psrt 0.3.5

Industrial Pub-Sub server with minimal latency and MQTT-compatible logic
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

use crate::Error;
use crate::token::Token;
use openssl::symm;
use std::collections::BTreeMap;
use std::path::{Path, PathBuf};

#[derive(Eq, PartialEq, Debug, Copy, Clone)]
#[repr(u8)]
pub enum EncryptionType {
    No = crate::AUTH_LOGIN_PASS,
    Aes128Gcm = crate::AUTH_KEY_AES128_GCM,
    Aes256Gcm = crate::AUTH_KEY_AES256_GCM,
}

impl EncryptionType {
    /// # Errors
    ///
    /// With return error if the encryption format is not supported
    #[inline]
    pub fn from_byte(b: u8) -> Result<Self, Error> {
        match b {
            crate::AUTH_LOGIN_PASS => Ok(EncryptionType::No),
            crate::AUTH_KEY_AES128_GCM => Ok(EncryptionType::Aes128Gcm),
            crate::AUTH_KEY_AES256_GCM => Ok(EncryptionType::Aes256Gcm),
            _ => Err(Error::invalid_data("unsupported encryption type")),
        }
    }
    #[inline]
    pub fn need_decrypt(self) -> bool {
        self != EncryptionType::No
    }
}

#[inline]
fn decrypt(cipher: symm::Cipher, key: &[u8], iv: &[u8], data: &[u8]) -> Result<Vec<u8>, Error> {
    let digest_pos = data.len() - 16;
    symm::decrypt_aead(
        cipher,
        key,
        Some(iv),
        &[],
        &data[..digest_pos],
        &data[digest_pos..],
    )
    .map_err(Into::into)
}

pub struct Key {
    cipher_aes_128: Vec<u8>,
    cipher_aes_256: Vec<u8>,
}

#[derive(Default)]
pub struct Keys {
    key_file: Option<PathBuf>,
    keys: Option<BTreeMap<String, Key>>,
}

impl Keys {
    pub fn set_key_file(&mut self, path: &Path) {
        self.key_file.replace(path.to_owned());
    }
    /// # Errors
    ///
    /// Will return err if the file is unable to be read or parsed
    pub async fn reload(&mut self) -> Result<(), Error> {
        if let Some(path) = self.key_file.as_ref() {
            log::info!("loading key file {}", path.to_string_lossy());
            let data = tokio::fs::read_to_string(path).await?;
            let keys: BTreeMap<String, String> = serde_yaml2::from_str(&data)?;
            let mut key_map = BTreeMap::new();
            let acl_db = crate::acl::ACL_DB.read().await;
            for (login, k) in keys {
                log::trace!("+ key {} ({})", k, login);
                match k.parse::<Token>() {
                    Ok(token) => {
                        if acl_db.has_acl(&login) {
                            let key = Key {
                                cipher_aes_128: token.as_bytes()[0..16].to_vec(),
                                cipher_aes_256: token.as_bytes().to_vec(),
                            };
                            key_map.insert(login, key);
                        } else {
                            log::warn!("No ACL defined for the key {}", login);
                        }
                    }
                    Err(e) => log::error!("Unable to parse key: {}", e),
                }
            }
            self.keys.replace(key_map);
        }
        Ok(())
    }
    /// # Errors
    ///
    /// With return auth errors if: the key with such id is not defined or on decryption errors
    ///
    /// # Panics
    ///
    /// Will panic if attempted to decrypt unencrypted packet
    pub fn auth_and_decr(
        &self,
        block: &[u8],
        key_id: &str,
        tp: EncryptionType,
    ) -> Result<Vec<u8>, Error> {
        if let Some(Some(key)) = self.keys.as_ref().map(|m| m.get(key_id)) {
            if block.len() < 29 {
                return Err(Error::invalid_data("Invalid encrypted data"));
            }
            match tp {
                EncryptionType::Aes128Gcm => decrypt(
                    symm::Cipher::aes_128_gcm(),
                    &key.cipher_aes_128,
                    &block[0..12],
                    &block[12..],
                ),
                EncryptionType::Aes256Gcm => decrypt(
                    symm::Cipher::aes_256_gcm(),
                    &key.cipher_aes_256,
                    &block[0..12],
                    &block[12..],
                ),
                EncryptionType::No => panic!("Attempt to decrypt unencrypted"),
            }
        } else {
            Err(Error::access(format!("no such key id: {}", key_id)))
        }
    }
}