1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
use anyhow::{anyhow, Result};
use aes_ctr::stream_cipher::generic_array::GenericArray;
use aes_ctr::stream_cipher::{NewStreamCipher, SyncStreamCipher};
use aes_ctr::Aes256Ctr;
use sodiumoxide::randombytes::randombytes;
const OBSCURE_CRYPT_KEY: [u8; 32] = [
0x9c, 0x93, 0x5b, 0x48, 0x73, 0x0a, 0x55, 0x4d, 0x6b, 0xfd, 0x7c, 0x63, 0xc8, 0x86, 0xa9, 0x2b,
0xd3, 0x90, 0x19, 0x8e, 0xb8, 0x12, 0x8a, 0xfb, 0xf4, 0xde, 0x16, 0x2b, 0x8b, 0x95, 0xf6, 0x38,
];
const OBSCURE_BLOCK_SIZE: usize = 16;
fn crypt(data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let key = GenericArray::from_slice(&OBSCURE_CRYPT_KEY);
let nonce = GenericArray::from_slice(iv);
let mut cipher = Aes256Ctr::new(&key, &nonce);
let mut data = data.to_vec();
cipher.apply_keystream(&mut data);
Ok(data)
}
pub fn reveal(text: &String) -> Result<String> {
let ciphertext = base64::decode_config(&text, base64::URL_SAFE_NO_PAD)?;
if ciphertext.len() < OBSCURE_BLOCK_SIZE {
return Err(anyhow!(
"Input too short for revealed string. Got length {} but expected >= {}",
ciphertext.len(),
OBSCURE_BLOCK_SIZE
));
}
let buf = &ciphertext[OBSCURE_BLOCK_SIZE..];
let iv = &ciphertext[0..OBSCURE_BLOCK_SIZE];
let plaintext = crypt(&buf, &iv)?;
let result = String::from_utf8(plaintext)?;
Ok(result)
}
pub fn obscure(plaintext: &String) -> Result<String> {
let plaintext = plaintext.as_bytes();
let iv = randombytes(OBSCURE_BLOCK_SIZE);
let ciphertext = crypt(plaintext, &iv)?;
let ciphertext_with_iv = [&iv[..], &ciphertext[..]].concat();
Ok(base64::encode_config(
ciphertext_with_iv,
base64::URL_SAFE_NO_PAD,
))
}
#[cfg(test)]
mod tests {
use crate::obscure::{obscure, reveal};
use anyhow::Result;
#[test]
fn obscure_should_reveal_correctly() -> Result<()> {
println!("Test");
let plaintext = "potato".to_string();
let ciphertext = obscure(&plaintext)?;
let decoded = reveal(&ciphertext)?;
assert_eq!(plaintext, decoded);
Ok(())
}
}