reach_encryption/

symmetric.rs

// SPDX-FileCopyrightText: 2023—2025 eaon <eaon@posteo.net>
// SPDX-License-Identifier: EUPL-1.2

//! Symmetric encryption using XChaCha20-Poly1305.
//!
//! Supports both automatic nonce generation and explicit nonce usage for
//! different use cases.

use chacha20poly1305::{AeadCore, KeyInit, XChaCha20Poly1305, XNonce, aead::Aead};
use rand_core::CryptoRngCore;
use reach_core::{ProstDecode, ProstEncode, ProstEncodeOwned, error, memory::Key};
#[cfg(any(feature = "reachable", feature = "attestant"))]
use reach_core::{memory::SharedSecretKeys, storage::GenericVault};

use super::*;

/// Decrypt ciphertext using XChaCha20-Poly1305 and decode the result.
///
/// Performs authenticated decryption and then decodes the resulting bytes using
/// Protocol Buffers decoding.
pub(crate) fn decrypt<D>(
    cipher: &XChaCha20Poly1305,
    nonce: &XNonce,
    ciphertext: &[u8],
) -> Result<D, error::CryptError>
where
    D: ProstDecode,
{
    let plaintext = cipher.decrypt(nonce, ciphertext)?;

    Ok(D::decode(plaintext)?)
}

/// Decryptable when provided with an explicit nonce.
///
/// For cases where the nonce is provided separately from the ciphertext.
pub trait DecryptableWithNonce<E> {
    /// Decrypt ciphertext using a provided nonce.
    fn decrypt_with_nonce(
        key: &Key,
        nonce: &XNonce,
        encrypted: &E,
    ) -> Result<Self, error::CryptError>
    where
        E: Ciphertext,
        Self: ProstDecode,
    {
        let cipher = XChaCha20Poly1305::new(key.as_ref());

        decrypt(&cipher, nonce, encrypted.ciphertext())
    }
}

/// Decryptable from data structures that include nonces.
///
/// This is the main decryption trait for data structures that carry their
/// own nonce, providing a convenient interface for symmetric decryption.
pub trait Decryptable<E> {
    /// Decrypt using a key and encrypted data that includes its own nonce.
    fn decrypt(key: &Key, encrypted: &E) -> Result<Self, error::CryptError>
    where
        E: Ciphertext + Nonce,
        Self: ProstDecode,
    {
        let cipher = XChaCha20Poly1305::new(key.as_ref());

        decrypt(&cipher, encrypted.nonce(), encrypted.ciphertext())
    }

    /// Decrypt using a pre-initialized cipher instance.
    ///
    /// Useful when you already have a cipher instance and want to avoid the
    /// overhead of re-creating it.
    fn decrypt_with_cipher(
        cipher: &XChaCha20Poly1305,
        encrypted: &E,
    ) -> Result<Self, error::CryptError>
    where
        E: Ciphertext + Nonce,
        Self: ProstDecode,
    {
        decrypt(cipher, encrypted.nonce(), encrypted.ciphertext())
    }
}

/// Encrypt plaintext using XChaCha20-Poly1305 with automatic nonce generation.
///
/// Generates a random nonce and encrypts the provided plaintext, returning an
/// encrypted data structure that includes both the nonce and ciphertext.
fn encrypt<F>(
    key: &Key,
    csprng: impl CryptoRngCore,
    plaintext: &[u8],
) -> Result<F, error::CryptError>
where
    F: From<(XNonce, Vec<u8>)>,
{
    let cipher = XChaCha20Poly1305::new(key.as_ref());
    let nonce = XChaCha20Poly1305::generate_nonce(csprng);

    Ok(F::from((nonce, cipher.encrypt(&nonce, plaintext)?)))
}

/// Encryptable using symmetric encryption.
///
/// Provides multiple encryption methods for data structures, supporting both
/// automatic nonce generation and explicit nonce usage. The `O` parameter
/// represents the output type after encryption.
pub trait Encryptable<O> {
    /// Encrypt this data structure with automatic nonce generation.
    fn encrypt<F>(&self, key: &Key, csprng: impl CryptoRngCore) -> Result<F, error::CryptError>
    where
        F: From<(XNonce, Vec<u8>)>,
        Self: ProstEncode + Decryptable<O> + Decryptable<F>,
    {
        encrypt(key, csprng, &self.encode_to_vec())
    }

    /// Encrypt this data structure by taking ownership, with automatic nonce generation.
    fn encrypt_owned<F>(self, key: &Key, csprng: impl CryptoRngCore) -> Result<F, error::CryptError>
    where
        F: From<(XNonce, Vec<u8>)>,
        Self: ProstEncodeOwned + Decryptable<O> + Decryptable<F>,
    {
        encrypt(key, csprng, &self.encode_to_vec())
    }

    /// Encrypt this data structure using a provided nonce.
    ///
    /// For instances where nonces are managed externally.
    ///
    /// # Security
    ///
    /// Never reuse the same nonce with the same key, as this breaks semantic security.
    fn encrypt_owned_with_nonce<F>(self, key: &Key, nonce: &XNonce) -> Result<F, error::CryptError>
    where
        F: From<Vec<u8>>,
        Self: ProstEncodeOwned + DecryptableWithNonce<O> + Decryptable<F> + Sized,
    {
        let plaintext = self.encode_to_vec();
        let cipher = XChaCha20Poly1305::new(key.as_ref());

        Ok(F::from(cipher.encrypt(nonce, plaintext.as_slice())?))
    }
}

#[cfg(any(feature = "reaching", feature = "reachable"))]
mod reaching_reachable {
    use reach_core::{
        memory::{Credentials, Message, MessageVaultPassport},
        wire::{
            CredentialVault, Envelope, EnvelopeId, MessageVault, MessageVaultId, MessageVaultSeed,
            SealedEnvelopeId, SealedMessageVaultId,
        },
    };

    use super::*;

    ciphertext_nonce!(Envelope, nonce, message_vault_passport_ciphertext);
    ciphertext_nonce!(MessageVault, message_ciphertext);

    impl Encryptable<MessageVault> for Message {}
    impl Encryptable<Envelope> for MessageVaultPassport {}

    impl Decryptable<CredentialVault> for Credentials {}
    impl DecryptableWithNonce<MessageVault> for Message {}
    impl Decryptable<Envelope> for MessageVaultPassport {}
    impl Decryptable<MessageVaultSeed> for Message {}
    impl Decryptable<(XNonce, Vec<u8>)> for MessageVaultPassport {}
    impl Decryptable<SealedEnvelopeId> for EnvelopeId {}
    impl Decryptable<SealedMessageVaultId> for MessageVaultId {}
}

#[cfg(any(feature = "reachable", feature = "attestant"))]
mod reachable_attestant {
    use super::*;

    ciphertext_nonce!(GenericVault, nonce, ciphertext);

    impl Encryptable<GenericVault> for SharedSecretKeys {}
    impl Encryptable<GenericVault> for Key {}
}

#[cfg(feature = "reachable")]
mod reachable {
    use super::*;

    impl Decryptable<GenericVault> for SharedSecretKeys {}
    impl Decryptable<GenericVault> for Key {}
}