2023-02-16 18:11:45 +00:00
|
|
|
//! Symmetric cypher stuff
|
|
|
|
|
|
2023-02-17 13:59:02 +00:00
|
|
|
use ::zeroize::Zeroize;
|
|
|
|
|
|
|
|
|
|
/// Secret, used for keys.
|
|
|
|
|
/// Grants that on drop() we will zero out memory
|
|
|
|
|
#[derive(Zeroize)]
|
|
|
|
|
#[zeroize(drop)]
|
|
|
|
|
#[allow(missing_debug_implementations)]
|
|
|
|
|
pub struct Secret {
|
|
|
|
|
secret: [u8; 32],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Secret {
|
|
|
|
|
/// return a reference to the secret
|
|
|
|
|
pub fn as_ref(&self) -> &[u8; 32] {
|
|
|
|
|
&self.secret
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 22:09:49 +00:00
|
|
|
|
|
|
|
|
impl From<[u8; 32]> for Secret {
|
|
|
|
|
fn from(shared_secret: [u8; 32]) -> Self {
|
|
|
|
|
Self {
|
|
|
|
|
secret: shared_secret,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-17 13:59:02 +00:00
|
|
|
impl From<::x25519_dalek::SharedSecret> for Secret {
|
|
|
|
|
fn from(shared_secret: ::x25519_dalek::SharedSecret) -> Self {
|
|
|
|
|
Self {
|
|
|
|
|
secret: shared_secret.to_bytes(),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// List of possible Ciphers
|
|
|
|
|
#[derive(Debug, Copy, Clone, PartialEq, ::num_derive::FromPrimitive)]
|
|
|
|
|
#[repr(u8)]
|
|
|
|
|
pub enum CipherKind {
|
2023-02-17 22:09:49 +00:00
|
|
|
/// XChaCha20_Poly1305
|
|
|
|
|
XChaCha20Poly1305 = 0,
|
2023-02-17 13:59:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl CipherKind {
|
|
|
|
|
/// required length of the nonce
|
|
|
|
|
pub fn nonce_len(&self) -> usize {
|
2023-02-17 22:09:49 +00:00
|
|
|
// TODO: how the hell do I take this from ::chacha20poly1305?
|
2023-02-17 13:59:02 +00:00
|
|
|
::ring::aead::CHACHA20_POLY1305.nonce_len()
|
|
|
|
|
}
|
|
|
|
|
/// required length of the key
|
|
|
|
|
pub fn key_len(&self) -> usize {
|
2023-02-17 22:09:49 +00:00
|
|
|
use ::chacha20poly1305::KeySizeUser;
|
|
|
|
|
::chacha20poly1305::XChaCha20Poly1305::key_size()
|
2023-02-17 13:59:02 +00:00
|
|
|
}
|
|
|
|
|
/// Length of the authentication tag
|
|
|
|
|
pub fn tag_len(&self) -> usize {
|
2023-02-17 22:09:49 +00:00
|
|
|
// TODO: how the hell do I take this from ::chacha20poly1305?
|
2023-02-17 13:59:02 +00:00
|
|
|
::ring::aead::CHACHA20_POLY1305.tag_len()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-17 22:09:49 +00:00
|
|
|
/// Additional Authenticated Data
|
2023-02-17 13:59:02 +00:00
|
|
|
#[derive(Debug)]
|
2023-02-17 22:09:49 +00:00
|
|
|
pub struct AAD<'a>(pub &'a mut [u8]);
|
|
|
|
|
|
|
|
|
|
/// Cipher direction, to make sure we don't reuse the same cipher
|
|
|
|
|
/// for both decrypting and encrypting
|
|
|
|
|
#[derive(Debug, Copy, Clone)]
|
|
|
|
|
#[repr(u8)]
|
|
|
|
|
pub enum CipherDirection {
|
|
|
|
|
/// Receive, to decrypt only
|
|
|
|
|
Recv = 0,
|
|
|
|
|
/// Send, to encrypt only
|
|
|
|
|
Send,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// actual ciphers
|
|
|
|
|
enum Cipher {
|
|
|
|
|
/// Cipher XChaha20_Poly1305
|
|
|
|
|
XChaCha20Poly1305(XChaCha20Poly1305),
|
2023-02-17 13:59:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Cipher {
|
|
|
|
|
/// Build a new Cipher
|
2023-02-17 22:09:49 +00:00
|
|
|
fn new(kind: CipherKind, secret: Secret) -> Self {
|
2023-02-17 13:59:02 +00:00
|
|
|
match kind {
|
2023-02-17 22:09:49 +00:00
|
|
|
CipherKind::XChaCha20Poly1305 => {
|
|
|
|
|
Self::XChaCha20Poly1305(XChaCha20Poly1305::new(secret))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
fn nonce_len(&self) -> usize {
|
|
|
|
|
match self {
|
|
|
|
|
Cipher::XChaCha20Poly1305(_) => {
|
|
|
|
|
// TODO: how the hell do I take this from ::chacha20poly1305?
|
|
|
|
|
::ring::aead::CHACHA20_POLY1305.nonce_len()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 22:30:19 +00:00
|
|
|
fn tag_len(&self) -> usize {
|
2023-02-17 22:09:49 +00:00
|
|
|
match self {
|
|
|
|
|
Cipher::XChaCha20Poly1305(_) => {
|
|
|
|
|
// TODO: how the hell do I take this from ::chacha20poly1305?
|
|
|
|
|
::ring::aead::CHACHA20_POLY1305.tag_len()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 22:30:19 +00:00
|
|
|
fn decrypt(&self, aad: AAD, data: &mut [u8]) -> Result<(), ()> {
|
2023-02-17 22:09:49 +00:00
|
|
|
match self {
|
|
|
|
|
Cipher::XChaCha20Poly1305(cipher) => {
|
|
|
|
|
use ::chacha20poly1305::{
|
|
|
|
|
aead::generic_array::GenericArray, AeadInPlace,
|
|
|
|
|
};
|
2023-02-17 22:30:19 +00:00
|
|
|
// FIXME: check min data length
|
|
|
|
|
let (nonce_bytes, data_and_tag) = data.split_at_mut(13);
|
|
|
|
|
let (data_notag, tag_bytes) = data_and_tag.split_at_mut(
|
|
|
|
|
data_and_tag.len() + 1
|
|
|
|
|
- ::ring::aead::CHACHA20_POLY1305.tag_len(),
|
2023-02-17 22:09:49 +00:00
|
|
|
);
|
2023-02-17 22:30:19 +00:00
|
|
|
let nonce = GenericArray::from_slice(nonce_bytes);
|
2023-02-17 22:09:49 +00:00
|
|
|
let tag = GenericArray::from_slice(tag_bytes);
|
|
|
|
|
let maybe = cipher.cipher.decrypt_in_place_detached(
|
2023-02-17 22:30:19 +00:00
|
|
|
nonce.into(),
|
2023-02-17 22:09:49 +00:00
|
|
|
aad.0,
|
|
|
|
|
data_notag,
|
|
|
|
|
tag,
|
|
|
|
|
);
|
|
|
|
|
if maybe.is_err() {
|
|
|
|
|
Err(())
|
|
|
|
|
} else {
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
2023-02-17 13:59:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-17 22:09:49 +00:00
|
|
|
/// Receive only cipher
|
|
|
|
|
#[allow(missing_debug_implementations)]
|
|
|
|
|
pub struct CipherRecv(Cipher);
|
|
|
|
|
|
|
|
|
|
impl CipherRecv {
|
|
|
|
|
/// Build a new Cipher
|
|
|
|
|
pub fn new(kind: CipherKind, secret: Secret) -> Self {
|
|
|
|
|
Self(Cipher::new(kind, secret))
|
|
|
|
|
}
|
|
|
|
|
/// Get the length of the nonce for this cipher
|
|
|
|
|
pub fn nonce_len(&self) -> usize {
|
|
|
|
|
self.0.nonce_len()
|
|
|
|
|
}
|
2023-02-17 22:30:19 +00:00
|
|
|
/// Decrypt a paket. Nonce and Tag are taken from the packet,
|
|
|
|
|
/// while you need to provide AAD (Additional Authenticated Data)
|
|
|
|
|
pub fn decrypt(&self, aad: AAD, data: &mut [u8]) -> Result<(), ()> {
|
|
|
|
|
self.0.decrypt(aad, data)
|
|
|
|
|
}
|
2023-02-17 22:09:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Send only cipher
|
|
|
|
|
#[allow(missing_debug_implementations)]
|
|
|
|
|
pub struct CipherSend {
|
|
|
|
|
nonce: Nonce,
|
|
|
|
|
cipher: Cipher,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl CipherSend {
|
|
|
|
|
/// Build a new Cipher
|
|
|
|
|
pub fn new(kind: CipherKind, secret: Secret) -> Self {
|
2023-02-17 13:59:02 +00:00
|
|
|
Self {
|
2023-02-17 22:09:49 +00:00
|
|
|
nonce: Nonce::new(),
|
|
|
|
|
cipher: Cipher::new(kind, secret),
|
2023-02-17 13:59:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 22:09:49 +00:00
|
|
|
/// Get the current nonce as &[u8]
|
|
|
|
|
pub fn nonce_as_bytes(&self) -> &[u8] {
|
|
|
|
|
self.nonce.as_bytes()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// XChaCha20Poly1305 cipher
|
|
|
|
|
struct XChaCha20Poly1305 {
|
|
|
|
|
cipher: ::chacha20poly1305::XChaCha20Poly1305,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl XChaCha20Poly1305 {
|
|
|
|
|
/// Initialize a new ChaChaPoly20 cipher with a random nonce
|
|
|
|
|
fn new(key: Secret) -> Self {
|
|
|
|
|
use ::chacha20poly1305::{KeyInit, XChaCha20Poly1305};
|
|
|
|
|
Self {
|
|
|
|
|
cipher: XChaCha20Poly1305::new(key.as_ref().into()),
|
|
|
|
|
}
|
2023-02-17 13:59:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-17 22:09:49 +00:00
|
|
|
//
|
|
|
|
|
// TODO: For efficiency "Nonce" should become a reference.
|
|
|
|
|
//
|
|
|
|
|
|
2023-02-16 18:11:45 +00:00
|
|
|
#[derive(Debug, Copy, Clone)]
|
|
|
|
|
#[repr(C)]
|
|
|
|
|
#[allow(missing_debug_implementations)]
|
|
|
|
|
struct NonceNum {
|
|
|
|
|
high: u32,
|
|
|
|
|
low: u64,
|
|
|
|
|
}
|
|
|
|
|
/// Nonce with sequence for chach20_apoly1305
|
2023-02-17 22:09:49 +00:00
|
|
|
#[derive(Copy, Clone)]
|
2023-02-16 18:11:45 +00:00
|
|
|
#[repr(C)]
|
|
|
|
|
pub union Nonce {
|
|
|
|
|
num: NonceNum,
|
2023-02-17 22:09:49 +00:00
|
|
|
raw: [u8; 12],
|
2023-02-16 18:11:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ::core::fmt::Debug for Nonce {
|
|
|
|
|
fn fmt(
|
|
|
|
|
&self,
|
|
|
|
|
f: &mut core::fmt::Formatter<'_>,
|
|
|
|
|
) -> Result<(), ::std::fmt::Error> {
|
|
|
|
|
#[allow(unsafe_code)]
|
|
|
|
|
unsafe {
|
|
|
|
|
core::fmt::Debug::fmt(&self.num, f)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Nonce {
|
|
|
|
|
// FIXME: nonces should be random!
|
|
|
|
|
/// Generate a new random Nonce
|
|
|
|
|
pub fn new() -> Self {
|
|
|
|
|
#[allow(unsafe_code)]
|
|
|
|
|
unsafe {
|
|
|
|
|
Self {
|
2023-02-17 22:09:49 +00:00
|
|
|
// chosen by a fair dice roll
|
|
|
|
|
// ahh, who am I kidding...
|
2023-02-16 18:11:45 +00:00
|
|
|
num: NonceNum { high: 42, low: 69 },
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 22:09:49 +00:00
|
|
|
/// Get reference to the nonce bytes
|
|
|
|
|
pub fn as_bytes(&self) -> &[u8] {
|
2023-02-16 18:11:45 +00:00
|
|
|
#[allow(unsafe_code)]
|
|
|
|
|
unsafe {
|
2023-02-17 22:09:49 +00:00
|
|
|
&self.raw
|
2023-02-16 18:11:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 22:09:49 +00:00
|
|
|
/// Create Nonce from array
|
|
|
|
|
pub fn from_slice(raw: [u8; 12]) -> Self {
|
2023-02-16 18:11:45 +00:00
|
|
|
#[allow(unsafe_code)]
|
|
|
|
|
unsafe {
|
2023-02-17 22:09:49 +00:00
|
|
|
Self { raw }
|
2023-02-16 18:11:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 22:09:49 +00:00
|
|
|
/// Go to the next nonce
|
|
|
|
|
pub fn advance(&mut self) {
|
2023-02-16 18:11:45 +00:00
|
|
|
#[allow(unsafe_code)]
|
|
|
|
|
unsafe {
|
|
|
|
|
let old_low = self.num.low;
|
|
|
|
|
self.num.low = self.num.low + 1;
|
|
|
|
|
if self.num.low < old_low {
|
|
|
|
|
self.num.high = self.num.high;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
