internet2 0.9.0

Rust implementation for the stack of Internet2 protocols
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

// LNP/BP Core Library implementing LNPBP specifications & standards
// Written in 2020 by
//     Rajarshi Maitra
//
// To the extent possible under law, the author(s) have dedicated all
// copyright and related and neighboring rights to this software to
// the public domain worldwide. This software is distributed without
// any warranty.
//
// You should have received a copy of the MIT License
// along with this software.
// If not, see <https://opensource.org/licenses/MIT>.

use chacha20poly1305::aead::{Aead, NewAead, Payload};
use chacha20poly1305::{ChaCha20Poly1305, Key, Nonce};

use crate::noise::EncryptionError; /* Or `XChaCha20Poly1305` */

pub const TAG_SIZE: usize = 16;

// Encrypt a plaintext with associated data using the key and nonce.
// Returns the encrypted msg by mutating cipher_text array
pub fn encrypt(
    key: &[u8],
    nonce: u64,
    associated_data: &[u8],
    plaintext: &[u8],
    cipher_text: &mut [u8],
) -> Result<(), EncryptionError> {
    let mut chacha_nonce = [0u8; 12];
    chacha_nonce[4..].copy_from_slice(&nonce.to_le_bytes());

    let nonce = Nonce::from_slice(&chacha_nonce[..]);

    let key = Key::from_slice(key);

    let cipher = ChaCha20Poly1305::new(key);

    let payload = Payload {
        msg: plaintext,
        aad: associated_data,
    };

    let encrypted = cipher.encrypt(nonce, payload)?;

    if cipher_text.len() != encrypted.len() {
        return Err(EncryptionError::ExpectedMessageLenMismatch);
    }
    cipher_text.copy_from_slice(&encrypted[..]);

    Ok(())
}

// Decrypts the ciphertext with key, nonce and associated data
// Returns the decrypted plaintext
pub fn decrypt(
    key: &[u8],
    nonce: u64,
    associated_data: &[u8],
    ciphertext: &[u8],
    plain_text: &mut [u8],
) -> Result<(), EncryptionError> {
    let mut chacha_nonce = [0u8; 12];
    chacha_nonce[4..].copy_from_slice(&nonce.to_le_bytes());

    let nonce = Nonce::from_slice(&chacha_nonce[..]);

    let key = Key::from_slice(key);

    let cipher = ChaCha20Poly1305::new(key);

    let payload = Payload {
        msg: ciphertext,
        aad: associated_data,
    };

    let decrypted = cipher.decrypt(nonce, payload)?;

    if plain_text.len() != decrypted.len() {
        return Err(EncryptionError::ExpectedMessageLenMismatch);
    }
    plain_text.copy_from_slice(&decrypted[..]);

    Ok(())
}

#[cfg(test)]
mod test {
    use chacha20poly1305::aead::{Aead, NewAead};
    use chacha20poly1305::{ChaCha20Poly1305, Key, Nonce};

    use crate::chacha20poly1305::aead::AeadInPlace; /* Or `XChaCha20Poly1305` */

    #[test]
    fn test1() {
        // Encrypt decrypt a plain text
        let key = Key::from_slice(b"an example very very secret key."); // 32-bytes
        let cipher = ChaCha20Poly1305::new(key);

        let nonce = Nonce::from_slice(b"unique nonce"); // 12-bytes; unique per message

        let ciphertext = cipher
            .encrypt(nonce, b"plaintext message".as_ref())
            .expect("encryption failure!"); // NOTE: handle this error to avoid panics!
        let plaintext = cipher
            .decrypt(nonce, ciphertext.as_ref())
            .expect("decryption failure!"); // NOTE: handle this error to avoid panics!

        assert_eq!(&plaintext, b"plaintext message");
    }

    #[test]
    fn test2() {
        let key = Key::from_slice(b"an example very very secret key.");
        let cipher = ChaCha20Poly1305::new(key);

        let nonce = Nonce::from_slice(b"unique nonce"); // 128-bits; unique per message

        let mut buffer: Vec<u8> = Vec::new();
        buffer.extend_from_slice(b"plaintext message");

        // Encrypt `buffer` in-place, replacing the plaintext contents with
        // ciphertext
        cipher
            .encrypt_in_place(nonce, b"", &mut buffer)
            .expect("encryption failure!");

        // `buffer` now contains the message ciphertext
        assert_ne!(&buffer, b"plaintext message");

        // Decrypt `buffer` in-place, replacing its ciphertext context with the
        // original plaintext
        cipher
            .decrypt_in_place(nonce, b"", &mut buffer)
            .expect("decryption failure!");
        assert_eq!(&buffer, b"plaintext message");
    }
}