Crate onionsalt

Source
Expand description

The onionsalt crate.

The Onion Salt encryption scheme is an onion encryption scheme that is closely derived from the NaCl crypto_box format.

§Examples

Here is a simple example of onion encrypting a message and decrypting it.

let pairs = [crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair(),
             crypto::box_keypair()];
let recipient = 2;
let recipient_key = pairs[recipient].clone();
let keys_and_routes: [(crypto::PublicKey, [u8; ROUTING_LENGTH]); ROUTE_COUNT]
                       = [(pairs[0].public, *b"address for 0 router    "),
                          (pairs[1].public, *b"the address for router 1"),
                          (pairs[2].public, *b"this is the recipient!!!"),
                          (pairs[3].public, *b"the next router is nice."),
                          (pairs[4].public, *b"the second-to-last node."),
                          (pairs[5].public, *b"This is my own address. ")];
let mut payload: [u8; PAYLOAD_LENGTH] = [0; PAYLOAD_LENGTH];
payload[3] = 3;
let payload = payload;
let our_personal_key = crypto::box_keypair();
let mut ob = onionbox(&keys_and_routes, recipient).unwrap();
ob.add_payload(our_personal_key, &payload);

let mut packet = ob.packet();
let response = [1; PAYLOAD_LENGTH];
for i in 0..6 {
    println!("opening box {}", i);
    let mut oob = onionbox_open(&packet, &pairs[i].secret).unwrap();
    println!("grabbing routing for {}", i);
    let routing = oob.routing();
    // routing now holds the routing information sent to "i"
    if i == recipient {
        // This is how to attach a response if you are the recipient.
        oob.respond(&recipient_key, &response);
    }
    packet = oob.packet();
}
let resp = ob.read_return(our_personal_key, &packet).unwrap();
// resp now holds the return message, authenticated and decrypted.

Modules§

creatediagrams
crypto
A rust translation of the TweetNaCl library. It is mostly a direct translation, but in places I tried to make the API more rustic. It has three major features, of which you are likely to use only one.

Structs§

OnionBox
OpenedOnionBox

Constants§

ENCRYPTEDPAYLOAD_LENGTH
The size of an encrypted payload.
PACKET_LENGTH
PACKET_LENGTH is the size that we actually send to each recipient.
PAYLOAD_LENGTH
PAYLOAD_LENGTH is the size of the payload that the primary recipient can get. It differs from ENCRYPTEDPAYLOAD_LENGTH by 48 (or OVERHEADBYTES).
ROUTE_COUNT
The number of routers we send through. Eventually I want to implement the feature to send through fewer routers with the message arriving back early.
ROUTING_LENGTH
The ROUTING_LENGTH is big enough for an ipv6 address and some extra information.

Functions§

onionbox
Encrypt a message in an onion defined by keys_and_routings, with payload directed to payload_recipient.
onionbox_open
The message is passed in input, and a struct is returned which has methods to access the decrypted routing information, the decrypted message (to be passed to the next router), to access the payload, and to insert an encrypted response to the payload.