quadra-a-core 0.1.0-beta.1

Core protocol primitives for the quadra-a agent network
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

use anyhow::{anyhow, Context, Result};
use chacha20poly1305::{
    aead::{Aead, Payload},
    KeyInit, XChaCha20Poly1305, XNonce,
};
use hkdf::Hkdf;
use rand::{rngs::OsRng, RngCore};
use sha2::Sha256;
use x25519_dalek::{PublicKey, StaticSecret};

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct X25519KeyPair {
    pub public_key: [u8; 32],
    pub private_key: [u8; 32],
}

pub fn array32(bytes: &[u8], label: &str) -> Result<[u8; 32]> {
    bytes
        .try_into()
        .map_err(|_| anyhow!("{} must be 32 bytes", label))
}

pub fn array24(bytes: &[u8], label: &str) -> Result<[u8; 24]> {
    bytes
        .try_into()
        .map_err(|_| anyhow!("{} must be 24 bytes", label))
}

pub fn generate_x25519_key_pair() -> X25519KeyPair {
    let secret = StaticSecret::random_from_rng(OsRng);
    let public = PublicKey::from(&secret);
    X25519KeyPair {
        public_key: public.to_bytes(),
        private_key: secret.to_bytes(),
    }
}

pub fn derive_x25519_public_key(private_key: &[u8]) -> Result<[u8; 32]> {
    let secret = StaticSecret::from(array32(private_key, "X25519 private key")?);
    Ok(PublicKey::from(&secret).to_bytes())
}

pub fn diffie_hellman_x25519(private_key: &[u8], public_key: &[u8]) -> Result<[u8; 32]> {
    let secret = StaticSecret::from(array32(private_key, "X25519 private key")?);
    let public = PublicKey::from(array32(public_key, "X25519 public key")?);
    Ok(secret.diffie_hellman(&public).to_bytes())
}

pub fn hkdf_sha256(
    input_key_material: &[u8],
    salt: &[u8],
    info: &[u8],
    length: usize,
) -> Result<Vec<u8>> {
    let hk = Hkdf::<Sha256>::new(Some(salt), input_key_material);
    let mut output = vec![0u8; length];
    hk.expand(info, &mut output)
        .map_err(|_| anyhow!("Failed to expand HKDF-SHA256 output"))?;
    Ok(output)
}

pub fn encrypt_xchacha20poly1305(
    key: &[u8],
    nonce: &[u8],
    plaintext: &[u8],
    associated_data: &[u8],
) -> Result<Vec<u8>> {
    let cipher =
        XChaCha20Poly1305::new_from_slice(key).context("Invalid XChaCha20-Poly1305 key")?;
    let nonce = array24(nonce, "XChaCha20-Poly1305 nonce")?;
    cipher
        .encrypt(
            XNonce::from_slice(&nonce),
            Payload {
                msg: plaintext,
                aad: associated_data,
            },
        )
        .map_err(|_| anyhow!("Failed to encrypt with XChaCha20-Poly1305"))
}

pub fn decrypt_xchacha20poly1305(
    key: &[u8],
    nonce: &[u8],
    ciphertext: &[u8],
    associated_data: &[u8],
) -> Result<Vec<u8>> {
    let cipher =
        XChaCha20Poly1305::new_from_slice(key).context("Invalid XChaCha20-Poly1305 key")?;
    let nonce = array24(nonce, "XChaCha20-Poly1305 nonce")?;
    cipher
        .decrypt(
            XNonce::from_slice(&nonce),
            Payload {
                msg: ciphertext,
                aad: associated_data,
            },
        )
        .map_err(|_| anyhow!("Failed to decrypt with XChaCha20-Poly1305"))
}

pub fn bytes_to_hex(bytes: &[u8]) -> String {
    hex::encode(bytes)
}

pub fn random_bytes(length: usize) -> Vec<u8> {
    let mut output = vec![0u8; length];
    OsRng.fill_bytes(&mut output);
    output
}