Move the scheme related primitives to dedicated modules

2024-02-25 14:19:56 +01:00 · 2024-02-25 14:19:56 +01:00 · a1bf9e0bcc
commit a1bf9e0bcc
parent 382492e915
5 changed files with 73 additions and 66 deletions
--- a/src/encryption.rs
+++ b/src/encryption.rs
@ -2,8 +2,6 @@ use crate::canonicalization::{canonicalize, join_canonicalized_str};
 use crate::error::Result;
 use crate::kdf::derive_key;
 use crate::{storage, InputKeyMaterialList};
 use chacha20poly1305::aead::{Aead, KeyInit, Payload};
 use chacha20poly1305::{Key, XChaCha20Poly1305, XNonce};
 pub(crate) type DecryptionFunction = dyn Fn(&[u8], &EncryptedData, &str) -> Result<Vec<u8>>;
 pub(crate) type EncryptionFunction = dyn Fn(&[u8], &[u8], &str) -> Result<EncryptedData>;
@ -34,36 +32,6 @@ pub fn encrypt(
 	Ok(storage::encode(ikm.id, &encrypted_data))
 }
 pub(crate) fn xchacha20poly1305_encrypt(
 	key: &[u8],
 	data: &[u8],
 	aad: &str,
 ) -> Result<EncryptedData> {
 	// Adapt the key
 	let key = Key::from_slice(key);
 	// Generate a nonce
 	let mut nonce: [u8; 24] = [0; 24];
 	getrandom::getrandom(&mut nonce)?;
 	let nonce = XNonce::from_slice(&nonce);
 	// Prepare the payload
 	let payload = Payload {
 		msg: data,
 		aad: aad.as_bytes(),
 	};
 	// Encrypt the payload
 	let cipher = XChaCha20Poly1305::new(key);
 	let ciphertext = cipher.encrypt(nonce, payload)?;
 	// Return the result
 	Ok(EncryptedData {
 		nonce: nonce.to_vec(),
 		ciphertext,
 	})
 }
 pub fn decrypt(
 	ikml: &InputKeyMaterialList,
 	key_context: &[&str],
@ -78,21 +46,6 @@ pub fn decrypt(
 	decryption_function(&key, &encrypted_data, &aad)
 }
 pub(crate) fn xchacha20poly1305_decrypt(
 	key: &[u8],
 	encrypted_data: &EncryptedData,
 	aad: &str,
 ) -> Result<Vec<u8>> {
 	let key = Key::from_slice(key);
 	let nonce = XNonce::from_slice(&encrypted_data.nonce);
 	let payload = Payload {
 		msg: &encrypted_data.ciphertext,
 		aad: aad.as_bytes(),
 	};
 	let cipher = XChaCha20Poly1305::new(key);
 	Ok(cipher.decrypt(nonce, payload)?)
 }
 #[cfg(test)]
 mod tests {
 	use super::*;
--- a/src/kdf.rs
+++ b/src/kdf.rs
@ -9,10 +9,6 @@ pub(crate) fn derive_key(ikm: &InputKeyMaterial, key_context: &[&str]) -> Vec<u8
 	kdf(&key_context, &ikm.content)
 }
 pub(crate) fn blake3_derive(context: &str, ikm: &[u8]) -> Vec<u8> {
 	blake3::derive_key(context, ikm).to_vec()
 }
 #[cfg(test)]
 mod tests {
 	use crate::ikm::InputKeyMaterial;
@ -38,16 +34,4 @@ mod tests {
 			]
 		);
 	}
 	#[test]
 	fn blake3_derive() {
 		assert_eq!(
 			super::blake3_derive("this is a context", b"7b47db8f365e5b602fd956d35985e9e1"),
 			vec![
 				0xc4, 0xf4, 0x6c, 0xf2, 0x03, 0xd9, 0x2d, 0x7b, 0x72, 0xe8, 0xe7, 0x90, 0xa3, 0x62,
 				0x2a, 0xf4, 0x3c, 0x2a, 0xab, 0x27, 0xc6, 0xb1, 0x8b, 0x46, 0x9d, 0x40, 0x61, 0x56,
 				0x19, 0x76, 0x88, 0xc4
 			]
 		);
 	}
 }
--- a/src/scheme.rs
+++ b/src/scheme.rs
@ -2,6 +2,9 @@ use crate::encryption::{DecryptionFunction, EncryptionFunction};
 use crate::kdf::KdfFunction;
 use crate::Error;
 mod blake3;
 mod xchacha20poly1305;
 pub(crate) type SchemeSerializeType = u32;
 #[derive(Copy, Clone, Debug, PartialEq)]
@ -12,14 +15,14 @@ pub enum Scheme {
 impl Scheme {
 	pub(crate) fn get_kdf(&self) -> Box<KdfFunction> {
 		match self {
-			Scheme::XChaCha20Poly1305WithBlake3 => Box::new(crate::kdf::blake3_derive),
+			Scheme::XChaCha20Poly1305WithBlake3 => Box::new(blake3::blake3_derive),
 		}
 	}
 	pub(crate) fn get_decryption(&self) -> Box<DecryptionFunction> {
 		match self {
 			Scheme::XChaCha20Poly1305WithBlake3 => {
-				Box::new(crate::encryption::xchacha20poly1305_decrypt)
+				Box::new(xchacha20poly1305::xchacha20poly1305_decrypt)
 			}
 		}
 	}
@ -27,7 +30,7 @@ impl Scheme {
 	pub(crate) fn get_encryption(&self) -> Box<EncryptionFunction> {
 		match self {
 			Scheme::XChaCha20Poly1305WithBlake3 => {
-				Box::new(crate::encryption::xchacha20poly1305_encrypt)
+				Box::new(xchacha20poly1305::xchacha20poly1305_encrypt)
 			}
 		}
 	}
--- a/src/scheme/blake3.rs
+++ b/src/scheme/blake3.rs
@ -0,0 +1,18 @@
 pub(crate) fn blake3_derive(context: &str, ikm: &[u8]) -> Vec<u8> {
 	blake3::derive_key(context, ikm).to_vec()
 }
 #[cfg(test)]
 mod tests {
 	#[test]
 	fn blake3_derive() {
 		assert_eq!(
 			super::blake3_derive("this is a context", b"7b47db8f365e5b602fd956d35985e9e1"),
 			vec![
 				0xc4, 0xf4, 0x6c, 0xf2, 0x03, 0xd9, 0x2d, 0x7b, 0x72, 0xe8, 0xe7, 0x90, 0xa3, 0x62,
 				0x2a, 0xf4, 0x3c, 0x2a, 0xab, 0x27, 0xc6, 0xb1, 0x8b, 0x46, 0x9d, 0x40, 0x61, 0x56,
 				0x19, 0x76, 0x88, 0xc4
 			]
 		);
 	}
 }
--- a/src/scheme/xchacha20poly1305.rs
+++ b/src/scheme/xchacha20poly1305.rs
@ -0,0 +1,49 @@
 use crate::encryption::EncryptedData;
 use crate::error::Result;
 use chacha20poly1305::aead::{Aead, KeyInit, Payload};
 use chacha20poly1305::{Key, XChaCha20Poly1305, XNonce};
 pub(crate) fn xchacha20poly1305_encrypt(
 	key: &[u8],
 	data: &[u8],
 	aad: &str,
 ) -> Result<EncryptedData> {
 	// Adapt the key
 	let key = Key::from_slice(key);
 	// Generate a nonce
 	let mut nonce: [u8; 24] = [0; 24];
 	getrandom::getrandom(&mut nonce)?;
 	let nonce = XNonce::from_slice(&nonce);
 	// Prepare the payload
 	let payload = Payload {
 		msg: data,
 		aad: aad.as_bytes(),
 	};
 	// Encrypt the payload
 	let cipher = XChaCha20Poly1305::new(key);
 	let ciphertext = cipher.encrypt(nonce, payload)?;
 	// Return the result
 	Ok(EncryptedData {
 		nonce: nonce.to_vec(),
 		ciphertext,
 	})
 }
 pub(crate) fn xchacha20poly1305_decrypt(
 	key: &[u8],
 	encrypted_data: &EncryptedData,
 	aad: &str,
 ) -> Result<Vec<u8>> {
 	let key = Key::from_slice(key);
 	let nonce = XNonce::from_slice(&encrypted_data.nonce);
 	let payload = Payload {
 		msg: &encrypted_data.ciphertext,
 		aad: aad.as_bytes(),
 	};
 	let cipher = XChaCha20Poly1305::new(key);
 	Ok(cipher.decrypt(nonce, payload)?)
 }