firecloud-crypto 0.1.0

Encryption and key management for FireCloud distributed storage
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

//! Key Encryption Key (KEK) management
//!
//! Provides functionality for:
//! - Deriving KEK from user password using Argon2id
//! - Encrypting/decrypting Data Encryption Keys (DEK)
//! - Secure key storage and handling

use crate::{CryptoError, CryptoResult};
use argon2::{
    password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
    Argon2, Params, Version,
};
use chacha20poly1305::{
    aead::{Aead, KeyInit, OsRng},
    XChaCha20Poly1305, XNonce,
};
use rand::RngCore;
use std::fmt;
use zeroize::{Zeroize, ZeroizeOnDrop};

/// Size of KEK in bytes (256-bit)
pub const KEK_SIZE: usize = 32;

/// Size of salt for password hashing (128-bit)
pub const SALT_SIZE: usize = 16;

/// Size of nonce for XChaCha20 (192-bit)
pub const NONCE_SIZE: usize = 24;

/// Key Encryption Key derived from user password
#[derive(Clone, Zeroize, ZeroizeOnDrop)]
pub struct Kek {
    key: [u8; KEK_SIZE],
}

impl Kek {
    /// Derive a KEK from a password using Argon2id
    ///
    /// Uses strong parameters:
    /// - Memory: 64 MB
    /// - Iterations: 3
    /// - Parallelism: 4 threads
    pub fn derive_from_password(password: &str, salt: &[u8]) -> CryptoResult<Self> {
        if salt.len() != SALT_SIZE {
            return Err(CryptoError::InvalidKeySize {
                expected: SALT_SIZE,
                actual: salt.len(),
            });
        }

        // Configure Argon2id with strong parameters
        // Memory: 64 MB, Iterations: 3, Parallelism: 4
        let params = Params::new(65536, 3, 4, Some(KEK_SIZE))
            .map_err(|e| CryptoError::KeyDerivation(e.to_string()))?;

        let argon2 = Argon2::new(
            argon2::Algorithm::Argon2id,
            Version::V0x13,
            params,
        );

        // Derive key from password
        let mut key = [0u8; KEK_SIZE];
        argon2
            .hash_password_into(password.as_bytes(), salt, &mut key)
            .map_err(|e| CryptoError::KeyDerivation(e.to_string()))?;

        Ok(Self { key })
    }

    /// Create a KEK directly from raw key bytes (for testing)
    pub fn from_bytes(bytes: [u8; KEK_SIZE]) -> Self {
        Self { key: bytes }
    }

    /// Get the raw key bytes (use with caution)
    pub fn as_bytes(&self) -> &[u8; KEK_SIZE] {
        &self.key
    }

    /// Encrypt a Data Encryption Key (DEK) with this KEK
    ///
    /// Returns: (nonce || ciphertext)
    pub fn encrypt_dek(&self, dek: &[u8]) -> CryptoResult<Vec<u8>> {
        let cipher = XChaCha20Poly1305::new(&self.key.into());

        // Generate random nonce
        let mut nonce_bytes = [0u8; NONCE_SIZE];
        OsRng.fill_bytes(&mut nonce_bytes);
        let nonce = XNonce::from_slice(&nonce_bytes);

        // Encrypt the DEK
        let ciphertext = cipher
            .encrypt(nonce, dek)
            .map_err(|e| CryptoError::Encryption(e.to_string()))?;

        // Prepend nonce to ciphertext
        let mut result = Vec::with_capacity(NONCE_SIZE + ciphertext.len());
        result.extend_from_slice(&nonce_bytes);
        result.extend_from_slice(&ciphertext);

        Ok(result)
    }

    /// Decrypt a Data Encryption Key (DEK) with this KEK
    ///
    /// Input: (nonce || ciphertext)
    pub fn decrypt_dek(&self, encrypted_dek: &[u8]) -> CryptoResult<Vec<u8>> {
        if encrypted_dek.len() < NONCE_SIZE {
            return Err(CryptoError::Decryption(
                "Encrypted DEK too short".to_string(),
            ));
        }

        let cipher = XChaCha20Poly1305::new(&self.key.into());

        // Extract nonce and ciphertext
        let (nonce_bytes, ciphertext) = encrypted_dek.split_at(NONCE_SIZE);
        let nonce = XNonce::from_slice(nonce_bytes);

        // Decrypt
        let dek = cipher
            .decrypt(nonce, ciphertext)
            .map_err(|e| CryptoError::Decryption(e.to_string()))?;

        Ok(dek)
    }
}

impl fmt::Debug for Kek {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("Kek")
            .field("key", &"[REDACTED]")
            .finish()
    }
}

/// Generate a random salt for password hashing
pub fn generate_salt() -> [u8; SALT_SIZE] {
    let mut salt = [0u8; SALT_SIZE];
    OsRng.fill_bytes(&mut salt);
    salt
}

/// Hash a password for storage (verification only, not for encryption)
pub fn hash_password(password: &str) -> CryptoResult<String> {
    let salt = SaltString::generate(&mut OsRng);
    
    let params = Params::new(65536, 3, 4, None)
        .map_err(|e| CryptoError::KeyDerivation(e.to_string()))?;
    
    let argon2 = Argon2::new(
        argon2::Algorithm::Argon2id,
        Version::V0x13,
        params,
    );

    let hash = argon2
        .hash_password(password.as_bytes(), &salt)
        .map_err(|e| CryptoError::KeyDerivation(e.to_string()))?
        .to_string();

    Ok(hash)
}

/// Verify a password against a stored hash
pub fn verify_password(password: &str, hash: &str) -> CryptoResult<bool> {
    let parsed_hash = PasswordHash::new(hash)
        .map_err(|e| CryptoError::KeyDerivation(e.to_string()))?;

    let argon2 = Argon2::default();

    Ok(argon2
        .verify_password(password.as_bytes(), &parsed_hash)
        .is_ok())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_kek_derive_from_password() {
        let password = "super_secret_password";
        let salt = generate_salt();

        let kek1 = Kek::derive_from_password(password, &salt).unwrap();
        let kek2 = Kek::derive_from_password(password, &salt).unwrap();

        // Same password + salt should produce same KEK
        assert_eq!(kek1.as_bytes(), kek2.as_bytes());

        // Different salt should produce different KEK
        let different_salt = generate_salt();
        let kek3 = Kek::derive_from_password(password, &different_salt).unwrap();
        assert_ne!(kek1.as_bytes(), kek3.as_bytes());
    }

    #[test]
    fn test_encrypt_decrypt_dek() {
        let password = "test_password";
        let salt = generate_salt();
        let kek = Kek::derive_from_password(password, &salt).unwrap();

        // Sample DEK (32 bytes)
        let dek = b"this_is_a_32_byte_dek_key_123456";

        // Encrypt
        let encrypted = kek.encrypt_dek(dek).unwrap();
        assert!(encrypted.len() > dek.len()); // Should be larger (nonce + tag)

        // Decrypt
        let decrypted = kek.decrypt_dek(&encrypted).unwrap();
        assert_eq!(&decrypted[..], &dek[..]);
    }

    #[test]
    fn test_wrong_password() {
        let salt = generate_salt();
        
        let kek1 = Kek::derive_from_password("password1", &salt).unwrap();
        let kek2 = Kek::derive_from_password("password2", &salt).unwrap();

        let dek = b"sample_dek_key_32_bytes_long_123";
        let encrypted = kek1.encrypt_dek(dek).unwrap();

        // Trying to decrypt with wrong KEK should fail
        let result = kek2.decrypt_dek(&encrypted);
        assert!(result.is_err());
    }

    #[test]
    fn test_password_hashing() {
        let password = "my_secure_password";
        
        let hash = hash_password(password).unwrap();
        assert!(hash.starts_with("$argon2id$"));

        // Verify correct password
        assert!(verify_password(password, &hash).unwrap());

        // Verify wrong password
        assert!(!verify_password("wrong_password", &hash).unwrap());
    }

    #[test]
    fn test_salt_generation() {
        let salt1 = generate_salt();
        let salt2 = generate_salt();

        // Should generate different salts
        assert_ne!(salt1, salt2);
        assert_eq!(salt1.len(), SALT_SIZE);
    }
}