diff --git a/src/crypto.rs b/src/crypto.rs index c14b7b1..fc1c853 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -4,7 +4,7 @@ use anyhow::{Error, Result}; use serde::{Deserialize, Serialize}; use sp_client::{ bitcoin::{ - hex::{DisplayHex, FromHex}, key::constants::SECRET_KEY_SIZE, secp256k1::{ecdh::SharedSecret, PublicKey}, Txid + hex::{DisplayHex, FromHex}, key::constants::SECRET_KEY_SIZE, Txid }, silentpayments::{ bitcoin_hashes::{sha256t_hash_newtype, Hash, HashEngine}, @@ -13,20 +13,12 @@ use sp_client::{ }; use tsify::Tsify; -use aes_gcm::{ - aead::{Aead, AeadInPlace, Nonce}, - aes::{ - cipher::{ - consts::{U32, U8}, - generic_array::GenericArray, - }, - Aes256, - }, - AesGcm, Key, TagSize, -}; +use aes_gcm::aead::{Aead, Payload}; pub use aes_gcm::{AeadCore, Aes256Gcm, KeyInit}; use rand::thread_rng; +const AAD: &[u8] = "4nk".as_bytes(); + const HALFKEYSIZE: usize = SECRET_KEY_SIZE / 2; const THIRTYTWO: usize = 32; @@ -40,7 +32,7 @@ impl SharedPoint { } } -#[derive(Debug, Serialize, Deserialize, Tsify, Clone)] +#[derive(Debug, Serialize, Deserialize, Tsify, Clone, Default, PartialEq)] #[tsify(from_wasm_abi, into_wasm_abi)] pub struct AnkSharedSecret { secret: String, @@ -183,8 +175,12 @@ impl Aes256Decryption { fn decrypt_arbitrary(&self) -> Result> { let cipher = Aes256Gcm::new(&self.aes_key.into()); + let payload = Payload { + msg: &self.cipher_text, + aad: AAD, + }; let plain = cipher - .decrypt(&self.nonce.into(), &*self.cipher_text) + .decrypt(&self.nonce.into(), payload) .map_err(|e| Error::msg(format!("{}", e)))?; Ok(plain) } @@ -294,8 +290,12 @@ impl Aes256Encryption { fn encrypt_arbitrary(&self) -> Result { let cipher = Aes256Gcm::new(&self.aes_key.into()); + let payload = Payload { + msg: &self.plaintext, + aad: AAD, + }; let cipher_text = cipher - .encrypt(&self.nonce.into(), &*self.plaintext) + .encrypt(&self.nonce.into(), payload) .map_err(|e| Error::msg(format!("{}", e)))?; let mut res = Vec::with_capacity(self.nonce.len() + cipher_text.len()); res.extend_from_slice(&self.nonce); @@ -375,137 +375,4 @@ mod tests { assert!(aes_dec.is_ok()); } - - #[test] - fn aes_encrypt_key() { - let plaintext = [1u8; HALFKEYSIZE]; - let mut aes_enc = Aes256Encryption::new(Purpose::Login, plaintext.to_vec()).unwrap(); - - let mut shared_secrets: HashMap = HashMap::new(); - let mut sp_address2shared_secrets: HashMap = - HashMap::new(); - let alice_secret = Vec::from_hex(ALICE_SHARED_SECRET).unwrap(); - let mut buf = [0u8;32]; - buf.copy_from_slice(&alice_secret); - sp_address2shared_secrets.insert( - ALICE_SP_ADDRESS.try_into().unwrap(), - AnkSharedSecret { secret: buf.to_lower_hex_string(), trusted: true } - ); - shared_secrets.insert( - Txid::from_str(TRANSACTION).unwrap(), - sp_address2shared_secrets, - ); - - aes_enc.set_shared_secret(shared_secrets); - - let sp_address2encrypted_keys = aes_enc.encrypt_keys_with_shared_secrets(); - - assert!(sp_address2encrypted_keys.is_ok()); - - let encrypted_key = sp_address2encrypted_keys - .unwrap() - .get(&ALICE_SP_ADDRESS.try_into().unwrap()) - .cloned(); - - let ciphertext = aes_enc.encrypt_with_aes_key(); - - assert!(ciphertext.is_ok()); - - let decrypt_key = Aes256Decryption::new( - Purpose::Arbitrary, - encrypted_key.unwrap(), - SharedSecret::from_str(ALICE_SHARED_SECRET).unwrap().secret_bytes(), - ); - - assert!(decrypt_key.is_ok()); - - let mut retrieved_key = [0u8;32]; - retrieved_key.copy_from_slice(&decrypt_key.unwrap().decrypt_with_key().unwrap()); - - let decrypt_msg = Aes256Decryption::new( - Purpose::Arbitrary, - ciphertext.unwrap(), - retrieved_key - ); - - let retrieved_plain = decrypt_msg.unwrap().decrypt_with_key(); - - assert!(retrieved_plain.is_ok()); - - assert!(retrieved_plain.unwrap() == plaintext); - } - -// #[test] -// fn aes_encrypt_key_many() { -// let plaintext = [1u8; THIRTYTWO]; -// let mut aes_enc = -// Aes256Encryption::new(Purpose::ThirtyTwoBytes, plaintext.to_vec()).unwrap(); - -// let mut shared_secrets: HashMap = HashMap::new(); -// let mut sp_address2shared_secrets: HashMap = -// HashMap::new(); -// let alice_secret = Vec::from_hex(ALICE_SHARED_SECRET).unwrap(); -// let mut buf = [0u8;32]; -// buf.copy_from_slice(&alice_secret); -// sp_address2shared_secrets.insert( -// ALICE_SP_ADDRESS.try_into().unwrap(), -// AnkSharedSecret { secret: buf, trusted: true } -// ); -// let bob_secret = Vec::from_hex(BOB_SHARED_SECRET).unwrap(); -// let mut buf = [0u8;32]; -// buf.copy_from_slice(&bob_secret); -// sp_address2shared_secrets.insert( -// BOB_SP_ADDRESS.try_into().unwrap(), -// AnkSharedSecret { secret: buf, trusted: true } -// ); -// shared_secrets.insert( -// Txid::from_str(TRANSACTION).unwrap(), -// sp_address2shared_secrets, -// ); - -// aes_enc.set_shared_secret(shared_secrets); - -// let mut sp_address2encrypted_keys = aes_enc.encrypt_keys_with_shared_secrets(); - -// assert!(sp_address2encrypted_keys.is_ok()); - -// // Alice -// let encrypted_key = sp_address2encrypted_keys -// .as_mut() -// .unwrap() -// .get(&ALICE_SP_ADDRESS.try_into().unwrap()) -// .cloned(); - -// let ciphertext = aes_enc.encrypt_with_aes_key(); - -// let aes_dec = Aes256Decryption::new( -// Purpose::ThirtyTwoBytes, -// ciphertext.unwrap(), -// encrypted_key.unwrap(), -// Some(SharedSecret::from_str(ALICE_SHARED_SECRET).unwrap()), -// ); - -// let retrieved_plain = aes_dec.unwrap().decrypt_with_key(); - -// assert!(retrieved_plain.unwrap() == plaintext); - -// // Bob -// let encrypted_key = sp_address2encrypted_keys -// .unwrap() -// .get(&BOB_SP_ADDRESS.try_into().unwrap()) -// .cloned(); - -// let ciphertext = aes_enc.encrypt_with_aes_key(); - -// let aes_dec = Aes256Decryption::new( -// Purpose::ThirtyTwoBytes, -// ciphertext.unwrap(), -// encrypted_key.unwrap(), -// Some(SharedSecret::from_str(BOB_SHARED_SECRET).unwrap()), -// ); - -// let retrieved_plain = aes_dec.unwrap().decrypt_with_key(); - -// assert!(retrieved_plain.unwrap() == plaintext); -// } }