Basic API

Signed-off-by: Lee Smet <lee.smet@hotmail.com>
2025-05-15 13:53:16 +02:00 · 2025-05-15 13:53:16 +02:00 · 2adda10664
commit 2adda10664
parent 7b1908b676
5 changed files with 110 additions and 12 deletions
--- a/vault/Cargo.toml
+++ b/vault/Cargo.toml
@ -18,3 +18,5 @@ chacha20poly1305 = "0.10.1"
 k256 = { version = "0.13.4", features = ["ecdh"] }
 sha2 = "0.10.9"
 kv = { git = "https://git.ourworld.tf/samehabouelsaad/sal-modular", package = "kvstore", rev = "9dce815daa" }
+bincode = { version = "2.0.1", features = ["serde"] }
+pbkdf2 = "0.12.2"
--- a/vault/src/error.rs
+++ b/vault/src/error.rs
@ -9,6 +9,8 @@ pub enum Error {
    CorruptKeyspace,
    /// An error in the used key value store
    KV(kv::error::KVError),
+    /// An error while encoding/decoding the keyspace.
+    Coding,
 }

 impl core::fmt::Display for Error {
@ -18,6 +20,7 @@ impl core::fmt::Display for Error {
            Error::IOError(e) => f.write_fmt(format_args!("io: {e}")),
            Error::CorruptKeyspace => f.write_str("corrupt keyspace"),
            Error::KV(e) => f.write_fmt(format_args!("kv: {e}")),
+            Error::Coding => f.write_str("keyspace coding failed"),
        }
    }
 }
@ -77,3 +80,15 @@ impl From<kv::error::KVError> for Error {
        Self::KV(value)
    }
 }
+
+impl From<bincode::error::DecodeError> for Error {
+    fn from(_: bincode::error::DecodeError) -> Self {
+        Self::Coding
+    }
+}
+
+impl From<bincode::error::EncodeError> for Error {
+    fn from(_: bincode::error::EncodeError) -> Self {
+        Self::Coding
+    }
+}
--- a/vault/src/key/symmetric.rs
+++ b/vault/src/key/symmetric.rs
@ -83,4 +83,22 @@ impl SymmetricKey {
            .decrypt(nonce, ciphertext)
            .map_err(|_| CryptoError::DecryptionFailed)
    }
+
+    /// Derives a new symmetric key from a password.
+    ///
+    /// Derivation is done using pbkdf2 with Sha256 hashing.
+    pub fn derive_from_password(password: &str) -> Self {
+        /// Salt to use for PBKDF2. This needs to be consistent accross runs to generate the same
+        /// key. Additionally, it does not really matter what this is, as long as its unique.
+        const SALT: &[u8; 10] = b"vault_salt";
+        /// Amount of rounds to use for key generation. More rounds => more cpu time. Changing this
+        /// also chagnes the generated keys.
+        const ROUNDS: u32 = 100_000;
+
+        let mut key = [0; 32];
+
+        pbkdf2::pbkdf2_hmac::<sha2::Sha256>(password.as_bytes(), SALT, ROUNDS, &mut key);
+
+        Self(key)
+    }
 }
--- a/vault/src/keyspace.rs
+++ b/vault/src/keyspace.rs
@ -3,13 +3,21 @@
 // #[cfg(target_arch = "wasm32")]
 // mod wasm;

-use std::{collections::HashMap, path::Path};
+use std::collections::HashMap;
+
+#[cfg(not(target_arch = "wasm32"))]
+use std::path::Path;

 use crate::{
    error::Error,
    key::{Key, symmetric::SymmetricKey},
 };

+use kv::KVStore;
+
+/// Configuration to use for bincode en/decoding.
+const BINCODE_CONFIG: bincode::config::Configuration = bincode::config::standard();
+
 // #[cfg(not(target_arch = "wasm32"))]
 // use fallback::KeySpace as Ks;
 // #[cfg(target_arch = "wasm32")]
@ -44,14 +52,14 @@ impl KeySpace {}
 #[cfg(not(target_arch = "wasm32"))]
 impl KeySpace {
    /// Open the keyspace at the provided path using the given key for encryption.
-    pub fn open(path: &Path, encryption_key: SymmetricKey) -> Result<Self, Error> {
+    pub async fn open(path: &Path, encryption_key: SymmetricKey) -> Result<Self, Error> {
        let store = NativeStore::open(&path.display().to_string())?;
        let mut ks = Self {
            store,
            keys: HashMap::new(),
            encryption_key,
        };
-        ks.load_keyspace()?;
+        ks.load_keyspace().await?;
        Ok(ks)
    }
 }
@ -60,8 +68,13 @@ impl KeySpace {
 impl KeySpace {
    pub async fn open(name: &str, encryption_key: SymmetricKey) -> Result<Self, Error> {
        let store = WasmStore::open(name).await?;
-        todo!();
-        // Ok(Self { store })
+        let mut ks = Self {
+            store,
+            keys: HashMap::new(),
+            encryption_key,
+        };
+        ks.load_keyspace().await?;
+        Ok(ks)
    }
 }

@ -77,13 +90,13 @@ impl KeySpace {
    /// This overwrites the existing key if one is already stored with the same name.
    pub async fn set(&mut self, key: String, value: Key) -> Result<(), Error> {
        self.keys.insert(key, value);
-        self.save_keyspace()
+        self.save_keyspace().await
    }

    /// Delete the [`Key`] stored under the provided name.
    pub async fn delete(&mut self, key: &str) -> Result<(), Error> {
        self.keys.remove(key);
-        self.save_keyspace()
+        self.save_keyspace().await
    }

    /// Iterate over all stored [`keys`](Key) in the KeySpace
@ -93,9 +106,10 @@ impl KeySpace {

    /// Encrypt all keys and save them to the underlying store
    async fn save_keyspace(&self) -> Result<(), Error> {
-        // Bincode encode keys
-        //
+        let encoded_keys = bincode::serde::encode_to_vec(&self.keys, BINCODE_CONFIG)?;
+        let value = self.encryption_key.encrypt(&encoded_keys)?;
        // Put in store
+        Ok(self.store.set(KEYSPACE_NAME, &value).await?)
    }

    /// Loads the encrypted keyspace from the underlying storage
@ -105,8 +119,13 @@ impl KeySpace {
            return Ok(());
        };

-        // TODO: bincode decode
+        let raw = self.encryption_key.decrypt(&ks)?;

-        todo!();
+        let (decoded_keys, _): (HashMap<String, Key>, _) =
+            bincode::serde::decode_from_slice(&raw, BINCODE_CONFIG)?;
+
+        self.keys = decoded_keys;
+
+        Ok(())
    }
 }
--- a/vault/src/kvs.rs
+++ b/vault/src/kvs.rs
@ -1,3 +1,47 @@
+#[cfg(not(target_arch = "wasm32"))]
+use std::path::{Path, PathBuf};
+
+use crate::{error::Error, key::symmetric::SymmetricKey, keyspace::KeySpace};
+
 /// Store is a 2 tiered key-value store. That is, it is a collection of [`spaces`](KeySpace), where
 /// each [`space`](KeySpace) is itself an encrypted key-value store
-pub struct Store {}
+pub struct Store {
+    #[cfg(not(target_arch = "wasm32"))]
+    path: PathBuf,
+}
+
+#[cfg(not(target_arch = "wasm32"))]
+impl Store {
+    /// Create a new store at the given path, creating the path if it does not exist yet.
+    pub async fn new(path: &Path) -> Result<Self, Error> {
+        if path.exists() {
+            if !path.is_dir() {
+                return Err(Error::IOError(std::io::Error::new(
+                    std::io::ErrorKind::InvalidInput,
+                    "expected directory",
+                )));
+            }
+        } else {
+            std::fs::create_dir_all(path)?;
+        }
+        Ok(Self {
+            path: path.to_path_buf(),
+        })
+    }
+}
+
+impl Store {
+    /// Open a keyspace with the given name
+    pub async fn open_keyspace(&self, name: &str, password: &str) -> Result<KeySpace, Error> {
+        let encryption_key = SymmetricKey::derive_from_password(password);
+        #[cfg(not(target_arch = "wasm32"))]
+        {
+            let path = self.path.join(name);
+            KeySpace::open(&path, encryption_key).await
+        }
+        #[cfg(target_arch = "wasm32")]
+        {
+            KeySpace::open(name, encryption_key).await
+        }
+    }
+}