diff options
author | Katharina Fey <kookie@spacekookie.de> | 2017-12-12 20:07:13 +0100 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2017-12-12 20:07:13 +0100 |
commit | 2063abb029b8f1a828b1e5796ab2d7f72fd42b03 (patch) | |
tree | cd90e67ab5400ade319ae43cd56a1f6c4776cb03 /src | |
parent | 86ead1dfd26c31c9b591002e86c1fda4a8debda6 (diff) |
Using a random key for encryption – encrypting with password
Diffstat (limited to 'src')
-rw-r--r-- | src/vault/crypto/mod.rs | 54 |
1 files changed, 45 insertions, 9 deletions
diff --git a/src/vault/crypto/mod.rs b/src/vault/crypto/mod.rs index 2e2ad46..bea5883 100644 --- a/src/vault/crypto/mod.rs +++ b/src/vault/crypto/mod.rs @@ -6,6 +6,9 @@ use aesni::{Aes128, BlockCipher}; use generic_array::GenericArray; use std; +use rand::Rng; +use rand::os::OsRng; + pub mod hashing; pub mod encoding; @@ -13,32 +16,65 @@ const KEYLENGTH: usize = 16; /// The crypto engine which holds the key and AES context -/// +/// pub struct CryptoEngine { key: [u8; KEYLENGTH], + encrypted_key: Option<String>, aes: Aes128, iv: String, } impl CryptoEngine { - pub fn new(password: &str, salt: &str) -> CryptoEngine { - /* Make password to hash */ + /// Generate a new random key which is encrypted with the password + pub fn new(password: &str, _: &str) -> CryptoEngine { + + /* Generate some random key */ + let mut r = OsRng::new().unwrap(); + let mut random_data = vec![0u8, 255]; + r.fill_bytes(&mut random_data); + + /* Move key around */ + let mut secret_key = [0u8; KEYLENGTH]; + for i in 0..secret_key.len() { + secret_key[i] = random_data[i]; + } + + /* Encrypt secret_key with password */ let k = hashing::blake2_16(password, ""); + let tmp = CryptoEngine { + key: k, + encrypted_key: None, + aes: Aes128::new_varkey(&k).unwrap(), + iv: String::from("unused") + }; + let encryted_key_formatted = std::str::from_utf8(&secret_key).unwrap(); + let encrypted_key = tmp.encrypt(encryted_key_formatted); + let string = unsafe { String::from_utf8_unchecked(encrypted_key.clone()) }; + let encrypted_key_encoded = encoding::hex(&string); + /* Then actually create an engine and return it */ let me = CryptoEngine { - key: k.clone(), - aes: match Aes128::new_varkey(&k) { - Ok(_aes) => _aes, - Err(e) => panic!(e), - }, - iv: String::from("lockchain"), + key: secret_key, + encrypted_key: Some(encrypted_key_encoded), + aes: Aes128::new_varkey(&secret_key).unwrap(), + iv: String::from("unused") }; return me; } + /// Load an existing vault with it's encrypted key and password + pub fn load_existing(encrypted_key: &str, password: &str) { + + } + + /// Get the encrypted key that was used for a vault + pub fn dump_encrypted_key(&self) -> Option<String> { + return self.encrypted_key.clone(); + } + pub fn encrypt(&self, data: &str) -> Vec<u8> { let to_encrypt = self.pad_data(data); |