removing dev branch, many changes

2023-05-29 19:24:57 +00:00
parent 1430f3f656
commit 0a890c8707
250 changed files with 18084 additions and 8040 deletions
--- a/veilid-core/src/crypto/none/mod.rs
+++ b/veilid-core/src/crypto/none/mod.rs
@@ -1,7 +1,8 @@
 use super::*;
+use argon2::password_hash::Salt;
+use data_encoding::BASE64URL_NOPAD;
 use digest::Digest;
 use rand::RngCore;
-
 const AEAD_OVERHEAD: usize = PUBLIC_KEY_LENGTH;
 pub const CRYPTO_KIND_NONE: CryptoKind = FourCC([b'N', b'O', b'N', b'E']);

@@ -70,16 +71,49 @@ impl CryptoSystem for CryptoSystemNONE {
    }

    // Cached Operations
-    fn cached_dh(
-        &self,
-        key: &PublicKey,
-        secret: &SecretKey,
-    ) -> Result<SharedSecret, VeilidAPIError> {
+    fn cached_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret> {
        self.crypto
            .cached_dh_internal::<CryptoSystemNONE>(self, key, secret)
    }

    // Generation
+    fn random_bytes(&self, len: u32) -> Vec<u8> {
+        let mut bytes = unsafe { unaligned_u8_vec_uninit(len as usize) };
+        random_bytes(bytes.as_mut());
+        bytes
+    }
+    fn default_salt_length(&self) -> u32 {
+        4
+    }
+    fn hash_password(&self, password: &[u8], salt: &[u8]) -> VeilidAPIResult<String> {
+        if salt.len() < Salt::MIN_LENGTH || salt.len() > Salt::MAX_LENGTH {
+            apibail_generic!("invalid salt length");
+        }
+        Ok(format!(
+            "{}:{}",
+            BASE64URL_NOPAD.encode(salt),
+            BASE64URL_NOPAD.encode(password)
+        ))
+    }
+    fn verify_password(&self, password: &[u8], password_hash: &str) -> VeilidAPIResult<bool> {
+        let Some((salt, _)) = password_hash.split_once(":") else {
+            apibail_generic!("invalid format");
+        };
+        let Ok(salt) = BASE64URL_NOPAD.decode(salt.as_bytes()) else {
+            apibail_generic!("invalid salt");
+        };
+        return Ok(&self.hash_password(password, &salt)? == password_hash);
+    }
+
+    fn derive_shared_secret(&self, password: &[u8], salt: &[u8]) -> VeilidAPIResult<SharedSecret> {
+        if salt.len() < Salt::MIN_LENGTH || salt.len() > Salt::MAX_LENGTH {
+            apibail_generic!("invalid salt length");
+        }
+        Ok(SharedSecret::new(
+            *blake3::hash(self.hash_password(password, salt)?.as_bytes()).as_bytes(),
+        ))
+    }
+
    fn random_nonce(&self) -> Nonce {
        let mut nonce = [0u8; NONCE_LENGTH];
        random_bytes(&mut nonce).unwrap();
@@ -90,11 +124,7 @@ impl CryptoSystem for CryptoSystemNONE {
        random_bytes(&mut s).unwrap();
        SharedSecret::new(s)
    }
-    fn compute_dh(
-        &self,
-        key: &PublicKey,
-        secret: &SecretKey,
-    ) -> Result<SharedSecret, VeilidAPIError> {
+    fn compute_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret> {
        let s = do_xor_32(&key.bytes, &secret.bytes);
        Ok(SharedSecret::new(s))
    }
@@ -104,10 +134,7 @@ impl CryptoSystem for CryptoSystemNONE {
    fn generate_hash(&self, data: &[u8]) -> PublicKey {
        PublicKey::new(*blake3::hash(data).as_bytes())
    }
-    fn generate_hash_reader(
-        &self,
-        reader: &mut dyn std::io::Read,
-    ) -> Result<PublicKey, VeilidAPIError> {
+    fn generate_hash_reader(&self, reader: &mut dyn std::io::Read) -> VeilidAPIResult<PublicKey> {
        let mut hasher = blake3::Hasher::new();
        std::io::copy(reader, &mut hasher).map_err(VeilidAPIError::generic)?;
        Ok(PublicKey::new(*hasher.finalize().as_bytes()))
@@ -132,21 +159,21 @@ impl CryptoSystem for CryptoSystemNONE {
        &self,
        reader: &mut dyn std::io::Read,
        dht_key: &PublicKey,
-    ) -> Result<bool, VeilidAPIError> {
+    ) -> VeilidAPIResult<bool> {
        let mut hasher = blake3::Hasher::new();
        std::io::copy(reader, &mut hasher).map_err(VeilidAPIError::generic)?;
        let bytes = *hasher.finalize().as_bytes();
        Ok(bytes == dht_key.bytes)
    }
    // Distance Metric
-    fn distance(&self, key1: &PublicKey, key2: &PublicKey) -> PublicKeyDistance {
+    fn distance(&self, key1: &PublicKey, key2: &PublicKey) -> CryptoKeyDistance {
        let mut bytes = [0u8; PUBLIC_KEY_LENGTH];

        for (n, byte) in bytes.iter_mut().enumerate() {
            *byte = key1.bytes[n] ^ key2.bytes[n];
        }

-        PublicKeyDistance::new(bytes)
+        CryptoKeyDistance::new(bytes)
    }

    // Authentication
@@ -155,7 +182,7 @@ impl CryptoSystem for CryptoSystemNONE {
        dht_key: &PublicKey,
        dht_key_secret: &SecretKey,
        data: &[u8],
-    ) -> Result<Signature, VeilidAPIError> {
+    ) -> VeilidAPIResult<Signature> {
        if !is_bytes_eq_32(&do_xor_32(&dht_key.bytes, &dht_key_secret.bytes), 0xFFu8) {
            return Err(VeilidAPIError::parse_error(
                "Keypair is invalid",
@@ -178,7 +205,7 @@ impl CryptoSystem for CryptoSystemNONE {
        dht_key: &PublicKey,
        data: &[u8],
        signature: &Signature,
-    ) -> Result<(), VeilidAPIError> {
+    ) -> VeilidAPIResult<()> {
        let mut dig = Blake3Digest512::new();
        dig.update(data);
        let sig = dig.finalize();
@@ -215,7 +242,7 @@ impl CryptoSystem for CryptoSystemNONE {
        nonce: &Nonce,
        shared_secret: &SharedSecret,
        _associated_data: Option<&[u8]>,
-    ) -> Result<(), VeilidAPIError> {
+    ) -> VeilidAPIResult<()> {
        let mut blob = nonce.bytes.to_vec();
        blob.extend_from_slice(&[0u8; 8]);
        let blob = do_xor_32(&blob, &shared_secret.bytes);
@@ -237,7 +264,7 @@ impl CryptoSystem for CryptoSystemNONE {
        nonce: &Nonce,
        shared_secret: &SharedSecret,
        associated_data: Option<&[u8]>,
-    ) -> Result<Vec<u8>, VeilidAPIError> {
+    ) -> VeilidAPIResult<Vec<u8>> {
        let mut out = body.to_vec();
        self.decrypt_in_place_aead(&mut out, nonce, shared_secret, associated_data)
            .map_err(map_to_string)
@@ -251,7 +278,7 @@ impl CryptoSystem for CryptoSystemNONE {
        nonce: &Nonce,
        shared_secret: &SharedSecret,
        _associated_data: Option<&[u8]>,
-    ) -> Result<(), VeilidAPIError> {
+    ) -> VeilidAPIResult<()> {
        let mut blob = nonce.bytes.to_vec();
        blob.extend_from_slice(&[0u8; 8]);
        let blob = do_xor_32(&blob, &shared_secret.bytes);
@@ -266,7 +293,7 @@ impl CryptoSystem for CryptoSystemNONE {
        nonce: &Nonce,
        shared_secret: &SharedSecret,
        associated_data: Option<&[u8]>,
-    ) -> Result<Vec<u8>, VeilidAPIError> {
+    ) -> VeilidAPIResult<Vec<u8>> {
        let mut out = body.to_vec();
        self.encrypt_in_place_aead(&mut out, nonce, shared_secret, associated_data)
            .map_err(map_to_string)
@@ -275,12 +302,7 @@ impl CryptoSystem for CryptoSystemNONE {
    }

    // NoAuth Encrypt/Decrypt
-    fn crypt_in_place_no_auth(
-        &self,
-        body: &mut Vec<u8>,
-        nonce: &Nonce,
-        shared_secret: &SharedSecret,
-    ) {
+    fn crypt_in_place_no_auth(&self, body: &mut [u8], nonce: &Nonce, shared_secret: &SharedSecret) {
        let mut blob = nonce.bytes.to_vec();
        blob.extend_from_slice(&[0u8; 8]);
        let blob = do_xor_32(&blob, &shared_secret.bytes);