From a1bf9e0bcc7b04c9c3224f7e6dd94b5daf184d68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= Date: Sun, 25 Feb 2024 14:19:56 +0100 Subject: [PATCH] Move the scheme related primitives to dedicated modules --- src/encryption.rs | 47 ------------------------------- src/kdf.rs | 16 ----------- src/scheme.rs | 9 ++++-- src/scheme/blake3.rs | 18 ++++++++++++ src/scheme/xchacha20poly1305.rs | 49 +++++++++++++++++++++++++++++++++ 5 files changed, 73 insertions(+), 66 deletions(-) create mode 100644 src/scheme/blake3.rs create mode 100644 src/scheme/xchacha20poly1305.rs diff --git a/src/encryption.rs b/src/encryption.rs index 6159bc8..b13ee85 100644 --- a/src/encryption.rs +++ b/src/encryption.rs @@ -2,8 +2,6 @@ use crate::canonicalization::{canonicalize, join_canonicalized_str}; use crate::error::Result; use crate::kdf::derive_key; use crate::{storage, InputKeyMaterialList}; -use chacha20poly1305::aead::{Aead, KeyInit, Payload}; -use chacha20poly1305::{Key, XChaCha20Poly1305, XNonce}; pub(crate) type DecryptionFunction = dyn Fn(&[u8], &EncryptedData, &str) -> Result>; pub(crate) type EncryptionFunction = dyn Fn(&[u8], &[u8], &str) -> Result; @@ -34,36 +32,6 @@ pub fn encrypt( Ok(storage::encode(ikm.id, &encrypted_data)) } -pub(crate) fn xchacha20poly1305_encrypt( - key: &[u8], - data: &[u8], - aad: &str, -) -> Result { - // Adapt the key - let key = Key::from_slice(key); - - // Generate a nonce - let mut nonce: [u8; 24] = [0; 24]; - getrandom::getrandom(&mut nonce)?; - let nonce = XNonce::from_slice(&nonce); - - // Prepare the payload - let payload = Payload { - msg: data, - aad: aad.as_bytes(), - }; - - // Encrypt the payload - let cipher = XChaCha20Poly1305::new(key); - let ciphertext = cipher.encrypt(nonce, payload)?; - - // Return the result - Ok(EncryptedData { - nonce: nonce.to_vec(), - ciphertext, - }) -} - pub fn decrypt( ikml: &InputKeyMaterialList, key_context: &[&str], @@ -78,21 +46,6 @@ pub fn decrypt( decryption_function(&key, &encrypted_data, &aad) } -pub(crate) fn xchacha20poly1305_decrypt( - key: &[u8], - encrypted_data: &EncryptedData, - aad: &str, -) -> Result> { - let key = Key::from_slice(key); - let nonce = XNonce::from_slice(&encrypted_data.nonce); - let payload = Payload { - msg: &encrypted_data.ciphertext, - aad: aad.as_bytes(), - }; - let cipher = XChaCha20Poly1305::new(key); - Ok(cipher.decrypt(nonce, payload)?) -} - #[cfg(test)] mod tests { use super::*; diff --git a/src/kdf.rs b/src/kdf.rs index 245a02a..4b88d0f 100644 --- a/src/kdf.rs +++ b/src/kdf.rs @@ -9,10 +9,6 @@ pub(crate) fn derive_key(ikm: &InputKeyMaterial, key_context: &[&str]) -> Vec Vec { - blake3::derive_key(context, ikm).to_vec() -} - #[cfg(test)] mod tests { use crate::ikm::InputKeyMaterial; @@ -38,16 +34,4 @@ mod tests { ] ); } - - #[test] - fn blake3_derive() { - assert_eq!( - super::blake3_derive("this is a context", b"7b47db8f365e5b602fd956d35985e9e1"), - vec![ - 0xc4, 0xf4, 0x6c, 0xf2, 0x03, 0xd9, 0x2d, 0x7b, 0x72, 0xe8, 0xe7, 0x90, 0xa3, 0x62, - 0x2a, 0xf4, 0x3c, 0x2a, 0xab, 0x27, 0xc6, 0xb1, 0x8b, 0x46, 0x9d, 0x40, 0x61, 0x56, - 0x19, 0x76, 0x88, 0xc4 - ] - ); - } } diff --git a/src/scheme.rs b/src/scheme.rs index df0d34e..232bd70 100644 --- a/src/scheme.rs +++ b/src/scheme.rs @@ -2,6 +2,9 @@ use crate::encryption::{DecryptionFunction, EncryptionFunction}; use crate::kdf::KdfFunction; use crate::Error; +mod blake3; +mod xchacha20poly1305; + pub(crate) type SchemeSerializeType = u32; #[derive(Copy, Clone, Debug, PartialEq)] @@ -12,14 +15,14 @@ pub enum Scheme { impl Scheme { pub(crate) fn get_kdf(&self) -> Box { match self { - Scheme::XChaCha20Poly1305WithBlake3 => Box::new(crate::kdf::blake3_derive), + Scheme::XChaCha20Poly1305WithBlake3 => Box::new(blake3::blake3_derive), } } pub(crate) fn get_decryption(&self) -> Box { match self { Scheme::XChaCha20Poly1305WithBlake3 => { - Box::new(crate::encryption::xchacha20poly1305_decrypt) + Box::new(xchacha20poly1305::xchacha20poly1305_decrypt) } } } @@ -27,7 +30,7 @@ impl Scheme { pub(crate) fn get_encryption(&self) -> Box { match self { Scheme::XChaCha20Poly1305WithBlake3 => { - Box::new(crate::encryption::xchacha20poly1305_encrypt) + Box::new(xchacha20poly1305::xchacha20poly1305_encrypt) } } } diff --git a/src/scheme/blake3.rs b/src/scheme/blake3.rs new file mode 100644 index 0000000..f76ff6b --- /dev/null +++ b/src/scheme/blake3.rs @@ -0,0 +1,18 @@ +pub(crate) fn blake3_derive(context: &str, ikm: &[u8]) -> Vec { + blake3::derive_key(context, ikm).to_vec() +} + +#[cfg(test)] +mod tests { + #[test] + fn blake3_derive() { + assert_eq!( + super::blake3_derive("this is a context", b"7b47db8f365e5b602fd956d35985e9e1"), + vec![ + 0xc4, 0xf4, 0x6c, 0xf2, 0x03, 0xd9, 0x2d, 0x7b, 0x72, 0xe8, 0xe7, 0x90, 0xa3, 0x62, + 0x2a, 0xf4, 0x3c, 0x2a, 0xab, 0x27, 0xc6, 0xb1, 0x8b, 0x46, 0x9d, 0x40, 0x61, 0x56, + 0x19, 0x76, 0x88, 0xc4 + ] + ); + } +} diff --git a/src/scheme/xchacha20poly1305.rs b/src/scheme/xchacha20poly1305.rs new file mode 100644 index 0000000..e2bb8f2 --- /dev/null +++ b/src/scheme/xchacha20poly1305.rs @@ -0,0 +1,49 @@ +use crate::encryption::EncryptedData; +use crate::error::Result; +use chacha20poly1305::aead::{Aead, KeyInit, Payload}; +use chacha20poly1305::{Key, XChaCha20Poly1305, XNonce}; + +pub(crate) fn xchacha20poly1305_encrypt( + key: &[u8], + data: &[u8], + aad: &str, +) -> Result { + // Adapt the key + let key = Key::from_slice(key); + + // Generate a nonce + let mut nonce: [u8; 24] = [0; 24]; + getrandom::getrandom(&mut nonce)?; + let nonce = XNonce::from_slice(&nonce); + + // Prepare the payload + let payload = Payload { + msg: data, + aad: aad.as_bytes(), + }; + + // Encrypt the payload + let cipher = XChaCha20Poly1305::new(key); + let ciphertext = cipher.encrypt(nonce, payload)?; + + // Return the result + Ok(EncryptedData { + nonce: nonce.to_vec(), + ciphertext, + }) +} + +pub(crate) fn xchacha20poly1305_decrypt( + key: &[u8], + encrypted_data: &EncryptedData, + aad: &str, +) -> Result> { + let key = Key::from_slice(key); + let nonce = XNonce::from_slice(&encrypted_data.nonce); + let payload = Payload { + msg: &encrypted_data.ciphertext, + aad: aad.as_bytes(), + }; + let cipher = XChaCha20Poly1305::new(key); + Ok(cipher.decrypt(nonce, payload)?) +}