diff options
author | Katharina Fey <kookie@spacekookie.de> | 2018-06-28 23:16:28 +0200 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2018-06-28 23:16:28 +0200 |
commit | df23d3dc3c028ebce6e8185f3d6578f48de38290 (patch) | |
tree | cef2932b0953e51c4b9031ed2451e05122e01649 | |
parent | eb62b89c0d53dc4bb0fe9fd5a1a337289ea4ab53 (diff) |
Changing lockchain-core::crypto to keybob keys. then updating all
references in lockchain-crypto to use it instead.
-rw-r--r-- | Cargo.lock | 58 | ||||
-rw-r--r-- | lockchain-core/Cargo.toml | 4 | ||||
-rw-r--r-- | lockchain-core/src/crypto.rs | 12 | ||||
-rw-r--r-- | lockchain-core/src/crypto/keys.rs | 48 | ||||
-rw-r--r-- | lockchain-core/src/crypto/mod.rs | 20 | ||||
-rw-r--r-- | lockchain-core/src/lib.rs | 4 | ||||
-rw-r--r-- | lockchain-core/src/prelude.rs | 0 | ||||
-rw-r--r-- | lockchain-core/src/users.rs | 38 | ||||
-rw-r--r-- | lockchain-core/src/users/auth.rs | 42 | ||||
-rw-r--r-- | lockchain-crypto/src/engine.rs | 33 |
10 files changed, 173 insertions, 86 deletions
@@ -38,9 +38,9 @@ dependencies = [ "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", "futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)", "h2 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", - "http 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", + "http 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", "http-range 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", - "httparse 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)", + "httparse 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "language-tags 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", "lazy_static 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", "libc 0.2.42 (registry+https://github.com/rust-lang/crates.io-index)", @@ -298,7 +298,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] name = "chrono" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)", @@ -663,7 +663,7 @@ dependencies = [ "bytes 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)", "fnv 1.0.6 (registry+https://github.com/rust-lang/crates.io-index)", "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", - "http 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", + "http 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", "indexmap 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", "slab 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -672,6 +672,15 @@ dependencies = [ ] [[package]] +name = "hmac" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "crypto-mac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)", + "digest 0.7.4 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "hostname" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -682,11 +691,12 @@ dependencies = [ [[package]] name = "http" -version = "0.1.6" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "bytes 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)", "fnv 1.0.6 (registry+https://github.com/rust-lang/crates.io-index)", + "itoa 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -696,7 +706,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] name = "httparse" -version = "1.3.0" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] @@ -768,6 +778,20 @@ dependencies = [ ] [[package]] +name = "keybob" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "base64 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)", + "blake2 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", + "hmac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)", + "pbkdf2 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)", + "serde 1.0.66 (registry+https://github.com/rust-lang/crates.io-index)", + "serde_derive 1.0.66 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "language-tags" version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -811,7 +835,8 @@ dependencies = [ "base64 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "bcrypt 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "blake2 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", - "chrono 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", + "chrono 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)", + "keybob 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.66 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.66 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1047,6 +1072,16 @@ dependencies = [ ] [[package]] +name = "pbkdf2" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "byte-tools 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "crypto-mac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)", + "generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "percent-encoding" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1884,7 +1919,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum cargo_metadata 0.5.6 (registry+https://github.com/rust-lang/crates.io-index)" = "682476b87b3e22cd3820d86b26cd8603cd84ab76dce7547b2631858347aa8967" "checksum cc 1.0.17 (registry+https://github.com/rust-lang/crates.io-index)" = "49ec142f5768efb5b7622aebc3fdbdbb8950a4b9ba996393cb76ef7466e8747d" "checksum cfg-if 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "405216fd8fe65f718daa7102ea808a946b6ce40c742998fbfd3463645552de18" -"checksum chrono 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a81892f0d5a53f46fc05ef0b917305a81c13f1f13bb59ac91ff595817f0764b1" +"checksum chrono 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "6962c635d530328acc53ac6a955e83093fedc91c5809dfac1fa60fa470830a37" "checksum clap 2.31.2 (registry+https://github.com/rust-lang/crates.io-index)" = "f0f16b89cbb9ee36d87483dc939fe9f1e13c05898d56d7b230a0d4dff033a536" "checksum clear_on_drop 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "97276801e127ffb46b66ce23f35cc96bd454fa311294bced4bbace7baa8b1d17" "checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f" @@ -1927,10 +1962,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ef25c5683767570c2bbd7deba372926a55eaae9982d7726ee2a1050239d45b9d" "checksum glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" "checksum h2 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)" = "6229ac66d3392dd83288fe04defd4b353354b15bbe07820d53dda063a736afcc" +"checksum hmac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "efb895368093a17d136b1d9eecdb607c7aa038a452e646c74e37ded2da106285" "checksum hostname 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "21ceb46a83a85e824ef93669c8b390009623863b5c195d1ba747292c0c72f94e" -"checksum http 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "6861b042450b6333fa7212b6edffc2d6df22579042817d59d49f4f8afbaaaf74" +"checksum http 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "4fbced8864b04c030eebcb7d0dc3a81ba5231ac559f5116a29a8ba83ecee22cd" "checksum http-range 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5f2e4003e6fd05ea9109db00415e670b11f511a42e567ff2d5d771cbdfa24e02" -"checksum httparse 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "422d5a93b40dbfbd8c8c24d1b4b5ef455973ef3afffc172487429fecd05bde42" +"checksum httparse 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "23801d98b42eed0318e5709b0527894ba7c3793d0236814618d6a9b6224152ff" "checksum humantime 1.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "0484fda3e7007f2a4a0d9c3a703ca38c71c54c55602ce4660c419fd32e188c9e" "checksum idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "014b298351066f1512874135335d62a789ffe78a9974f94b43ed5621951eaf7d" "checksum indexmap 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "08173ba1e906efb6538785a8844dd496f5d34f0a2d88038e95195172fc667220" @@ -1939,6 +1975,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum ipconfig 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "9ec4e18c0a0d4340870c14284293632d8421f419008371422dd327892b88877c" "checksum itoa 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "c069bbec61e1ca5a596166e55dfe4773ff745c3d16b700013bcaff9a6df2c682" "checksum kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d" +"checksum keybob 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fa1965dd3a511e62de8273b648467ed7295b66222c12d6676ce67f0a5e47aee8" "checksum language-tags 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a91d884b6667cd606bb5a69aa0c99ba811a115fc68915e7056ec08a46e93199a" "checksum lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "76f033c7ad61445c5b347c7382dd1237847eb1bce590fe50365dcb33d546be73" "checksum lazy_static 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e6412c5e2ad9584b0b8e979393122026cdd6d2a80b933f890dcd694ddbe73739" @@ -1966,6 +2003,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum owning_ref 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "cdf84f41639e037b484f93433aa3897863b561ed65c6e59c7073d7c561710f37" "checksum parking_lot 0.5.5 (registry+https://github.com/rust-lang/crates.io-index)" = "d4d05f1349491390b1730afba60bb20d55761bef489a954546b58b4b34e1e2ac" "checksum parking_lot_core 0.2.14 (registry+https://github.com/rust-lang/crates.io-index)" = "4db1a8ccf734a7bce794cc19b3df06ed87ab2f3907036b693c68f56b4d4537fa" +"checksum pbkdf2 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6d389750af68dcb6d6b2d6cf4aa234d2929b311a31a74aa8bb33e13a27784b8d" "checksum percent-encoding 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "31010dd2e1ac33d5b46a5b413495239882813e0369f8ed8a5e266f173602f831" "checksum phf 0.7.22 (registry+https://github.com/rust-lang/crates.io-index)" = "7d37a244c75a9748e049225155f56dbcb98fe71b192fd25fd23cb914b5ad62f2" "checksum phf_codegen 0.7.22 (registry+https://github.com/rust-lang/crates.io-index)" = "4e4048fe7dd7a06b8127ecd6d3803149126e9b33c7558879846da3a63f734f2b" diff --git a/lockchain-core/Cargo.toml b/lockchain-core/Cargo.toml index 5e181c8..cfddc0f 100644 --- a/lockchain-core/Cargo.toml +++ b/lockchain-core/Cargo.toml @@ -17,4 +17,6 @@ serde = "1.0" base64 = "0.8" bcrypt = "0.2" rand = "0.4" -blake2 = "0.7"
\ No newline at end of file +blake2 = "0.7" + +keybob = "0.3"
\ No newline at end of file diff --git a/lockchain-core/src/crypto.rs b/lockchain-core/src/crypto.rs deleted file mode 100644 index 3bba5a2..0000000 --- a/lockchain-core/src/crypto.rs +++ /dev/null @@ -1,12 +0,0 @@ -//! Shared cryptographic primitives for the lockchain ecosystem -//! -//! This is a secure storage vault after all, we need some -//! shared crypto helpers for all the other crates :) - -mod keys; -mod utils; -mod data; - -pub use self::keys::{Key, KEY_LENGTH}; -pub use self::data::PackedData; -pub use self::utils::*;
\ No newline at end of file diff --git a/lockchain-core/src/crypto/keys.rs b/lockchain-core/src/crypto/keys.rs deleted file mode 100644 index 6211851..0000000 --- a/lockchain-core/src/crypto/keys.rs +++ /dev/null @@ -1,48 +0,0 @@ -//! A module that handles key generation and key loading - -use traits::AutoEncoder; -use super::utils::{hashing, random}; - -/// A shared key length parameter for all cryptographic operations -/// -/// This is *not* ideal and should be replaced with something better -/// at some point in the future -pub const KEY_LENGTH: usize = 64; - -/// A wrapper to represent a key for encryption -#[derive(Debug, Serialize, Deserialize, Eq, PartialEq, Clone)] -pub struct Key { - pub data: Vec<u8>, -} - -impl AutoEncoder for Key {} - -impl Key { - - /// Create a new key from scratch - pub fn generate() -> Key { - let data = random::bytes(KEY_LENGTH); - Key { data: data } - } - - /// Use a password as a key - pub fn from_password(password: &str, salt: &str) -> Key { - let hashed = hashing::blake2(password, salt); - let mut vec: Vec<u8> = Vec::new(); - for b in &hashed { - vec.push(b.clone()); - } - Key { data: vec } - } - - pub fn to_vec(&self) -> Vec<u8> { - self.data.clone() - } - - /// Used to get the raw data from this key, as a slice copy - pub fn to_slice(&self) -> [u8; KEY_LENGTH] { - let mut slice: [u8; KEY_LENGTH] = [0; KEY_LENGTH]; - slice.clone_from_slice(&self.data); - slice - } -} diff --git a/lockchain-core/src/crypto/mod.rs b/lockchain-core/src/crypto/mod.rs new file mode 100644 index 0000000..cbc9fb7 --- /dev/null +++ b/lockchain-core/src/crypto/mod.rs @@ -0,0 +1,20 @@ +//! Shared cryptographic primitives for the lockchain ecosystem +//! +//! This is a secure storage vault after all, we need some +//! shared crypto helpers for all the other crates :) + +mod data; +mod utils; + +/// We re-export keybob's API here +mod keys { + use traits::AutoEncoder; + pub use keybob::{Key, KeyType}; + + impl AutoEncoder for Key {} + impl AutoEncoder for KeyType {} +} + +pub use self::data::PackedData; +pub use self::keys::{Key, KeyType}; +pub use self::utils::*; diff --git a/lockchain-core/src/lib.rs b/lockchain-core/src/lib.rs index d9b90ef..465f145 100644 --- a/lockchain-core/src/lib.rs +++ b/lockchain-core/src/lib.rs @@ -12,13 +12,15 @@ extern crate bcrypt; extern crate base64; extern crate blake2; extern crate rand; +extern crate keybob; pub mod errors; pub mod traits; pub mod crypto; +pub mod users; mod meta; mod record; pub use self::crypto::PackedData; pub use self::record::{Header, Payload, Record, EncryptedBody}; -pub use self::meta::{MetaDomain, VaultMetadata};
\ No newline at end of file +pub use self::meta::{MetaDomain, VaultMetadata}; diff --git a/lockchain-core/src/prelude.rs b/lockchain-core/src/prelude.rs deleted file mode 100644 index e69de29..0000000 --- a/lockchain-core/src/prelude.rs +++ /dev/null diff --git a/lockchain-core/src/users.rs b/lockchain-core/src/users.rs new file mode 100644 index 0000000..34bcd42 --- /dev/null +++ b/lockchain-core/src/users.rs @@ -0,0 +1,38 @@ +//! User and access regulation module +//! +//! + +mod auth; +pub use self::auth::Token; + +use traits::AutoEncoder; + +/// Specifies access to a resource +#[derive(Serialize, Deserialize)] +pub enum Access { + /// Allows access to vault metadata & index files + Vault(String), + /// Allows access to a record resource inside a vault + Record(String, String), +} + +/// Specifies the capabilities of a user +#[derive(Serialize, Deserialize)] +pub enum Role { + Reader, + Editor, + Admin, +} + +/// A generic user representation +#[derive(Serialize, Deserialize)] +pub struct User { + id: u64, + name: String, + pw_hash: String, + pw_salt: String, + role: Role, + access: Vec<Access>, +} + +impl AutoEncoder for User {} diff --git a/lockchain-core/src/users/auth.rs b/lockchain-core/src/users/auth.rs new file mode 100644 index 0000000..e6e4854 --- /dev/null +++ b/lockchain-core/src/users/auth.rs @@ -0,0 +1,42 @@ +use crypto::random; + +const TOK_SIZE: usize = 64; + +/// An authentication token that can be compared in constant time +/// +/// ``` +/// +/// use lockchain_core::users::auth::Token; +/// let t1 = Token::new(); +/// let t2 = Token::new(); +/// +/// // Will fail, but no expose failure length +/// assert_eq!(t1, t2); +/// ``` +pub struct Token { + tok: [u8; TOK_SIZE], +} + +impl Token { + pub fn new() -> Self { + let v = random::bytes(TOK_SIZE); + let mut tok = [0; TOK_SIZE]; + tok.copy_from_slice(v.as_slice()); + + Self { tok } + } +} + +impl PartialEq for Token { + fn eq(&self, other: &Self) -> bool { + let mut ret = true; + for i in 0..TOK_SIZE { + if self.tok[i] != other.tok[i] { + ret = false; + } + } + ret + } +} + +impl Eq for Token {} diff --git a/lockchain-crypto/src/engine.rs b/lockchain-crypto/src/engine.rs index 92dd1a0..3fa20a1 100644 --- a/lockchain-crypto/src/engine.rs +++ b/lockchain-crypto/src/engine.rs @@ -8,7 +8,7 @@ use miscreant::aead::{Aes256Siv, Algorithm}; use super::databody::DataBody; use lcc::crypto::random; -use lcc::crypto::{Key, KEY_LENGTH}; +use lcc::crypto::{Key, KeyType}; impl Encryptable for DataBody {} @@ -21,30 +21,32 @@ pub struct AesEngine { impl AesEngine { /// Generate new key and encryption engine pub fn generate() -> Self { - let key = Key::generate(); + let key = Key::new(KeyType::Aes256); + let len = key.len(); Self { - ctx: Aes256Siv::new(&key.to_slice()), + ctx: Aes256Siv::new(&key.as_slice()), _key: key, - iv: random::bytes(KEY_LENGTH), + iv: random::bytes(len), } } /// Generate an Aes context from password pub fn from_pw(pw: &str, salt: &str) -> Self { - let key = Key::from_password(pw, salt); + let key = Key::from_pw(KeyType::Aes256, pw, salt); + let len = key.len(); Self { - ctx: Aes256Siv::new(&key.to_slice()), + ctx: Aes256Siv::new(&key.as_slice()), _key: key, - iv: random::bytes(KEY_LENGTH), + iv: random::bytes(len), } } /// Load a packed data object which contains an Aes context pub fn load(packed: PackedData, pw: &str, salt: &str) -> Option<Self> { let mut temp = Self::from_pw(pw, salt); - let k = Key::decode(&String::from_utf8(temp.decrypt_primitive(&packed)?).ok()?).ok()?; + let k: Key = Key::decode(&String::from_utf8(temp.decrypt_primitive(&packed)?).ok()?).ok()?; Some(Self { - ctx: Aes256Siv::new(&k.to_slice()), + ctx: Aes256Siv::new(&k.as_slice()), _key: k, iv: packed.iv, }) @@ -52,7 +54,7 @@ impl AesEngine { /// Serialise the current context to save it somewhere pub fn save(&mut self) -> PackedData { - let k = self._key.to_vec(); + let k = self._key.as_slice().into(); self.encrypt_primitive(&k) } @@ -70,16 +72,19 @@ impl AesEngine { fn decrypt_primitive(&mut self, packed: &PackedData) -> Option<Vec<u8>> { let iv = &self.iv.as_slice(); - Some(self.ctx - .open(packed.nonce.as_slice(), iv, packed.data.as_slice()) - .ok()?) + Some( + self.ctx + .open(packed.nonce.as_slice(), iv, packed.data.as_slice()) + .ok()?, + ) } } impl EncryptionHandler<DataBody> for AesEngine { fn encrypt(&mut self, item: DataBody) -> EncryptedBody { let ser = item.encode().unwrap(); - let data = self.encrypt_primitive(&ser.as_bytes().to_vec()) + let data = self + .encrypt_primitive(&ser.as_bytes().to_vec()) .encode() .unwrap(); EncryptedBody { data } |