sos-core 0.17.3

Core types for the Save Our Secrets SDK
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

//! Private key types.
use age::x25519::Identity;
use argon2::password_hash::SaltString;
use secrecy::{ExposeSecret, SecretBox, SecretString};
use std::convert::AsRef;
use std::fmt;

use crate::{
    crypto::{KeyDerivation, Seed},
    Result,
};

/// Access key used to unlock a vault.
#[derive(Clone)]
pub enum AccessKey {
    /// Password access.
    Password(SecretString),
    /// Asymmetric private key.
    Identity(Identity),
}

impl From<SecretString> for AccessKey {
    fn from(value: SecretString) -> Self {
        Self::Password(value)
    }
}

impl From<Identity> for AccessKey {
    fn from(value: Identity) -> Self {
        Self::Identity(value)
    }
}

impl From<AccessKey> for SecretString {
    fn from(value: AccessKey) -> Self {
        match value {
            AccessKey::Password(password) => password,
            AccessKey::Identity(id) => id.to_string().into(),
        }
    }
}

impl AccessKey {
    /// Convert this access key into a private key.
    pub fn into_private(
        self,
        kdf: &KeyDerivation,
        salt: &SaltString,
        seed: Option<&Seed>,
    ) -> Result<PrivateKey> {
        match self {
            Self::Password(ref password) => {
                let deriver = kdf.deriver();
                Ok(PrivateKey::Symmetric(
                    deriver.derive(password, salt, seed)?,
                ))
            }
            Self::Identity(id) => Ok(PrivateKey::Asymmetric(id)),
        }
    }
}

impl fmt::Debug for AccessKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::Password(_) => f.debug_struct("Password").finish(),
            Self::Identity(_) => f.debug_struct("Identity").finish(),
        }
    }
}

impl PartialEq for AccessKey {
    fn eq(&self, other: &Self) -> bool {
        match (self, other) {
            (Self::Password(a), Self::Password(b)) => {
                a.expose_secret() == b.expose_secret()
            }
            (Self::Identity(a), Self::Identity(b)) => {
                a.to_string().expose_secret() == b.to_string().expose_secret()
            }
            _ => false,
        }
    }
}

impl Eq for AccessKey {}

/// Private key variants.
pub enum PrivateKey {
    /// Private key used for symmetric ciphers.
    Symmetric(DerivedPrivateKey),
    /// Private key used for asymmetric ciphers.
    Asymmetric(Identity),
}

/// Encapsulates the bytes for a derived symmetric secret key.
pub struct DerivedPrivateKey {
    inner: SecretBox<Vec<u8>>,
}

impl DerivedPrivateKey {
    /// Create a new random 32-byte secret key.
    pub fn generate() -> Self {
        use crate::crypto::csprng;
        use rand::Rng;
        let bytes: [u8; 32] = csprng().gen();
        Self {
            inner: SecretBox::new(Box::new(bytes.to_vec())),
        }
    }

    /// Convert from a PEM-encoded key.
    pub fn from_pem(key: &str) -> Result<Self> {
        let pem = pem::parse(key)?;
        let contents = pem.contents();
        Ok(Self {
            inner: SecretBox::new(Box::new(contents.to_vec())),
        })
    }

    /// Convert this key to a PEM-encoded string.
    pub fn to_pem(&self) -> String {
        pem::encode(&pem::Pem::new(
            "PRIVATE KEY",
            self.inner.expose_secret().as_slice(),
        ))
    }

    /// Create a new derived private key.
    pub(crate) fn new(inner: SecretBox<Vec<u8>>) -> Self {
        Self { inner }
    }
}

impl AsRef<[u8]> for DerivedPrivateKey {
    fn as_ref(&self) -> &[u8] {
        self.inner.expose_secret()
    }
}

impl From<Vec<u8>> for DerivedPrivateKey {
    fn from(value: Vec<u8>) -> Self {
        Self {
            inner: SecretBox::new(value.into()),
        }
    }
}