1 use openssl
::{symm
, sha
::sha256
};
8 UnableToDecodeBase64Key
,
13 pub enum EncryptError
{
19 pub enum DecryptError
{
23 UnableToDecodeBase64Message
,
25 UnableToDecodeMessageAsUTF8String
,
29 fn decode_key(key
: &str) -> Result
<Vec
<u8>, KeyError
> {
30 match base64
::decode(key
) {
31 Ok(k
) => if k
.len() != 16 { Err(KeyError
::WrongKeyLength
) } else { Ok(k
) },
32 Err(_e
) => Err(KeyError
::UnableToDecodeBase64Key
)
36 /// Encrypt the given text with the given key. The key length must be 128 bits encoded in base64.
37 /// Ouput format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
38 /// IV: 16 bytes randomized.
40 pub fn encrypt(key
: &str, plain_text
: &str) -> Result
<String
, EncryptError
> {
41 let key_as_bytes
= decode_key(key
).map_err(EncryptError
::KeyError
)?
;
43 let text_as_bytes
= plain_text
.as_bytes();
44 let iv
= rand
::thread_rng().gen
::<[u8; 16]>();
47 symm
::encrypt(symm
::Cipher
::aes_128_cbc(), &key_as_bytes
, Some(&iv
), text_as_bytes
)
48 .map_err(|_e
| EncryptError
::UnableToEncrypt
)?
;
50 let hash_text
= sha256(&text_as_bytes
);
52 let mut result
: Vec
<u8> = Vec
::new();
54 result
.extend(&hash_text
);
55 result
.extend(&cipher_text
);
57 Ok(String
::from("1") + &base64
::encode(&result
))
60 /// Decrypt the given text with the given key. The key length must be 128 bits encoded in base64.
61 /// Input format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
62 pub fn decrypt(key
: &str, cipher_text
: &str) -> Result
<String
, DecryptError
> {
63 let key_as_bytes
= decode_key(key
).map_err(DecryptError
::KeyError
)?
;
65 // Can't decrypt a message with the wrong version.
66 if !cipher_text
.starts_with(consts
::CURRENT_MESSAGE_VERSION
) { return Err(DecryptError
::WrongMessageVersion
) }
68 let cipher_text_bytes
=
69 base64
::decode(&cipher_text
.as_bytes()[consts
::CURRENT_MESSAGE_VERSION
.as_bytes().len()..])
70 .map_err(|_e
| DecryptError
::UnableToDecodeBase64Message
)?
;
72 if cipher_text_bytes
.len() <= 48 { return Err(DecryptError
::MessageToShort
) }
74 let iv
= &cipher_text_bytes
[0..16];
75 let hash
= &cipher_text_bytes
[16..48];
76 let encrypted_message
= &cipher_text_bytes
[48..];
78 let plain_message_bytes
=
79 symm
::decrypt(symm
::Cipher
::aes_128_cbc(), &key_as_bytes
, Some(iv
), encrypted_message
)
80 .map_err(|_e
| DecryptError
::UnableToDecrypt
)?
;
82 if sha256(&plain_message_bytes
) != hash
{ return Err(DecryptError
::HashMismatch
) }
85 String
::from_utf8(plain_message_bytes
)
86 .map_err(|_e
| DecryptError
::UnableToDecodeMessageAsUTF8String
)?
;