4nk/sdk_common
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add AAD in encrypted payload

Browse Source
This commit is contained in:
Sosthene 2024-05-06 15:53:58 +02:00
parent 932dc0ba55
commit a55760c944
1 changed files with 15 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
src/crypto.rs
View File

@ -4,7 +4,7 @@ use anyhow::{Error, Result};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sp_client::{ use sp_client::{
bitcoin::{ bitcoin::{
hex::{DisplayHex, FromHex}, key::constants::SECRET_KEY_SIZE, secp256k1::{ecdh::SharedSecret, PublicKey}, Txid hex::{DisplayHex, FromHex}, key::constants::SECRET_KEY_SIZE, Txid
}, },
silentpayments::{ silentpayments::{
bitcoin_hashes::{sha256t_hash_newtype, Hash, HashEngine}, bitcoin_hashes::{sha256t_hash_newtype, Hash, HashEngine},
@ -13,20 +13,12 @@ use sp_client::{
}; };
use tsify::Tsify; use tsify::Tsify;
use aes_gcm::{ use aes_gcm::aead::{Aead, Payload};
aead::{Aead, AeadInPlace, Nonce},
aes::{
cipher::{
consts::{U32, U8},
generic_array::GenericArray,
},
Aes256,
},
AesGcm, Key, TagSize,
};
pub use aes_gcm::{AeadCore, Aes256Gcm, KeyInit}; pub use aes_gcm::{AeadCore, Aes256Gcm, KeyInit};
use rand::thread_rng; use rand::thread_rng;
const AAD: &[u8] = "4nk".as_bytes();
const HALFKEYSIZE: usize = SECRET_KEY_SIZE / 2; const HALFKEYSIZE: usize = SECRET_KEY_SIZE / 2;
const THIRTYTWO: usize = 32; const THIRTYTWO: usize = 32;
@ -40,7 +32,7 @@ impl SharedPoint {
} }
} }
#[derive(Debug, Serialize, Deserialize, Tsify, Clone)] #[derive(Debug, Serialize, Deserialize, Tsify, Clone, Default, PartialEq)]
#[tsify(from_wasm_abi, into_wasm_abi)] #[tsify(from_wasm_abi, into_wasm_abi)]
pub struct AnkSharedSecret { pub struct AnkSharedSecret {
secret: String, secret: String,
@ -183,8 +175,12 @@ impl Aes256Decryption {
fn decrypt_arbitrary(&self) -> Result<Vec<u8>> { fn decrypt_arbitrary(&self) -> Result<Vec<u8>> {
let cipher = Aes256Gcm::new(&self.aes_key.into()); let cipher = Aes256Gcm::new(&self.aes_key.into());
let payload = Payload {
msg: &self.cipher_text,
aad: AAD,
};
let plain = cipher let plain = cipher
.decrypt(&self.nonce.into(), &*self.cipher_text) .decrypt(&self.nonce.into(), payload)
.map_err(|e| Error::msg(format!("{}", e)))?; .map_err(|e| Error::msg(format!("{}", e)))?;
Ok(plain) Ok(plain)
} }
@ -294,8 +290,12 @@ impl Aes256Encryption {
fn encrypt_arbitrary(&self) -> Result<CipherText> { fn encrypt_arbitrary(&self) -> Result<CipherText> {
let cipher = Aes256Gcm::new(&self.aes_key.into()); let cipher = Aes256Gcm::new(&self.aes_key.into());
let payload = Payload {
msg: &self.plaintext,
aad: AAD,
};
let cipher_text = cipher let cipher_text = cipher
.encrypt(&self.nonce.into(), &*self.plaintext) .encrypt(&self.nonce.into(), payload)
.map_err(|e| Error::msg(format!("{}", e)))?; .map_err(|e| Error::msg(format!("{}", e)))?;
let mut res = Vec::with_capacity(self.nonce.len() + cipher_text.len()); let mut res = Vec::with_capacity(self.nonce.len() + cipher_text.len());
res.extend_from_slice(&self.nonce); res.extend_from_slice(&self.nonce);
@ -375,137 +375,4 @@ mod tests {
assert!(aes_dec.is_ok()); assert!(aes_dec.is_ok());
} }
#[test]
fn aes_encrypt_key() {
let plaintext = [1u8; HALFKEYSIZE];
let mut aes_enc = Aes256Encryption::new(Purpose::Login, plaintext.to_vec()).unwrap();
let mut shared_secrets: HashMap<Txid, _> = HashMap::new();
let mut sp_address2shared_secrets: HashMap<SilentPaymentAddress, AnkSharedSecret> =
HashMap::new();
let alice_secret = Vec::from_hex(ALICE_SHARED_SECRET).unwrap();
let mut buf = [0u8;32];
buf.copy_from_slice(&alice_secret);
sp_address2shared_secrets.insert(
ALICE_SP_ADDRESS.try_into().unwrap(),
AnkSharedSecret { secret: buf.to_lower_hex_string(), trusted: true }
);
shared_secrets.insert(
Txid::from_str(TRANSACTION).unwrap(),
sp_address2shared_secrets,
);
aes_enc.set_shared_secret(shared_secrets);
let sp_address2encrypted_keys = aes_enc.encrypt_keys_with_shared_secrets();
assert!(sp_address2encrypted_keys.is_ok());
let encrypted_key = sp_address2encrypted_keys
.unwrap()
.get(&ALICE_SP_ADDRESS.try_into().unwrap())
.cloned();
let ciphertext = aes_enc.encrypt_with_aes_key();
assert!(ciphertext.is_ok());
let decrypt_key = Aes256Decryption::new(
Purpose::Arbitrary,
encrypted_key.unwrap(),
SharedSecret::from_str(ALICE_SHARED_SECRET).unwrap().secret_bytes(),
);
assert!(decrypt_key.is_ok());
let mut retrieved_key = [0u8;32];
retrieved_key.copy_from_slice(&decrypt_key.unwrap().decrypt_with_key().unwrap());
let decrypt_msg = Aes256Decryption::new(
Purpose::Arbitrary,
ciphertext.unwrap(),
retrieved_key
);
let retrieved_plain = decrypt_msg.unwrap().decrypt_with_key();
assert!(retrieved_plain.is_ok());
assert!(retrieved_plain.unwrap() == plaintext);
}
// #[test]
// fn aes_encrypt_key_many() {
// let plaintext = [1u8; THIRTYTWO];
// let mut aes_enc =
// Aes256Encryption::new(Purpose::ThirtyTwoBytes, plaintext.to_vec()).unwrap();
// let mut shared_secrets: HashMap<Txid, _> = HashMap::new();
// let mut sp_address2shared_secrets: HashMap<SilentPaymentAddress, AnkSharedSecret> =
// HashMap::new();
// let alice_secret = Vec::from_hex(ALICE_SHARED_SECRET).unwrap();
// let mut buf = [0u8;32];
// buf.copy_from_slice(&alice_secret);
// sp_address2shared_secrets.insert(
// ALICE_SP_ADDRESS.try_into().unwrap(),
// AnkSharedSecret { secret: buf, trusted: true }
// );
// let bob_secret = Vec::from_hex(BOB_SHARED_SECRET).unwrap();
// let mut buf = [0u8;32];
// buf.copy_from_slice(&bob_secret);
// sp_address2shared_secrets.insert(
// BOB_SP_ADDRESS.try_into().unwrap(),
// AnkSharedSecret { secret: buf, trusted: true }
// );
// shared_secrets.insert(
// Txid::from_str(TRANSACTION).unwrap(),
// sp_address2shared_secrets,
// );
// aes_enc.set_shared_secret(shared_secrets);
// let mut sp_address2encrypted_keys = aes_enc.encrypt_keys_with_shared_secrets();
// assert!(sp_address2encrypted_keys.is_ok());
// // Alice
// let encrypted_key = sp_address2encrypted_keys
// .as_mut()
// .unwrap()
// .get(&ALICE_SP_ADDRESS.try_into().unwrap())
// .cloned();
// let ciphertext = aes_enc.encrypt_with_aes_key();
// let aes_dec = Aes256Decryption::new(
// Purpose::ThirtyTwoBytes,
// ciphertext.unwrap(),
// encrypted_key.unwrap(),
// Some(SharedSecret::from_str(ALICE_SHARED_SECRET).unwrap()),
// );
// let retrieved_plain = aes_dec.unwrap().decrypt_with_key();
// assert!(retrieved_plain.unwrap() == plaintext);
// // Bob
// let encrypted_key = sp_address2encrypted_keys
// .unwrap()
// .get(&BOB_SP_ADDRESS.try_into().unwrap())
// .cloned();
// let ciphertext = aes_enc.encrypt_with_aes_key();
// let aes_dec = Aes256Decryption::new(
// Purpose::ThirtyTwoBytes,
// ciphertext.unwrap(),
// encrypted_key.unwrap(),
// Some(SharedSecret::from_str(BOB_SHARED_SECRET).unwrap()),
// );
// let retrieved_plain = aes_dec.unwrap().decrypt_with_key();
// assert!(retrieved_plain.unwrap() == plaintext);
// }
} }