Implementation of 'encrypt'.

[rup.git] / src / crypto.rs

diff --git a/src/crypto.rs b/src/crypto.rs
index 6d791eb..cc8bf84 100644 (file)
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -1,14 +1,38 @@
+use openssl::{symm, sha::sha256};\r
+use rand::prelude::*;\r
 \r
+/// Encrypt the given text with the given key. The key length must be 128 bits encoded in base64.\r
+/// Ouput format:\r
+/// Format "1" + base_64(<IV> + <hash(message)> + <aes(message)>)\r
+/// IV: 16 bytes randomized.\r
+/// Mode : CBC.\r
 pub fn encrypt(key: &str, plain_text: &str) -> String {\r
-    let key_as_bytes = base64::decode(key);\r
+    let key_as_bytes = base64::decode(key).expect("Unable to decode base64 encoded key");\r
+    assert!(key_as_bytes.len() == 16);\r
 \r
+    let text_as_bytes = plain_text.as_bytes();\r
 \r
+    let iv = rand::thread_rng().gen::<[u8; 16]>();\r
 \r
-    String::new()\r
+    let cipher_text =\r
+        symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)\r
+            .expect("Unable to encrypt message");\r
+\r
+    let hash_text = sha256(&text_as_bytes);\r
+\r
+    let mut result: Vec<u8> = Vec::new();\r
+    result.extend(&iv);\r
+    result.extend(&hash_text);\r
+    result.extend(&cipher_text);\r
+\r
+    String::from("1") + &base64::encode(&result)\r
 }\r
 \r
-pub fn decrypt(key: &str, cypher_text: &str) -> Option<String> {\r
+pub fn decrypt(key: &str, cipher_text: &str) -> Option<String> {\r
+    if cipher_text.chars() != '1' {\r
+        return None;\r
+    }\r
 \r
-    println!("cypher: {}", cypher_text);\r
+    println!("cypher: {}", cipher_text);\r
     Some(String::new())\r
 }\r