Add a new format version (2) for encrypted text.

author Grégory Burri <gregory.burri@matisa.ch>

Wed, 2 Sep 2020 09:46:28 +0000 (11:46 +0200)

committer Grégory Burri <gregory.burri@matisa.ch>

Wed, 2 Sep 2020 09:46:28 +0000 (11:46 +0200)
author Grégory Burri <gregory.burri@matisa.ch>
Wed, 2 Sep 2020 09:46:28 +0000 (11:46 +0200)
committer Grégory Burri <gregory.burri@matisa.ch>
Wed, 2 Sep 2020 09:46:28 +0000 (11:46 +0200)
diff --git a/src/consts.rs b/src/consts.rs

index 3a1ef9e..376dee8 100644 (file)
--- a/src/consts.rs
+++ b/src/consts.rs
@@ -1,4 +1,3 @@
-pub static FILE_CONF: &str = "conf.ron";\r
-pub static FILE_KEY: &str = "key.secret";\r
-pub static CURRENT_MESSAGE_VERSION: &str = "1";\r
-pub static DEFAULT_MESSAGE: &str = "Marc, roule un pet'!";
-\ No newline at end of file
+pub const FILE_CONF: &str = "conf.ron";\r
+pub const FILE_KEY: &str = "key.secret";\r
+pub const DEFAULT_MESSAGE: &str = "Marc, roule un pet'!";
+\ No newline at end of file
diff --git a/src/crypto.rs b/src/crypto.rs

index caf34f7..26cbe68 100644 (file)
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -1,8 +1,6 @@
  use openssl::{symm, sha::sha256};\r
  use rand::prelude::*;\r
  \r
-use crate::consts;\r
-\r
  #[derive(Debug)]\r
  pub enum KeyError {\r
      UnableToDecodeBase64Key,\r
@@ -12,13 +10,15 @@ pub enum KeyError {
  #[derive(Debug)]\r
  pub enum EncryptError {\r
      KeyError(KeyError),\r
+    UnsupportedVersion(u8),\r
      UnableToEncrypt,\r
  }\r
  \r
  #[derive(Debug)]\r
  pub enum DecryptError {\r
      KeyError(KeyError),\r
-    WrongMessageVersion,\r
+    UnableToParseVersion,\r
+    UnsupportedVersion(u8),\r
      MessageToShort,\r
      UnableToDecodeBase64Message,\r
      UnableToDecrypt,\r
@@ -33,53 +33,85 @@ fn decode_key(key: &str) -> Result<Vec<u8>, KeyError> {
      }\r
  }\r
  \r
-/// Encrypt the given text with the given key. The key length must be 128 bits encoded in base64.\r
-/// Ouput format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)\r
+/// Encrypt the given text with the given key (first version). The key length must be 128 bits encoded in base64.\r
+/// Ouput formats:\r
+/// * 'version' = 1: "1" + base_64(<IV> + hash(message) + aes(message))\r
+/// * 'version' = 2: "2" + base_64(<IV> + aes(hash(message) + message))\r
  /// IV: 16 bytes randomized.\r
  /// Mode : CBC.\r
-pub fn encrypt(key: &str, plain_text: &str) -> Result<String, EncryptError> {\r
+pub fn encrypt(key: &str, plain_text: &str, version: u8) -> Result<String, EncryptError> {\r
      let key_as_bytes = decode_key(key).map_err(EncryptError::KeyError)?;\r
  \r
      let text_as_bytes = plain_text.as_bytes();\r
+    let hash_text = sha256(&text_as_bytes);\r
      let iv = rand::thread_rng().gen::<[u8; 16]>();\r
  \r
      let cipher_text =\r
-        symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)\r
-            .map_err(|_e| EncryptError::UnableToEncrypt)?;\r
-\r
-    let hash_text = sha256(&text_as_bytes);\r
+        if version == 1 {\r
+            symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)\r
+                .map_err(|_e| EncryptError::UnableToEncrypt)?\r
+        } else if version == 2 {\r
+            symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), &[&hash_text, text_as_bytes].concat())\r
+                .map_err(|_e| EncryptError::UnableToEncrypt)?\r
+        } else {\r
+            return Err(EncryptError::UnsupportedVersion(version))\r
+        };\r
  \r
      let mut result: Vec<u8> = Vec::new();\r
      result.extend(&iv);\r
-    result.extend(&hash_text);\r
+\r
+    if version == 1 {\r
+        result.extend(&hash_text);\r
+    }\r
+\r
      result.extend(&cipher_text);\r
  \r
-    Ok(String::from("1") + &base64::encode(&result))\r
+    Ok(version.to_string() + &base64::encode(&result))\r
  }\r
  \r
  /// Decrypt the given text with the given key. The key length must be 128 bits encoded in base64.\r
-/// Input format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)\r
+/// Input formats:\r
+/// * version 1: "1" + base_64(<IV> + hash(message) + aes(message))\r
+/// * version 2: "2" + base_64(<IV> + aes(hash(message) + message))\r
  pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {\r
      let key_as_bytes = decode_key(key).map_err(DecryptError::KeyError)?;\r
  \r
      // Can't decrypt a message with the wrong version.\r
-    if !cipher_text.starts_with(consts::CURRENT_MESSAGE_VERSION) { return Err(DecryptError::WrongMessageVersion) }\r
+    let first_char = &cipher_text[..1];\r
+    let version: u8 = first_char.parse().map_err(|_e| DecryptError::UnableToParseVersion)?;\r
+\r
+    if version != 1 && version != 2 {\r
+        return Err(DecryptError::UnsupportedVersion(version))\r
+    }\r
  \r
      let cipher_text_bytes =\r
-        base64::decode(&cipher_text.as_bytes()[consts::CURRENT_MESSAGE_VERSION.as_bytes().len()..])\r
+        base64::decode(&cipher_text.as_bytes()[1..])\r
              .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;\r
  \r
      if cipher_text_bytes.len() <= 48 { return Err(DecryptError::MessageToShort) }\r
  \r
      let iv = &cipher_text_bytes[0..16];\r
-    let hash = &cipher_text_bytes[16..48];\r
-    let encrypted_message = &cipher_text_bytes[48..];\r
-\r
-    let plain_message_bytes =\r
-        symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)\r
-            .map_err(|_e| DecryptError::UnableToDecrypt)?;\r
  \r
-    if sha256(&plain_message_bytes) != hash { return Err(DecryptError::HashMismatch) }\r
+    let (plain_message_bytes, hash) =\r
+        if version == 1 {\r
+            let encrypted_message = &cipher_text_bytes[48..];\r
+            (\r
+                symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)\r
+                    .map_err(|_e| DecryptError::UnableToDecrypt)?,\r
+                cipher_text_bytes[16..48].to_vec()\r
+            )\r
+        } else {\r
+            let encrypted_message = &cipher_text_bytes[16..];\r
+            let plain_text =\r
+                symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)\r
+                    .map_err(|_e| DecryptError::UnableToDecrypt)?;\r
+            (\r
+                plain_text[32..].to_vec(),\r
+                plain_text[0..32].to_vec()\r
+            )\r
+        };\r
+\r
+    if sha256(&plain_message_bytes) != hash[..] { return Err(DecryptError::HashMismatch) }\r
  \r
      let plain_message =\r
          String::from_utf8(plain_message_bytes)\r
diff --git a/src/main.rs b/src/main.rs

index 1d25a69..8d0a5c9 100644 (file)
--- a/src/main.rs
+++ b/src/main.rs
@@ -127,7 +127,8 @@ fn process_args(key: &str) -> bool {
      } else if let Some((position_arg_encrypt, _)) = args.iter().find_position(|arg| arg == &"--encrypt") {
          match args.get(position_arg_encrypt + 1) {
              Some(mess_to_encrypt) => {
-                match crypto::encrypt(&key, mess_to_encrypt) {
+                // Encrypt to version 2 (version 1 is obsolete).
+                match crypto::encrypt(&key, mess_to_encrypt, 2) {
                      Ok(encrypted_mess) => {
                          let encrypted_mess_encoded = percent_encoding::utf8_percent_encode(&encrypted_mess, percent_encoding::NON_ALPHANUMERIC).to_string();
                          println!("Encrypted message percent-encoded: {}", encrypted_mess_encoded); },
author	Grégory Burri <gregory.burri@matisa.ch>
	Wed, 2 Sep 2020 09:46:28 +0000 (11:46 +0200)
committer	Grégory Burri <gregory.burri@matisa.ch>
	Wed, 2 Sep 2020 09:46:28 +0000 (11:46 +0200)
src/consts.rs		patch \| blob \| history
src/crypto.rs		patch \| blob \| history
src/main.rs		patch \| blob \| history