hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v0.2.0-dev, x25519 encryption

Browse Source
This commit is contained in:
Hatter Jiang
2023-10-08 00:53:25 +08:00
parent 0bdb89ad25
commit 4d01ea49e2
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/cmd_encrypt.rs
View File

@@ -16,7 +16,7 @@ use crate::config::{TinyEncryptConfig, TinyEncryptConfigEnvelop};
use crate::crypto_aes::aes_gcm_encrypt; use crate::crypto_aes::aes_gcm_encrypt;
use crate::crypto_rsa::parse_spki; use crate::crypto_rsa::parse_spki;
use crate::spec::{EncMetadata, TINY_ENCRYPT_VERSION_10, TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta}; use crate::spec::{EncMetadata, TINY_ENCRYPT_VERSION_10, TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta};
use crate::util::{ENC_AES256_GCM_P256, TINY_ENC_CONFIG_FILE}; use crate::util::{ENC_AES256_GCM_P256, ENC_AES256_GCM_X25519, TINY_ENC_CONFIG_FILE};
use crate::wrap_key::{WrapKey, WrapKeyHeader}; use crate::wrap_key::{WrapKey, WrapKeyHeader};
#[derive(Debug, Args)] #[derive(Debug, Args)]
@@ -249,19 +249,20 @@ fn encrypt_envelop_ecdh(key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResu
let public_key_point_hex = &envelop.public_part; let public_key_point_hex = &envelop.public_part;
let (shared_secret, ephemeral_spki) = util_ecdh::compute_shared_secret(public_key_point_hex)?; let (shared_secret, ephemeral_spki) = util_ecdh::compute_shared_secret(public_key_point_hex)?;
encrypt_envelop_shared_secret(key, &shared_secret, &ephemeral_spki, envelop) encrypt_envelop_shared_secret(key, &shared_secret, &ephemeral_spki, ENC_AES256_GCM_P256, envelop)
} }
fn encrypt_envelop_ecdh_x25519(key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> { fn encrypt_envelop_ecdh_x25519(key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> {
let public_key_point_hex = &envelop.public_part; let public_key_point_hex = &envelop.public_part;
let (shared_secret, ephemeral_spki) = util_x25519::compute_x25519_shared_secret(public_key_point_hex)?; let (shared_secret, ephemeral_spki) = util_x25519::compute_x25519_shared_secret(public_key_point_hex)?;
encrypt_envelop_shared_secret(key, &shared_secret, &ephemeral_spki, envelop) encrypt_envelop_shared_secret(key, &shared_secret, &ephemeral_spki, ENC_AES256_GCM_X25519, envelop)
} }
fn encrypt_envelop_shared_secret(key: &[u8], fn encrypt_envelop_shared_secret(key: &[u8],
shared_secret: &[u8], shared_secret: &[u8],
ephemeral_spki: &[u8], ephemeral_spki: &[u8],
enc_type: &str,
envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> { envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> {
let shared_key = util::simple_kdf(shared_secret); let shared_key = util::simple_kdf(shared_secret);
let (_, nonce) = util::make_key256_and_nonce(); let (_, nonce) = util::make_key256_and_nonce();
@@ -271,7 +272,7 @@ fn encrypt_envelop_shared_secret(key: &[u8],
let wrap_key = WrapKey { let wrap_key = WrapKey {
header: WrapKeyHeader { header: WrapKeyHeader {
kid: Some(envelop.kid.clone()), kid: Some(envelop.kid.clone()),
enc: ENC_AES256_GCM_P256.to_string(), enc: enc_type.to_string(),
e_pub_key: util::encode_base64_url_no_pad(&ephemeral_spki), e_pub_key: util::encode_base64_url_no_pad(&ephemeral_spki),
}, },
nonce, nonce,

1
src/util.rs
View File

@@ -9,6 +9,7 @@ use rust_util::{simple_error, warning, XResult};
use zeroize::Zeroize; use zeroize::Zeroize;
pub const ENC_AES256_GCM_P256: &str = "aes256-gcm-p256"; pub const ENC_AES256_GCM_P256: &str = "aes256-gcm-p256";
pub const ENC_AES256_GCM_X25519: &str = "aes256-gcm-x25519";
pub const TINY_ENC_FILE_EXT: &str = ".tinyenc"; pub const TINY_ENC_FILE_EXT: &str = ".tinyenc";
pub const TINY_ENC_CONFIG_FILE: &str = "~/.tinyencrypt/config-rs.json"; pub const TINY_ENC_CONFIG_FILE: &str = "~/.tinyencrypt/config-rs.json";