use crate::error;
use crate::key_bundle::KeyBundle;
use lazy_static::lazy_static;
use serde::{Deserialize, Serialize};
#[derive(Deserialize, Serialize, Clone, Debug)]
pub struct EncryptedPayload {
#[serde(rename = "IV")]
pub iv: String,
pub hmac: String,
pub ciphertext: String,
}
impl EncryptedPayload {
#[inline]
pub fn serialized_len(&self) -> usize {
(*EMPTY_ENCRYPTED_PAYLOAD_SIZE) + self.ciphertext.len() + self.hmac.len() + self.iv.len()
}
pub fn decrypt(&self, key: &KeyBundle) -> error::Result<String> {
key.decrypt(&self.ciphertext, &self.iv, &self.hmac)
}
pub fn decrypt_into<T>(&self, key: &KeyBundle) -> error::Result<T>
where
for<'a> T: Deserialize<'a>,
{
Ok(serde_json::from_str(&self.decrypt(key)?)?)
}
pub fn from_cleartext(key: &KeyBundle, cleartext: String) -> error::Result<Self> {
let (enc_base64, iv_base64, hmac_base16) =
key.encrypt_bytes_rand_iv(cleartext.as_bytes())?;
Ok(EncryptedPayload {
iv: iv_base64,
hmac: hmac_base16,
ciphertext: enc_base64,
})
}
pub fn from_cleartext_payload<T: Serialize>(
key: &KeyBundle,
cleartext_payload: &T,
) -> error::Result<Self> {
Self::from_cleartext(key, serde_json::to_string(cleartext_payload)?)
}
}
lazy_static! {
static ref EMPTY_ENCRYPTED_PAYLOAD_SIZE: usize = serde_json::to_string(
&EncryptedPayload { iv: "".into(), hmac: "".into(), ciphertext: "".into() }
).unwrap().len();
}
#[cfg(test)]
mod tests {
use super::*;
use serde_json::json;
#[derive(Serialize, Deserialize, Debug)]
struct TestStruct {
id: String,
age: u32,
meta: String,
}
#[test]
fn test_roundtrip_crypt_record() {
let key = KeyBundle::new_random().unwrap();
let payload_json = json!({ "id": "aaaaaaaaaaaa", "age": 105, "meta": "data" });
let payload =
EncryptedPayload::from_cleartext(&key, serde_json::to_string(&payload_json).unwrap())
.unwrap();
let record = payload.decrypt_into::<TestStruct>(&key).unwrap();
assert_eq!(record.id, "aaaaaaaaaaaa");
assert_eq!(record.age, 105);
assert_eq!(record.meta, "data");
let val_rec = serde_json::to_string(&serde_json::to_value(&payload).unwrap()).unwrap();
assert_eq!(payload.serialized_len(), val_rec.len());
}
#[test]
fn test_record_bad_hmac() {
let key1 = KeyBundle::new_random().unwrap();
let json = json!({ "id": "aaaaaaaaaaaa", "deleted": true, });
let payload =
EncryptedPayload::from_cleartext(&key1, serde_json::to_string(&json).unwrap()).unwrap();
let key2 = KeyBundle::new_random().unwrap();
let e = payload
.decrypt(&key2)
.expect_err("Should fail because wrong keybundle");
assert!(matches!(e, error::Error::CryptoError(_)));
}
}