1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

// Copyright [2022] [valkyrie_pilot <valk@randomairborne.dev>]

// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at

//     http://www.apache.org/licenses/LICENSE-2.0

// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.


//! `TweeCrypto` is a library to do encryption for the [TweeChat](https://tweechat.github.io) message protocol.

#![warn(clippy::all, clippy::pedantic, clippy::nursery)]

use base64::DecodeError;
use tink_core::{
    keyset::{Handle, JsonReader},
    TinkError,
};
use wasm_bindgen::prelude::*;

/// Encrypt a message to the `TweeChat` Message Content standard
///
/// # Errors
/// Errors if internal crypto library fails
#[wasm_bindgen]
pub fn encrypt(msg: &str, pubkey_str: &str) -> Result<String, CryptError> {
    let mut pubkey_reader = JsonReader::new(pubkey_str.as_bytes());
    let pubkey_handle = Handle::read_with_no_secrets(&mut pubkey_reader)?;
    let pubkey = tink_aead::new(&pubkey_handle)?;
    Ok(base64::encode(pubkey.encrypt(msg.as_bytes(), &[])?))
}

/// Encrypt a message to the `TweeChat` Message Content standard
///
/// # Errors
/// Errors if internal crypto library fails or input is not Base64
#[wasm_bindgen]
pub fn decrypt(
    encrypted_msg: String,
    privkey_str: &str,
) -> Result<String, CryptError> {
    let mut privkey_reader = JsonReader::new(privkey_str.as_bytes());
    let privkey_handle = Handle::read_with_no_secrets(&mut privkey_reader)?;
    let privkey = tink_aead::new(&privkey_handle)?;
    Ok(
        String::from_utf8_lossy(&privkey.decrypt(&base64::decode(encrypted_msg)?, &[])?)
            .to_string(),
    )
}

#[derive(Debug, thiserror::Error)]
pub enum CryptError {
    #[error("Crypto library internal error")]
    Tink(#[from] TinkError),
    #[error("Base64 is invalid")]
    Base64(#[from] DecodeError),
    #[error("Missing keys!")]
    MissingKey,
}

impl Into<JsValue> for CryptError {
    fn into(self) -> JsValue {
        JsValue::from_str(&self.to_string())
    }
}