X-Git-Url: http://git.euphorik.ch/?p=rup.git;a=blobdiff_plain;f=src%2Fcrypto.rs;fp=src%2Fcrypto.rs;h=26cbe687018baf51e4492135e4ac9e1c1980f1c5;hp=caf34f7cd10b7f2f50ee10ea0e83cbd3416d1ed4;hb=bec878adc200ba7794d8510e2599a95b9050f976;hpb=925647a4a2221dd7d8e43d51760d9690cbc2070e

diff --git a/src/crypto.rs b/src/crypto.rs
index caf34f7..26cbe68 100644
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -1,8 +1,6 @@
 use openssl::{symm, sha::sha256};
 use rand::prelude::*;
 
-use crate::consts;
-
 #[derive(Debug)]
 pub enum KeyError {
     UnableToDecodeBase64Key,
@@ -12,13 +10,15 @@ pub enum KeyError {
 #[derive(Debug)]
 pub enum EncryptError {
     KeyError(KeyError),
+    UnsupportedVersion(u8),
     UnableToEncrypt,
 }
 
 #[derive(Debug)]
 pub enum DecryptError {
     KeyError(KeyError),
-    WrongMessageVersion,
+    UnableToParseVersion,
+    UnsupportedVersion(u8),
     MessageToShort,
     UnableToDecodeBase64Message,
     UnableToDecrypt,
@@ -33,53 +33,85 @@ fn decode_key(key: &str) -> Result<Vec<u8>, KeyError> {
     }
 }
 
-/// Encrypt the given text with the given key. The key length must be 128 bits encoded in base64.
-/// Ouput format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
+/// Encrypt the given text with the given key (first version). The key length must be 128 bits encoded in base64.
+/// Ouput formats:
+/// * 'version' = 1: "1" + base_64(<IV> + hash(message) + aes(message))
+/// * 'version' = 2: "2" + base_64(<IV> + aes(hash(message) + message))
 /// IV: 16 bytes randomized.
 /// Mode : CBC.
-pub fn encrypt(key: &str, plain_text: &str) -> Result<String, EncryptError> {
+pub fn encrypt(key: &str, plain_text: &str, version: u8) -> Result<String, EncryptError> {
     let key_as_bytes = decode_key(key).map_err(EncryptError::KeyError)?;
 
     let text_as_bytes = plain_text.as_bytes();
+    let hash_text = sha256(&text_as_bytes);
     let iv = rand::thread_rng().gen::<[u8; 16]>();
 
     let cipher_text =
-        symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)
-            .map_err(|_e| EncryptError::UnableToEncrypt)?;
-
-    let hash_text = sha256(&text_as_bytes);
+        if version == 1 {
+            symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), text_as_bytes)
+                .map_err(|_e| EncryptError::UnableToEncrypt)?
+        } else if version == 2 {
+            symm::encrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(&iv), &[&hash_text, text_as_bytes].concat())
+                .map_err(|_e| EncryptError::UnableToEncrypt)?
+        } else {
+            return Err(EncryptError::UnsupportedVersion(version))
+        };
 
     let mut result: Vec<u8> = Vec::new();
     result.extend(&iv);
-    result.extend(&hash_text);
+
+    if version == 1 {
+        result.extend(&hash_text);
+    }
+
     result.extend(&cipher_text);
 
-    Ok(String::from("1") + &base64::encode(&result))
+    Ok(version.to_string() + &base64::encode(&result))
 }
 
 /// Decrypt the given text with the given key. The key length must be 128 bits encoded in base64.
-/// Input format: "1" + base_64(<IV> + <hash(message)> + <aes(message)>)
+/// Input formats:
+/// * version 1: "1" + base_64(<IV> + hash(message) + aes(message))
+/// * version 2: "2" + base_64(<IV> + aes(hash(message) + message))
 pub fn decrypt(key: &str, cipher_text: &str) -> Result<String, DecryptError> {
     let key_as_bytes = decode_key(key).map_err(DecryptError::KeyError)?;
 
     // Can't decrypt a message with the wrong version.
-    if !cipher_text.starts_with(consts::CURRENT_MESSAGE_VERSION) { return Err(DecryptError::WrongMessageVersion) }
+    let first_char = &cipher_text[..1];
+    let version: u8 = first_char.parse().map_err(|_e| DecryptError::UnableToParseVersion)?;
+
+    if version != 1 && version != 2 {
+        return Err(DecryptError::UnsupportedVersion(version))
+    }
 
     let cipher_text_bytes =
-        base64::decode(&cipher_text.as_bytes()[consts::CURRENT_MESSAGE_VERSION.as_bytes().len()..])
+        base64::decode(&cipher_text.as_bytes()[1..])
             .map_err(|_e| DecryptError::UnableToDecodeBase64Message)?;
 
     if cipher_text_bytes.len() <= 48 { return Err(DecryptError::MessageToShort) }
 
     let iv = &cipher_text_bytes[0..16];
-    let hash = &cipher_text_bytes[16..48];
-    let encrypted_message = &cipher_text_bytes[48..];
-
-    let plain_message_bytes =
-        symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)
-            .map_err(|_e| DecryptError::UnableToDecrypt)?;
 
-    if sha256(&plain_message_bytes) != hash { return Err(DecryptError::HashMismatch) }
+    let (plain_message_bytes, hash) =
+        if version == 1 {
+            let encrypted_message = &cipher_text_bytes[48..];
+            (
+                symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)
+                    .map_err(|_e| DecryptError::UnableToDecrypt)?,
+                cipher_text_bytes[16..48].to_vec()
+            )
+        } else {
+            let encrypted_message = &cipher_text_bytes[16..];
+            let plain_text =
+                symm::decrypt(symm::Cipher::aes_128_cbc(), &key_as_bytes, Some(iv), encrypted_message)
+                    .map_err(|_e| DecryptError::UnableToDecrypt)?;
+            (
+                plain_text[32..].to_vec(),
+                plain_text[0..32].to_vec()
+            )
+        };
+
+    if sha256(&plain_message_bytes) != hash[..] { return Err(DecryptError::HashMismatch) }
 
     let plain_message =
         String::from_utf8(plain_message_bytes)