autofill/
encryption.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

// This is the *local* encryption support - it has nothing to do with the
// encryption used by sync.

// For context, what "local encryption" means in this context is:
// * We use regular sqlite, but want to ensure the credit-card numbers are
//   encrypted in the DB - so we store the number encrypted, and the key
//   is managed by the app.
// * The credit-card API always just accepts and returns the encrypted string,
//   so we also expose encryption and decryption public functions that take
//   the key and text. The core storage API never knows the unencrypted number.
//
// This makes life tricky for Sync - sync has its own encryption and its own
// management of sync keys. The entire records are encrypted on the server -
// so the record on the server has the plain-text number (which is then
// encrypted as part of the entire record), so:
// * When transforming a record from the DB into a Sync record, we need to
//   *decrypt* the field.
// * When transforming a record from Sync into a DB record, we need to *encrypt*
//   the field.
//
// So Sync needs to know the key etc, and that needs to get passed down
// multiple layers, from the app saying "sync now" all the way down to the
// low level sync code.
// To make life a little easier, we do that via a struct.

use crate::error::*;
use error_support::handle_error;

pub type EncryptorDecryptor = jwcrypto::EncryptorDecryptor<Error>;

// public functions we expose over the FFI (which is why they take `String`
// rather than the `&str` you'd otherwise expect)
#[handle_error(Error)]
pub fn encrypt_string(key: String, cleartext: String) -> ApiResult<String> {
    // It would be nice to have more detailed error messages, but that would require the consumer
    // to pass them in.  Let's not change the API yet.
    EncryptorDecryptor::new(&key)?.encrypt(&cleartext, "single string field")
}

#[handle_error(Error)]
pub fn decrypt_string(key: String, ciphertext: String) -> ApiResult<String> {
    // It would be nice to have more detailed error messages, but that would require the consumer
    // to pass them in.  Let's not change the API yet.
    EncryptorDecryptor::new(&key)?.decrypt(&ciphertext, "single string field")
}

#[handle_error(Error)]
pub fn create_autofill_key() -> ApiResult<String> {
    EncryptorDecryptor::create_key()
}

#[cfg(test)]
mod test {
    use super::*;

    #[test]
    fn test_encrypt() {
        let ed = EncryptorDecryptor::new(&create_autofill_key().unwrap()).unwrap();
        let cleartext = "secret";
        let ciphertext = ed.encrypt(cleartext, "secret").unwrap();
        assert_eq!(ed.decrypt(&ciphertext, "secret").unwrap(), cleartext);
        let ed2 = EncryptorDecryptor::new(&create_autofill_key().unwrap()).unwrap();
        assert!(matches!(
            ed2.decrypt(&ciphertext, "secret"),
            Err(Error::CryptoError(_))
        ));
    }

    #[test]
    fn test_decryption_errors() {
        let ed = EncryptorDecryptor::new(&create_autofill_key().unwrap()).unwrap();
        assert!(matches!(
            ed.decrypt("invalid-ciphertext", "invalid").unwrap_err(),
            Error::CryptoError(_)
        ));
        assert!(matches!(
            ed.decrypt("", "empty").unwrap_err(),
            Error::CryptoError(jwcrypto::EncryptorDecryptorError {
                from: jwcrypto::JwCryptoError::EmptyCyphertext,
                ..
            })
        ));
    }
}