* Encrypt with both RustCrypto cfb8 and OpenSSL * Switch to RustCrypto for decrypting * Show encryption for both RustCrypto and OpenSSL, for comparison... * Correct off-by-one error in encryption, cfb8 doesn't need extra byte * Remove OpenSSL for symmetric crypto * Update Cargo.lock
This commit is contained in:
parent
9840a01262
commit
38543feae7
|
@ -14,7 +14,9 @@
|
||||||
|
|
||||||
#![allow(dead_code)]
|
#![allow(dead_code)]
|
||||||
|
|
||||||
use openssl::symm;
|
use aes::Aes128;
|
||||||
|
use cfb8::Cfb8;
|
||||||
|
use cfb8::stream_cipher::{NewStreamCipher, StreamCipher};
|
||||||
use serde_json;
|
use serde_json;
|
||||||
use reqwest;
|
use reqwest;
|
||||||
use openssl;
|
use openssl;
|
||||||
|
@ -745,6 +747,8 @@ impl ::std::fmt::Display for Error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Aes128Cfb = Cfb8<Aes128>;
|
||||||
|
|
||||||
pub struct Conn {
|
pub struct Conn {
|
||||||
stream: TcpStream,
|
stream: TcpStream,
|
||||||
pub host: String,
|
pub host: String,
|
||||||
|
@ -752,16 +756,13 @@ pub struct Conn {
|
||||||
direction: Direction,
|
direction: Direction,
|
||||||
pub state: State,
|
pub state: State,
|
||||||
|
|
||||||
cipher: Option<symm::Crypter>,
|
cipher: Option<Aes128Cfb>,
|
||||||
|
|
||||||
compression_threshold: i32,
|
compression_threshold: i32,
|
||||||
compression_read: Option<ZlibDecoder<io::Cursor<Vec<u8>>>>,
|
compression_read: Option<ZlibDecoder<io::Cursor<Vec<u8>>>>,
|
||||||
compression_write: Option<ZlibEncoder<io::Cursor<Vec<u8>>>>,
|
compression_write: Option<ZlibEncoder<io::Cursor<Vec<u8>>>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Needed because symm::Crypter isn't send
|
|
||||||
unsafe impl Send for Conn {}
|
|
||||||
|
|
||||||
impl Conn {
|
impl Conn {
|
||||||
pub fn new(target: &str) -> Result<Conn, Error> {
|
pub fn new(target: &str) -> Result<Conn, Error> {
|
||||||
// TODO SRV record support
|
// TODO SRV record support
|
||||||
|
@ -866,11 +867,8 @@ impl Conn {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn enable_encyption(&mut self, key: &[u8], decrypt: bool) {
|
pub fn enable_encyption(&mut self, key: &[u8], _decrypt: bool) {
|
||||||
let cipher = symm::Crypter::new(symm::Cipher::aes_128_cfb8(),
|
let cipher = Aes128Cfb::new_var(key, key).unwrap();
|
||||||
if decrypt { symm::Mode::Decrypt } else { symm::Mode::Encrypt },
|
|
||||||
key,
|
|
||||||
Some(key)).unwrap();
|
|
||||||
self.cipher = Option::Some(cipher);
|
self.cipher = Option::Some(cipher);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -979,11 +977,8 @@ impl Read for Conn {
|
||||||
Option::None => self.stream.read(buf),
|
Option::None => self.stream.read(buf),
|
||||||
Option::Some(cipher) => {
|
Option::Some(cipher) => {
|
||||||
let ret = try!(self.stream.read(buf));
|
let ret = try!(self.stream.read(buf));
|
||||||
let mut data = vec![0; ret + symm::Cipher::aes_128_cfb8().block_size()];
|
cipher.decrypt(&mut buf[..ret]);
|
||||||
let count = cipher.update(&buf[..ret], &mut data).unwrap();
|
|
||||||
for i in 0..count {
|
|
||||||
buf[i] = data[i];
|
|
||||||
}
|
|
||||||
Ok(ret)
|
Ok(ret)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -995,9 +990,15 @@ impl Write for Conn {
|
||||||
match self.cipher.as_mut() {
|
match self.cipher.as_mut() {
|
||||||
Option::None => self.stream.write(buf),
|
Option::None => self.stream.write(buf),
|
||||||
Option::Some(cipher) => {
|
Option::Some(cipher) => {
|
||||||
let mut data = vec![0; buf.len() + symm::Cipher::aes_128_cfb8().block_size()];
|
// TODO: avoid copying, but trait requires non-mutable buf
|
||||||
let count = cipher.update(buf, &mut data).unwrap();
|
let mut data = vec![0; buf.len()];
|
||||||
try!(self.stream.write_all(&data[..count]));
|
for i in 0..buf.len() {
|
||||||
|
data[i] = buf[i];
|
||||||
|
}
|
||||||
|
|
||||||
|
cipher.encrypt(&mut data);
|
||||||
|
|
||||||
|
try!(self.stream.write_all(&data));
|
||||||
Ok(buf.len())
|
Ok(buf.len())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue