networking 0.1.9

secure RSA + AES network implementations in a peer to peer enabled manner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

use crate::error::NetworkError;
use crate::StreamHeader;
use crypto::{
    aessafe::{AesSafe128DecryptorX8, AesSafe128EncryptorX8},
    symmetriccipher::{BlockDecryptorX8, BlockEncryptorX8},
};

use rand::rngs::OsRng;
use rsa::{PaddingScheme, PublicKey, RSAPrivateKey, RSAPublicKey};
// ==================================================================================
//                               AES Encryption
// =================================================================================

/// view the header for the packet, without decrypting anything else
pub fn header_peak(key: &[u8], input: &[u8]) -> Result<StreamHeader, NetworkError>{
    let decryptor = AesSafe128DecryptorX8::new(key);
    let mut header_vec = Vec::with_capacity(128);
    unsafe { header_vec.set_len(128) }
    // decrypt the StreamHeader
    decryptor.decrypt_block_x8(&input[0..128], &mut header_vec);
    let remote_header = StreamHeader::from_raw_padded(&header_vec)?;
    Ok(remote_header)
}

/// uses rsa to encrypt an aes key, that is used to encrypt the main body of the data
pub fn asym_aes_encrypt(
    pub_key: &RSAPublicKey,
    mut header: StreamHeader,
    input: &[u8],
) -> Result<Vec<u8>, NetworkError> {
    assert!(input.len() < (65536));
    // returned from the function
    let mut output = Vec::new();
    // used in rsa encryption
    let mut rng = OsRng;
    // vector containing input data
    let mut data = Vec::new();
    data.extend_from_slice(&input);
    // ensure data can be modulated by 128
    let rem: u8 = 128 - ((input.len() % 128) as u8);
    let mut aes_padding = Vec::with_capacity(rem as usize);
    unsafe {
        aes_padding.set_len(rem as usize);
    }
    // place padding in the input vector
    data.append(&mut aes_padding);
    assert_eq!(data.len() % 128, 0);
    let encryptor = AesSafe128EncryptorX8::new(header.key());
    header.set_remander(rem);
    // make sure data length is tracted in case multiple packets are sent at the same time
    header.set_packet_len(data.len());
    // convert header to binary, should only be of length 126, 50 byte global hash, 50 byte peer hash, 16 bytes aes key, 8 bytes data len, 1 byte remander len
    let key = header.to_raw();
    assert!(key.len() < 246);
    let padding = PaddingScheme::new_pkcs1v15_encrypt();
    // use rsa to encrypt the aes key
    let mut enc_key = pub_key.encrypt(&mut rng, padding, &key)?;
    output.append(&mut enc_key);
    let full_len = input.len() + rem as usize;
    for index in (0..full_len).step_by(128) {
        let mut read_data: [u8; 128] = [0; 128];
        // encrypt in sections of 8 blocks, each block having 16 bytes for a total of 128 bytes
        encryptor.encrypt_block_x8(&data[index..index + 128], &mut read_data[..]);
        output.extend_from_slice(&read_data);
    }
    Ok(output)
}
pub fn aes_inplace_decrypt(
    priv_key: &RSAPrivateKey,
    input: &mut Vec<u8>,
) -> Result<StreamHeader, NetworkError> {
    let padding = PaddingScheme::new_pkcs1v15_encrypt();
    let header = StreamHeader::from_raw(&priv_key.decrypt(padding, &input[0..256])?)?;
    let rem = header.remander();
    let data_len = header.packet_len();
    let decryptor = AesSafe128DecryptorX8::new(header.key());
    //let mut read_data: [u8; 128] = [0; 128];
    for index in (0..data_len).step_by(128) {
        let (outbuf, inbuf) = input.split_at_mut(index + 256);
        decryptor.decrypt_block_x8(&inbuf[0..128], &mut outbuf[index..index + 128]);
    }
    input.truncate(input.len() - (rem as usize + 256));
    //assert_eq!(String::from_utf8(input), instr.to_string());
    Ok(header)
}
// ===============================================================================
//                          AES Decryption
// ================================================================================
pub fn asym_aes_decrypt(
    priv_key: &RSAPrivateKey,
    input: &[u8],
) -> Result<(Vec<u8>, StreamHeader), NetworkError> {
    //assert!(input.len() < (65537));
    // create output vector
    let mut output = Vec::new();
    // decrypt the StreamHeader
    let padding = PaddingScheme::new_pkcs1v15_encrypt();
    let mut header = StreamHeader::from_raw(&priv_key.decrypt(padding, &input[0..256])?)?;
    println!("header: {:?}", header);
    let rem = header.remander();
    let data_len = header.packet_len();
    println!("packet len in asym: {}", data_len);
    let decryptor = AesSafe128DecryptorX8::new(header.key());
    let mut read_data: [u8; 128] = [0; 128];
    for index in (256..data_len + 256).step_by(128) {
        decryptor.decrypt_block_x8(&input[index..index + 128], &mut read_data[..]);
        output.extend_from_slice(&read_data);
    }
    let newlen = output.len() - (rem as usize);
    output.truncate(newlen);
    if (newlen + rem as usize + 256) < input.len() {
        let (next_packet, stream_header) =
            asym_aes_decrypt(priv_key, &input[data_len + 256..input.len()])?;
        header = stream_header;
        output.extend_from_slice(&next_packet);
    }
    Ok((output, header))
}
pub(crate) fn database_aes_decrypt(key: &[u8], outbuf: &mut Vec<u8>) {
    if outbuf.is_empty() || key.is_empty() {
        return;
    }
    let remander = outbuf[outbuf.len() - 1];
    let decryptor = AesSafe128DecryptorX8::new(key);
    let mut temp_vec = Vec::with_capacity(128);
    outbuf.truncate(outbuf.len() - 1);
    for index in (0..outbuf.len()).step_by(128) {
        unsafe { temp_vec.set_len(128) }
        decryptor.decrypt_block_x8(&outbuf[index..index + 128], &mut temp_vec[0..128]);
        std::io::copy(&mut &temp_vec[..], &mut &mut outbuf[index..index + 128]).unwrap();
        temp_vec.clear();
    }
    outbuf.truncate(outbuf.len() - remander as usize);
}
pub(crate) fn database_aes_encrypt(key: &[u8], outbuf: &mut Vec<u8>) {
    if outbuf.is_empty() || key.is_empty() {
        return;
    }
    let remander = 128 - (outbuf.len() % 128);
    let encryptor = AesSafe128EncryptorX8::new(key);
    let mut temp_vec = Vec::with_capacity(128);
    let mut rem_vec = Vec::with_capacity(remander);
    unsafe { rem_vec.set_len(remander) };
    outbuf.extend_from_slice(&rem_vec);
    for index in (0..outbuf.len()).step_by(128) {
        temp_vec.extend_from_slice(&outbuf[index..index + 128]);
        encryptor.encrypt_block_x8(&temp_vec, &mut outbuf[index..index + 128]);
        temp_vec.clear();
    }
    outbuf.push(remander as u8);
}
pub fn sym_aes_encrypt(header_ref: &StreamHeader, input: &[u8]) -> Vec<u8> {
    let mut header = header_ref.clone();
    let mut output = Vec::new();
    let remander: u8 = 128 - (input.len() % 128) as u8;
    let mut rem_vec = Vec::with_capacity(remander as usize);
    unsafe { rem_vec.set_len(remander as usize) }
    let key = header.key();
    let encryptor = AesSafe128EncryptorX8::new(key);
    let mut data = Vec::with_capacity(input.len() + 128);
    header.set_packet_len(input.len());
    header.set_remander(remander);
    data.extend_from_slice(&header.to_raw_padded());
    data.extend_from_slice(input);
    data.extend_from_slice(&rem_vec);
    let full_len = input.len();
    for index in (0..full_len + 128).step_by(128) {
        let mut read_data: [u8; 128] = [0; 128];
        // encrypt in sections of 8 blocks, each block having 16 bytes for a total of 128 bytes
        encryptor.encrypt_block_x8(&data[index..index + 128], &mut read_data[..]);
        output.extend_from_slice(&read_data);
    }
    output
}
pub fn sym_aes_decrypt(
    header: &StreamHeader,
    input: &[u8],
) -> Result<(Vec<u8>, StreamHeader, Vec<usize>), NetworkError> {
    println!("sym decrypt");
    let mut indexes = Vec::new();
    let decryptor = AesSafe128DecryptorX8::new(header.key());
    let mut header_vec = Vec::with_capacity(128);
    unsafe { header_vec.set_len(128) }
    // create output vector
    let mut output = Vec::new();
    // decrypt the StreamHeader
    decryptor.decrypt_block_x8(&input[0..128], &mut header_vec);
    let remote_header = StreamHeader::from_raw_padded(&header_vec)?;
    let rem = remote_header.remander();
    let data_len = remote_header.packet_len();
    let mut read_data: [u8; 128] = [0; 128];
    for index in (128..data_len + 128).step_by(128) {
        decryptor.decrypt_block_x8(&input[index..index + 128], &mut read_data[..]);
        output.extend_from_slice(&read_data);
    }
    let newlen = output.len() - (rem as usize);
    output.truncate(newlen);
    indexes.push(data_len);
    if (newlen + rem as usize + 128) < input.len() {
        let (next_packet, second_header, rec_indexes) =
            sym_aes_decrypt(header, &input[data_len + (rem as usize) + 128..input.len()])?;
        indexes.extend_from_slice(&rec_indexes);
        output.extend_from_slice(&next_packet);
        if second_header.peer_hash() != remote_header.peer_hash() {
            return Err(NetworkError::ConnectionDenied(
                "headers don't match in decryption".to_string(),
            ));
        }
    }
    Ok((output, remote_header, indexes))
}

// =============================================================================
//                              Tests
// =============================================================================
#[test]
fn sym_encrypt_test() {
    use crate::random_string;
    use rand::Rng;
    use std::time::SystemTime;
    for _ in 0..100 {
        let time = SystemTime::now();
        let mut rng = rand::thread_rng();
        let ffloat: f64 = rng.gen();
        let instr = random_string((ffloat * 65410f64) as usize);
        let key = random_string(16).into_bytes();
        let mut inbuf = instr.clone().into_bytes();
        let peer_hash = random_string(50);
        let mut header =
            StreamHeader::with_key(&random_string(50), &peer_hash, key.clone(), inbuf.len());
        let mut output = sym_aes_encrypt(&mut header, &mut inbuf);
        let sfloat: f64 = rng.gen();
        let second_str = random_string((sfloat * 65410f64) as usize);
        let mut second_buf = second_str.clone().into_bytes();
        let mut second_header =
            StreamHeader::with_key(&random_string(50), &peer_hash, key, second_buf.len());
        output.extend_from_slice(&sym_aes_encrypt(&mut second_header, &mut second_buf));
        let (inbuf, _stream_header, indexes) = sym_aes_decrypt(&header, &output).unwrap();
        let remstr = instr.into_bytes();
        let remsecstr = second_str.into_bytes();
        assert_eq!(remstr.len(), *indexes.get(0).unwrap());
        assert_eq!(remstr, inbuf[0..*indexes.get(0).unwrap()].to_vec());
        assert_eq!(remsecstr.len(), *indexes.get(1).unwrap());
        assert_eq!(
            remsecstr[0..256].to_vec(),
            inbuf[*indexes.get(0).unwrap()..*indexes.get(0).unwrap() + 256].to_vec()
        );
        let elapsed = time.elapsed().unwrap().as_millis();
        println!("elapsed: {}", elapsed);
        assert!(500 > elapsed);
    }
}
#[test]
fn asym_encrypt_test() {
    use std::time::SystemTime;
    let time = SystemTime::now();
    use crate::random_string;
    let stream_header = StreamHeader::new(&random_string(50), &random_string(50), 0);
    let private_key = crate::get_private_key();
    let public_key = RSAPublicKey::from(&private_key);
    let instr = random_string(65535 - 256);
    let indata = instr.clone().into_bytes();
    let mut outvec = asym_aes_encrypt(&public_key, stream_header.clone(), &indata).unwrap();
    let second_string = random_string(353);
    let secindata = second_string.clone().into_bytes();
    outvec.extend_from_slice(&asym_aes_encrypt(&public_key, stream_header, &secindata).unwrap());
    let (outvec, _header) = asym_aes_decrypt(&private_key, &mut outvec).unwrap();
    //assert_eq!(indata.len(), outvec.len());
    assert_eq!(indata, outvec[0..indata.len()].to_vec());
    assert_eq!(
        second_string.into_bytes(),
        outvec[indata.len()..outvec.len()].to_vec()
    );
    let elapsed = time.elapsed().unwrap().as_millis();
    println!("{}", elapsed);
    assert!(600 > elapsed);
}