src/crypto.rs

   1 use openssl::{symm, sha::sha256};
   2 use rand::prelude::*;
   3
   4 use crate::consts;
   5
   6 #[derive(Debug)]
   7 pub enum KeyError {
   8     UnableToDecodeBase64Key,
   9     WrongKeyLength,
  10 }
  11
  12 #[derive(Debug)]
  13 pub enum EncryptError {
  14     KeyError(KeyError),
  15     UnableToEncrypt,
  16 }
  17
  18 #[derive(Debug)]
  19 pub enum DecryptError {
  20     KeyError(KeyError),
  21     WrongMessageVersion,
  22     MessageToShort,
  23     UnableToDecodeBase64Message,
  24     UnableToDecrypt,
  25     UnableToDecodeMessageAsUTF8String,
  26     HashMismatch,
  27 }
  28
  29 fn decode_key(key: &str) -> Result<Vec<u8>, KeyError> {
  30     match base64::decode(key) {
  31         Ok(k) => if k.len() != 16 { Err(KeyError::WrongKeyLength) } else { Ok(k) },
  32         Err(_e) => Err(KeyError::UnableToDecodeBase64Key)
  33     }
  34 }
  35
  36 /// Encrypt the given text with the given key. The key length must be 128 bits encoded in base64.
  37 /// Ouput format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
  38 /// IV: 16 bytes randomized.
  39 /// Mode : CBC.
  40 pub fn encrypt(key: &str, plain_text: &str) -> Result<String, EncryptError> {
  41     let key_as_bytes = decode_key(key).map_err(EncryptError::KeyError)?;
  42
  43     let text_as_bytes = plain_text.as_bytes();
  44     let iv = rand::thread_rng().gen::<[u8; 16]>();
  45
  46     let cipher_text =
  47         symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)
  48             .map_err(|_e| EncryptError::UnableToEncrypt)?;
  49
  50     let hash_text = sha256(&text_as_bytes);
  51
  52     let mut result: Vec<u8> = Vec::new();
  53     result.extend(&iv);
  54     result.extend(&hash_text);
  55     result.extend(&cipher_text);
  56
  57     Ok(String::from("1") + &base64::encode(&result))
  58 }
  59
  60 /// Decrypt the given text with the given key. The key length must be 128 bits encoded in base64.
  61 /// Input format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
  62 pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {
  63     let key_as_bytes = decode_key(key).map_err(DecryptError::KeyError)?;
  64
  65     // Can't decrypt a message with the wrong version.
  66     if !cipher_text.starts_with(consts::CURRENT_MESSAGE_VERSION) { return Err(DecryptError::WrongMessageVersion) }
  67
  68     let cipher_text_bytes =
  69         base64::decode(&cipher_text.as_bytes()[consts::CURRENT_MESSAGE_VERSION.as_bytes().len()..])
  70             .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;
  71
  72     if cipher_text_bytes.len() <= 48 { return Err(DecryptError::MessageToShort) }
  73
  74     let iv = &cipher_text_bytes[0..16];
  75     let hash = &cipher_text_bytes[16..48];
  76     let encrypted_message = &cipher_text_bytes[48..];
  77
  78     let plain_message_bytes =
  79         symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)
  80             .map_err(|_e| DecryptError::UnableToDecrypt)?;
  81
  82     if sha256(&plain_message_bytes) != hash { return Err(DecryptError::HashMismatch) }
  83
  84     let plain_message =
  85         String::from_utf8(plain_message_bytes)
  86             .map_err(|_e| DecryptError::UnableToDecodeMessageAsUTF8String)?;
  87
  88     Ok(plain_message)
  89 }