+/// Encrypt the given text with the given key (first version). The key length must be 128 bits encoded in base64.\r
+/// Ouput formats:\r
+/// * 'version' = 1: "1" + base_64(<IV> + hash(message) + aes(message))\r
+/// * 'version' = 2: "2" + base_64(<IV> + aes(hash(message) + message))\r
+/// IV: 16 bytes randomized.\r
+/// Mode : CBC.\r
+pub fn encrypt(key: &str, plain_text: &str, version: u8) -> Result<String, EncryptError> {\r
+ let key_as_bytes = decode_key(key).map_err(EncryptError::KeyError)?;\r
+\r
+ let text_as_bytes = plain_text.as_bytes();\r
+ let hash_text = sha256(&text_as_bytes);\r
+ let iv = rand::thread_rng().gen::<[u8; 16]>();\r
+\r
+ let cipher_text =\r
+ if version == 1 {\r
+ symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)\r
+ .map_err(|_e| EncryptError::UnableToEncrypt)?\r
+ } else if version == 2 {\r
+ symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), &[&hash_text, text_as_bytes].concat())\r
+ .map_err(|_e| EncryptError::UnableToEncrypt)?\r
+ } else {\r
+ return Err(EncryptError::UnsupportedVersion(version))\r
+ };\r
+\r
+ let mut result: Vec<u8> = Vec::new();\r
+ result.extend(&iv);\r
+\r
+ if version == 1 {\r
+ result.extend(&hash_text);\r
+ }\r
+\r
+ result.extend(&cipher_text);\r
+\r
+ Ok(version.to_string() + &base64::encode(&result))\r
+}\r
+\r
+/// Decrypt the given text with the given key. The key length must be 128 bits encoded in base64.\r
+/// Input formats:\r
+/// * version 1: "1" + base_64(<IV> + hash(message) + aes(message))\r
+/// * version 2: "2" + base_64(<IV> + aes(hash(message) + message))\r
+pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {\r
+ let key_as_bytes = decode_key(key).map_err(DecryptError::KeyError)?;\r
+\r
+ // Can't decrypt a message with the wrong version.\r
+ let first_char = &cipher_text[..1];\r
+ let version: u8 = first_char.parse().map_err(|_e| DecryptError::UnableToParseVersion)?;\r
+\r
+ if version != 1 && version != 2 {\r
+ return Err(DecryptError::UnsupportedVersion(version))\r
+ }\r
+\r
+ let cipher_text_bytes =\r
+ base64::decode(&cipher_text.as_bytes()[1..])\r
+ .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;\r
+\r
+ if cipher_text_bytes.len() <= 48 { return Err(DecryptError::MessageToShort) }\r
+\r
+ let iv = &cipher_text_bytes[0..16];\r
+\r
+ let (plain_message_bytes, hash) =\r
+ if version == 1 {\r
+ let encrypted_message = &cipher_text_bytes[48..];\r
+ (\r
+ symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)\r
+ .map_err(|_e| DecryptError::UnableToDecrypt)?,\r
+ cipher_text_bytes[16..48].to_vec()\r
+ )\r
+ } else {\r
+ let encrypted_message = &cipher_text_bytes[16..];\r
+ let plain_text =\r
+ symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)\r
+ .map_err(|_e| DecryptError::UnableToDecrypt)?;\r
+ (\r
+ plain_text[32..].to_vec(),\r
+ plain_text[0..32].to_vec()\r
+ )\r
+ };\r
+\r
+ if sha256(&plain_message_bytes) != hash[..] { return Err(DecryptError::HashMismatch) }\r
+\r
+ let plain_message =\r
+ String::from_utf8(plain_message_bytes)\r
+ .map_err(|_e| DecryptError::UnableToDecodeMessageAsUTF8String)?;\r