wechat_work_crypto 0.1.0

Pure Rust implementation of WeChat Work (企业微信) message encryption/decryption library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

# wechat_work_crypto


[![Crates.io](https://img.shields.io/crates/v/wechat_work_crypto.svg)](https://crates.io/crates/wechat_work_crypto)
[![Rust](https://img.shields.io/badge/rust-1.56.1%2B-blue.svg?maxAge=3600)](https://gitcode.net/dnrops/wechat_work_crypto)
[![license](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitcode.net/dnrops/wechat_work_crypto/-/raw/master/LICENSE)



## WeChat Work (WeCom) Crypto Library - Pure Rust Implementation


A pure Rust implementation of the WeChat Work (企业微信) message encryption/decryption library, ported from the official C++ SDK.

## Features


- ✅ AES-256-CBC encryption/decryption
- ✅ Base64 encoding/decoding
- ✅ SHA1 signature computation
- ✅ XML parsing and generation
- ✅ Message encryption and decryption
- ✅ URL verification for WeChat server callback
- ✅ Full error handling with proper error codes
- ✅ Zero unsafe code
- ✅ Idiomatic Rust API

## Installation


Add this to your `Cargo.toml`:

```toml
[dependencies]
wechat_work_crypto = "0.1.0"
```

## Usage


### Basic Setup


```rust
use wechat_work_crypto::WXBizMsgCrypt;

// Configuration from WeChat Work
let token = "your_token_here";
let encoding_aes_key = "jWmYm7qr5nMoAUwZRjGtBxmz3PL1k2yftF4vsTlMqPS";
let receive_id = "your_corpid_here";

// Initialize the crypto instance
let crypt = WXBizMsgCrypt::new(token, encoding_aes_key, receive_id)?;
```

### Verify URL (Server Verification)


When WeChat Work verifies your server:

```rust
let msg_signature = "5c45ff5e21c57e6ad56bac8c868eb9068928468d";
let timestamp = "1409659813";
let nonce = "263014780";
let echo_str = "P9nAzCzyDtyTWESHep1vC5X9xho/qYX3Zpb4yKa9SKld1DsH3Iyt3tP3zNdV+SNh2FvLm0Yc1HlON16aRqv3+A==";

let echo_result = crypt.verify_url(msg_signature, timestamp, nonce, echo_str)?;
println!("Verified: {}", echo_result);
```

### Decrypt Messages


Decrypt messages received from WeChat Work:

```rust
let msg_signature = "signature_from_url";
let timestamp = "1409659813";
let nonce = "263014780";
let post_data = r#"<xml>
    <Encrypt><![CDATA[encrypted_content_here]]></Encrypt>
    <MsgSignature><![CDATA[signature]]></MsgSignature>
    <TimeStamp>1409659813</TimeStamp>
    <Nonce><![CDATA[263014780]]></Nonce>
</xml>"#;

let decrypted_msg = crypt.decrypt_msg(msg_signature, timestamp, nonce, post_data)?;
println!("Decrypted: {}", decrypted_msg);
```

### Encrypt Messages


Encrypt messages to send back to WeChat Work:

```rust
let reply_msg = r#"<xml>
    <ToUserName><![CDATA[openID]]></ToUserName>
    <FromUserName><![CDATA[gh_123456789]]></FromUserName>
    <CreateTime>1409659813</CreateTime>
    <MsgType><![CDATA[text]]></MsgType>
    <Content><![CDATA[Hello from Rust!]]></Content>
</xml>"#;
let timestamp = "1409659813";
let nonce = "263014780";

let encrypted_xml = crypt.encrypt_msg(reply_msg, timestamp, nonce)?;
println!("Encrypted: {}", encrypted_xml);
```

## Error Codes


The library returns proper error codes matching the official C++ SDK:

| Error Code | Error Name | Description |
|------------|------------|-------------|
| 0 | OK | Success |
| -40001 | ValidateSignatureError | Signature validation failed |
| -40002 | ParseXmlError | XML parsing error |
| -40003 | ComputeSignatureError | Signature computation error |
| -40004 | IllegalAesKey | Invalid AES key |
| -40005 | ValidateCorpidError | CorpId validation failed |
| -40006 | EncryptAESError | AES encryption error |
| -40007 | DecryptAESError | AES decryption error |
| -40008 | IllegalBuffer | Invalid buffer |
| -40009 | EncodeBase64Error | Base64 encoding error |
| -40010 | DecodeBase64Error | Base64 decoding error |
| -40011 | GenReturnXmlError | XML generation error |

## Encryption Details


The library implements the WeChat Work encryption protocol:

1. **Encryption Format**: `random(16B) + msg_len(4B) + msg + corpId`
2. **Random String**: 16 random printable ASCII characters
3. **Message Length**: 4 bytes in network byte order (big-endian)
4. **AES-256-CBC**: With PKCS7 padding
5. **IV**: Uses the first 16 bytes of the AES key
6. **Signature**: SHA1 hash of sorted `token + timestamp + nonce + encrypted_msg`

## Testing


Run the test suite:

```bash
cargo test
```

Run the example:

```bash
cargo run
```

## API Reference


### WXBizMsgCrypt


Main struct for WeChat Work crypto operations.

#### Methods


- `new(token, encoding_aes_key, receive_id)` - Create a new instance
- `verify_url(msg_signature, timestamp, nonce, echo_str)` - Verify URL
- `decrypt_msg(msg_signature, timestamp, nonce, post_data)` - Decrypt message
- `encrypt_msg(reply_msg, timestamp, nonce)` - Encrypt message
- `get_xml_field(xml_data, field_name)` - Extract field from XML (static method)

### WXBizMsgCryptError


Error enum with comprehensive error handling.

#### Methods


- `error_code()` - Get the numeric error code

## Dependencies


- `aes` - AES encryption
- `cbc` - CBC mode of operation
- `base64` - Base64 encoding/decoding
- `sha1` - SHA1 hashing
- `hex` - Hex encoding
- `rand` - Random number generation
- `regex` - XML parsing
- `thiserror` - Error handling


## License


This implementation follows the same licensing as the original WeChat Work SDK.

## Contributing


Contributions are welcome! Please ensure:
- All tests pass
- Code follows Rust best practices
- Documentation is updated
- No `unsafe` code is introduced