Basic API

Signed-off-by: Lee Smet <lee.smet@hotmail.com>
This commit is contained in:
Lee Smet 2025-05-15 13:53:16 +02:00
parent 7b1908b676
commit 2adda10664
Signed by untrusted user who does not match committer: lee
GPG Key ID: 72CBFB5FDA7FE025
5 changed files with 110 additions and 12 deletions

View File

@ -18,3 +18,5 @@ chacha20poly1305 = "0.10.1"
k256 = { version = "0.13.4", features = ["ecdh"] }
sha2 = "0.10.9"
kv = { git = "https://git.ourworld.tf/samehabouelsaad/sal-modular", package = "kvstore", rev = "9dce815daa" }
bincode = { version = "2.0.1", features = ["serde"] }
pbkdf2 = "0.12.2"

View File

@ -9,6 +9,8 @@ pub enum Error {
CorruptKeyspace,
/// An error in the used key value store
KV(kv::error::KVError),
/// An error while encoding/decoding the keyspace.
Coding,
}
impl core::fmt::Display for Error {
@ -18,6 +20,7 @@ impl core::fmt::Display for Error {
Error::IOError(e) => f.write_fmt(format_args!("io: {e}")),
Error::CorruptKeyspace => f.write_str("corrupt keyspace"),
Error::KV(e) => f.write_fmt(format_args!("kv: {e}")),
Error::Coding => f.write_str("keyspace coding failed"),
}
}
}
@ -77,3 +80,15 @@ impl From<kv::error::KVError> for Error {
Self::KV(value)
}
}
impl From<bincode::error::DecodeError> for Error {
fn from(_: bincode::error::DecodeError) -> Self {
Self::Coding
}
}
impl From<bincode::error::EncodeError> for Error {
fn from(_: bincode::error::EncodeError) -> Self {
Self::Coding
}
}

View File

@ -83,4 +83,22 @@ impl SymmetricKey {
.decrypt(nonce, ciphertext)
.map_err(|_| CryptoError::DecryptionFailed)
}
/// Derives a new symmetric key from a password.
///
/// Derivation is done using pbkdf2 with Sha256 hashing.
pub fn derive_from_password(password: &str) -> Self {
/// Salt to use for PBKDF2. This needs to be consistent accross runs to generate the same
/// key. Additionally, it does not really matter what this is, as long as its unique.
const SALT: &[u8; 10] = b"vault_salt";
/// Amount of rounds to use for key generation. More rounds => more cpu time. Changing this
/// also chagnes the generated keys.
const ROUNDS: u32 = 100_000;
let mut key = [0; 32];
pbkdf2::pbkdf2_hmac::<sha2::Sha256>(password.as_bytes(), SALT, ROUNDS, &mut key);
Self(key)
}
}

View File

@ -3,13 +3,21 @@
// #[cfg(target_arch = "wasm32")]
// mod wasm;
use std::{collections::HashMap, path::Path};
use std::collections::HashMap;
#[cfg(not(target_arch = "wasm32"))]
use std::path::Path;
use crate::{
error::Error,
key::{Key, symmetric::SymmetricKey},
};
use kv::KVStore;
/// Configuration to use for bincode en/decoding.
const BINCODE_CONFIG: bincode::config::Configuration = bincode::config::standard();
// #[cfg(not(target_arch = "wasm32"))]
// use fallback::KeySpace as Ks;
// #[cfg(target_arch = "wasm32")]
@ -44,14 +52,14 @@ impl KeySpace {}
#[cfg(not(target_arch = "wasm32"))]
impl KeySpace {
/// Open the keyspace at the provided path using the given key for encryption.
pub fn open(path: &Path, encryption_key: SymmetricKey) -> Result<Self, Error> {
pub async fn open(path: &Path, encryption_key: SymmetricKey) -> Result<Self, Error> {
let store = NativeStore::open(&path.display().to_string())?;
let mut ks = Self {
store,
keys: HashMap::new(),
encryption_key,
};
ks.load_keyspace()?;
ks.load_keyspace().await?;
Ok(ks)
}
}
@ -60,8 +68,13 @@ impl KeySpace {
impl KeySpace {
pub async fn open(name: &str, encryption_key: SymmetricKey) -> Result<Self, Error> {
let store = WasmStore::open(name).await?;
todo!();
// Ok(Self { store })
let mut ks = Self {
store,
keys: HashMap::new(),
encryption_key,
};
ks.load_keyspace().await?;
Ok(ks)
}
}
@ -77,13 +90,13 @@ impl KeySpace {
/// This overwrites the existing key if one is already stored with the same name.
pub async fn set(&mut self, key: String, value: Key) -> Result<(), Error> {
self.keys.insert(key, value);
self.save_keyspace()
self.save_keyspace().await
}
/// Delete the [`Key`] stored under the provided name.
pub async fn delete(&mut self, key: &str) -> Result<(), Error> {
self.keys.remove(key);
self.save_keyspace()
self.save_keyspace().await
}
/// Iterate over all stored [`keys`](Key) in the KeySpace
@ -93,9 +106,10 @@ impl KeySpace {
/// Encrypt all keys and save them to the underlying store
async fn save_keyspace(&self) -> Result<(), Error> {
// Bincode encode keys
//
let encoded_keys = bincode::serde::encode_to_vec(&self.keys, BINCODE_CONFIG)?;
let value = self.encryption_key.encrypt(&encoded_keys)?;
// Put in store
Ok(self.store.set(KEYSPACE_NAME, &value).await?)
}
/// Loads the encrypted keyspace from the underlying storage
@ -105,8 +119,13 @@ impl KeySpace {
return Ok(());
};
// TODO: bincode decode
let raw = self.encryption_key.decrypt(&ks)?;
todo!();
let (decoded_keys, _): (HashMap<String, Key>, _) =
bincode::serde::decode_from_slice(&raw, BINCODE_CONFIG)?;
self.keys = decoded_keys;
Ok(())
}
}

View File

@ -1,3 +1,47 @@
#[cfg(not(target_arch = "wasm32"))]
use std::path::{Path, PathBuf};
use crate::{error::Error, key::symmetric::SymmetricKey, keyspace::KeySpace};
/// Store is a 2 tiered key-value store. That is, it is a collection of [`spaces`](KeySpace), where
/// each [`space`](KeySpace) is itself an encrypted key-value store
pub struct Store {}
pub struct Store {
#[cfg(not(target_arch = "wasm32"))]
path: PathBuf,
}
#[cfg(not(target_arch = "wasm32"))]
impl Store {
/// Create a new store at the given path, creating the path if it does not exist yet.
pub async fn new(path: &Path) -> Result<Self, Error> {
if path.exists() {
if !path.is_dir() {
return Err(Error::IOError(std::io::Error::new(
std::io::ErrorKind::InvalidInput,
"expected directory",
)));
}
} else {
std::fs::create_dir_all(path)?;
}
Ok(Self {
path: path.to_path_buf(),
})
}
}
impl Store {
/// Open a keyspace with the given name
pub async fn open_keyspace(&self, name: &str, password: &str) -> Result<KeySpace, Error> {
let encryption_key = SymmetricKey::derive_from_password(password);
#[cfg(not(target_arch = "wasm32"))]
{
let path = self.path.join(name);
KeySpace::open(&path, encryption_key).await
}
#[cfg(target_arch = "wasm32")]
{
KeySpace::open(name, encryption_key).await
}
}
}