Skip to content
This repository has been archived by the owner on Apr 15, 2024. It is now read-only.

[v2.0] Move psk store to user #237

Merged
merged 14 commits into from
May 31, 2022
Merged

[v2.0] Move psk store to user #237

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
d7011c8
Move psk_store, remove Identifier::Psk
DyrellC Apr 25, 2022
786d775
Merge branch 'v2.0-dev' of https://github.com/iotaledger/streams into…
DyrellC May 20, 2022
a573d43
fmt/clippy/test
DyrellC May 20, 2022
4770349
review changes
DyrellC May 25, 2022
7fef8c5
Remove unused masks in permissions
DyrellC May 25, 2022
aaf44c5
Update new
DyrellC May 25, 2022
ab7e79e
Add psks to debug for user
DyrellC May 25, 2022
de371c4
Fix unused warning for `#[cfg_attr(test, macro_use)]` in `spongos/src…
May 26, 2022
919a6a9
Second Round review
DyrellC May 26, 2022
12304c5
Merge branch 'v2.0/move-psk-store' of https://github.com/DyrellC/stre…
DyrellC May 26, 2022
6ad3f24
remove if key.is_none()
DyrellC May 26, 2022
1761123
update user builder default transport function
DyrellC May 26, 2022
a6f9914
fmt
DyrellC May 26, 2022
f17931e
skip decrypting key in keyload if present
DyrellC May 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 18 additions & 65 deletions lets/src/id/identifier.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,11 @@ use spongos::{
// Local
#[cfg(feature = "did")]
use crate::id::did::{DIDMethodId, DataWrapper};
use crate::{
id::psk::{Psk, PskId},
message::{ContentEncrypt, ContentEncryptSizeOf, ContentVerify},
};
use crate::message::{ContentEncrypt, ContentEncryptSizeOf, ContentVerify};

#[derive(Clone, Copy, Hash, PartialEq, Eq, PartialOrd, Ord)]
pub enum Identifier {
Ed25519(ed25519::PublicKey),
PskId(PskId),
#[cfg(feature = "did")]
DID(DIDMethodId),
}
Expand All @@ -48,7 +44,6 @@ impl core::fmt::Debug for Identifier {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
match self {
Self::Ed25519(arg0) => f.debug_tuple("Ed25519").field(&hex::encode(&arg0)).finish(),
Self::PskId(arg0) => f.debug_tuple("PskId").field(&hex::encode(arg0)).finish(),
#[cfg(feature = "did")]
Self::DID(arg0) => f.debug_tuple("DID").field(&hex::encode(arg0)).finish(),
}
Expand All @@ -60,7 +55,6 @@ impl Identifier {
pub(crate) fn as_bytes(&self) -> &[u8] {
match self {
Identifier::Ed25519(public_key) => public_key.as_slice(),
Identifier::PskId(id) => id.as_bytes(),
#[cfg(feature = "did")]
Identifier::DID(did) => did.as_ref(),
}
Expand All @@ -86,10 +80,6 @@ impl Identifier {
pub fn is_ed25519(&self) -> bool {
matches!(self, Self::Ed25519(_))
}

pub fn is_psk(&self) -> bool {
matches!(self, Self::PskId(_))
}
}

impl Default for Identifier {
Expand All @@ -105,18 +95,6 @@ impl From<ed25519::PublicKey> for Identifier {
}
}

impl From<PskId> for Identifier {
fn from(pskid: PskId) -> Self {
Identifier::PskId(pskid)
}
}

impl From<Psk> for Identifier {
fn from(psk: Psk) -> Self {
Identifier::PskId(psk.to_pskid())
}
}

#[cfg(feature = "did")]
impl From<&IotaDID> for Identifier {
fn from(did: &IotaDID) -> Self {
Expand Down Expand Up @@ -156,14 +134,9 @@ impl Mask<&Identifier> for sizeof::Context {
self.mask(oneof)?.mask(pk)?;
Ok(self)
}
Identifier::PskId(pskid) => {
let oneof = Uint8::new(1);
self.mask(oneof)?.mask(NBytes::new(pskid))?;
Ok(self)
}
#[cfg(feature = "did")]
Identifier::DID(did) => {
let oneof = Uint8::new(2);
let oneof = Uint8::new(1);
self.mask(oneof)?.mask(NBytes::new(did))?;
Ok(self)
}
Expand All @@ -183,14 +156,9 @@ where
self.mask(oneof)?.mask(pk)?;
Ok(self)
}
Identifier::PskId(pskid) => {
let oneof = Uint8::new(1);
self.mask(oneof)?.mask(NBytes::new(pskid))?;
Ok(self)
}
#[cfg(feature = "did")]
Identifier::DID(did) => {
let oneof = Uint8::new(2);
let oneof = Uint8::new(1);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this is fine now since were doing a large rewrite, but we should keep in mind in the future, that we should not change these numbers

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed

self.mask(oneof)?.mask(NBytes::new(did))?;
Ok(self)
}
Expand All @@ -212,13 +180,8 @@ where
self.mask(&mut pk)?;
*identifier = Identifier::Ed25519(pk);
}
1 => {
let mut pskid = PskId::default();
self.mask(NBytes::new(&mut pskid))?;
*identifier = Identifier::PskId(pskid);
}
#[cfg(feature = "did")]
2 => {
1 => {
let mut method_id = DIDMethodId::default();
self.mask(NBytes::new(&mut method_id))?;
let did = method_id.try_to_did()?;
Expand Down Expand Up @@ -290,39 +253,29 @@ where

// TODO: Find a better way to represent this logic without the need for an additional trait
#[async_trait(?Send)]
impl ContentEncryptSizeOf<Identifier> for sizeof::Context {
async fn encrypt_sizeof(&mut self, recipient: &Identifier, exchange_key: &[u8], key: &[u8]) -> Result<&mut Self> {
match recipient {
Identifier::PskId(_) => self
.absorb(External::new(&NBytes::new(Psk::try_from(exchange_key)?)))?
.commit()?
.mask(NBytes::new(key)),
// TODO: Replace with separate logic for EdPubKey and DID instances (pending Identity xkey introdution)
_ => match <[u8; 32]>::try_from(exchange_key) {
Ok(slice) => self.x25519(&x25519::PublicKey::from(slice), NBytes::new(key)),
Err(e) => Err(anyhow!("Invalid x25519 key: {}", e)),
},
impl ContentEncryptSizeOf for sizeof::Context {
async fn encrypt_sizeof(&mut self, exchange_key: &[u8], key: &[u8]) -> Result<&mut Self> {
// TODO: Replace with separate logic for EdPubKey and DID instances (pending Identity xkey
// introdution)
match <[u8; 32]>::try_from(exchange_key) {
Ok(slice) => self.x25519(&x25519::PublicKey::from(slice), NBytes::new(key)),
Err(e) => Err(anyhow!("Invalid x25519 key: {}", e)),
}
}
}

#[async_trait(?Send)]
impl<OS, F> ContentEncrypt<Identifier> for wrap::Context<OS, F>
impl<OS, F> ContentEncrypt for wrap::Context<OS, F>
where
F: PRP,
OS: io::OStream,
{
async fn encrypt(&mut self, recipient: &Identifier, exchange_key: &[u8], key: &[u8]) -> Result<&mut Self> {
match recipient {
Identifier::PskId(_) => self
.absorb(External::new(&NBytes::new(Psk::try_from(exchange_key)?)))?
.commit()?
.mask(NBytes::new(key)),
// TODO: Replace with separate logic for EdPubKey and DID instances (pending Identity xkey introdution)
_ => match <[u8; 32]>::try_from(exchange_key) {
Ok(byte_array) => self.x25519(&x25519::PublicKey::from(byte_array), NBytes::new(key)),
Err(e) => Err(anyhow!("Invalid x25519 key: {}", e)),
},
async fn encrypt(&mut self, exchange_key: &[u8], key: &[u8]) -> Result<&mut Self> {
// TODO: Replace with separate logic for EdPubKey and DID instances (pending Identity xkey
// introdution)
match <[u8; 32]>::try_from(exchange_key) {
Ok(byte_array) => self.x25519(&x25519::PublicKey::from(byte_array), NBytes::new(key)),
Err(e) => Err(anyhow!("Invalid x25519 key: {}", e)),
}
}
}
62 changes: 16 additions & 46 deletions lets/src/id/identity.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,14 @@ use spongos::{
#[cfg(feature = "did")]
use crate::id::did::{DataWrapper, DID};
use crate::{
id::{ed25519::Ed25519, identifier::Identifier, psk::Psk},
id::{ed25519::Ed25519, identifier::Identifier},
message::{ContentDecrypt, ContentSign, ContentSignSizeof},
};

#[derive(PartialEq, Eq, PartialOrd, Ord, Hash)]
#[allow(clippy::large_enum_variant)]
pub enum Identity {
Ed25519(Ed25519),
Psk(Psk),
#[cfg(feature = "did")]
DID(DID),
}
Expand All @@ -56,15 +55,11 @@ impl Default for Identity {

impl Identity {
// #[deprecated = "to be removed once key exchange is encapsulated within Identity"]
pub fn _ke_sk(&self) -> Option<x25519::SecretKey> {
pub fn _ke_sk(&self) -> x25519::SecretKey {
match self {
Self::Ed25519(ed25519) => {
let x_secret: x25519::SecretKey = ed25519.inner().into();
Some(x_secret)
}
Self::Psk(_) => None,
Self::Ed25519(ed25519) => ed25519.inner().into(),
#[cfg(feature = "did")]
Self::DID(DID::PrivateKey(info)) => Some(info.ke_kp().0),
Self::DID(DID::PrivateKey(info)) => info.ke_kp().0,
#[cfg(feature = "did")]
Self::DID(DID::Default) => unreachable!(),
// TODO: Account implementation
Expand All @@ -74,7 +69,6 @@ impl Identity {
// #[deprecated = "to be removed once key exchange is encapsulated within Identity"]
pub fn _ke(&self) -> [u8; 32] {
DyrellC marked this conversation as resolved.
Show resolved Hide resolved
match self {
Self::Psk(psk) => psk.to_bytes(),
Self::Ed25519(ed25519) => {
let x_secret: x25519::SecretKey = ed25519.inner().into();
x_secret.to_bytes()
Expand All @@ -90,7 +84,6 @@ impl Identity {
pub fn to_identifier(&self) -> Identifier {
match self {
Self::Ed25519(ed25519) => ed25519.inner().public_key().into(),
&Self::Psk(psk) => psk.into(),
#[cfg(feature = "did")]
Self::DID(did) => did.info().did().into(),
}
Expand All @@ -103,12 +96,6 @@ impl From<Ed25519> for Identity {
}
}

impl From<Psk> for Identity {
fn from(psk: Psk) -> Self {
Self::Psk(psk)
}
}

#[cfg(feature = "did")]
impl From<DID> for Identity {
fn from(did: DID) -> Self {
Expand All @@ -125,10 +112,9 @@ impl From<Identity> for Identifier {
impl Mask<&Identity> for sizeof::Context {
fn mask(&mut self, identity: &Identity) -> Result<&mut Self> {
match identity {
Identity::Psk(psk) => self.mask(Uint8::new(0))?.mask(NBytes::new(psk)),
Identity::Ed25519(ed25519) => self.mask(Uint8::new(1))?.mask(NBytes::new(ed25519)),
Identity::Ed25519(ed25519) => self.mask(Uint8::new(0))?.mask(NBytes::new(ed25519)),
#[cfg(feature = "did")]
Identity::DID(did) => self.mask(Uint8::new(2))?.mask(did),
Identity::DID(did) => self.mask(Uint8::new(1))?.mask(did),
}
}
}
Expand All @@ -140,10 +126,9 @@ where
{
fn mask(&mut self, identity: &Identity) -> Result<&mut Self> {
match identity {
Identity::Psk(psk) => self.mask(Uint8::new(0))?.mask(NBytes::new(psk)),
Identity::Ed25519(ed25519) => self.mask(Uint8::new(1))?.mask(NBytes::new(ed25519)),
Identity::Ed25519(ed25519) => self.mask(Uint8::new(0))?.mask(NBytes::new(ed25519)),
#[cfg(feature = "did")]
Identity::DID(did) => self.mask(Uint8::new(2))?.mask(did),
Identity::DID(did) => self.mask(Uint8::new(1))?.mask(did),
}
}
}
Expand All @@ -158,19 +143,13 @@ where
self.mask(&mut oneof)?;
match oneof.inner() {
0 => {
let mut psk = Psk::default();
self.mask(NBytes::new(&mut psk))?;
*identity = Identity::Psk(psk);
Ok(self)
}
1 => {
let mut ed25519_bytes = [0; ed25519::SECRET_KEY_LENGTH];
self.mask(NBytes::new(&mut ed25519_bytes))?;
*identity = Identity::Ed25519(ed25519::SecretKey::from_bytes(ed25519_bytes).into());
Ok(self)
}
#[cfg(feature = "did")]
2 => {
1 => {
let mut did = DID::default();
self.mask(&mut did)?;
*identity = Identity::DID(did);
Expand All @@ -194,8 +173,6 @@ impl ContentSignSizeof<Identity> for sizeof::Context {
Ok(self)
}

Identity::Psk(_) => Err(anyhow!("PSKs cannot be used as signature keys")),

#[cfg(feature = "did")]
Identity::DID(did_impl) => match did_impl {
DID::PrivateKey(info) => {
Expand Down Expand Up @@ -231,8 +208,6 @@ where
Ok(self)
}

Identity::Psk(_) => Err(anyhow!("PSKs cannot be used as signature keys")),

#[cfg(feature = "did")]
Identity::DID(did_impl) => {
match did_impl {
Expand Down Expand Up @@ -274,22 +249,17 @@ where
}

#[async_trait(?Send)]
impl<IS, F> ContentDecrypt<Identity> for unwrap::Context<IS, F>
impl<IS, F> ContentDecrypt for unwrap::Context<IS, F>
where
F: PRP,
IS: io::IStream,
{
async fn decrypt(&mut self, recipient: &Identity, exchange_key: &[u8], key: &mut [u8]) -> Result<&mut Self> {
match recipient {
Identity::Psk(_) => self
.absorb(External::new(&NBytes::new(Psk::try_from(exchange_key)?)))?
.commit()?
.mask(NBytes::new(key)),
// TODO: Replace with separate logic for EdPubKey and DID instances (pending Identity xkey introduction)
_ => match <[u8; 32]>::try_from(exchange_key) {
Ok(byte_array) => self.x25519(&x25519::SecretKey::from_bytes(byte_array), NBytes::new(key)),
Err(e) => Err(anyhow!("Invalid x25519 key: {}", e)),
},
async fn decrypt(&mut self, exchange_key: &[u8], key: &mut [u8]) -> Result<&mut Self> {
// TODO: Replace with separate logic for EdPubKey and DID instances (pending Identity xkey
// introduction)
match <[u8; 32]>::try_from(exchange_key) {
Ok(byte_array) => self.x25519(&x25519::SecretKey::from_bytes(byte_array), NBytes::new(key)),
Err(e) => Err(anyhow!("Invalid x25519 key: {}", e)),
}
}
}
52 changes: 51 additions & 1 deletion lets/src/id/permission.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ use spongos::{
};

// Local
use crate::id::identifier::Identifier;
use crate::id::{identifier::Identifier, PskId};

#[derive(Clone, Copy, Hash, PartialEq, Eq, PartialOrd, Ord, Debug)]
pub enum PermissionDuration {
Expand Down Expand Up @@ -207,3 +207,53 @@ where
Ok(self)
}
}

impl Mask<&Permissioned<PskId>> for sizeof::Context {
DyrellC marked this conversation as resolved.
Show resolved Hide resolved
fn mask(&mut self, permission: &Permissioned<PskId>) -> Result<&mut Self> {
match permission {
Permissioned::Read(pskid) => {
let oneof = Uint8::new(0);
self.mask(oneof)?.mask(pskid)?;
Ok(self)
}
_ => return Err(anyhow!("Psk's can only be used as ReadOnly Permissioned")),
}
}
}

impl<OS, F> Mask<&Permissioned<PskId>> for wrap::Context<OS, F>
where
F: PRP,
OS: io::OStream,
{
fn mask(&mut self, permission: &Permissioned<PskId>) -> Result<&mut Self> {
match permission {
Permissioned::Read(pskid) => {
let oneof = Uint8::new(0);
self.mask(oneof)?.mask(pskid)?;
Ok(self)
}
_ => return Err(anyhow!("Psk's can only be used as ReadOnly Permissioned")),
}
}
}

impl<IS, F> Mask<&mut Permissioned<PskId>> for unwrap::Context<IS, F>
where
F: PRP,
IS: io::IStream,
{
fn mask(&mut self, permission: &mut Permissioned<PskId>) -> Result<&mut Self> {
let mut oneof = Uint8::new(0);
self.mask(&mut oneof)?;
match oneof.inner() {
0 => {
let mut psk_id = PskId::default();
self.mask(&mut psk_id)?;
*permission = Permissioned::Read(psk_id);
}
o => return Err(anyhow!("{} is not a valid permission option", o)),
}
Ok(self)
}
}
Loading