1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
use aes_gcm_siv::{
aead::{generic_array::GenericArray, Aead},
Aes256GcmSiv, Error, KeyInit, Nonce,
};
use rand::Rng;
pub(crate) fn encrypt(key: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, Error> {
const KEY_SIZE: usize = 32;
const NONCE_SIZE: usize = 12;
let key_padding = [key, &[0u8; KEY_SIZE]].concat();
let cipher = Aes256GcmSiv::new(GenericArray::from_slice(&key_padding[0..KEY_SIZE]));
let mut rng = rand::thread_rng();
let mut bytes = [0u8; NONCE_SIZE];
rng.fill(&mut bytes);
let nonce = Nonce::from_slice(&bytes);
let mut ciphertext = cipher.encrypt(nonce, plaintext)?;
ciphertext.extend_from_slice(&bytes);
Ok(ciphertext)
}
pub(crate) fn decrypt(key: &[u8], data: &[u8]) -> Result<String, Error> {
const KEY_SIZE: usize = 32;
const NONCE_SIZE: usize = 12;
if data.len() <= NONCE_SIZE {
return Err(Error);
}
let key_padding = [key, &[0u8; KEY_SIZE]].concat();
let cipher = Aes256GcmSiv::new(GenericArray::from_slice(&key_padding[0..KEY_SIZE]));
let (ciphertext, bytes) = data.split_at(data.len() - NONCE_SIZE);
let nonce = GenericArray::from_slice(bytes);
let plaintext = cipher.decrypt(nonce, ciphertext)?;
Ok(String::from_utf8_lossy(&plaintext).into_owned())
}