citadeldb-sync 0.6.0

Replication and sync layer for Citadel encrypted database
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

use base64::Engine;
use zeroize::Zeroize;

const KEY_SIZE: usize = 32;

/// 32-byte pre-shared key for encrypted sync transport.
#[derive(Clone)]
pub struct SyncKey([u8; KEY_SIZE]);

impl SyncKey {
    /// Generate a random sync key.
    pub fn generate() -> Self {
        use rand::RngCore;
        let mut key = [0u8; KEY_SIZE];
        rand::thread_rng().fill_bytes(&mut key);
        Self(key)
    }

    /// Create from raw bytes.
    pub fn from_bytes(bytes: [u8; KEY_SIZE]) -> Self {
        Self(bytes)
    }

    /// Decode from base64.
    pub fn from_base64(s: &str) -> Result<Self, SyncKeyError> {
        let bytes = base64::engine::general_purpose::STANDARD
            .decode(s)
            .map_err(|e| SyncKeyError(e.to_string()))?;
        if bytes.len() != KEY_SIZE {
            return Err(SyncKeyError(format!(
                "expected {} bytes, got {}",
                KEY_SIZE,
                bytes.len()
            )));
        }
        let mut arr = [0u8; KEY_SIZE];
        arr.copy_from_slice(&bytes);
        Ok(Self(arr))
    }

    /// Encode as base64.
    pub fn to_base64(&self) -> String {
        base64::engine::general_purpose::STANDARD.encode(self.0)
    }

    /// Borrow the raw bytes.
    pub fn as_bytes(&self) -> &[u8; KEY_SIZE] {
        &self.0
    }
}

impl Drop for SyncKey {
    fn drop(&mut self) {
        self.0.zeroize();
    }
}

impl std::fmt::Debug for SyncKey {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.write_str("SyncKey([REDACTED])")
    }
}

impl std::fmt::Display for SyncKey {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.write_str(&self.to_base64())
    }
}

/// Error decoding a sync key.
#[derive(Debug, Clone)]
pub struct SyncKeyError(pub String);

impl std::fmt::Display for SyncKeyError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "invalid sync key: {}", self.0)
    }
}

impl std::error::Error for SyncKeyError {}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn generate_unique() {
        let a = SyncKey::generate();
        let b = SyncKey::generate();
        assert_ne!(a.0, b.0);
    }

    #[test]
    fn base64_roundtrip() {
        let key = SyncKey::generate();
        let encoded = key.to_base64();
        let decoded = SyncKey::from_base64(&encoded).unwrap();
        assert_eq!(key.0, decoded.0);
    }

    #[test]
    fn from_bytes_roundtrip() {
        let raw = [0xABu8; KEY_SIZE];
        let key = SyncKey::from_bytes(raw);
        assert_eq!(*key.as_bytes(), raw);
    }

    #[test]
    fn invalid_base64_rejected() {
        assert!(SyncKey::from_base64("not-valid-base64!!!").is_err());
    }

    #[test]
    fn wrong_length_rejected() {
        let short = base64::engine::general_purpose::STANDARD.encode([0u8; 16]);
        assert!(SyncKey::from_base64(&short).is_err());
    }

    #[test]
    fn debug_redacts() {
        let key = SyncKey::generate();
        let debug = format!("{:?}", key);
        assert_eq!(debug, "SyncKey([REDACTED])");
        assert!(!debug.contains(&key.to_base64()));
    }

    #[test]
    fn display_is_base64() {
        let key = SyncKey::generate();
        assert_eq!(format!("{}", key), key.to_base64());
    }

    #[test]
    fn base64_length_is_44() {
        let key = SyncKey::generate();
        assert_eq!(key.to_base64().len(), 44);
    }
}