Add AES GCM support (#9)

mjc-gh · Mar 18, 2017 · 8ec4f0f · 8ec4f0f
1 parent 5d02730
commit 8ec4f0f
Show file tree

Hide file tree

Showing 12 changed files with 294 additions and 87 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,6 @@
+*Version 1.1.0*
+
+- The `Encryptor` type is now a trait which is implemented by the
+  `AesHmacEncryptor` and `AesGcmEncryptor` types.
+- The `set_cipher` function has been renamed to `set_cipher_key_size`
+  and the `EncryptorCipher` type has been renamed to `KeySize`.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "message_verifier"
-version = "1.0.1"
+version = "1.1.0"
 description = "Rust Message Verifier library compatible with Rails' MessageVerifier and MessageEncryptor"
 repository = "/~https://github.com/mikeycgto/message_verifier"
 documentation = "https://docs.rs/message_verifier"

diff --git a/README.md b/README.md
@@ -10,7 +10,12 @@ and
 [MessageEncryptor](
 http://api.rubyonrails.org/classes/ActiveSupport/MessageEncryptor.html).
 
-This library handles all the formatting, encoding and cryptography It
+In a nutshell, this library provides several simple interfaces for
+signing and encrypting messages. These interfaces are useful when
+securely implementing various web application features like session
+cookies or signed URL tokens.
+
+This library handles all the formatting, encoding and cryptography. It
 does not handle serialization aspects. The idea is to input and output
 raw strings to and from this library and handle serialization on another
 layer.
@@ -56,6 +61,9 @@ Decrypted Message: {"key":"value"}
 
 ## Supported Ciphers
 
-Currently only AES in CBC mode with 256, 192, or 128 bits is supported.
+- AES-CBC with HMAC-SHA1
+  - 256, 192, or 128 bit keys
+- AES-GCM
+  - 256, 192, or 128 bit keys
 
 If you need more cipher options, please open an issue or submit a PR!
diff --git a/examples/aead_decrypt.rb b/examples/aead_decrypt.rb
@@ -0,0 +1,12 @@
+require 'active_support'
+require 'json'
+
+cipher = 'aes-256-gcm'
+
+key_base = 'helloworld'
+key_gen  = ActiveSupport::KeyGenerator.new(key_base, iterations: 1000)
+
+salt      = key_gen.generate_key('test salt')[0, ActiveSupport::MessageEncryptor.key_len(cipher)]
+encryptor = ActiveSupport::MessageEncryptor.new(salt, cipher: cipher, serializer: JSON)
+
+puts "Decrypted message: #{encryptor.decrypt_and_verify(STDIN.read.chomp)}"
diff --git a/examples/aead_decrypt.rs b/examples/aead_decrypt.rs
@@ -0,0 +1,31 @@
+
+extern crate message_verifier;
+
+use message_verifier::{Encryptor, AesGcmEncryptor, DerivedKeyParams};
+
+use std::io;
+use std::io::Read;
+use std::str;
+
+fn main() {
+    let key_base = "helloworld";
+    let salt = "test salt";
+
+    let dkp = DerivedKeyParams::default();
+    let encryptor = AesGcmEncryptor::new(key_base, salt, dkp).unwrap();
+
+    let mut message = String::new();
+
+    match io::stdin().read_to_string(&mut message) {
+        Err(_) => panic!("Read failed"),
+        Ok(_) => {
+            match encryptor.decrypt_and_verify(&message.trim()) {
+                Ok(ref decrypted_result) => {
+                    println!("Decrypted Message: {}", str::from_utf8(&decrypted_result).expect("Encryptor failed"));
+                }
+
+                Err(e) => panic!("Encryptor Error: {:?}", e)
+            }
+        }
+    }
+}
diff --git a/examples/aead_encrypt.rb b/examples/aead_encrypt.rb
@@ -0,0 +1,14 @@
+require 'active_support'
+require 'json'
+
+cipher = 'aes-256-gcm'
+
+key_base = 'helloworld'
+key_gen  = ActiveSupport::KeyGenerator.new(key_base, iterations: 1000)
+
+salt      = key_gen.generate_key('test salt')[0, ActiveSupport::MessageEncryptor.key_len(cipher)]
+encryptor = ActiveSupport::MessageEncryptor.new(salt, cipher: cipher, serializer: JSON)
+
+message = { key: 'value' }
+
+puts encryptor.encrypt_and_sign(message)
diff --git a/examples/aead_encrypt.rs b/examples/aead_encrypt.rs
@@ -0,0 +1,15 @@
+extern crate message_verifier;
+
+use message_verifier::{Encryptor, AesGcmEncryptor, DerivedKeyParams};
+
+fn main() {
+    let key_base = "helloworld";
+    let salt = "test salt";
+
+    let dkp = DerivedKeyParams::default();
+    let encryptor = AesGcmEncryptor::new(key_base, salt, dkp).unwrap();
+
+    let message = "{\"key\":\"value\"}";
+
+    println!("{}", encryptor.encrypt_and_sign(message).expect("Encryptor failed"));
+}
diff --git a/examples/generate_encrypt.rb b/examples/generate_encrypt.rb
@@ -1,14 +1,16 @@
 require 'active_support'
 require 'json'
 
+include ActiveSupport
+
 key_base = 'helloworld'
-key_gen  = ActiveSupport::KeyGenerator.new(key_base, iterations: 1000)
+key_gen  = KeyGenerator.new(key_base, iterations: 1000)
 
-salt      = key_gen.generate_key('test salt')
+salt      = key_gen.generate_key('test salt')[0, MessageEncryptor.key_len]
 sign_salt = key_gen.generate_key('test signed salt')
 
-verifier  = ActiveSupport::MessageVerifier.new(key_base, serializer: JSON)
-encryptor = ActiveSupport::MessageEncryptor.new(salt, sign_salt, serializer: JSON)
+verifier  = MessageVerifier.new(key_base, serializer: JSON)
+encryptor = MessageEncryptor.new(salt, sign_salt, serializer: JSON)
 
 message = { key: 'value' }
 

diff --git a/examples/generate_encrypt.rs b/examples/generate_encrypt.rs
@@ -1,6 +1,6 @@
 extern crate message_verifier;
 
-use message_verifier::{Verifier, Encryptor, DerivedKeyParams};
+use message_verifier::{Verifier, Encryptor, AesHmacEncryptor, DerivedKeyParams};
 
 fn main() {
     let key_base = "helloworld";
@@ -10,7 +10,7 @@ fn main() {
     let verifier = Verifier::new(key_base);
 
     let dkp = DerivedKeyParams::default();
-    let encryptor = Encryptor::new(key_base, salt, sign_salt, dkp).unwrap();
+    let encryptor = AesHmacEncryptor::new(key_base, salt, sign_salt, dkp).unwrap();
 
     let message = "{\"key\":\"value\"}";
 

diff --git a/examples/verify_decrypt.rb b/examples/verify_decrypt.rb
@@ -4,7 +4,7 @@
 key_base = 'helloworld'
 key_gen  = ActiveSupport::KeyGenerator.new(key_base, iterations: 1000)
 
-salt      = key_gen.generate_key('test salt')
+salt      = key_gen.generate_key('test salt')[0, ActiveSupport::MessageEncryptor.key_len]
 sign_salt = key_gen.generate_key('test signed salt')
 
 verifier  = ActiveSupport::MessageVerifier.new(key_base, serializer: JSON)

diff --git a/examples/verify_decrypt.rs b/examples/verify_decrypt.rs
@@ -1,6 +1,6 @@
 extern crate message_verifier;
 
-use message_verifier::{Verifier, Encryptor, DerivedKeyParams};
+use message_verifier::{Verifier, Encryptor, AesHmacEncryptor, DerivedKeyParams};
 
 use std::io;
 use std::str;
@@ -13,7 +13,7 @@ fn main() {
     let verifier = Verifier::new(key_base);
 
     let dkp = DerivedKeyParams::default();
-    let encryptor = Encryptor::new(key_base, salt, sign_salt, dkp).unwrap();
+    let encryptor = AesHmacEncryptor::new(key_base, salt, sign_salt, dkp).unwrap();
 
     let mut input: Vec<String> = vec![];
     let mut buffer = String::new();
@@ -39,7 +39,7 @@ fn main() {
     match verifier.verify(&msg1) {
         Ok(verified_result) => {
             match encryptor.decrypt_and_verify(&msg2) {
-                Ok(decrypted_result) => {
+                Ok(ref decrypted_result) => {
                     println!("Verified Message: {}", str::from_utf8(&verified_result).expect("Verifier failed"));
                     println!("Decrypted Message: {}", str::from_utf8(&decrypted_result).expect("Encryptor failed"));
                 }