-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: allow symmetric encryption of access keys
- Loading branch information
Showing
5 changed files
with
116 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,23 @@ | ||
mod access_key; | ||
mod asym_locked_access_key; | ||
mod authentication_tag; | ||
mod encrypted_stream; | ||
mod fingerprint; | ||
mod key_id; | ||
mod locked_access_key; | ||
mod nonce; | ||
mod signature; | ||
mod signing_key; | ||
mod sym_locked_access_key; | ||
mod verifying_key; | ||
|
||
pub use access_key::AccessKey; | ||
pub use asym_locked_access_key::AsymLockedAccessKey; | ||
pub use authentication_tag::AuthenticationTag; | ||
pub use encrypted_stream::EncryptingWriter; | ||
pub use fingerprint::Fingerprint; | ||
pub use key_id::KeyId; | ||
pub use locked_access_key::LockedAccessKey; | ||
pub use nonce::Nonce; | ||
pub use signature::Signature; | ||
pub use signing_key::SigningKey; | ||
pub use sym_locked_access_key::SymLockedAccessKey; | ||
pub use verifying_key::VerifyingKey; | ||
|
||
pub(crate) const SYMMETRIC_KEY_LENGTH: usize = 32; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
use crate::codec::crypto::{AccessKey, AuthenticationTag, Nonce}; | ||
use chacha20poly1305::{AeadInPlace, KeyInit, XChaCha20Poly1305}; | ||
|
||
pub struct SymLockedAccessKey { | ||
pub(crate) nonce: Nonce, | ||
pub(crate) cipher_text: [u8; AccessKey::size()], | ||
pub(crate) tag: AuthenticationTag, | ||
} | ||
|
||
impl SymLockedAccessKey { | ||
pub fn unlock( | ||
&self, | ||
decryption_key: &AccessKey, | ||
) -> Result<AccessKey, SymLockedAccessKeyError<&[u8]>> { | ||
let mut key_payload = self.cipher_text; | ||
|
||
let cipher = XChaCha20Poly1305::new(decryption_key.chacha_key()); | ||
cipher.decrypt_in_place_detached(&self.nonce, &[], &mut key_payload, &self.tag)?; | ||
|
||
Ok(AccessKey::from(key_payload)) | ||
} | ||
} | ||
|
||
#[derive(Debug, thiserror::Error)] | ||
pub enum SymLockedAccessKeyError<I> { | ||
#[error("crypto error: {0}")] | ||
CryptoFailure(String), | ||
|
||
#[error("decoding data failed: {0}")] | ||
FormatFailure(#[from] nom::Err<nom::error::Error<I>>), | ||
|
||
#[error("validation failed most likely due to the use of an incorrect key")] | ||
IncorrectKey, | ||
} | ||
|
||
impl<I> From<chacha20poly1305::Error> for SymLockedAccessKeyError<I> { | ||
fn from(err: chacha20poly1305::Error) -> Self { | ||
SymLockedAccessKeyError::CryptoFailure(err.to_string()) | ||
} | ||
} |