-
-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
use ring crate for encryption, speed is much better, up to 800 MBps
add Result on some methods which makes sense switched tests to .unwrap() to panic
- Loading branch information
1 parent
6661e7e
commit 5b3dd7b
Showing
19 changed files
with
1,124 additions
and
674 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
use ring::aead::{Aad, CHACHA20_POLY1305, LessSafeKey, Nonce, UnboundKey}; | ||
|
||
fn main() { | ||
let key = [42; 32]; | ||
let nonce_data = [124; 12]; // Just an example | ||
let mut data = b"hello, this is my secret message".to_vec(); | ||
|
||
let key = UnboundKey::new(&CHACHA20_POLY1305, &key).unwrap(); | ||
let key = LessSafeKey::new(key); | ||
println!("{data:?}"); | ||
|
||
// encoding | ||
let nonce = Nonce::assume_unique_for_key(nonce_data); | ||
key.seal_in_place_append_tag(nonce, Aad::empty(), &mut data).unwrap(); | ||
println!("{data:?}"); | ||
|
||
// decoding | ||
let nonce = Nonce::assume_unique_for_key(nonce_data); | ||
let data = key.open_in_place(nonce, Aad::empty(), &mut data).unwrap(); | ||
println!("{data:?}"); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
use std::fs::{File, OpenOptions}; | ||
use std::io::{Read, Write}; | ||
use std::path::PathBuf; | ||
|
||
use argon2::password_hash::rand_core::RngCore; | ||
use rand::thread_rng; | ||
use ring::aead::{AES_256_GCM, CHACHA20_POLY1305}; | ||
use secrecy::{ExposeSecret, SecretString, SecretVec}; | ||
use serde::{Deserialize, Deserializer, Serialize, Serializer}; | ||
use tokio::fs; | ||
|
||
use rencfs::crypto; | ||
use rencfs::crypto::Cipher; | ||
use rencfs::crypto::encryptor::CryptoWriter; | ||
use rencfs::encryptedfs::FsError; | ||
|
||
fn main() { | ||
// let password = SecretString::new("password".to_string()); | ||
// let salt = crypto::hash_secret(&password); | ||
// let cipher = Cipher::ChaCha20; | ||
// let key = crypto::derive_key(&password, &cipher, salt).unwrap(); | ||
// | ||
// let cipher = Cipher::ChaCha20; | ||
// | ||
// let path = PathBuf::from("/tmp/test.txt"); | ||
// let mut writer = crypto::create_crypto_writer(OpenOptions::new().read(true).write(true).create(true).open(path.clone()).unwrap(), | ||
// &cipher, &key); | ||
// let x = "Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world! Hello, world!".to_string(); | ||
// bincode::serialize_into(&mut writer, &x).unwrap(); | ||
// // writer.write_all(x.as_bytes()).unwrap(); | ||
// writer.flush().unwrap(); | ||
// writer.finish().unwrap(); | ||
// | ||
// let mut reader = crypto::create_crypto_reader(File::open(path).unwrap(), &cipher, &key); | ||
// let mut buf = vec![0; x.len()]; | ||
// // reader.read_exact(&mut buf).unwrap(); | ||
// let dec: String = bincode::deserialize_from(&mut reader).unwrap(); | ||
// // let dec = String::from_utf8(buf).unwrap(); | ||
// println!("{}", dec); | ||
// assert_eq!(dec, x); | ||
|
||
// derive key from password | ||
let password = SecretString::new("password".to_string()); | ||
let salt = crypto::hash_secret(&password); | ||
let cipher = Cipher::ChaCha20; | ||
let derived_key = crypto::derive_key(&password, &cipher, salt).unwrap(); | ||
let path = PathBuf::from("/tmp/key.enc"); | ||
let _ = fs::remove_file(&path); | ||
|
||
// first time, create a random key and encrypt it with the derived key from password | ||
|
||
let mut key: Vec<u8> = vec![]; | ||
let key_len = match cipher { | ||
Cipher::ChaCha20 => CHACHA20_POLY1305.key_len(), | ||
Cipher::Aes256Gcm => AES_256_GCM.key_len(), | ||
}; | ||
key.resize(key_len, 0); | ||
thread_rng().fill_bytes(&mut key); | ||
println!("key: {:?}", key); | ||
let key = SecretVec::new(key); | ||
let key_store = KeyStore::new(key); | ||
println!("hash {:?}", key_store.hash); | ||
let mut writer = crypto::create_crypto_writer(OpenOptions::new().read(true).write(true).create(true).open(path.clone()).unwrap(), | ||
&cipher, &derived_key); | ||
bincode::serialize_into(&mut writer, &key_store).unwrap(); | ||
writer.flush().unwrap(); | ||
writer.finish().unwrap(); | ||
|
||
// read key | ||
|
||
let reader = crypto::create_crypto_reader(File::open(path).unwrap(), &cipher, &derived_key); | ||
let key_store: KeyStore = bincode::deserialize_from(reader).map_err(|_| FsError::InvalidPassword).unwrap(); | ||
println!("key {:?}", key_store.key.expose_secret()); | ||
println!("hash {:?}", key_store.hash); | ||
// check hash | ||
if key_store.hash != crypto::hash(key_store.key.expose_secret()) { | ||
eprintln!("Invalid password"); | ||
return; | ||
} | ||
} | ||
|
||
fn key_serialize<S>(key: &SecretVec<u8>, s: S) -> Result<S::Ok, S::Error> | ||
where | ||
S: Serializer, | ||
{ | ||
s.collect_seq(key.expose_secret()) | ||
} | ||
|
||
fn key_unserialize<'de, D>(deserializer: D) -> Result<SecretVec<u8>, D::Error> | ||
where D: Deserializer<'de> { | ||
let vec = Vec::deserialize(deserializer)?; | ||
Ok(SecretVec::new(vec)) | ||
} | ||
|
||
#[derive(Serialize, Deserialize)] | ||
struct KeyStore { | ||
#[serde(serialize_with = "key_serialize")] | ||
#[serde(deserialize_with = "key_unserialize")] | ||
key: SecretVec<u8>, | ||
hash: [u8; 32], | ||
} | ||
|
||
impl KeyStore { | ||
fn new(key: SecretVec<u8>) -> Self { | ||
let hash = crypto::hash(key.expose_secret()); | ||
Self { key, hash } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.