-
-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathpure_aes.rs
55 lines (43 loc) · 1.68 KB
/
pure_aes.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
use aes_gcm::aead::{generic_array::GenericArray, AeadInPlace, NewAead};
use aes_gcm::{aes::Aes256, AesGcm};
use cipher::consts::U16;
use rand::{thread_rng, Rng};
use crate::consts::{AES_IV_LENGTH, AES_IV_PLUS_TAG_LENGTH, EMPTY_BYTES};
/// AES-256-GCM with 16 bytes Nonce/IV
pub type Aes256Gcm = AesGcm<Aes256, U16>;
/// AES-256-GCM encryption wrapper
pub fn aes_encrypt(key: &[u8], msg: &[u8]) -> Option<Vec<u8>> {
let key = GenericArray::from_slice(key);
let aead = Aes256Gcm::new(key);
let mut iv = [0u8; AES_IV_LENGTH];
thread_rng().fill(&mut iv);
let nonce = GenericArray::from_slice(&iv);
let mut out = Vec::with_capacity(msg.len());
out.extend(msg);
if let Ok(tag) = aead.encrypt_in_place_detached(nonce, &EMPTY_BYTES, &mut out) {
let mut output = Vec::with_capacity(AES_IV_PLUS_TAG_LENGTH + msg.len());
output.extend(&iv);
output.extend(tag);
output.extend(out);
Some(output)
} else {
None
}
}
/// AES-256-GCM decryption wrapper
pub fn aes_decrypt(key: &[u8], encrypted_msg: &[u8]) -> Option<Vec<u8>> {
if encrypted_msg.len() < AES_IV_PLUS_TAG_LENGTH {
return None;
}
let key = GenericArray::from_slice(key);
let aead = Aes256Gcm::new(key);
let iv = GenericArray::from_slice(&encrypted_msg[..AES_IV_LENGTH]);
let tag = GenericArray::from_slice(&encrypted_msg[AES_IV_LENGTH..AES_IV_PLUS_TAG_LENGTH]);
let mut out = Vec::with_capacity(encrypted_msg.len() - AES_IV_PLUS_TAG_LENGTH);
out.extend(&encrypted_msg[AES_IV_PLUS_TAG_LENGTH..]);
if let Ok(_) = aead.decrypt_in_place_detached(iv, &EMPTY_BYTES, &mut out, tag) {
Some(out)
} else {
None
}
}