aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto.rs
blob: 1480040e33663888df4a545614213785d106a79f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

//! XChaCha20-Poly1305 authenticated encryption.
//!
//! Uses OS-provided randomness (`arc4random_buf`) via
//! `tesseras_dht::sys::random_bytes` for key and nonce
//! generation.

use chacha20poly1305::{
    XChaCha20Poly1305, XNonce,
    aead::{Aead, KeyInit},
};

/// XChaCha20 extended nonce size (24 bytes).
const NONCE_SIZE: usize = 24;

/// XChaCha20-Poly1305 key size (32 bytes).
pub const KEY_SIZE: usize = 32;

/// Generate a random 32-byte encryption key.
pub fn generate_key() -> [u8; KEY_SIZE] {
    let mut key = [0u8; KEY_SIZE];
    tesseras_dht::sys::random_bytes(&mut key);
    key
}

/// Encrypt plaintext with a random nonce. Returns `nonce || ciphertext`.
pub fn encrypt(key: &[u8; KEY_SIZE], plaintext: &[u8]) -> Vec<u8> {
    let cipher = XChaCha20Poly1305::new(key.into());
    let mut nonce_bytes = [0u8; NONCE_SIZE];
    tesseras_dht::sys::random_bytes(&mut nonce_bytes);
    let nonce = XNonce::from(nonce_bytes);
    let ciphertext = cipher
        .encrypt(&nonce, plaintext)
        .expect("encryption should not fail");
    let mut out = Vec::with_capacity(NONCE_SIZE + ciphertext.len());
    out.extend_from_slice(&nonce_bytes);
    out.extend_from_slice(&ciphertext);
    out
}

/// Decrypt `nonce || ciphertext`. Returns `None` if authentication fails.
pub fn decrypt(key: &[u8; KEY_SIZE], data: &[u8]) -> Option<Vec<u8>> {
    if data.len() < NONCE_SIZE {
        return None;
    }
    let (nonce_bytes, ciphertext) = data.split_at(NONCE_SIZE);
    let nonce = XNonce::from_slice(nonce_bytes);
    let cipher = XChaCha20Poly1305::new(key.into());
    cipher.decrypt(nonce, ciphertext).ok()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn round_trip() {
        let key = generate_key();
        let sealed = encrypt(&key, b"hello");
        let opened = decrypt(&key, &sealed).unwrap();
        assert_eq!(opened, b"hello");
    }

    #[test]
    fn wrong_key_fails() {
        let key = generate_key();
        let wrong = generate_key();
        let sealed = encrypt(&key, b"secret");
        assert!(decrypt(&wrong, &sealed).is_none());
    }

    #[test]
    fn truncated_fails() {
        let key = generate_key();
        assert!(decrypt(&key, &[0u8; 10]).is_none());
    }

    #[test]
    fn different_nonces() {
        let key = generate_key();
        let a = encrypt(&key, b"same");
        let b = encrypt(&key, b"same");
        assert_ne!(a, b);
    }
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-30 14:57:03 +0000