1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284

use constant_time_eq::constant_time_eq;
use libsodium_sys::{
    crypto_box_MACBYTES as CRYPTO_BOX_MACBYTES, crypto_box_NONCEBYTES as CRYPTO_BOX_NONCEBYTES,
    crypto_box_PUBLICKEYBYTES as CRYPTO_BOX_PUBLICKEYBYTES,
    crypto_box_SECRETKEYBYTES as CRYPTO_BOX_SECRETKEYBYTES, crypto_box_open_easy,
    crypto_generichash, crypto_sign_BYTES as CRYPTO_SIGN_BYTES,
    crypto_sign_PUBLICKEYBYTES as CRYPTO_SIGN_PUBLICKEYBYTES, crypto_sign_verify_detached,
};

use crate::{error::NcryptfError as Error, VERSION_2_HEADER};

/// Response allows for decrypting of a request
pub struct Response {
    pub secret_key: Vec<u8>,
}

impl Response {
    /// Decrypts a response
    pub fn decrypt(
        &self,
        response: Vec<u8>,
        public_key: Option<Vec<u8>>,
        nonce: Option<Vec<u8>>,
    ) -> Result<String, Error> {
        // Extract the nonce if one isn't provided
        let n = match nonce {
            Some(nonce) => nonce,
            None => response.get(4..28).unwrap().to_vec(),
        };

        return self.decrypt_body(response, public_key, n.clone());
    }

    fn decrypt_body(
        &self,
        response: Vec<u8>,
        public_key: Option<Vec<u8>>,
        nonce: Vec<u8>,
    ) -> Result<String, Error> {
        if nonce.len() != (CRYPTO_BOX_NONCEBYTES as usize) {
            return Err(Error::InvalidArgument(format!(
                "Nonce should be {} bytes",
                CRYPTO_BOX_NONCEBYTES
            )));
        }

        let r = response.clone();
        match Self::get_version(r) {
            Ok(version) => match version {
                2 => return self.decrypt_v2(response, nonce),
                _ => return self.decrypt_v1(response, public_key.unwrap(), nonce),
            },
            Err(error) => return Err(error),
        };
    }

    fn decrypt_v1(
        &self,
        response: Vec<u8>,
        public_key: Vec<u8>,
        nonce: Vec<u8>,
    ) -> Result<String, Error> {
        if public_key.len() != (CRYPTO_BOX_PUBLICKEYBYTES as usize) {
            return Err(Error::InvalidArgument(format!(
                "Public key should be {} bytes",
                CRYPTO_BOX_NONCEBYTES
            )));
        }

        if response.len() < (CRYPTO_BOX_MACBYTES as usize) {
            return Err(Error::InvalidArgument(format!(
                "Response is too short to be decrypted"
            )));
        }

        let mut message = Box::new(vec![
            0;
            response.clone().len() - (CRYPTO_BOX_MACBYTES as usize)
        ]);
        let sk: [u8; CRYPTO_BOX_SECRETKEYBYTES as usize] =
            self.secret_key.clone().try_into().unwrap();
        let pk: [u8; CRYPTO_BOX_PUBLICKEYBYTES as usize] = public_key.try_into().unwrap();
        let n: [u8; CRYPTO_BOX_NONCEBYTES as usize] = nonce.try_into().unwrap();

        let result: i32 = unsafe {
            crypto_box_open_easy(
                message.as_mut_ptr(),
                response.clone().as_ptr(),
                response.len().try_into().unwrap(),
                n.as_ptr(),
                pk.as_ptr(),
                sk.as_ptr(),
            )
        };

        match result {
            0 => {
                let v = message.to_vec().to_owned();
                let string = String::from_utf8(v).unwrap();
                let res = string.trim_matches(char::from(0)).to_string();
                return Ok(res);
            }
            _ => {
                return Err(Error::DecryptError);
            }
        }
    }

    fn decrypt_v2(&self, response: Vec<u8>, nonce: Vec<u8>) -> Result<String, Error> {
        let length = response.len();
        if length < 236 {
            return Err(Error::InvalidArgument(format!(
                "Response length is too short for a v2 response."
            )));
        }

        let payload = response.get(0..length - 64).unwrap().to_vec();
        let checksum = response.get(length - 64..length).unwrap().to_vec();

        let s: &[u8; CRYPTO_BOX_NONCEBYTES as usize] = &nonce.clone().try_into().unwrap();
        let input = payload.clone();
        let mut hash: [u8; 64] = vec![0; 64].try_into().unwrap();

        let _result = unsafe {
            crypto_generichash(
                hash.as_mut_ptr(),
                64,
                input.as_ptr(),
                input.len() as u64,
                s.as_ptr(),
                CRYPTO_BOX_NONCEBYTES as usize,
            )
        };

        if _result != 0 {
            return Err(Error::DecryptError);
        }

        // Verify that the checksum hasn't been tampered with
        if !constant_time_eq(&checksum, &hash) {
            return Err(Error::DecryptError);
        }

        let public_key = Self::get_public_key_from_response(response.clone()).unwrap();
        let payload_len = payload.len();
        let signature = payload.get(payload_len - 64..payload_len).unwrap().to_vec();
        let signature_public_key = Self::get_signing_public_key_from_response(response).unwrap();
        let body = payload.get(60..payload_len - 96).unwrap().to_vec();

        let decrypted = self.decrypt_v1(body, public_key, nonce.clone())?;

        Self::is_signature_valid(decrypted.clone(), signature, signature_public_key)?;

        return Ok(decrypted);
    }

    /// Returns true if the signature is valid for the response
    pub fn is_signature_valid(
        response: String,
        signature: Vec<u8>,
        public_key: Vec<u8>,
    ) -> Result<bool, Error> {
        if signature.len() != (CRYPTO_SIGN_BYTES as usize) {
            return Err(Error::InvalidArgument(format!(
                "Signature must be {} bytes",
                CRYPTO_SIGN_BYTES
            )));
        }

        if public_key.len() != (CRYPTO_SIGN_PUBLICKEYBYTES as usize) {
            return Err(Error::InvalidArgument(format!(
                "Public key must be {} bytes",
                CRYPTO_SIGN_PUBLICKEYBYTES
            )));
        }

        let sig: [u8; CRYPTO_SIGN_BYTES as usize] = signature.try_into().unwrap();
        let pk: [u8; CRYPTO_SIGN_PUBLICKEYBYTES as usize] = public_key.try_into().unwrap();
        let result = unsafe {
            crypto_sign_verify_detached(
                sig.as_ptr(),
                response.as_ptr(),
                response.len() as u64,
                pk.as_ptr(),
            )
        };

        match result {
            0 => return Ok(true),
            _ => return Ok(false),
        };
    }

    ///  Extracts the public key from a v2 response
    pub fn get_public_key_from_response(response: Vec<u8>) -> Result<Vec<u8>, Error> {
        match Self::get_version(response.clone()) {
            Ok(version) => match version {
                2 => {
                    let length = response.len();
                    if length < 236 {
                        return Err(Error::InvalidArgument(format!("Message is too short.")));
                    }

                    return Ok(response.get(28..60).unwrap().to_vec());
                }
                _ => {
                    return Err(Error::InvalidArgument(format!(
                        "The response provided is not suitable for public key extraction."
                    )));
                }
            },
            _ => {
                return Err(Error::InvalidArgument(format!(
                    "The response provided is not suitable for public key extraction."
                )));
            }
        }
    }

    /// Extracts the public signing key from a v2 response
    pub fn get_signing_public_key_from_response(response: Vec<u8>) -> Result<Vec<u8>, Error> {
        match Self::get_version(response.clone()) {
            Ok(version) => match version {
                2 => {
                    let length = response.len();
                    if length < 236 {
                        return Err(Error::InvalidArgument(format!("Message is too short.")));
                    }

                    return Ok(response
                        .get(length - 160..(length - 160 + 32))
                        .unwrap()
                        .to_vec());
                }
                _ => {
                    return Err(Error::InvalidArgument(format!(
                        "The response provided is not suitable for public key extraction."
                    )));
                }
            },
            _ => {
                return Err(Error::InvalidArgument(format!(
                    "The response provided is not suitable for public key extraction."
                )));
            }
        }
    }

    /// Returns the version information from the string
    pub fn get_version(response: Vec<u8>) -> Result<i32, Error> {
        if response.len() < 16 {
            return Err(Error::InvalidArgument(format!(
                "Message length is too short to determine version"
            )));
        }

        match response.get(0..4) {
            Some(header) => {
                let s = hex::encode(header.to_vec()).to_string().to_uppercase();

                if s.as_str().eq(VERSION_2_HEADER) {
                    return Ok(2);
                }

                return Ok(1);
            }
            _ => {
                return Ok(1);
            }
        }
    }

    /// Creates a response from the secret key
    pub fn from(secret_key: Vec<u8>) -> Result<Self, Error> {
        if secret_key.len() != (CRYPTO_BOX_SECRETKEYBYTES as usize) {
            return Err(Error::InvalidArgument(format!(
                "Secret key should be {} bytes",
                CRYPTO_BOX_SECRETKEYBYTES
            )));
        }

        return Ok(Response { secret_key });
    }
}