tox_core 0.1.1

The core of tox
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

/*! A tls-like module for relay packets

Establish a secure [`Channel`](./struct.Channel.html)
between two people using temporary [`Session`](./struct.Session.html)s.

# Example

```no_run
use tox_core::relay::secure::*;

let alice_session = Session::random();
let bob_session = Session::random();

// assume we got Alice's PK & Nonce via handshake
let alice_pk = *alice_session.pk();
let alice_nonce = *alice_session.nonce();

// assume we got Bob's PK & Nonce via handshake
let bob_pk = *bob_session.pk();
let bob_nonce = *bob_session.nonce();

// Now both Alice and Bob may create secure Channels
let alice_channel = Channel::new(&alice_session, &bob_pk, &bob_nonce);
let bob_channel = Channel::new(&bob_session, &alice_pk, &alice_nonce);

// And now they may communicate sending encrypted data to each other

// Alice encrypts the message
let alice_msg = "Hello Bob!";
let alice_msg_encrypted = alice_channel.encrypt(alice_msg.as_bytes());
assert_ne!(alice_msg.as_bytes().to_vec(), alice_msg_encrypted);
// Alice sends it somehow

// Bob receives and decrypts
assert_eq!( alice_msg.as_bytes().to_vec(), bob_channel.decrypt(alice_msg_encrypted.as_ref()).unwrap() );

// Now Bob encrypts his message
let bob_msg = "Oh hello Alice!";
let bob_msg_encrypted = bob_channel.encrypt(bob_msg.as_bytes());
assert_ne!(bob_msg.as_bytes().to_vec(), bob_msg_encrypted);
// And sends it back to Alice

assert_eq!( bob_msg.as_bytes().to_vec(), alice_channel.decrypt(bob_msg_encrypted.as_ref()).unwrap() );
```

*/

use tox_crypto::*;

use std::cell::RefCell;

/** A Session is created on both sides.
Its PK and Nonce is sent from a client to server via handshake.
A server creates its own `Session`, creates [`Channel`](./struct.Channel.html)
and replies with its Session PK and Nonce to the client, the client creates `Channel`.

After the handshake is complited, they may both encrypt and decrypt messages using
their `Channel`s.
*/

pub struct Session {
    /// pk must be sent to another person
    pk: PublicKey,
    /// sk is used with `other_pk` to create a `PrecomputedKey`
    /// to establish a secure [`Channel`](./struct.Channel.html)
    sk: SecretKey,
    /// nonce must be sent to another person
    nonce: Nonce
}

impl Session {
    /** Create a new `Session` with random pk, sk and nonce.
    You should send it to establish a secure [`Channel`](./struct.Channel.html)
    */
    pub fn random() -> Session {
        let (pk, sk) = gen_keypair();
        let nonce = gen_nonce();
        Session { pk, sk, nonce }
    }

    /// Get the PK of the Session
    pub fn pk(&self) -> &PublicKey {
        &self.pk
    }

    /// Get the Nonce of the Session
    pub fn nonce(&self) -> &Nonce {
        &self.nonce
    }

    /** Create `PrecomputedKey` to encrypt/decrypt data
    using secure [`Channel`](./struct.Channel.html)
    */
    pub fn create_precomputed_key(&self, other_pk: &PublicKey) -> PrecomputedKey {
        encrypt_precompute(other_pk, &self.sk)
    }
}

/** Encrypt TCP packets with credentials.
Increment `sent_nonce` after data was encrypted.
increment `recv_nonce` after data was decrypted.

*/

pub struct Channel {
    precomputed_key: PrecomputedKey,
    sent_nonce: RefCell<Nonce>,
    recv_nonce: RefCell<Nonce>
}

impl Channel {
    /** Create a secure channel with `our_session` and `their_pk` & `their_nonce`
    */
    pub fn new(our_session: &Session, their_pk: &PublicKey, their_nonce: &Nonce) -> Channel {
        let precomputed = our_session.create_precomputed_key(their_pk);
        let sent_n = RefCell::new(*our_session.nonce());
        let recv_n = RefCell::new(*their_nonce);
        Channel { precomputed_key: precomputed, sent_nonce: sent_n, recv_nonce: recv_n }
    }
    /** Encrypt data, increment sent_nonce
    */
    pub fn encrypt(&self, plain: &[u8]) -> Vec<u8> {
        let mut nonce = self.sent_nonce.borrow_mut();
        let encrypted = encrypt_data_symmetric(&self.precomputed_key, &nonce, plain);
        increment_nonce( &mut nonce );
        encrypted
    }
    /** Decrypt data, increment recv_nonce
    */
    pub fn decrypt(&self, encrypted: &[u8]) -> Result<Vec<u8>, ()> {
        let mut nonce = self.recv_nonce.borrow_mut();
        let decrypted = decrypt_data_symmetric(&self.precomputed_key, &nonce, encrypted);
        increment_nonce( &mut nonce );
        decrypted
    }
}

#[cfg(test)]
mod tests {
    use crate::relay::secure::*;

    fn create_channels() -> (Channel, Channel) {
        crypto_init().unwrap();
        let alice_session = Session::random();
        let bob_session = Session::random();

        // assume we got Alice's PK & Nonce via handshake
        let alice_pk = *alice_session.pk();
        let alice_nonce = *alice_session.nonce();

        // assume we got Bob's PK & Nonce via handshake
        let bob_pk = *bob_session.pk();
        let bob_nonce = *bob_session.nonce();

        // Now both Alice and Bob may create secure Channels
        let alice_channel = Channel::new(&alice_session, &bob_pk, &bob_nonce);
        let bob_channel = Channel::new(&bob_session, &alice_pk, &alice_nonce);

        (alice_channel, bob_channel)
    }
    #[test]
    fn test_secure_communication() {
        crypto_init().unwrap();
        let (alice_channel, bob_channel) = create_channels();

        // And now they may communicate sending encrypted data to each other

        // Alice encrypts the message
        let alice_msg = "Hello Bob!";
        let alice_msg_encrypted = alice_channel.encrypt(alice_msg.as_bytes());
        assert_ne!(alice_msg.as_bytes().to_vec(), alice_msg_encrypted);
        // Alice sends it somehow

        // Bob receives and decrypts
        assert_eq!( alice_msg.as_bytes().to_vec(), bob_channel.decrypt(alice_msg_encrypted.as_ref()).unwrap() );

        // Now Bob encrypts his message
        let bob_msg = "Oh hello Alice!";
        let bob_msg_encrypted = bob_channel.encrypt(bob_msg.as_bytes());
        assert_ne!(bob_msg.as_bytes().to_vec(), bob_msg_encrypted);
        // And sends it back to Alice

        assert_eq!( bob_msg.as_bytes().to_vec(), alice_channel.decrypt(bob_msg_encrypted.as_ref()).unwrap() );
    }
}