Crate onionsalt [−] [src]

The onionsalt crate.

The Onion Salt encryption scheme is an onion encryption scheme that is closely derived from the NaCl crypto_box format.

Examples

Here is a simple example of onion encrypting a message and decrypting it.

let pairs = [crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair()];
let recipient = 2;
let recipient_key = pairs[recipient].clone();
let keys_and_routes: [(crypto::PublicKey, [u8; ROUTING_LENGTH]); ROUTE_COUNT]
                       = [(pairs[0].public, *b"address for 0 router    "),
                          (pairs[1].public, *b"the address for router 1"),
                          (pairs[2].public, *b"this is the recipient!!!"),
                          (pairs[3].public, *b"the next router is nice."),
                          (pairs[4].public, *b"the second-to-last node."),
                          (pairs[5].public, *b"This is my own address. ")];
let mut payload: [u8; PAYLOAD_LENGTH] = [0; PAYLOAD_LENGTH];
payload[3] = 3;
let payload = payload;
let our_personal_key = crypto::box_keypair();
let mut ob = onionbox(&keys_and_routes, recipient).unwrap();
ob.add_payload(our_personal_key, &payload);

let mut packet = ob.packet();
let response = [1; PAYLOAD_LENGTH];
for i in 0..6 {
    println!("opening box {}", i);
    let mut oob = onionbox_open(&packet, &pairs[i].secret).unwrap();
    println!("grabbing routing for {}", i);
    let routing = oob.routing();
    // routing now holds the routing information sent to "i"
    if i == recipient {
        // This is how to attach a response if you are the recipient.
        oob.respond(&recipient_key, &response);
    }
    packet = oob.packet();
}
let resp = ob.read_return(our_personal_key, &packet).unwrap();
// resp now holds the return message, authenticated and decrypted.

Modules

creatediagrams
crypto	A rust translation of the TweetNaCl library. It is mostly a direct translation, but in places I tried to make the API more rustic. It has three major features, of which you are likely to use only one.

Structs

OnionBox
OpenedOnionBox

Constants

ENCRYPTEDPAYLOAD_LENGTH	The size of an encrypted payload.
PACKET_LENGTH	`PACKET_LENGTH` is the size that we actually send to each recipient.
PAYLOAD_LENGTH	`PAYLOAD_LENGTH` is the size of the payload that the primary recipient can get. It differs from `ENCRYPTEDPAYLOAD_LENGTH` by 48 (or `OVERHEADBYTES`).
ROUTE_COUNT	The number of routers we send through. Eventually I want to implement the feature to send through fewer routers with the message arriving back early.
ROUTING_LENGTH	The ROUTING_LENGTH is big enough for an ipv6 address and some extra information.

Functions

onionbox	Encrypt a message in an onion defined by `keys_and_routings`, with `payload` directed to `payload_recipient`.
onionbox_open	The message is passed in `input`, and a struct is returned which has methods to access the decrypted routing information, the decrypted message (to be passed to the next router), to access the payload, and to insert an encrypted response to the payload.