Backports to beta (#2068)

* Fix several RPCs (#1926) * Fix up pending receipts details. * Add support for additional params and registry over RPC. * Fix tests. * Add test, additional fix. Fixes #1932. * Fix up tests. * Fix test. * Fix test. * DB WAL size limit (#1935) * Limit WAL size * Check pruning by db modification date (#1924) * Cache address hash (#1943) * ECIES without MAC (#1948) * Use random IV for ECIES AES * ECIES encrypt/decrypt for a single message * Derive IV from shared secret * Apply settings to column families * fixed #1933 (#1979) * Fixed neighbours collection (#1996) * dapps-hosts configuration * Disabled counter check * always process trie death row on commit, add more tracing * fixed transaction addresses mapping, fixes #1971 * simplified iterator * v1.3.1 * v1.3.1
2016-09-11 14:04:17 +02:00
parent 1ccc90108c
commit 2a82fa0a47
43 changed files with 732 additions and 181 deletions
--- a/util/src/crypto.rs
+++ b/util/src/crypto.rs
@@ -287,6 +287,7 @@ pub mod ecies {
 	use hash::*;
 	use bytes::*;
 	use crypto::*;
+	use sha3::Hashable;

 	/// Encrypt a message with a public key
 	pub fn encrypt(public: &Public, shared_mac: &[u8], plain: &[u8]) -> Result<Bytes, CryptoError> {
@@ -310,9 +311,11 @@ pub mod ecies {
 		{
 			let msgd = &mut msg[1..];
 			r.public().copy_to(&mut msgd[0..64]);
+			let iv = H128::random();
+			iv.copy_to(&mut msgd[64..(64+16)]);
 			{
 				let cipher = &mut msgd[(64 + 16)..(64 + 16 + plain.len())];
-				aes::encrypt(ekey, &H128::new(), plain, cipher);
+				aes::encrypt(ekey, &iv, plain, cipher);
 			}
 			let mut hmac = Hmac::new(Sha256::new(), &mkey);
 			{
@@ -325,6 +328,33 @@ pub mod ecies {
 		Ok(msg)
 	}

+	/// Encrypt a message with a public key
+	pub fn encrypt_single_message(public: &Public, plain: &[u8]) -> Result<Bytes, CryptoError> {
+		use ::rcrypto::digest::Digest;
+		use ::rcrypto::sha2::Sha256;
+		let r = try!(KeyPair::create());
+		let z = try!(ecdh::agree(r.secret(), public));
+		let mut key = [0u8; 32];
+		let mut mkey = [0u8; 32];
+		kdf(&z, &[0u8; 0], &mut key);
+		let mut hasher = Sha256::new();
+		let mkey_material = &key[16..32];
+		hasher.input(mkey_material);
+		hasher.result(&mut mkey);
+		let ekey = &key[0..16];
+
+		let mut msgd = vec![0u8; (64 + plain.len())];
+		{
+			r.public().copy_to(&mut msgd[0..64]);
+			let iv = H128::from_slice(&z.sha3()[0..16]);
+			{
+				let cipher = &mut msgd[64..(64 + plain.len())];
+				aes::encrypt(ekey, &iv, plain, cipher);
+			}
+		}
+		Ok(msgd)
+	}
+
 	/// Decrypt a message with a secret key
 	pub fn decrypt(secret: &Secret, shared_mac: &[u8], encrypted: &[u8]) -> Result<Bytes, CryptoError> {
 		use ::rcrypto::digest::Digest;
@@ -370,6 +400,36 @@ pub mod ecies {
 		Ok(msg)
 	}

+	/// Decrypt single message with a secret key
+	pub fn decrypt_single_message(secret: &Secret, encrypted: &[u8]) -> Result<Bytes, CryptoError> {
+		use ::rcrypto::digest::Digest;
+		use ::rcrypto::sha2::Sha256;
+
+		let meta_len = 64;
+		if encrypted.len() < meta_len {
+			return Err(CryptoError::InvalidMessage); //invalid message: publickey
+		}
+
+		let e = encrypted;
+		let p = Public::from_slice(&e[0..64]);
+		let z = try!(ecdh::agree(secret, &p));
+		let mut key = [0u8; 32];
+		kdf(&z, &[0u8; 0], &mut key);
+		let ekey = &key[0..16];
+		let mkey_material = &key[16..32];
+		let mut hasher = Sha256::new();
+		let mut mkey = [0u8; 32];
+		hasher.input(mkey_material);
+		hasher.result(&mut mkey);
+
+		let clen = encrypted.len() - meta_len;
+		let cipher = &e[64..(64+clen)];
+		let mut msg = vec![0u8; clen];
+		let iv = H128::from_slice(&z.sha3()[0..16]);
+		aes::decrypt(ekey, &iv, cipher, &mut msg[..]);
+		Ok(msg)
+	}
+
 	fn kdf(secret: &Secret, s1: &[u8], dest: &mut [u8]) {
 		use ::rcrypto::digest::Digest;
 		use ::rcrypto::sha2::Sha256;
@@ -458,4 +518,14 @@ mod tests {
 		let decrypted = ecies::decrypt(kp.secret(), shared, &encrypted).unwrap();
 		assert_eq!(decrypted[..message.len()], message[..]);
 	}
+
+	#[test]
+	fn ecies_shared_single() {
+		let kp = KeyPair::create().unwrap();
+		let message = b"So many books, so little time";
+		let encrypted = ecies::encrypt_single_message(kp.public(), message).unwrap();
+		assert!(encrypted[..] != message[..]);
+		let decrypted = ecies::decrypt_single_message(kp.secret(), &encrypted).unwrap();
+		assert_eq!(decrypted[..message.len()], message[..]);
+	}
 }