rust-bottle 0.2.3

Rust implementation of Bottle protocol - layered message containers with encryption and signatures
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238

use crate::ecdh::rsa_encrypt;
use crate::errors::{BottleError, Result};
use rand::{CryptoRng, RngCore};
use rsa::RsaPublicKey;
use zeroize::Zeroize;

/// Securely clear sensitive data from memory.
///
/// This function uses the `zeroize` crate to overwrite memory with zeros,
/// helping to prevent sensitive data from remaining in memory after use.
/// This is important for cryptographic keys and other sensitive material.
///
/// # Arguments
///
/// * `data` - Mutable slice of bytes to clear
///
/// # Example
///
/// ```rust
/// use rust_bottle::utils::mem_clr;
///
/// let mut sensitive = vec![1, 2, 3, 4, 5];
/// mem_clr(&mut sensitive);
/// // sensitive is now all zeros
/// ```
pub fn mem_clr(data: &mut [u8]) {
    data.zeroize();
}

/// Encrypt a short buffer (like AES keys) to a public key.
///
/// This function encrypts small buffers (typically 32 bytes or less, like AES keys)
/// directly to a public key without using ECDH key exchange. This is useful for
/// key wrapping scenarios.
///
/// Currently supports RSA keys only. For RSA, the plaintext must be smaller than
/// the key size minus 42 bytes (for OAEP with SHA-256 padding).
///
/// # Arguments
///
/// * `rng` - A cryptographically secure random number generator
/// * `plaintext` - The plaintext to encrypt (should be short, e.g., 32 bytes for AES-256 keys)
/// * `public_key` - The recipient's public key (PKIX DER format or raw RSA public key bytes)
///
/// # Returns
///
/// * `Ok(Vec<u8>)` - Encrypted ciphertext
/// * `Err(BottleError::UnsupportedAlgorithm)` - If the key type is not supported
/// * `Err(BottleError::Encryption)` - If encryption fails
///
/// # Example
///
/// ```rust,no_run
/// use rust_bottle::utils::encrypt_short_buffer;
/// use rust_bottle::keys::RsaKey;
/// use rust_bottle::ecdh::rsa_encrypt;
/// use rand::rngs::OsRng;
///
/// let rng = &mut OsRng;
/// let rsa_key = RsaKey::generate(rng, 2048).unwrap();
///
/// // Encrypt a 32-byte AES key
/// // Note: For now, use rsa_encrypt directly with RsaPublicKey
/// // PKIX parsing for RSA is not yet fully implemented
/// let aes_key = vec![0u8; 32];
/// let ciphertext = rsa_encrypt(rng, &aes_key, rsa_key.public_key()).unwrap();
/// ```
pub fn encrypt_short_buffer<R: RngCore + CryptoRng>(
    rng: &mut R,
    plaintext: &[u8],
    public_key: &[u8],
) -> Result<Vec<u8>> {
    // Try to parse as PKIX (SubjectPublicKeyInfo) format
    // Check if it looks like PKIX format (starts with DER SEQUENCE tag 0x30)
    if !public_key.is_empty() && public_key[0] == 0x30 {
        // Try to parse as PKIX and extract RSA public key
        if let Ok(rsa_pub_key) = parse_rsa_public_key_from_pkix(public_key) {
            return rsa_encrypt(rng, plaintext, &rsa_pub_key);
        }
    }

    // Note: PKCS#1 parsing is not yet fully implemented
    // For now, users should use rsa_encrypt directly with an RsaPublicKey reference,
    // or provide keys in PKIX format

    // If we can't parse as RSA, return unsupported
    Err(BottleError::UnsupportedAlgorithm)
}

/// Parse RSA public key from PKIX (SubjectPublicKeyInfo) format.
fn parse_rsa_public_key_from_pkix(der_bytes: &[u8]) -> Result<RsaPublicKey> {
    use const_oid::db::rfc5912;
    use der::asn1::AnyRef;
    use der::asn1::BitString;
    use der::Decode;
    use spki::SubjectPublicKeyInfo;

    let spki: SubjectPublicKeyInfo<AnyRef, BitString> =
        SubjectPublicKeyInfo::from_der(der_bytes).map_err(|_| BottleError::InvalidKeyType)?;

    // Check if it's an RSA key (OID 1.2.840.113549.1.1.1)
    if spki.algorithm.oid != rfc5912::RSA_ENCRYPTION {
        return Err(BottleError::InvalidKeyType);
    }

    // Extract the RSA public key bytes (RSAPublicKey structure)
    let rsa_key_bytes = spki.subject_public_key.raw_bytes();

    // Parse RSAPublicKey structure (SEQUENCE { n INTEGER, e INTEGER })
    parse_rsa_public_key_pkcs1(rsa_key_bytes)
}

/// Parse RSA public key from PKCS#1 format (RSAPublicKey structure).
///
/// RSAPublicKey ::= SEQUENCE {
///     modulus           INTEGER,  -- n
///     publicExponent    INTEGER   -- e
/// }
///
/// This function manually parses the DER-encoded sequence to extract
/// the modulus (n) and public exponent (e).
fn parse_rsa_public_key_pkcs1(der_bytes: &[u8]) -> Result<RsaPublicKey> {
    use der::Decode;
    use rsa::BigUint;

    // Manual DER parsing of SEQUENCE { INTEGER, INTEGER }
    // DER format: [0x30 (SEQUENCE tag)] [length] [INTEGER n] [INTEGER e]

    if der_bytes.is_empty() || der_bytes[0] != 0x30 {
        return Err(BottleError::InvalidKeyType);
    }

    // Skip SEQUENCE tag (0x30) and length byte(s)
    let mut pos = 1;
    if pos >= der_bytes.len() {
        return Err(BottleError::InvalidKeyType);
    }

    // Parse length (can be short form or long form)
    let seq_len = if (der_bytes[pos] & 0x80) == 0 {
        // Short form: length is in the byte itself
        let len = der_bytes[pos] as usize;
        pos += 1;
        len
    } else {
        // Long form: length is encoded in multiple bytes
        let len_bytes = (der_bytes[pos] & 0x7f) as usize;
        if len_bytes == 0 || len_bytes > 4 || pos + len_bytes >= der_bytes.len() {
            return Err(BottleError::InvalidKeyType);
        }
        pos += 1;
        let mut len = 0usize;
        for i in 0..len_bytes {
            len = (len << 8) | (der_bytes[pos + i] as usize);
        }
        pos += len_bytes;
        len
    };

    if pos + seq_len > der_bytes.len() {
        return Err(BottleError::InvalidKeyType);
    }

    // Now parse the two INTEGERs from the sequence content
    let seq_content = &der_bytes[pos..pos + seq_len];

    // Parse first INTEGER (modulus n)
    let n_uint = der::asn1::Uint::from_der(seq_content).map_err(|_| BottleError::InvalidKeyType)?;

    // Calculate offset for second integer
    // INTEGER tag (0x02) + length + value
    let n_len = if seq_content.is_empty() || seq_content[0] != 0x02 {
        return Err(BottleError::InvalidKeyType);
    } else {
        let mut n_pos = 1;
        if n_pos >= seq_content.len() {
            return Err(BottleError::InvalidKeyType);
        }
        let n_val_len = if (seq_content[n_pos] & 0x80) == 0 {
            let len = seq_content[n_pos] as usize;
            n_pos += 1;
            len
        } else {
            let len_bytes = (seq_content[n_pos] & 0x7f) as usize;
            if len_bytes == 0 || len_bytes > 4 || n_pos + len_bytes >= seq_content.len() {
                return Err(BottleError::InvalidKeyType);
            }
            n_pos += 1;
            let mut len = 0usize;
            for i in 0..len_bytes {
                len = (len << 8) | (seq_content[n_pos + i] as usize);
            }
            n_pos += len_bytes;
            len
        };
        n_pos + n_val_len
    };

    if n_len >= seq_content.len() {
        return Err(BottleError::InvalidKeyType);
    }

    // Parse second INTEGER (exponent e)
    let e_uint = der::asn1::Uint::from_der(&seq_content[n_len..])
        .map_err(|_| BottleError::InvalidKeyType)?;

    // Convert to BigUint
    let n = BigUint::from_bytes_be(n_uint.as_bytes());
    let e = BigUint::from_bytes_be(e_uint.as_bytes());

    // Create RsaPublicKey
    RsaPublicKey::new(n, e).map_err(|_| BottleError::InvalidKeyType)
}

/// Decrypt a short buffer using a private key.
///
/// # Note
///
/// This is a placeholder function. It will be implemented in a future release
/// to support decrypting small buffers encrypted with `encrypt_short_buffer`.
///
/// # Arguments
///
/// * `_ciphertext` - The encrypted data
/// * `_private_key` - The recipient's private key
///
/// # Returns
///
/// * `Err(BottleError::UnsupportedAlgorithm)` - Currently not implemented
///
/// # Future Implementation
///
/// This will support RSA decryption for short buffers when RSA support is added.
pub fn decrypt_short_buffer(_ciphertext: &[u8], _private_key: &[u8]) -> Result<Vec<u8>> {
    // This will be implemented based on the key type
    // For now, placeholder
    Err(BottleError::UnsupportedAlgorithm)
}