hashiverse-lib 1.0.7

Core protocol library for Hashiverse — your open-source decentralized X/Twitter replacement.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

//! # Encryption of the private meta-post section
//!
//! The private half of a [`crate::client::meta_post::meta_post::MetaPostV1`]
//! (feedback thresholds, warning toggles, anything the account holder doesn't want
//! public) is symmetric-encrypted with a key derived from the account's own private
//! signing key: `sig = sign(signature_key, constant)` then `key = blake3(sig)`.
//!
//! Because signing requires the private key, only the account holder can recover the
//! symmetric key; because the key is deterministic, every device that unlocks the same
//! [`crate::tools::keys::Keys`] derives the same key and can read/write the same
//! private section. No key exchange, no on-network secrets.
//!
//! The `encrypt_private_section` / `decrypt_private_section` pair here is the only
//! place this derivation happens.

use crate::client::key_locker::key_locker::KeyLocker;
use crate::client::meta_post::meta_post::MetaPostPrivateV1;
use crate::tools::types::Salt;
use crate::tools::{compression, encryption, json};

const META_POST_ENCRYPTION_CONTEXT: &[u8] = b"hashiverse-meta-post-encryption";

/// Derive a 32-byte symmetric encryption key by signing a well-known
/// constant concatenated with the provided salt, then hashing the
/// signature with blake3.
///
/// Only the holder of the private signing key can reproduce this key,
/// making it suitable for encrypting data that only the user should read.
pub async fn derive_meta_post_encryption_key(key_locker: &dyn KeyLocker, salt: &Salt) -> anyhow::Result<Vec<u8>> {
    let mut message = Vec::with_capacity(META_POST_ENCRYPTION_CONTEXT.len() + salt.as_ref().len());
    message.extend_from_slice(META_POST_ENCRYPTION_CONTEXT);
    message.extend_from_slice(salt.as_ref());

    let signature = key_locker.sign(&message).await?;
    let key_hash = blake3::hash(signature.as_ref());
    Ok(key_hash.as_bytes().to_vec())
}

/// Encrypt a `MetaPostPrivateV1` into a hex-encoded string.
pub async fn encrypt_private_section(key_locker: &dyn KeyLocker, salt: &Salt, private: &MetaPostPrivateV1) -> anyhow::Result<String> {
    let symmetric_key = derive_meta_post_encryption_key(key_locker, salt).await?;
    let plaintext = json::struct_to_bytes(private)?;
    let compressed = compression::compress_for_size(&plaintext)?.to_bytes();
    let encrypted = encryption::encrypt_strong(&compressed, &[symmetric_key])?;
    Ok(hex::encode(encrypted))
}

/// Decrypt a hex-encoded string back into a `MetaPostPrivateV1`.
pub async fn decrypt_private_section(key_locker: &dyn KeyLocker, salt: &Salt, encrypted_hex: &str) -> anyhow::Result<MetaPostPrivateV1> {
    let symmetric_key = derive_meta_post_encryption_key(key_locker, salt).await?;
    let encrypted = hex::decode(encrypted_hex)?;
    let compressed = encryption::decrypt(&encrypted, &symmetric_key)?;
    let plaintext = compression::decompress(&compressed)?.to_bytes();
    let private: MetaPostPrivateV1 = json::bytes_to_struct(&plaintext)?;
    Ok(private)
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::client::key_locker::mem_key_locker::MemKeyLockerManager;
    use crate::client::key_locker::key_locker::KeyLockerManager;
    use crate::client::meta_post::meta_post::VersionedField;
    use crate::tools::time::TimeMillis;

    fn t(millis: i64) -> TimeMillis { TimeMillis(millis) }

    #[tokio::test]
    async fn encrypt_decrypt_private_section_roundtrip() -> anyhow::Result<()> {
        let key_locker_manager = MemKeyLockerManager::new().await?;
        let key_locker = key_locker_manager.create("test_phrase".to_string()).await?;
        let salt = Salt::random();

        let mut private = MetaPostPrivateV1::empty();
        private.followed_client_ids.insert("client_abc".to_string(), VersionedField::new(true, t(100)));
        private.followed_hashtags.insert("rust".to_string(), VersionedField::new(true, t(200)));
        private.content_thresholds.insert(101, VersionedField::new(100, t(300)));
        private.skip_warnings_for_followed = VersionedField::new(true, t(400));

        let encrypted_hex = encrypt_private_section(key_locker.as_ref(), &salt, &private).await?;
        let decrypted = decrypt_private_section(key_locker.as_ref(), &salt, &encrypted_hex).await?;

        assert_eq!(private, decrypted);
        Ok(())
    }

    #[tokio::test]
    async fn different_salt_produces_different_key() -> anyhow::Result<()> {
        let key_locker_manager = MemKeyLockerManager::new().await?;
        let key_locker = key_locker_manager.create("test_phrase".to_string()).await?;

        let salt_a = Salt::random();
        let salt_b = Salt::random();

        let key_a = derive_meta_post_encryption_key(key_locker.as_ref(), &salt_a).await?;
        let key_b = derive_meta_post_encryption_key(key_locker.as_ref(), &salt_b).await?;

        assert_ne!(key_a, key_b);
        Ok(())
    }

    #[tokio::test]
    async fn same_salt_produces_same_key() -> anyhow::Result<()> {
        let key_locker_manager = MemKeyLockerManager::new().await?;
        let key_locker = key_locker_manager.create("test_phrase".to_string()).await?;

        let salt = Salt::random();

        let key_1 = derive_meta_post_encryption_key(key_locker.as_ref(), &salt).await?;
        let key_2 = derive_meta_post_encryption_key(key_locker.as_ref(), &salt).await?;

        assert_eq!(key_1, key_2);
        Ok(())
    }

    #[tokio::test]
    async fn different_user_cannot_decrypt() -> anyhow::Result<()> {
        let key_locker_manager = MemKeyLockerManager::new().await?;
        let key_locker_a = key_locker_manager.create("client_a_phrase".to_string()).await?;
        let key_locker_b = key_locker_manager.create("client_b_phrase".to_string()).await?;

        let salt = Salt::random();
        let private = MetaPostPrivateV1::empty();

        let encrypted_hex = encrypt_private_section(key_locker_a.as_ref(), &salt, &private).await?;
        let decrypt_result = decrypt_private_section(key_locker_b.as_ref(), &salt, &encrypted_hex).await;

        assert!(decrypt_result.is_err(), "Different user should not be able to decrypt");
        Ok(())
    }

    #[tokio::test]
    async fn encrypt_decrypt_with_tombstones() -> anyhow::Result<()> {
        let key_locker_manager = MemKeyLockerManager::new().await?;
        let key_locker = key_locker_manager.create("test_phrase".to_string()).await?;
        let salt = Salt::random();

        let mut private = MetaPostPrivateV1::empty();
        private.followed_client_ids.insert("deleted_client".to_string(), VersionedField::tombstone(t(999)));
        private.skip_warnings_for_followed = VersionedField::tombstone(t(888));

        let encrypted_hex = encrypt_private_section(key_locker.as_ref(), &salt, &private).await?;
        let decrypted = decrypt_private_section(key_locker.as_ref(), &salt, &encrypted_hex).await?;

        assert_eq!(private, decrypted);
        assert!(decrypted.followed_client_ids["deleted_client"].is_tombstone());
        assert!(decrypted.skip_warnings_for_followed.is_tombstone());
        Ok(())
    }
}