X-Git-Url: http://git.euphorik.ch/?a=blobdiff_plain;f=src%2Fcrypto.rs;h=ddf257cd3b60d425a856792b4c10537ae86d4d5d;hb=96a5780355820bb1a78cb4ec8dff41dd30ef6ceb;hp=cc8bf848ef326a615dadf4023f278b47cc86fb3d;hpb=b1f2c5b803a7e85a3b0c8d999cf9a13d28c6c6c2;p=rup.git

diff --git a/src/crypto.rs b/src/crypto.rs
index cc8bf84..ddf257c 100644
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -1,22 +1,50 @@
 use openssl::{symm, sha::sha256};
 use rand::prelude::*;
 
+use crate::consts;
+
+#[derive(Debug)]
+pub enum KeyError {
+    UnableToDecodeBase64Key,
+    WrongKeyLength,
+}
+
+#[derive(Debug)]
+pub enum EncryptError {
+    KeyError(KeyError),
+    UnableToEncrypt,
+}
+
+#[derive(Debug)]
+pub enum DecryptError {
+    KeyError(KeyError),
+    WrongMessageVersion,
+    UnableToDecodeBase64Message,
+    UnableToDecrypt,
+    UnableToDecodeMessageAsUTF8String,
+    HashMismatch,
+}
+
+fn decode_key(key: &str) -> Result<Vec<u8>, KeyError> {
+    match base64::decode(key) {
+        Ok(k) => if k.len() != 16 { Err(KeyError::WrongKeyLength) } else { Ok(k) },
+        Err(_e) => Err(KeyError::UnableToDecodeBase64Key)
+    }
+}
+
 /// Encrypt the given text with the given key. The key length must be 128 bits encoded in base64.
-/// Ouput format:
-/// Format "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
+/// Ouput format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
 /// IV: 16 bytes randomized.
 /// Mode : CBC.
-pub fn encrypt(key: &str, plain_text: &str) -> String {
-    let key_as_bytes = base64::decode(key).expect("Unable to decode base64 encoded key");
-    assert!(key_as_bytes.len() == 16);
+pub fn encrypt(key: &str, plain_text: &str) -> Result<String, EncryptError> {
+    let key_as_bytes = decode_key(key).map_err(EncryptError::KeyError)?;
 
     let text_as_bytes = plain_text.as_bytes();
-
     let iv = rand::thread_rng().gen::<[u8; 16]>();
 
     let cipher_text =
         symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)
-            .expect("Unable to encrypt message");
+            .map_err(|_e| EncryptError::UnableToEncrypt)?;
 
     let hash_text = sha256(&text_as_bytes);
 
@@ -25,14 +53,34 @@ pub fn encrypt(key: &str, plain_text: &str) -> String {
     result.extend(&hash_text);
     result.extend(&cipher_text);
 
-    String::from("1") + &base64::encode(&result)
+    Ok(String::from("1") + &base64::encode(&result))
 }
 
-pub fn decrypt(key: &str, cipher_text: &str) -> Option<String> {
-    if cipher_text.chars() != '1' {
-        return None;
-    }
+/// Decrypt the given text with the given key. The key length must be 128 bits encoded in base64.
+/// Input format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
+pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {
+    let key_as_bytes = decode_key(key).map_err(DecryptError::KeyError)?;
+
+    // Can't decrypt a message with the wrong version.
+    if !cipher_text.starts_with(consts::CURRENT_MESSAGE_VERSION) { return Err(DecryptError::WrongMessageVersion) }
+
+    let cipher_text_bytes =
+        base64::decode(&cipher_text.as_bytes()[consts::CURRENT_MESSAGE_VERSION.as_bytes().len()..])
+            .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;
+
+    let iv = &cipher_text_bytes[0..16];
+    let hash = &cipher_text_bytes[16..48];
+    let encrypted_message = &cipher_text_bytes[48..];
+
+    let plain_message_bytes =
+        symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)
+            .map_err(|_e| DecryptError::UnableToDecrypt)?;
+
+    if sha256(&plain_message_bytes) != hash { return Err(DecryptError::HashMismatch) }
+
+    let plain_message =
+        String::from_utf8(plain_message_bytes)
+            .map_err(|_e| DecryptError::UnableToDecodeMessageAsUTF8String)?;
 
-    println!("cypher: {}", cipher_text);
-    Some(String::new())
+    Ok(plain_message)
 }