From 8da6938fb3f352d259e9ad93eef52cd8951856d7 Mon Sep 17 00:00:00 2001
From: Ethan O'Brien <ethan.a.obrien@gmail.com>
Date: Mon, 17 Nov 2025 23:48:53 -0600
Subject: [PATCH] Begin to remove openssl dependency

---
 Cargo.lock        | 51 +++++++++++++++++++++++++++++++++++++++++++++++
 Cargo.toml        |  2 ++
 src/encryption.rs | 39 ++++++++++++++----------------------
 3 files changed, 68 insertions(+), 24 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index cc3e619..04ae34b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -206,6 +206,17 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234"
 
+[[package]]
+name = "aes"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
+dependencies = [
+ "cfg-if",
+ "cipher",
+ "cpufeatures",
+]
+
 [[package]]
 name = "ahash"
 version = "0.8.11"
@@ -367,6 +378,15 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "block-padding"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "brotli"
 version = "7.0.0"
@@ -415,6 +435,15 @@ dependencies = [
  "bytes",
 ]
 
+[[package]]
+name = "cbc"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6"
+dependencies = [
+ "cipher",
+]
+
 [[package]]
 name = "cc"
 version = "1.2.20"
@@ -446,6 +475,16 @@ dependencies = [
  "windows-link",
 ]
 
+[[package]]
+name = "cipher"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
+dependencies = [
+ "crypto-common",
+ "inout",
+]
+
 [[package]]
 name = "clap"
 version = "4.5.37"
@@ -662,7 +701,9 @@ name = "ew"
 version = "1.0.0"
 dependencies = [
  "actix-web",
+ "aes",
  "base64",
+ "cbc",
  "chrono",
  "clap",
  "hex",
@@ -1261,6 +1302,16 @@ dependencies = [
  "hashbrown 0.15.3",
 ]
 
+[[package]]
+name = "inout"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
+dependencies = [
+ "block-padding",
+ "generic-array",
+]
+
 [[package]]
 name = "ipnet"
 version = "2.11.0"
diff --git a/Cargo.toml b/Cargo.toml
index 4168a19..d46db11 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -28,3 +28,5 @@ include-flate-codegen = "0.3.0"
 libflate = "2.1.0"
 serde_json = "1.0.140"
 serde = { version = "1.0.219", features = ["derive"] }
+cbc = { version = "0.1.2", features = ["alloc"] }
+aes = "0.8.4"
diff --git a/src/encryption.rs b/src/encryption.rs
index 37c4bfe..9784540 100644
--- a/src/encryption.rs
+++ b/src/encryption.rs
@@ -1,47 +1,38 @@
-use openssl::symm::{Cipher, Crypter, Mode};
-use openssl::error::ErrorStack;
 use base64::{Engine as _, engine::general_purpose};
 use rand::Rng;
+use aes::cipher::BlockEncryptMut;
+use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit};
+
+type Aes256CbcEnc = cbc::Encryptor<aes::Aes256>;
+type Aes256CbcDec = cbc::Decryptor<aes::Aes256>;
 
 const IV_LENGTH: usize = 16;
 const KEY: &str = "3559b435f24b297a79c68b9709ef2125";
 
-pub fn decrypt_packet(base64_input: &str) -> Result<String, ErrorStack> {
+pub fn decrypt_packet(base64_input: &str) -> Result<String, String> {
     if base64_input.len() < IV_LENGTH + 1 {
         return Ok(String::new());
     }
     let base64_buffer = general_purpose::STANDARD.decode(base64_input).unwrap();
 
     let decryption_iv = &base64_buffer[..IV_LENGTH];
-    let ciphertext = &base64_buffer[IV_LENGTH..];
+    let mut ciphertext = base64_buffer[IV_LENGTH..].to_vec();
 
-    let cipher = Cipher::aes_256_cbc();
-    let mut decrypter = Crypter::new(cipher, Mode::Decrypt, KEY.as_bytes(), Some(decryption_iv))?;
+    let decrypted_data = Aes256CbcDec::new(KEY.as_bytes().into(), decryption_iv.into())
+        .decrypt_padded_mut::<Pkcs7>(&mut ciphertext).ok()
+        .ok_or(String::from("uhoh"))?;
 
-    let mut decrypted_data = vec![0u8; ciphertext.len() + cipher.block_size()];
-    let mut decrypted_len = decrypter.update(ciphertext, &mut decrypted_data)?;
-    decrypted_len += decrypter.finalize(&mut decrypted_data[decrypted_len..])?;
-    
-    decrypted_data.truncate(decrypted_len);
-
-    Ok(String::from_utf8(decrypted_data).unwrap())
+    Ok(String::from_utf8(decrypted_data.to_vec()).unwrap())
 }
 
-pub fn encrypt_packet(input: &str) -> Result<String, ErrorStack> {
-    let cipher = Cipher::aes_256_cbc();
+pub fn encrypt_packet(input: &str) -> Result<String, String> {
     let encryption_iv = generate_random_iv();
 
-    let mut encrypter = Crypter::new(cipher, Mode::Encrypt, KEY.as_bytes(), Some(&encryption_iv))?;
+    let encrypted = Aes256CbcEnc::new(KEY.as_bytes().into(), encryption_iv.as_slice().into())
+        .encrypt_padded_vec_mut::<Pkcs7>(input.as_bytes());
 
-    let mut encrypted_data = vec![0u8; input.len() + cipher.block_size()];
-    let mut encrypted_len = encrypter.update(input.as_bytes(), &mut encrypted_data)?;
-
-    encrypted_len += encrypter.finalize(&mut encrypted_data[encrypted_len..])?;
-
-    encrypted_data.truncate(encrypted_len);
-    
     let mut result = encryption_iv.to_vec();
-    result.extend_from_slice(&encrypted_data);
+    result.extend_from_slice(&encrypted);
 
     Ok(general_purpose::STANDARD.encode(&result))
 }