vaultrs/api/
transit.rs

1pub mod requests;
2pub mod responses;
3
4use serde::{Deserialize, Serialize};
5
6#[derive(Clone, Copy, Debug, Serialize, Deserialize)]
7#[serde(rename_all = "kebab-case")]
8pub enum KeyType {
9    /// AES-128 wrapped with GCM using a 96-bit nonce size AEAD (symmetric,
10    /// supports derivation and convergent encryption)
11    Aes128Gcm96,
12    /// AES-256 wrapped with GCM using a 96-bit nonce size AEAD (symmetric,
13    /// supports derivation and convergent encryption, default)
14    Aes256Gcm96,
15    /// ChaCha20-Poly1305 AEAD (symmetric, supports derivation and convergent
16    /// encryption)
17    Chacha20Poly1305,
18    /// ED25519 (asymmetric, supports derivation). When using derivation, a sign
19    /// operation with the same context will derive the same key and signature;
20    /// this is a signing analogue to convergent_encryption.
21    Ed25519,
22    /// ECDSA using the P-256 elliptic curve (asymmetric)
23    EcdsaP256,
24    /// ECDSA using the P-384 elliptic curve (asymmetric)
25    EcdsaP384,
26    /// ECDSA using the P-521 elliptic curve (asymmetric)
27    EcdsaP521,
28    /// RSA with bit size of 2048 (asymmetric)
29    // kebab-case conversion doesn't work for words starting with a digit.
30    #[serde(rename = "rsa-2048")]
31    Rsa2048,
32    /// RSA with bit size of 3072 (asymmetric)
33    #[serde(rename = "rsa-3072")]
34    Rsa3072,
35    /// RSA with bit size of 4096 (asymmetric)
36    #[serde(rename = "rsa-4096")]
37    Rsa4096,
38}
39
40impl Default for KeyType {
41    fn default() -> Self {
42        Self::Aes256Gcm96
43    }
44}
45
46#[derive(Clone, Copy, Debug, Serialize, Deserialize)]
47#[serde(rename_all = "kebab-case")]
48pub enum OutputFormat {
49    Base64,
50    Hex,
51}
52
53impl Default for OutputFormat {
54    fn default() -> Self {
55        Self::Base64
56    }
57}
58
59/// Note: In FIPS 140-2 mode, the following algorithms are not certified and
60/// thus should not be used: sha3-224, sha3-256, sha3-384, and sha3-512.
61#[derive(Clone, Copy, Debug, Serialize, Deserialize)]
62#[serde(rename_all = "kebab-case")]
63pub enum HashAlgorithm {
64    Sha2_224,
65    Sha2_256,
66    Sha2_384,
67    Sha2_512,
68    Sha3_224,
69    Sha3_256,
70    Sha3_384,
71    Sha3_512,
72}
73
74#[derive(Clone, Copy, Debug, Serialize, Deserialize)]
75#[serde(rename_all = "kebab-case")]
76pub enum SignatureAlgorithm {
77    Pss,
78    Pkcs1v15,
79}
80
81#[derive(Clone, Copy, Debug, Serialize, Deserialize)]
82#[serde(rename_all = "kebab-case")]
83pub enum MarshalingAlgorithm {
84    /// The default, used by OpenSSL and X.509
85    Asn1,
86    /// The version used by JWS (and thus for JWTs). Selecting this will also
87    /// change the output encoding to URL-safe Base64 encoding instead of
88    /// standard Base64-encoding.
89    Jws,
90}