Add crypto wrapper as an optional dependency

src/crypto_wrapper.rs

@@ -0,0 +1,97 @@
+use std::error::Error;
+use std::io::ErrorKind;
+
+use aes_gcm::aead::{Aead, OsRng};
+use aes_gcm::{Aes256Gcm, Key, KeyInit, Nonce};
+use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
+use base64::Engine as _;
+pub use bincode::{Decode, Encode};
+use rand::Rng;
+
+const NONCE_LEN: usize = 12;
+
+pub struct CryptoWrapper {
+    key: Key<Aes256Gcm>,
+}
+
+impl CryptoWrapper {
+    /// Generate a new memory wrapper
+    pub fn new_random() -> Self {
+        Self {
+            key: Aes256Gcm::generate_key(&mut OsRng),
+        }
+    }
+
+    /// Encrypt some data
+    pub fn encrypt<T: Encode + Decode>(&self, data: &T) -> Result<String, Box<dyn Error>> {
+        let aes_key = Aes256Gcm::new(&self.key);
+        let nonce_bytes = rand::thread_rng().gen::<[u8; NONCE_LEN]>();
+
+        let serialized_data = bincode::encode_to_vec(data, bincode::config::standard())?;
+
+        let mut enc = aes_key
+            .encrypt(Nonce::from_slice(&nonce_bytes), serialized_data.as_slice())
+            .unwrap();
+        enc.extend_from_slice(&nonce_bytes);
+
+        Ok(BASE64_STANDARD.encode(enc))
+    }
+
+    /// Decrypt some data previously encrypted using the [`CryptoWrapper::encrypt`] method
+    pub fn decrypt<T: Decode>(&self, input: &str) -> Result<T, Box<dyn Error>> {
+        let bytes = BASE64_STANDARD.decode(input)?;
+
+        if bytes.len() < NONCE_LEN {
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
+                "Input string is smaller than nonce!",
+            )));
+        }
+
+        let (enc, nonce) = bytes.split_at(bytes.len() - NONCE_LEN);
+        assert_eq!(nonce.len(), NONCE_LEN);
+
+        let aes_key = Aes256Gcm::new(&self.key);
+
+        let dec = match aes_key.decrypt(Nonce::from_slice(nonce), enc) {
+            Ok(d) => d,
+            Err(e) => {
+                log::error!("Failed to decrypt wrapped data! {:#?}", e);
+                return Err(Box::new(std::io::Error::new(
+                    ErrorKind::Other,
+                    "Failed to decrypt wrapped data!",
+                )));
+            }
+        };
+
+        Ok(bincode::decode_from_slice(&dec, bincode::config::standard())?.0)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use crate::crypto_wrapper::CryptoWrapper;
+    use bincode::{Decode, Encode};
+
+    #[derive(Encode, Decode, Eq, PartialEq, Debug)]
+    struct Message(String);
+
+    #[test]
+    fn encrypt_and_decrypt() {
+        let wrapper = CryptoWrapper::new_random();
+        let msg = Message("Pierre was here".to_string());
+        let enc = wrapper.encrypt(&msg).unwrap();
+        let dec: Message = wrapper.decrypt(&enc).unwrap();
+
+        assert_eq!(dec, msg)
+    }
+
+    #[test]
+    fn encrypt_and_decrypt_invalid() {
+        let wrapper_1 = CryptoWrapper::new_random();
+        let wrapper_2 = CryptoWrapper::new_random();
+        let msg = Message("Pierre was here".to_string());
+        let enc = wrapper_1.encrypt(&msg).unwrap();
+        wrapper_2.decrypt::<Message>(&enc).unwrap_err();
+    }
+}

src/lib.rs

@@ -6,3 +6,6 @@
 
 pub mod client;
 pub mod primitives;
+
+#[cfg(feature = "crypto-wrapper")]
+pub mod crypto_wrapper;