infinitree 0.11.0

Embedded, encrypted database with tiered cache
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

//! Use a Yubikey to secure trees.
//!
//! This module re-exports the [`yubico_manager`] library, which
//! provides all the utilities to program a Yubikey.
//!
//! See the documentation for [`YubikeyCR`] for additional details.
use super::{symmetric::Symmetric, *};
use crate::ObjectId;
use ring::aead;
use secrecy::{ExposeSecret, SecretString};
use std::mem::size_of;
pub use yubico_manager;
use yubico_manager::Yubico;

type Nonce = [u8; 12];
type Challenge = [u8; 64];
type Response = [u8; 20];

const HEADER_PAYLOAD: usize =
    size_of::<SealedHeader>() - size_of::<Tag>() - size_of::<Nonce>() - size_of::<Challenge>();
const HEADER_CYPHERTEXT: usize =
    size_of::<SealedHeader>() - size_of::<Nonce>() - size_of::<Challenge>();

/// This mode's behaviour is equivalent to the
/// [`UsernamePassword`](crate::crypto::UsernamePassword) `KeySource`, but
/// adds a second factor.
///
/// ## Touch-to-sign configuration
///
/// In case you configure your Yubikey to
/// require a touch authorization for HMAC operations, you will need
/// to touch the Yubikey on both decrypt *and* encrypt operations.
///
/// If you are looking to secure a long-running job, or a background
/// process that periodically commits changes, this will probably not
/// be an optimal configuration for you.
///
/// ## Implementation details
///
/// The 512-byte binary header layout looks like so:
///
/// ```text
/// encrypt(root[88] || mode[1] || convergence_key[32] || 0[..]) || mac[16] || nonce[12] || yubikey_challenge[64]
/// ```
pub type YubikeyCR = KeyingScheme<YubikeyHeader, Symmetric>;
impl YubikeyCR {
    pub fn with_credentials(
        username: SecretString,
        password: SecretString,
        ykconfig: yubico_manager::config::Config,
    ) -> Result<Self> {
        let master_key = derive_argon2(
            b"zerostash.com yubikey cr master key",
            username.expose_secret().as_bytes(),
            password.expose_secret().as_bytes(),
        )?;

        Ok(Self::new(
            YubikeyHeader {
                master_key,
                ykconfig,
            },
            Symmetric::random()?,
        ))
    }
}

pub(crate) use private::*;
mod private {
    use super::*;

    pub struct YubikeyHeader {
        pub(super) master_key: RawKey,
        pub(super) ykconfig: yubico_manager::config::Config,
    }

    /// blake3_kdf(ctx, master_key || yk_hmac_response(challenge))
    fn header_key(
        master_key: &RawKey,
        challenge: Challenge,
        config: yubico_manager::config::Config,
    ) -> Result<RawKey> {
        let mut k = [0; KEY_SIZE + size_of::<Response>()];

        let mut yk = Yubico::new();
        let resp = yk
            .challenge_response_hmac(&challenge, config)
            .map_err(|_| CryptoError::Fatal)?
            .0;

        k[..KEY_SIZE].copy_from_slice(master_key.expose_secret());
        k[KEY_SIZE..].copy_from_slice(&resp);

        Ok(blake3::derive_key("zerostash.com 2022 yubikey challenge-response", &k).into())
    }

    impl HeaderScheme for YubikeyHeader {
        fn open_root(&self, header: SealedHeader) -> Result<OpenHeader> {
            let mut sealed = header.0;

            let mut challenge = [0; size_of::<Challenge>()];
            challenge.copy_from_slice(&sealed[HEADER_CYPHERTEXT + size_of::<Nonce>()..]);

            let aead = get_aead(header_key(
                &self.master_key,
                challenge,
                self.ykconfig.clone(),
            )?);
            let nonce = {
                let mut buf = Nonce::default();
                buf.copy_from_slice(
                    &sealed[HEADER_CYPHERTEXT..HEADER_CYPHERTEXT + size_of::<Nonce>()],
                );
                aead::Nonce::assume_unique_for_key(buf)
            };

            let _ = aead
                .open_in_place(nonce, aead::Aad::empty(), &mut sealed[..HEADER_CYPHERTEXT])
                .map_err(CryptoError::from)?;

            Ok(OpenHeader(sealed))
        }

        fn seal_root(&self, header: OpenHeader) -> Result<SealedHeader> {
            let mut output = header.0;
            let random = SystemRandom::new();
            let nonce = {
                let mut buf = Nonce::default();
                random.fill(&mut buf)?;
                aead::Nonce::assume_unique_for_key(buf)
            };
            let challenge = {
                let mut buf = [0; size_of::<Challenge>()];
                random.fill(&mut buf)?;
                buf
            };

            //
            // Copy the n-once before it gets eaten by the aead.
            output[HEADER_CYPHERTEXT..HEADER_CYPHERTEXT + size_of::<Nonce>()]
                .copy_from_slice(nonce.as_ref());

            let aead = get_aead(header_key(
                &self.master_key,
                challenge,
                self.ykconfig.clone(),
            )?);
            let tag = aead.seal_in_place_separate_tag(
                nonce,
                aead::Aad::empty(),
                &mut output[..HEADER_PAYLOAD],
            )?;

            //
            // Dump tag and challenge
            output[HEADER_PAYLOAD..HEADER_PAYLOAD + size_of::<Tag>()].copy_from_slice(tag.as_ref());
            output[HEADER_CYPHERTEXT + size_of::<Nonce>()..].copy_from_slice(&challenge);

            Ok(SealedHeader(output))
        }

        fn root_object_id(&self) -> Result<ObjectId> {
            super::symmetric::root_object_id(&self.master_key)
        }
    }
}

#[cfg(test)]
mod test {
    use crate::crypto::Scheme;
    use std::sync::Arc;

    #[test]
    #[ignore]
    fn userpass_encrypt_decrypt() {
        use super::YubikeyCR;
        use crate::chunks::RawChunkPointer;
        use yubico_manager::{config::Config, Yubico};

        let mut yubi = Yubico::new();
        let ykconfig = if let Ok(device) = yubi.find_yubikey() {
            Config::default()
                .set_vendor_id(device.vendor_id)
                .set_product_id(device.product_id)
        } else {
            panic!("No Yubikey")
        };

        let seal_key = YubikeyCR::with_credentials(
            "test".to_string().into(),
            "test".to_string().into(),
            ykconfig.clone(),
        )
        .unwrap();

        let header = seal_key.seal_root(&Default::default()).unwrap();
        let open_key = YubikeyCR::with_credentials(
            "test".to_string().into(),
            "test".to_string().into(),
            ykconfig,
        )
        .unwrap();

        let open_header = Arc::new(open_key).open_root(header).unwrap();
        assert_eq!(open_header.root_ptr, RawChunkPointer::default());
    }
}