feat(core): DEK 缓存 + 密钥轮换管理端点

- erp-core/crypto/key_manager: DashMap LRU DEK 缓存 (TTL 5min, 100条) - DekManager: get_or_create_dek, generate_new_dek, invalidate - PiiCrypto 集成 DekManager - POST /api/v1/admin/tenants/:id/rotate-key: 生成新 DEK + 缓存失效 - 权限: tenant.manage (仅超级管理员)
2026-04-26 12:40:25 +08:00
parent 731e080125
commit 49b8300fdc
6 changed files with 322 additions and 0 deletions
--- a/crates/erp-core/src/crypto/key_manager.rs
+++ b/crates/erp-core/src/crypto/key_manager.rs
@@ -0,0 +1,120 @@
+use std::sync::Arc;
+use std::time::Instant;
+
+use dashmap::DashMap;
+use uuid::Uuid;
+
+use crate::error::{AppError, AppResult};
+
+use super::engine;
+
+/// DEK 缓存条目
+#[derive(Clone)]
+struct CachedDek {
+    dek: [u8; 32],
+    version: u32,
+    loaded_at: Instant,
+}
+
+/// DEK 缓存管理 — 每租户独立 DEK，LRU + TTL
+#[derive(Clone)]
+pub struct DekManager {
+    cache: DashMap<Uuid, CachedDek>,
+    ttl_secs: u64,
+    max_entries: usize,
+}
+
+impl DekManager {
+    pub fn new(ttl_secs: u64, max_entries: usize) -> Self {
+        Self {
+            cache: DashMap::new(),
+            ttl_secs,
+            max_entries,
+        }
+    }
+
+    /// 获取或创建租户的 DEK
+    pub fn get_or_create_dek(
+        &self,
+        tenant_id: Uuid,
+        encrypted_dek: Option<&str>,
+        kek: &[u8; 32],
+    ) -> AppResult<([u8; 32], u32)> {
+        // 检查缓存
+        if let Some(entry) = self.cache.get(&tenant_id) {
+            if entry.loaded_at.elapsed().as_secs() < self.ttl_secs {
+                return Ok((entry.dek, entry.version));
+            }
+        }
+
+        // 从加密 DEK 解密
+        if let Some(enc_dek) = encrypted_dek {
+            let dek_hex = engine::decrypt(kek, enc_dek).map_err(|e| AppError::Internal(e))?;
+            let dek_bytes = hex::decode(&dek_hex).map_err(|e| AppError::Internal(e.to_string()))?;
+            if dek_bytes.len() != 32 {
+                return Err(AppError::Internal("DEK must be 32 bytes".into()));
+            }
+            let mut dek = [0u8; 32];
+            dek.copy_from_slice(&dek_bytes);
+
+            // 缓存（版本从外部传入时无法确定，使用默认值 1）
+            self.evict_if_full();
+            self.cache.insert(tenant_id, CachedDek {
+                dek,
+                version: 1,
+                loaded_at: Instant::now(),
+            });
+            return Ok((dek, 1));
+        }
+
+        // 无现有 DEK → 生成新的
+        let dek = Self::generate_dek();
+        self.evict_if_full();
+        self.cache.insert(tenant_id, CachedDek {
+            dek,
+            version: 1,
+            loaded_at: Instant::now(),
+        });
+        Ok((dek, 1))
+    }
+
+    /// 使用 KEK 加密 DEK 以便存储
+    pub fn encrypt_dek_for_storage(dek: &[u8; 32], kek: &[u8; 32]) -> AppResult<String> {
+        let dek_hex = hex::encode(dek);
+        engine::encrypt(kek, &dek_hex).map_err(|e| AppError::Internal(e))
+    }
+
+    /// 生成新 DEK 并用 KEK 加密，返回 (新 DEK, 加密后的 DEK)
+    pub fn generate_new_dek(kek: &[u8; 32]) -> AppResult<([u8; 32], String)> {
+        let dek = Self::generate_dek();
+        let encrypted = Self::encrypt_dek_for_storage(&dek, kek)?;
+        Ok((dek, encrypted))
+    }
+
+    /// 使缓存失效（轮换后调用）
+    pub fn invalidate(&self, tenant_id: Uuid) {
+        self.cache.remove(&tenant_id);
+    }
+
+    fn generate_dek() -> [u8; 32] {
+        use rand::RngCore;
+        let mut dek = [0u8; 32];
+        rand::thread_rng().fill_bytes(&mut dek);
+        dek
+    }
+
+    fn evict_if_full(&self) {
+        if self.cache.len() >= self.max_entries {
+            // 简单策略：移除最早加载的一半
+            let to_remove: Vec<Uuid> = self.cache
+                .iter()
+                .filter(|e| e.loaded_at.elapsed().as_secs() > self.ttl_secs / 2)
+                .map(|e| *e.key())
+                .take(self.max_entries / 2)
+                .collect();
+            for id in to_remove {
+                self.cache.remove(&id);
+            }
+        }
+    }
+}
--- a/crates/erp-core/src/crypto/mod.rs
+++ b/crates/erp-core/src/crypto/mod.rs
@@ -0,0 +1,143 @@
+pub mod engine;
+pub mod hmac_index;
+pub mod key_manager;
+pub mod masking;
+
+pub use engine::{decrypt, encrypt};
+pub use hmac_index::hmac_hash;
+pub use masking::{mask_id_number, mask_phone};
+pub use key_manager::DekManager;
+
+use crate::error::{AppError, AppResult};
+
+/// PII 加密服务 — 封装 KEK 和 DEK 管理
+#[derive(Clone)]
+pub struct PiiCrypto {
+    kek: [u8; 32],
+    pub dek_manager: DekManager,
+}
+
+impl PiiCrypto {
+    /// 从 hex 编码的 KEK 创建。KEK 为 64 字符 hex（32 字节）。
+    pub fn from_kek_hex(kek_hex: &str) -> AppResult<Self> {
+        let bytes =
+            hex::decode(kek_hex).map_err(|e| AppError::Internal(format!("KEK hex decode failed: {}", e)))?;
+        if bytes.len() != 32 {
+            return Err(AppError::Internal("KEK must be 32 bytes (64 hex chars)".into()));
+        }
+        let mut kek = [0u8; 32];
+        kek.copy_from_slice(&bytes);
+        Ok(Self {
+            kek,
+            dek_manager: DekManager::new(300, 100), // 5 min TTL, 100 entries
+        })
+    }
+
+    /// Dev fallback: 从固定字符串派生确定性 KEK。仅用于开发。
+    pub fn dev_default() -> Self {
+        use sha2::Digest;
+        let kek = <sha2::Sha256 as Digest>::digest(b"erp-pii-kek-dev-key-DO-NOT-USE-IN-PROD");
+        let mut key = [0u8; 32];
+        key.copy_from_slice(&kek);
+        Self {
+            kek: key,
+            dek_manager: DekManager::new(300, 100),
+        }
+    }
+
+    pub fn kek(&self) -> &[u8; 32] {
+        &self.kek
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn test_crypto() -> PiiCrypto {
+        PiiCrypto::dev_default()
+    }
+
+    #[test]
+    fn from_kek_hex_roundtrip() {
+        let kek_hex = "00".repeat(32);
+        let crypto = PiiCrypto::from_kek_hex(&kek_hex).unwrap();
+        assert_eq!(crypto.kek(), &[0u8; 32]);
+    }
+
+    #[test]
+    fn from_kek_hex_invalid() {
+        assert!(PiiCrypto::from_kek_hex("not-hex").is_err());
+    }
+
+    #[test]
+    fn from_kek_hex_wrong_length() {
+        assert!(PiiCrypto::from_kek_hex("ab").is_err());
+    }
+
+    #[test]
+    fn encrypt_decrypt_roundtrip() {
+        let crypto = test_crypto();
+        let plaintext = "13812345678";
+        let encrypted = encrypt(crypto.kek(), plaintext).unwrap();
+        let decrypted = decrypt(crypto.kek(), &encrypted).unwrap();
+        assert_eq!(plaintext, decrypted);
+    }
+
+    #[test]
+    fn encrypt_produces_different_ciphertexts() {
+        let crypto = test_crypto();
+        let e1 = encrypt(crypto.kek(), "test").unwrap();
+        let e2 = encrypt(crypto.kek(), "test").unwrap();
+        assert_ne!(e1, e2);
+    }
+
+    #[test]
+    fn decrypt_wrong_key_fails() {
+        let crypto1 = PiiCrypto::dev_default();
+        let other_key_hex = "ff".repeat(32);
+        let crypto2 = PiiCrypto::from_kek_hex(&other_key_hex).unwrap();
+        let encrypted = encrypt(crypto1.kek(), "test").unwrap();
+        assert!(decrypt(crypto2.kek(), &encrypted).is_err());
+    }
+
+    #[test]
+    fn hmac_hash_deterministic() {
+        let crypto = test_crypto();
+        let h1 = hmac_hash(crypto.kek(), "13812345678");
+        let h2 = hmac_hash(crypto.kek(), "13812345678");
+        assert_eq!(h1, h2);
+    }
+
+    #[test]
+    fn hmac_hash_different_inputs() {
+        let crypto = test_crypto();
+        let h1 = hmac_hash(crypto.kek(), "111");
+        let h2 = hmac_hash(crypto.kek(), "222");
+        assert_ne!(h1, h2);
+    }
+
+    #[test]
+    fn encrypt_empty_string() {
+        let crypto = test_crypto();
+        let encrypted = encrypt(crypto.kek(), "").unwrap();
+        let decrypted = decrypt(crypto.kek(), &encrypted).unwrap();
+        assert_eq!("", decrypted);
+    }
+
+    #[test]
+    fn decrypt_too_short_fails() {
+        use base64::Engine;
+        let short = base64::engine::general_purpose::STANDARD.encode(b"short");
+        assert!(decrypt(&[0u8; 32], &short).is_err());
+    }
+
+    #[test]
+    fn encrypt_unicode() {
+        let crypto = test_crypto();
+        let plaintext = "患者过敏史：青霉素、磺胺类药物";
+        let encrypted = encrypt(crypto.kek(), plaintext).unwrap();
+        let decrypted = decrypt(crypto.kek(), &encrypted).unwrap();
+        assert_eq!(plaintext, decrypted);
+    }
+}