mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-04-26 13:27:57 +00:00
Encryption support for the statement store (#14440)
* Added ECIES encryption * tweaks * fmt * Make clippy happy * Use local keystore * qed
This commit is contained in:
Arkadiy Paronyan
@@ -0,0 +1,174 @@
|
||||
// This file is part of Substrate.
|
||||
|
||||
// Copyright (C) Parity Technologies (UK) Ltd.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// tag::description[]
|
||||
//! ECIES encryption scheme using x25519 key exchange and AEAD.
|
||||
// end::description[]
|
||||
|
||||
use aes_gcm::{aead::Aead, AeadCore, KeyInit};
|
||||
use rand::rngs::OsRng;
|
||||
use sha2::Digest;
|
||||
use sp_core::crypto::Pair;
|
||||
|
||||
/// x25519 secret key.
|
||||
pub type SecretKey = x25519_dalek::StaticSecret;
|
||||
/// x25519 public key.
|
||||
pub type PublicKey = x25519_dalek::PublicKey;
|
||||
|
||||
/// Encryption or decryption error.
|
||||
#[derive(Debug, PartialEq, Eq, thiserror::Error)]
|
||||
pub enum Error {
|
||||
/// Generic AES encryption error.
|
||||
#[error("Encryption error")]
|
||||
Encryption,
|
||||
/// Generic AES decryption error.
|
||||
#[error("Decryption error")]
|
||||
Decryption,
|
||||
/// Error reading key data. Not enough data in the buffer.
|
||||
#[error("Bad cypher text")]
|
||||
BadData,
|
||||
}
|
||||
|
||||
const NONCE_LEN: usize = 12;
|
||||
const PK_LEN: usize = 32;
|
||||
const AES_KEY_LEN: usize = 32;
|
||||
|
||||
fn aes_encrypt(key: &[u8; AES_KEY_LEN], nonce: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||
let enc = aes_gcm::Aes256Gcm::new(key.into());
|
||||
|
||||
enc.encrypt(nonce.into(), aes_gcm::aead::Payload { msg: plaintext, aad: b"" })
|
||||
.map_err(|_| Error::Encryption)
|
||||
}
|
||||
|
||||
fn aes_decrypt(key: &[u8; AES_KEY_LEN], nonce: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||
let dec = aes_gcm::Aes256Gcm::new(key.into());
|
||||
dec.decrypt(nonce.into(), aes_gcm::aead::Payload { msg: ciphertext, aad: b"" })
|
||||
.map_err(|_| Error::Decryption)
|
||||
}
|
||||
|
||||
fn kdf(shared_secret: &[u8]) -> [u8; AES_KEY_LEN] {
|
||||
let hkdf = hkdf::Hkdf::<sha2::Sha256>::new(None, shared_secret);
|
||||
let mut aes_key = [0u8; AES_KEY_LEN];
|
||||
hkdf.expand(b"", &mut aes_key)
|
||||
.expect("There's always enough data for derivation. qed.");
|
||||
aes_key
|
||||
}
|
||||
|
||||
/// Encrypt `plaintext` with the given public x25519 public key. Decryption can be performed with
|
||||
/// the matching secret key.
|
||||
pub fn encrypt_x25519(pk: &PublicKey, plaintext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||
let ephemeral_sk = x25519_dalek::StaticSecret::new(OsRng);
|
||||
let ephemeral_pk = x25519_dalek::PublicKey::from(&ephemeral_sk);
|
||||
|
||||
let mut shared_secret = ephemeral_sk.diffie_hellman(pk).to_bytes().to_vec();
|
||||
shared_secret.extend_from_slice(ephemeral_pk.as_bytes());
|
||||
|
||||
let aes_key = kdf(&shared_secret);
|
||||
|
||||
let nonce = aes_gcm::Aes256Gcm::generate_nonce(OsRng);
|
||||
let ciphertext = aes_encrypt(&aes_key, &nonce, plaintext)?;
|
||||
|
||||
let mut out = Vec::with_capacity(ciphertext.len() + PK_LEN + NONCE_LEN);
|
||||
out.extend_from_slice(ephemeral_pk.as_bytes());
|
||||
out.extend_from_slice(nonce.as_slice());
|
||||
out.extend_from_slice(ciphertext.as_slice());
|
||||
|
||||
Ok(out)
|
||||
}
|
||||
|
||||
/// Encrypt `plaintext` with the given ed25519 public key. Decryption can be performed with the
|
||||
/// matching secret key.
|
||||
pub fn encrypt_ed25519(pk: &sp_core::ed25519::Public, plaintext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||
let ed25519 = curve25519_dalek::edwards::CompressedEdwardsY(pk.0);
|
||||
let x25519 = ed25519.decompress().ok_or(Error::BadData)?.to_montgomery();
|
||||
let montgomery = x25519_dalek::PublicKey::from(x25519.to_bytes());
|
||||
encrypt_x25519(&montgomery, plaintext)
|
||||
}
|
||||
|
||||
/// Decrypt with the given x25519 secret key.
|
||||
pub fn decrypt_x25519(sk: &SecretKey, encrypted: &[u8]) -> Result<Vec<u8>, Error> {
|
||||
if encrypted.len() < PK_LEN + NONCE_LEN {
|
||||
return Err(Error::BadData)
|
||||
}
|
||||
let mut ephemeral_pk: [u8; PK_LEN] = Default::default();
|
||||
ephemeral_pk.copy_from_slice(&encrypted[0..PK_LEN]);
|
||||
let ephemeral_pk = PublicKey::from(ephemeral_pk);
|
||||
|
||||
let mut shared_secret = sk.diffie_hellman(&ephemeral_pk).to_bytes().to_vec();
|
||||
shared_secret.extend_from_slice(ephemeral_pk.as_bytes());
|
||||
|
||||
let aes_key = kdf(&shared_secret);
|
||||
|
||||
let nonce = &encrypted[PK_LEN..PK_LEN + NONCE_LEN];
|
||||
aes_decrypt(&aes_key, &nonce, &encrypted[PK_LEN + NONCE_LEN..])
|
||||
}
|
||||
|
||||
/// Decrypt with the given ed25519 key pair.
|
||||
pub fn decrypt_ed25519(pair: &sp_core::ed25519::Pair, encrypted: &[u8]) -> Result<Vec<u8>, Error> {
|
||||
let raw = pair.to_raw_vec();
|
||||
let hash: [u8; 32] = sha2::Sha512::digest(&raw).as_slice()[..32]
|
||||
.try_into()
|
||||
.map_err(|_| Error::Decryption)?;
|
||||
let secret = x25519_dalek::StaticSecret::from(hash);
|
||||
decrypt_x25519(&secret, encrypted)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod test {
|
||||
use super::*;
|
||||
use rand::rngs::OsRng;
|
||||
use sp_core::crypto::Pair;
|
||||
|
||||
#[test]
|
||||
fn basic_x25519_encryption() {
|
||||
let sk = SecretKey::new(OsRng);
|
||||
let pk = PublicKey::from(&sk);
|
||||
|
||||
let plain_message = b"An important secret message";
|
||||
let encrypted = encrypt_x25519(&pk, plain_message).unwrap();
|
||||
|
||||
let decrypted = decrypt_x25519(&sk, &encrypted).unwrap();
|
||||
assert_eq!(plain_message, decrypted.as_slice());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn basic_ed25519_encryption() {
|
||||
let (pair, _) = sp_core::ed25519::Pair::generate();
|
||||
let pk = pair.into();
|
||||
|
||||
let plain_message = b"An important secret message";
|
||||
let encrypted = encrypt_ed25519(&pk, plain_message).unwrap();
|
||||
|
||||
let decrypted = decrypt_ed25519(&pair, &encrypted).unwrap();
|
||||
assert_eq!(plain_message, decrypted.as_slice());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn fails_on_bad_data() {
|
||||
let sk = SecretKey::new(OsRng);
|
||||
let pk = PublicKey::from(&sk);
|
||||
|
||||
let plain_message = b"An important secret message";
|
||||
let encrypted = encrypt_x25519(&pk, plain_message).unwrap();
|
||||
|
||||
assert_eq!(decrypt_x25519(&sk, &[]), Err(Error::BadData));
|
||||
assert_eq!(
|
||||
decrypt_x25519(&sk, &encrypted[0..super::PK_LEN + super::NONCE_LEN - 1]),
|
||||
Err(Error::BadData)
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -49,6 +49,8 @@ pub use store_api::{
|
||||
Error, NetworkPriority, Result, StatementSource, StatementStore, SubmitResult,
|
||||
};
|
||||
|
||||
#[cfg(feature = "std")]
|
||||
mod ecies;
|
||||
pub mod runtime_api;
|
||||
#[cfg(feature = "std")]
|
||||
mod store_api;
|
||||
@@ -61,12 +63,17 @@ mod sr25519 {
|
||||
pub type Public = app_sr25519::Public;
|
||||
}
|
||||
|
||||
mod ed25519 {
|
||||
/// Statement-store specific ed25519 crypto primitives.
|
||||
pub mod ed25519 {
|
||||
mod app_ed25519 {
|
||||
use sp_application_crypto::{app_crypto, ed25519, key_types::STATEMENT};
|
||||
app_crypto!(ed25519, STATEMENT);
|
||||
}
|
||||
/// Statement-store specific ed25519 public key.
|
||||
pub type Public = app_ed25519::Public;
|
||||
/// Statement-store specific ed25519 key pair.
|
||||
#[cfg(feature = "std")]
|
||||
pub type Pair = app_ed25519::Pair;
|
||||
}
|
||||
|
||||
mod ecdsa {
|
||||
@@ -507,6 +514,28 @@ impl Statement {
|
||||
}
|
||||
output
|
||||
}
|
||||
|
||||
/// Encrypt give data with given key and store both in the statements.
|
||||
#[cfg(feature = "std")]
|
||||
pub fn encrypt(
|
||||
&mut self,
|
||||
data: &[u8],
|
||||
key: &sp_core::ed25519::Public,
|
||||
) -> core::result::Result<(), ecies::Error> {
|
||||
let encrypted = ecies::encrypt_ed25519(key, data)?;
|
||||
self.data = Some(encrypted);
|
||||
self.decryption_key = Some((*key).into());
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Decrypt data (if any) with the given private key.
|
||||
#[cfg(feature = "std")]
|
||||
pub fn decrypt_private(
|
||||
&self,
|
||||
key: &sp_core::ed25519::Pair,
|
||||
) -> core::result::Result<Option<Vec<u8>>, ecies::Error> {
|
||||
self.data.as_ref().map(|d| ecies::decrypt_ed25519(key, d)).transpose()
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
@@ -615,4 +644,18 @@ mod test {
|
||||
statement.remove_proof();
|
||||
assert_eq!(statement.verify_signature(), SignatureVerificationResult::NoSignature);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn encrypt_decrypt() {
|
||||
let mut statement = Statement::new();
|
||||
let (pair, _) = sp_core::ed25519::Pair::generate();
|
||||
let plain = b"test data".to_vec();
|
||||
|
||||
//let sr25519_kp = sp_core::sr25519::Pair::from_string("//Alice", None).unwrap();
|
||||
statement.encrypt(&plain, &pair.public()).unwrap();
|
||||
assert_ne!(plain.as_slice(), statement.data().unwrap().as_slice());
|
||||
|
||||
let decrypted = statement.decrypt_private(&pair).unwrap();
|
||||
assert_eq!(decrypted, Some(plain));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user