solana/zk-token-sdk/src/encryption/aes.rs

#[cfg(not(target_arch = "bpf"))]
use {
    aes_gcm::{aead::Aead, Aes128Gcm, NewAead},
    rand::{rngs::OsRng, CryptoRng, Rng, RngCore},
};
use {
    arrayref::{array_ref, array_refs},
    solana_sdk::{
        instruction::Instruction,
        message::Message,
        pubkey::Pubkey,
        signature::Signature,
        signer::{Signer, SignerError},
    },
    std::convert::TryInto,
    zeroize::Zeroize,
};

struct Aes;
impl Aes {
    #[cfg(not(target_arch = "bpf"))]
    #[allow(clippy::new_ret_no_self)]
    fn keygen<T: RngCore + CryptoRng>(rng: &mut T) -> AesKey {
        let random_bytes = rng.gen::<[u8; 16]>();
        AesKey(random_bytes)
    }

    #[cfg(not(target_arch = "bpf"))]
    fn encrypt(sk: &AesKey, amount: u64) -> AesCiphertext {
        let plaintext = amount.to_le_bytes();
        let nonce = OsRng.gen::<[u8; 12]>();

        // TODO: it seems like encryption cannot fail, but will need to double check
        let ciphertext = Aes128Gcm::new(&sk.0.into())
            .encrypt(&nonce.into(), plaintext.as_ref())
            .unwrap();

        AesCiphertext {
            nonce,
            ciphertext: ciphertext.try_into().unwrap(),
        }
    }

    #[cfg(not(target_arch = "bpf"))]
    fn decrypt(sk: &AesKey, ct: &AesCiphertext) -> Option<u64> {
        let plaintext =
            Aes128Gcm::new(&sk.0.into()).decrypt(&ct.nonce.into(), ct.ciphertext.as_ref());

        if let Ok(plaintext) = plaintext {
            let amount_bytes: [u8; 8] = plaintext.try_into().unwrap();
            Some(u64::from_le_bytes(amount_bytes))
        } else {
            None
        }
    }
}

#[derive(Debug, Zeroize)]
pub struct AesKey([u8; 16]);
impl AesKey {
    pub fn new(signer: &dyn Signer, address: &Pubkey) -> Result<Self, SignerError> {
        let message = Message::new(
            &[Instruction::new_with_bytes(*address, b"AesKey", vec![])],
            Some(&signer.try_pubkey()?),
        );
        let signature = signer.try_sign_message(&message.serialize())?;

        // Some `Signer` implementations return the default signature, which is not suitable for
        // use as key material
        if signature == Signature::default() {
            Err(SignerError::Custom("Rejecting default signature".into()))
        } else {
            Ok(AesKey(signature.as_ref()[..16].try_into().unwrap()))
        }
    }

    pub fn random<T: RngCore + CryptoRng>(rng: &mut T) -> Self {
        Aes::keygen(rng)
    }

    pub fn encrypt(&self, amount: u64) -> AesCiphertext {
        Aes::encrypt(self, amount)
    }
}

#[derive(Debug)]
pub struct AesCiphertext {
    pub nonce: [u8; 12],
    pub ciphertext: [u8; 24],
}
impl AesCiphertext {
    pub fn decrypt(&self, key: &AesKey) -> Option<u64> {
        Aes::decrypt(key, self)
    }

    pub fn to_bytes(&self) -> [u8; 36] {
        let mut buf = [0_u8; 36];
        buf[..12].copy_from_slice(&self.nonce);
        buf[12..].copy_from_slice(&self.ciphertext);
        buf
    }

    pub fn from_bytes(bytes: &[u8]) -> Option<AesCiphertext> {
        if bytes.len() != 36 {
            return None;
        }

        let bytes = array_ref![bytes, 0, 36];
        let (nonce, ciphertext) = array_refs![bytes, 12, 24];
        Some(AesCiphertext {
            nonce: *nonce,
            ciphertext: *ciphertext,
        })
    }
}

impl Default for AesCiphertext {
    fn default() -> Self {
        AesCiphertext {
            nonce: [0_u8; 12],
            ciphertext: [0_u8; 24],
        }
    }
}

#[cfg(test)]
mod tests {
    use {
        super::*,
        solana_sdk::{signature::Keypair, signer::null_signer::NullSigner},
    };

    #[test]
    fn test_aes_encrypt_decrypt_correctness() {
        let key = AesKey::random(&mut OsRng);
        let amount = 55;

        let ct = key.encrypt(amount);
        let decrypted_amount = ct.decrypt(&key).unwrap();

        assert_eq!(amount, decrypted_amount);
    }

    #[test]
    fn test_aes_new() {
        let keypair1 = Keypair::new();
        let keypair2 = Keypair::new();

        assert_ne!(
            AesKey::new(&keypair1, &Pubkey::default()).unwrap().0,
            AesKey::new(&keypair2, &Pubkey::default()).unwrap().0,
        );

        let null_signer = NullSigner::new(&Pubkey::default());
        assert!(AesKey::new(&null_signer, &Pubkey::default()).is_err());
    }
}
serialization for aes 2021-10-17 08:37:28 -07:00			`#[cfg(not(target_arch = "bpf"))]`
			`use {`
			`aes_gcm::{aead::Aead, Aes128Gcm, NewAead},`
			`rand::{rngs::OsRng, CryptoRng, Rng, RngCore},`
			`};`
Update sdk/src/encryption/aes.rs Co-authored-by: Michael Vines <mvines@gmail.com> 2021-10-15 03:44:56 -07:00			`use {`
serialization for aes 2021-10-17 08:37:28 -07:00			`arrayref::{array_ref, array_refs},`
Generate AesKey/ElGamalSecretKey from an ed25519 signature instead of secret key 2021-10-21 17:48:25 -07:00			`solana_sdk::{`
			`instruction::Instruction,`
			`message::Message,`
			`pubkey::Pubkey,`
			`signature::Signature,`
			`signer::{Signer, SignerError},`
			`},`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`std::convert::TryInto,`
Update sdk/src/encryption/aes.rs Co-authored-by: Michael Vines <mvines@gmail.com> 2021-10-15 03:44:56 -07:00			`zeroize::Zeroize,`
quick syntactical fixes from pr review merge 2021-10-14 09:19:22 -07:00			`};`
add aes encryption 2021-10-08 06:12:54 -07:00
serialization for aes 2021-10-17 08:37:28 -07:00			`struct Aes;`
			`impl Aes {`
Some clippy 2021-10-11 12:16:29 -07:00			`#[cfg(not(target_arch = "bpf"))]`
			`#[allow(clippy::new_ret_no_self)]`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`fn keygen<T: RngCore + CryptoRng>(rng: &mut T) -> AesKey {`
serialization for aes 2021-10-17 08:37:28 -07:00			`let random_bytes = rng.gen::<[u8; 16]>();`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`AesKey(random_bytes)`
Add blueprint for aes encryption 2021-10-07 15:21:31 -07:00			`}`

Some clippy 2021-10-11 12:16:29 -07:00			`#[cfg(not(target_arch = "bpf"))]`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`fn encrypt(sk: &AesKey, amount: u64) -> AesCiphertext {`
			`let plaintext = amount.to_le_bytes();`
			`let nonce = OsRng.gen::<[u8; 12]>();`
add aes encryption 2021-10-08 06:12:54 -07:00
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`// TODO: it seems like encryption cannot fail, but will need to double check`
			`let ciphertext = Aes128Gcm::new(&sk.0.into())`
serialization for aes 2021-10-17 08:37:28 -07:00			`.encrypt(&nonce.into(), plaintext.as_ref())`
			`.unwrap();`
add aes encryption 2021-10-08 06:12:54 -07:00
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`AesCiphertext {`
			`nonce,`
			`ciphertext: ciphertext.try_into().unwrap(),`
			`}`
Add blueprint for aes encryption 2021-10-07 15:21:31 -07:00			`}`

Some clippy 2021-10-11 12:16:29 -07:00			`#[cfg(not(target_arch = "bpf"))]`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`fn decrypt(sk: &AesKey, ct: &AesCiphertext) -> Option<u64> {`
serialization for aes 2021-10-17 08:37:28 -07:00			`let plaintext =`
			`Aes128Gcm::new(&sk.0.into()).decrypt(&ct.nonce.into(), ct.ciphertext.as_ref());`
add aes encryption 2021-10-08 06:12:54 -07:00
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`if let Ok(plaintext) = plaintext {`
			`let amount_bytes: [u8; 8] = plaintext.try_into().unwrap();`
			`Some(u64::from_le_bytes(amount_bytes))`
			`} else {`
			`None`
			`}`
Add blueprint for aes encryption 2021-10-07 15:21:31 -07:00			`}`
			`}`

Some clippy 2021-10-11 12:16:29 -07:00			`#[derive(Debug, Zeroize)]`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`pub struct AesKey([u8; 16]);`
			`impl AesKey {`
Generate AesKey/ElGamalSecretKey from an ed25519 signature instead of secret key 2021-10-21 17:48:25 -07:00			`pub fn new(signer: &dyn Signer, address: &Pubkey) -> Result<Self, SignerError> {`
			`let message = Message::new(`
			`&[Instruction::new_with_bytes(*address, b"AesKey", vec![])],`
			`Some(&signer.try_pubkey()?),`
			`);`
			`let signature = signer.try_sign_message(&message.serialize())?;`

			// Some `Signer` implementations return the default signature, which is not suitable for
			`// use as key material`
			`if signature == Signature::default() {`
			`Err(SignerError::Custom("Rejecting default signature".into()))`
			`} else {`
			`Ok(AesKey(signature.as_ref()[..16].try_into().unwrap()))`
			`}`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`}`

			`pub fn random<T: RngCore + CryptoRng>(rng: &mut T) -> Self {`
serialization for aes 2021-10-17 08:37:28 -07:00			`Aes::keygen(rng)`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`}`

			`pub fn encrypt(&self, amount: u64) -> AesCiphertext {`
serialization for aes 2021-10-17 08:37:28 -07:00			`Aes::encrypt(self, amount)`
Add blueprint for aes encryption 2021-10-07 15:21:31 -07:00			`}`
			`}`

add aes encryption 2021-10-08 06:12:54 -07:00			`#[derive(Debug)]`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`pub struct AesCiphertext {`
			`pub nonce: [u8; 12],`
			`pub ciphertext: [u8; 24],`
Add blueprint for aes encryption 2021-10-07 15:21:31 -07:00			`}`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`impl AesCiphertext {`
			`pub fn decrypt(&self, key: &AesKey) -> Option<u64> {`
serialization for aes 2021-10-17 08:37:28 -07:00			`Aes::decrypt(key, self)`
			`}`

			`pub fn to_bytes(&self) -> [u8; 36] {`
			`let mut buf = [0_u8; 36];`
			`buf[..12].copy_from_slice(&self.nonce);`
			`buf[12..].copy_from_slice(&self.ciphertext);`
			`buf`
			`}`

			`pub fn from_bytes(bytes: &[u8]) -> Option<AesCiphertext> {`
			`if bytes.len() != 36 {`
			`return None;`
			`}`

			`let bytes = array_ref![bytes, 0, 36];`
			`let (nonce, ciphertext) = array_refs![bytes, 12, 24];`
			`Some(AesCiphertext {`
			`nonce: *nonce,`
			`ciphertext: *ciphertext,`
			`})`
update demo program and bpf test for aes ciphertext removal 2021-10-14 09:56:37 -07:00			`}`
			`}`

change AESCiphertext to AesCiphertext 2021-10-17 08:45:41 -07:00			`impl Default for AesCiphertext {`
			`fn default() -> Self {`
			`AesCiphertext {`
			`nonce: [0_u8; 12],`
			`ciphertext: [0_u8; 24],`
			`}`
			`}`
			`}`

add aes encryption 2021-10-08 06:12:54 -07:00			`#[cfg(test)]`
			`mod tests {`
Generate AesKey/ElGamalSecretKey from an ed25519 signature instead of secret key 2021-10-21 17:48:25 -07:00			`use {`
			`super::*,`
			`solana_sdk::{signature::Keypair, signer::null_signer::NullSigner},`
			`};`
add aes encryption 2021-10-08 06:12:54 -07:00
			`#[test]`
			`fn test_aes_encrypt_decrypt_correctness() {`
use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`let key = AesKey::random(&mut OsRng);`
add aes encryption 2021-10-08 06:12:54 -07:00			`let amount = 55;`

use randomized authenticated encryption for aes 2021-10-17 08:16:18 -07:00			`let ct = key.encrypt(amount);`
			`let decrypted_amount = ct.decrypt(&key).unwrap();`
add aes encryption 2021-10-08 06:12:54 -07:00
			`assert_eq!(amount, decrypted_amount);`
			`}`
Generate AesKey/ElGamalSecretKey from an ed25519 signature instead of secret key 2021-10-21 17:48:25 -07:00
			`#[test]`
			`fn test_aes_new() {`
			`let keypair1 = Keypair::new();`
			`let keypair2 = Keypair::new();`

			`assert_ne!(`
			`AesKey::new(&keypair1, &Pubkey::default()).unwrap().0,`
			`AesKey::new(&keypair2, &Pubkey::default()).unwrap().0,`
			`);`

			`let null_signer = NullSigner::new(&Pubkey::default());`
			`assert!(AesKey::new(&null_signer, &Pubkey::default()).is_err());`
			`}`
add aes encryption 2021-10-08 06:12:54 -07:00			`}`