use openssl::{symm, sha::sha256};\r
use rand::prelude::*;\r
\r
+use crate::consts;\r
+\r
+#[derive(Debug)]\r
+pub enum KeyError {\r
+ UnableToDecodeBase64Key,\r
+ WrongKeyLength,\r
+}\r
+\r
+#[derive(Debug)]\r
+pub enum EncryptError {\r
+ KeyError(KeyError),\r
+ UnableToEncrypt,\r
+}\r
+\r
+#[derive(Debug)]\r
+pub enum DecryptError {\r
+ KeyError(KeyError),\r
+ WrongMessageVersion,\r
+ UnableToDecodeBase64Message,\r
+ UnableToDecrypt,\r
+ UnableToDecodeMessageAsUTF8String,\r
+ HashMismatch,\r
+}\r
+\r
+fn decode_key(key: &str) -> Result<Vec<u8>, KeyError> {\r
+ match base64::decode(key) {\r
+ Ok(k) => if k.len() != 16 { return Err(KeyError::WrongKeyLength) } else { Ok(k) },\r
+ Err(_e) => Err(KeyError::UnableToDecodeBase64Key)\r
+ }\r
+}\r
+\r
/// Encrypt the given text with the given key. The key length must be 128 bits encoded in base64.\r
/// Ouput format:\r
/// Format "1" + base_64(<IV> + <hash(message)> + <aes(message)>)\r
/// IV: 16 bytes randomized.\r
/// Mode : CBC.\r
-pub fn encrypt(key: &str, plain_text: &str) -> String {\r
- let key_as_bytes = base64::decode(key).expect("Unable to decode base64 encoded key");\r
- assert!(key_as_bytes.len() == 16);\r
+pub fn encrypt(key: &str, plain_text: &str) -> Result<String, EncryptError> {\r
+ let key_as_bytes = decode_key(key).map_err(|e| EncryptError::KeyError(e))?;\r
\r
let text_as_bytes = plain_text.as_bytes();\r
-\r
let iv = rand::thread_rng().gen::<[u8; 16]>();\r
\r
let cipher_text =\r
- symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)\r
- .expect("Unable to encrypt message");\r
+ match symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes) {\r
+ Ok(t) => t,\r
+ Err(_e) => return Err(EncryptError::UnableToEncrypt)\r
+ };\r
\r
let hash_text = sha256(&text_as_bytes);\r
\r
result.extend(&hash_text);\r
result.extend(&cipher_text);\r
\r
- String::from("1") + &base64::encode(&result)\r
+ Ok(String::from("1") + &base64::encode(&result))\r
}\r
\r
-pub fn decrypt(key: &str, cipher_text: &str) -> Option<String> {\r
- if cipher_text.chars() != '1' {\r
- return None;\r
- }\r
+/// TODO: return a Result<string, DecryptError>\r
+pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {\r
+ let key_as_bytes = decode_key(key).map_err(|e| DecryptError::KeyError(e))?;\r
+\r
+ // Can't decrypt a message with the wrong version.\r
+ if !cipher_text.starts_with(consts::CURRENT_MESSAGE_VERSION) { return Err(DecryptError::WrongMessageVersion) }\r
+\r
+ let cipher_text_bytes =\r
+ base64::decode(&cipher_text.as_bytes()[consts::CURRENT_MESSAGE_VERSION.as_bytes().len()..])\r
+ .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;\r
+\r
+ let iv = &cipher_text_bytes[0..16];\r
+ let hash = &cipher_text_bytes[16..48];\r
+ let encrypted_message = &cipher_text_bytes[48..];\r
+\r
+ let plain_message_bytes =\r
+ symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)\r
+ .map_err(|_e| DecryptError::UnableToDecrypt)?;\r
+\r
+ if sha256(&plain_message_bytes) != hash { return Err(DecryptError::HashMismatch) }\r
+\r
+ let plain_message =\r
+ String::from_utf8(plain_message_bytes)\r
+ .map_err(|_e| DecryptError::UnableToDecodeMessageAsUTF8String)?;\r
\r
- println!("cypher: {}", cipher_text);\r
- Some(String::new())\r
+ Ok(plain_message)\r
}\r
projects / rup.git / blobdiff