crates/secd/src/util/crypter.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

use aes_gcm::{
    aead::{Aead, KeyInit, OsRng},
    Aes256Gcm, Nonce,
};
use argon2::{
    password_hash::{self, SaltString},
    Argon2, PasswordHasher,
};
use derive_more::Display;
use rand::Rng;
use sha2::{Digest, Sha256};
use thiserror::Error;

#[derive(Debug, Display, Error)]
pub enum CrypterError {
    EncryptError(String),
    DecryptError(String),
    DecodeError(String),
    HashError(String),
}

pub struct Crypter {
    pub key: Vec<u8>,
}

impl Crypter {
    pub fn new(key: &[u8]) -> Self {
        Self { key: key.to_vec() }
    }

    pub fn encrypt(&self, data: &[u8]) -> Result<Vec<u8>, CrypterError> {
        let mut hasher = Sha256::new();
        hasher.update(&self.key);

        let cipher = Aes256Gcm::new(&hasher.finalize());

        let rbs = rand::thread_rng().gen::<[u8; 12]>();
        let iv = Nonce::from_slice(&rbs);
        let crypt = cipher
            .encrypt(&iv, data)
            .map_err(|e| CrypterError::EncryptError(e.to_string()))?;

        let mut msg = iv.to_vec();
        msg.extend_from_slice(&crypt);
        Ok(msg)
    }

    pub fn decrypt(&self, data: &[u8]) -> Result<Vec<u8>, CrypterError> {
        let mut hasher = Sha256::new();
        hasher.update(&self.key);

        let cipher = Aes256Gcm::new(&hasher.finalize());

        let iv = Nonce::from_slice(&data[0..=11]);
        let data = &data[12..];
        Ok(cipher
            .decrypt(&iv, data)
            .map_err(|e| CrypterError::DecryptError(e.to_string()))?)
    }

    pub fn hash(&self, data: &[u8]) -> Result<String, CrypterError> {
        let salt = SaltString::generate(&mut OsRng);
        let hasher = Argon2::default();
        Ok(hasher
            .hash_password(data, &salt)
            .map_err(|e| CrypterError::HashError(e.to_string()))?
            .to_string())
    }
}

#[cfg(test)]
mod test {
    use super::*;

    #[test]
    fn encrypt_data_test() {
        let crypter = Crypter {
            key: "testkey".to_string().into_bytes(),
        };

        let plaintext = "This is a secret.";
        let enc = crypter.encrypt(&plaintext.as_bytes()).unwrap();

        let res = crypter.decrypt(&enc).unwrap();
        assert_eq!(plaintext, std::str::from_utf8(&res).unwrap());
    }
}