diff options
author | Katharina Fey <kookie@spacekookie.de> | 2018-04-02 14:49:27 +0200 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2018-04-02 14:49:27 +0200 |
commit | b52005f49e229e7f69632703e7f152b98ed9988b (patch) | |
tree | 571270559832e8a481f7f524cb95539aa1fa26f6 /src/security | |
parent | c789005d19660f9f56b6eab7090a58758b5c7a07 (diff) |
Lots of refactoring
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/crypto.rs | 71 | ||||
-rw-r--r-- | src/security/hash.rs | 27 | ||||
-rw-r--r-- | src/security/keys.rs | 59 | ||||
-rw-r--r-- | src/security/mod.rs | 9 | ||||
-rw-r--r-- | src/security/utils.rs | 90 |
5 files changed, 0 insertions, 256 deletions
diff --git a/src/security/crypto.rs b/src/security/crypto.rs deleted file mode 100644 index da7ccdb..0000000 --- a/src/security/crypto.rs +++ /dev/null @@ -1,71 +0,0 @@ -//! - -use miscreant::aead::{Aes256Siv, Algorithm}; -use security::{encoding, random, keys::{Key, KEY_LENGTH}}; -use serde::{Serialize, de::DeserializeOwned}; -use serde_json; -use std::error::Error; - -/// The main encryption context -pub struct CryptoEngine { - ctx: Aes256Siv, - key: Key, - iv: Vec<u8>, -} - -/// Represents some packed data – includes nonce and blob -#[derive(Serialize, Deserialize)] -struct PackedData { - nonce: Vec<u8>, - data: Vec<u8>, -} - -impl CryptoEngine { - /// Create a new encryption context with a key - pub fn new(key: Key) -> CryptoEngine { - return CryptoEngine { - ctx: Aes256Siv::new(&key.to_slice()), - key: key, - iv: random::bytes(KEY_LENGTH), - }; - } - - /// Load an existing encryption context into scope - pub fn load(key: Key, iv: Vec<u8>) -> CryptoEngine { - return CryptoEngine { - ctx: Aes256Siv::new(&key.to_slice()), - key: key, - iv: iv, - }; - } - - /// Encrypt a piece of data, returns a packed and encoded string - pub fn encrypt<T: Serialize>(&mut self, data: &T) -> Result<String, Box<Error>> { - let serial = serde_json::to_string(&data)?; - let nonce = random::bytes(64); - let iv = &self.iv.as_slice(); - let data = &serial.as_bytes(); - - let encrypted = self.ctx.seal(nonce.as_slice(), iv, data); - let packed = PackedData { - nonce: nonce, - data: encrypted, - }; - - let enc_packed = serde_json::to_string(&packed)?; - return Ok(encoding::base64_encode(&enc_packed.into_bytes())); - } - - /// Decrypt a ciphertext string into a type object - pub fn decrypt<T: DeserializeOwned>(&mut self, cipher: String) -> Result<T, Box<Error>> { - let dec_packed = String::from_utf8(encoding::base64_decode(&cipher))?; - let p: PackedData = serde_json::from_str(&dec_packed)?; - - let iv = &self.iv.as_slice(); - let decrypted = self.ctx.open(p.nonce.as_slice(), iv, p.data.as_slice())?; - let decr_str = String::from_utf8(decrypted)?; - - let t: T = serde_json::from_str(&decr_str)?; - return Ok(t); - } -} diff --git a/src/security/hash.rs b/src/security/hash.rs deleted file mode 100644 index 39d9f4c..0000000 --- a/src/security/hash.rs +++ /dev/null @@ -1,27 +0,0 @@ -//! Hashing submodule -//! - -use blake2::Blake2s; -use blake2::digest::{Input, VariableOutput}; - -/* To make sure I don't typo all over this */ -const BLAKE_16_LENGTH: usize = 16; - -pub fn blake2_16(data: &str, salt: &str) -> [u8; BLAKE_16_LENGTH] { - - let mut hasher = match Blake2s::new(BLAKE_16_LENGTH) { - Ok(res) => res, - Err(some) => panic!(some), - }; - - let to_hash = format!("{}{}", data, salt); - hasher.process(to_hash.as_bytes()); - - let mut buffer = [0u8; BLAKE_16_LENGTH]; - match hasher.variable_result(&mut buffer) { - Ok(res) => res, - Err(e) => panic!(e), - }; - - return buffer; -} diff --git a/src/security/keys.rs b/src/security/keys.rs deleted file mode 100644 index 83898ba..0000000 --- a/src/security/keys.rs +++ /dev/null @@ -1,59 +0,0 @@ -//! A module that handles key generation and key loading -//! - - - -use std::fs::File; -use std::io::prelude::*; - -use super::utils::{Hashing, Encoding, Random}; -pub const KEY_LENGTH: usize = 64; - - -/// A wrapper to represent a key for encryption -#[derive(Debug, Serialize, Deserialize, Eq, PartialEq, Clone)] -pub struct Key { - pub data: Vec<u8>, -} - -impl Key { - /// Create a new key from scratch - pub fn new() -> Key { - let data = Random::bytes(KEY_LENGTH); - return Key { data: data }; - } - - /// Use a password as a key - pub fn from_password(password: &str, salt: &str) -> Key { - let hashed = Hashing::blake2(password, salt); - let mut vec: Vec<u8> = Vec::new(); - for b in &hashed { - vec.push(b.clone()); - } - return Key { data: vec }; - } - - /// Load an encrypted key from disk - pub fn load(path: &String, password: &str) -> Key { - let tmp_key = Key::from_password(password, "REPLACE WITH SALT"); - - return Key::new(); - } - - /// Save the current key, encrypted to disk - pub fn save(&self, path: &String, password: &str) { - let tmp_key = Key::from_password(password, "REPLACE WITH SALT"); - // let ctx = CryptoCtx::existing(&tmp_key); - - // let encrypted = ctx.encrypt(&self.clone()); - // let key_file = File::create(path).unwrap(); - // key_file.write_all(encrypted.as_bytes()).unwrap(); - } - - /// Used to get the raw data from this key, as a slice copy - pub fn to_slice(&self) -> [u8; KEY_LENGTH] { - let mut slice: [u8; KEY_LENGTH] = [0; KEY_LENGTH]; - slice.clone_from_slice(&self.data); - return slice; - } -} diff --git a/src/security/mod.rs b/src/security/mod.rs deleted file mode 100644 index f12bab6..0000000 --- a/src/security/mod.rs +++ /dev/null @@ -1,9 +0,0 @@ -//! Cryptography module for lockchain -//! -//! A crypto engine is attached to a vault and provides easy to use -//! and high-level encryption and decryption functions. - -// Utility modules -pub mod utils; -pub mod crypto; -pub mod keys;
\ No newline at end of file diff --git a/src/security/utils.rs b/src/security/utils.rs deleted file mode 100644 index 7b38674..0000000 --- a/src/security/utils.rs +++ /dev/null @@ -1,90 +0,0 @@ -//! A collection of utility submodules -//! -//! - -/// Encoding module -pub mod Encoding { - use base64; - use std::fmt::Write; - - /// Encode a piece of arbitary data into a bse64 string - pub fn base64_encode(data: &Vec<u8>) -> String { - return base64::encode(data); - } - - /// Decode a base64 string into arbitrary data - pub fn base64_decode(data: &String) -> Vec<u8> { - return base64::decode(data).unwrap(); - } - - /// Simply encode a byte-string as hexadecimal symbols - pub fn encode_hex(data: &str) -> String { - let mut s = String::new(); - for &byte in data.as_bytes() { - write!(&mut s, "{:X}", byte).expect("Unable to HEX encode!"); - } - - return s; - } -} - -/// A hashing utility module -pub mod Hashing { - use blake2::Blake2s; - use blake2::digest::{Input, VariableOutput}; - - const BLAKE_16_LENGTH: usize = 16; - - /// Hash a value with blake2 - pub fn blake2(data: &str, salt: &str) -> [u8; BLAKE_16_LENGTH] { - let mut hasher = match Blake2s::new(BLAKE_16_LENGTH) { - Ok(res) => res, - Err(some) => panic!(some), - }; - - let to_hash = format!("{}{}", data, salt); - hasher.process(to_hash.as_bytes()); - - let mut buffer = [0u8; BLAKE_16_LENGTH]; - match hasher.variable_result(&mut buffer) { - Ok(res) => res, - Err(e) => panic!(e), - }; - - return buffer; - } -} - -/// Random number utility module for lockchain -/// -/// Provides stateless secure random number and byte generation -pub mod Random { - use rand::{thread_rng, Rng}; - - /// Generate a random number with an upper bound - pub fn number(bound: u64) -> u64 { - return thread_rng().next_u64() % bound; - } - - /// Generate a sequence of random bytes that are returned - /// as a vector. - /// - /// Can at most allocate 2048 bytes at a time - /// FIXME: That shouldn't have a limit! - pub fn bytes(length: usize) -> Vec<u8> { - let mut vec: Vec<u8> = Vec::new(); - - if length > 2048 { - return vec; - } - - let mut random_data = [0u8; 2048]; - thread_rng().fill_bytes(&mut random_data); - - for i in 0..length { - vec.push(random_data[i]); - } - - return vec; - } -} |