sodoken 0.1.0

libsodium wrapper providing tokio safe memory secure api access.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

//! Modules related to cryptographic secretbox encryption / decryption.
//!
//! #### Example SecretBox Encryption / Decryption
//!
//! ```
//! // generate a shared secret
//! let mut s_key = sodoken::SizedLockedArray::new().unwrap();
//! sodoken::random::randombytes_buf(&mut *s_key.lock()).unwrap();
//!
//! // sender encrypts a message
//! let msg = b"test-message".to_vec();
//! let mut nonce = [0; sodoken::secretbox::XSALSA_NONCEBYTES];
//! sodoken::random::randombytes_buf(&mut nonce).unwrap();
//! let mut cipher = vec![0; msg.len() + sodoken::secretbox::XSALSA_MACBYTES];
//! sodoken::secretbox::xsalsa_easy(
//!     &mut cipher,
//!     &nonce,
//!     &msg,
//!     &s_key.lock(),
//! ).unwrap();
//!
//! // receiver decrypts the message
//! let msg_len = cipher.len() - sodoken::secretbox::XSALSA_MACBYTES;
//! let mut msg = vec![0; msg_len];
//! sodoken::secretbox::xsalsa_open_easy(
//!     &mut msg,
//!     &cipher,
//!     &nonce,
//!     &s_key.lock(),
//! ).unwrap();
//!
//! assert_eq!(
//!     "test-message",
//!     String::from_utf8_lossy(&msg),
//! );
//! ```

use crate::*;

/// length of secretbox key
pub const XSALSA_KEYBYTES: usize =
    libsodium_sys::crypto_secretbox_xsalsa20poly1305_KEYBYTES as usize;

/// length of secretbox nonce
pub const XSALSA_NONCEBYTES: usize =
    libsodium_sys::crypto_secretbox_xsalsa20poly1305_NONCEBYTES as usize;

/// length of secretbox mac
pub const XSALSA_MACBYTES: usize =
    libsodium_sys::crypto_secretbox_xsalsa20poly1305_MACBYTES as usize;

/// encrypt data with crytpo_secretbox_xsalsa20poly1305_easy
pub fn xsalsa_easy(
    cipher: &mut [u8],
    nonce: &[u8; libsodium_sys::crypto_secretbox_xsalsa20poly1305_NONCEBYTES
         as usize],
    message: &[u8],
    shared_key: &[u8;
         libsodium_sys::crypto_secretbox_xsalsa20poly1305_KEYBYTES
             as usize],
) -> Result<()> {
    let cipher_len = message.len()
        + libsodium_sys::crypto_secretbox_xsalsa20poly1305_MACBYTES as usize;

    if cipher.len() != cipher_len {
        return Err(Error::other("bad cipher size"));
    }

    // crypto_secretbox_xsalsa20poly1305_easy mainly failes from sized checked above
    //
    // INVARIANTS:
    //   - sodium_init() was called (enforced by sodium_init())
    //   - cipher size - calculated above
    //   - nonce size - checked above
    //   - shared_key size - checked above
    crate::sodium_init();
    #[allow(clippy::uninit_vec)]
    unsafe {
        if libsodium_sys::crypto_secretbox_easy(
            raw_ptr_char!(cipher),
            raw_ptr_char_immut!(message),
            message.len() as libc::c_ulonglong,
            raw_ptr_char_immut!(nonce),
            raw_ptr_char_immut!(shared_key),
        ) == 0_i32
        {
            Ok(())
        } else {
            Err(Error::other("internal"))
        }
    }
}

/// decrypt data with crypto_secretbox_xsalsa20poly1305_open_easy
pub fn xsalsa_open_easy(
    message: &mut [u8],
    cipher: &[u8],
    nonce: &[u8; libsodium_sys::crypto_secretbox_xsalsa20poly1305_NONCEBYTES
         as usize],
    shared_key: &[u8;
         libsodium_sys::crypto_secretbox_xsalsa20poly1305_KEYBYTES
             as usize],
) -> Result<()> {
    let msg_len = cipher.len()
        - libsodium_sys::crypto_secretbox_xsalsa20poly1305_MACBYTES as usize;

    if message.len() != msg_len {
        return Err(Error::other("bad message size"));
    }

    // crypto_secretbox_xsalsa20poly1305_open_easy mainly failes from sized checked above
    //
    // INVARIANTS:
    //   - sodium_init() was called (enforced by sodium_init())
    //   - message size - checked above
    //   - cipher size - checked above
    //   - nonce size - checked above
    //   - shared_key size - checked above
    crate::sodium_init();
    unsafe {
        if libsodium_sys::crypto_secretbox_open_easy(
            raw_ptr_char!(message),
            raw_ptr_char_immut!(cipher),
            cipher.len() as libc::c_ulonglong,
            raw_ptr_char_immut!(nonce),
            raw_ptr_char_immut!(shared_key),
        ) == 0_i32
        {
            Ok(())
        } else {
            Err(Error::other("internal"))
        }
    }
}

#[cfg(test)]
mod tests {
    // make sure the default `crypto_secretbox_*` are xsalsa
    // crypto_secretbox_xsalsa20poly1305_* doesn't include _easy...
    #[test]
    fn test_crypto_secretbox_assert_default_salsa() {
        let default_box_primitive = unsafe {
            let c = std::ffi::CStr::from_ptr(
                libsodium_sys::crypto_secretbox_primitive(),
            );
            c.to_str().unwrap()
        };
        assert_eq!("xsalsa20poly1305", default_box_primitive);
    }
}