1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
use std::io;
use std::convert::TryFrom;
use seckey::Bytes;
use ::aead::{ AeadCipher, DecryptFail };
use ::kex::KeyExchange;
pub trait SealedBox {
fn seal<K>(pka: &K::PublicKey, data: &[u8])
-> Vec<u8>
where
K: KeyExchange,
K::Reconciliation: Into<Vec<u8>>;
fn open<'a, K>(ska: &K::PrivateKey, data: &'a [u8])
-> Result<Vec<u8>, DecryptFail>
where
K: KeyExchange,
K::Reconciliation: TryFrom<&'a [u8], Err=io::Error>;
}
impl<T> SealedBox for T where T: AeadCipher {
fn seal<K>(pka: &K::PublicKey, data: &[u8])
-> Vec<u8>
where
K: KeyExchange,
K::Reconciliation: Into<Vec<u8>>
{
let mut key = Bytes::from(vec![0; Self::key_length() + Self::nonce_length()]);
let mut rec = K::exchange(&mut key, pka).into();
let (key, nonce) = key.split_at(Self::key_length());
let mut output = Self::new(key)
.with_aad(&rec)
.encrypt(nonce, data);
output.append(&mut rec);
output
}
fn open<'a, K>(ska: &K::PrivateKey, data: &'a [u8])
-> Result<Vec<u8>, DecryptFail>
where
K: KeyExchange,
K::Reconciliation: TryFrom<&'a [u8], Err=io::Error>
{
if data.len() < K::rec_length() { Err(DecryptFail::LengthError)? };
let mut key = Bytes::from(vec![0; Self::key_length() + Self::nonce_length()]);
let (data, rec) = data.split_at(data.len() - K::rec_length());
K::exchange_from(&mut key, ska, &K::Reconciliation::try_from(rec)?);
let (key, nonce) = key.split_at(Self::key_length());
Self::new(key)
.with_aad(rec)
.decrypt(nonce, data)
}
}