lib3h_sodium 0.0.10

lib3h libsodium wrapper providing memory secure api access
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

//! This module provides access to libsodium
use super::check_init;
/// Recomended to use secure SecBuf for return values in these functions
use super::secbuf::SecBuf;
use lib3h_crypto_api::CryptoError;
pub const PUBLICKEYBYTES: usize = rust_sodium_sys::crypto_kx_PUBLICKEYBYTES as usize;
pub const SECRETKEYBYTES: usize = rust_sodium_sys::crypto_kx_SECRETKEYBYTES as usize;
pub const SESSIONKEYBYTES: usize = rust_sodium_sys::crypto_kx_SESSIONKEYBYTES as usize;

/// Generate a fresh, random keyexchange keypair
/// ****
/// @param {SecBuf} pk - Empty Buffer to be used as publicKey return
///
/// @param {SecBuf} sk - Empty Buffer to be used as secretKey return
pub fn keypair(pk: &mut SecBuf, sk: &mut SecBuf) -> Result<(), CryptoError> {
    check_init();
    let mut pk = pk.write_lock();
    let mut sk = sk.write_lock();
    unsafe {
        rust_sodium_sys::crypto_kx_keypair(raw_ptr_char!(pk), raw_ptr_char!(sk));
    }
    Ok(())
}

/// Generate a fresh, keyexchange keypair, based off a seed
/// ****
/// @param {SecBuf} seed - seed to derive the pk and sk
///
/// @param {SecBuf} pk - Empty Buffer to be used as publicKey return
///
/// @param {SecBuf} sk - Empty Buffer to be used as secretKey return
pub fn seed_keypair(
    seed: &mut SecBuf,
    pk: &mut SecBuf,
    sk: &mut SecBuf,
) -> Result<(), CryptoError> {
    check_init();
    let seed = seed.read_lock();
    let mut pk = pk.write_lock();
    let mut sk = sk.write_lock();
    unsafe {
        rust_sodium_sys::crypto_kx_seed_keypair(
            raw_ptr_char!(pk),
            raw_ptr_char!(sk),
            raw_ptr_char_immut!(seed),
        );
    }
    Ok(())
}

/// Given a server's public key, derive shared secrets.
/// ****
/// @param {SecBuf} cliPublic - client's public key
///
/// @param {SecBuf} cliSecret - client's secret key
///
/// @param {SecBuf} srvPublic - server's public key
///
/// @param {SecBuf} rx - Empty Buffer to be used as secretKey return
///
/// @param {SecBuf} tx - Empty Buffer to be used as secretKey return
pub fn client_session(
    client_pk: &mut SecBuf,
    client_sk: &mut SecBuf,
    server_pk: &mut SecBuf,
    rx: &mut SecBuf,
    tx: &mut SecBuf,
) -> Result<(), CryptoError> {
    check_init();
    let mut rx = rx.write_lock();
    let mut tx = tx.write_lock();
    let client_sk = client_sk.read_lock();
    let client_pk = client_pk.read_lock();
    let server_pk = server_pk.read_lock();
    unsafe {
        rust_sodium_sys::crypto_kx_client_session_keys(
            raw_ptr_char!(rx),
            raw_ptr_char!(tx),
            raw_ptr_char_immut!(client_pk),
            raw_ptr_char_immut!(client_sk),
            raw_ptr_char_immut!(server_pk),
        );
    }
    Ok(())
}

/// Given a client's public key, derive shared secrets.
/// ****
/// @param {SecBuf} srvPublic - server's public key
///
/// @param {SecBuf} srvSecret - server's secret key
///
/// @param {SecBuf} cliPublic - client's public key
///
/// @param {SecBuf} rx - Empty Buffer to be used as secretKey return
///
/// @param {SecBuf} tx - Empty Buffer to be used as secretKey return
pub fn server_session(
    server_pk: &mut SecBuf,
    server_sk: &mut SecBuf,
    client_pk: &mut SecBuf,
    rx: &mut SecBuf,
    tx: &mut SecBuf,
) -> Result<(), CryptoError> {
    check_init();
    let mut rx = rx.write_lock();
    let mut tx = tx.write_lock();
    let client_pk = client_pk.read_lock();
    let server_sk = server_sk.read_lock();
    let server_pk = server_pk.read_lock();
    unsafe {
        rust_sodium_sys::crypto_kx_server_session_keys(
            raw_ptr_char!(rx),
            raw_ptr_char!(tx),
            raw_ptr_char_immut!(server_pk),
            raw_ptr_char_immut!(server_sk),
            raw_ptr_char_immut!(client_pk),
        );
    }
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn it_should_generate_keypair() {
        let mut public_key = SecBuf::with_secure(PUBLICKEYBYTES);
        let mut secret_key = SecBuf::with_secure(SECRETKEYBYTES);
        keypair(&mut public_key, &mut secret_key).unwrap();
        let public_key = public_key.read_lock();
        let secret_key = secret_key.read_lock();
        println!("public_key : {:?}", public_key);
        println!("secret_key : {:?}", secret_key);
        assert_eq!(32, public_key.len());
        assert_eq!(32, secret_key.len());
    }
    #[test]
    fn it_should_generate_keypair_from_seed() {
        let mut seed = SecBuf::with_secure(32);
        seed.randomize();
        let mut public_key = SecBuf::with_secure(PUBLICKEYBYTES);
        let mut secret_key = SecBuf::with_secure(SECRETKEYBYTES);
        seed_keypair(&mut seed, &mut public_key, &mut secret_key).unwrap();
        let public_key = public_key.read_lock();
        let secret_key = secret_key.read_lock();
        println!("public_key : {:?}", public_key);
        println!("secret_key : {:?}", secret_key);
        assert_eq!(32, public_key.len());
        assert_eq!(32, secret_key.len());
    }
    #[test]
    fn it_should_generate_client_keys() {
        let mut client_pk = SecBuf::with_secure(PUBLICKEYBYTES);
        let mut client_sk = SecBuf::with_secure(SECRETKEYBYTES);
        keypair(&mut client_pk, &mut client_sk).unwrap();

        let mut server_pk = SecBuf::with_secure(PUBLICKEYBYTES);
        let mut server_sk = SecBuf::with_secure(SECRETKEYBYTES);
        keypair(&mut server_pk, &mut server_sk).unwrap();

        let mut cli_rx = SecBuf::with_secure(SESSIONKEYBYTES);
        let mut cli_tx = SecBuf::with_secure(SESSIONKEYBYTES);
        {
            client_session(
                &mut client_pk,
                &mut client_sk,
                &mut server_pk,
                &mut cli_rx,
                &mut cli_tx,
            )
            .unwrap();
            let cli_rx = cli_rx.read_lock();
            let cli_tx = cli_tx.read_lock();
            println!("cli_rx : {:?}", cli_rx);
            println!("cli_tx : {:?}", cli_tx);
        }
        let mut srv_rx = SecBuf::with_secure(SESSIONKEYBYTES);
        let mut srv_tx = SecBuf::with_secure(SESSIONKEYBYTES);
        {
            server_session(
                &mut server_pk,
                &mut server_sk,
                &mut client_pk,
                &mut srv_rx,
                &mut srv_tx,
            )
            .unwrap();
            let srv_rx = srv_rx.read_lock();
            let srv_tx = srv_tx.read_lock();
            println!("srv_rx : {:?}", srv_rx);
            println!("srv_tx : {:?}", srv_tx);
        }
        {
            let cli_rx = cli_rx.read_lock();
            let cli_tx = cli_tx.read_lock();
            let srv_rx = srv_rx.read_lock();
            let srv_tx = srv_tx.read_lock();
            assert_eq!(format!("{:?}", *cli_rx), format!("{:?}", *srv_tx));
            assert_eq!(format!("{:?}", *cli_tx), format!("{:?}", *srv_rx));
        }
    }
}