metadata.cipher.as_str() {
"chacha20poly1305" => match decrypt_chacha20(&key, ct, nonce) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][ERR] decrypt: chacha20poly1305 error: {}", e));
debug!("chacha20poly1305 error: {}", e);
return Err(VaultError::Crypto(e));
}
},
"aes-gcm" => match decrypt_aes_gcm(&key, ct, nonce) {
Ok(val) => val,
Err(e) => {
debug_log(&format!("[DEBUG][ERR] decrypt: aes-gcm error: {}", e));
debug!("aes-gcm error: {}", e);
return Err(VaultError::Crypto(e));
}
},
_ => {
debug_log(&format!("[DEBUG][ERR] decrypt: unsupported cipher: {}", metadata.cipher));
debug!("unsupported cipher: {}", metadata.cipher);
return Err(VaultError::Other(format!("Unsupported cipher: {}", metadata.cipher)));
}
};
Ok(plaintext)
}
} // <-- Close the impl block