1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

use core::mem::size_of;
use std::sync::Once;

extern crate sodiumoxide;
use sodiumoxide::crypto::{auth, sign};

pub use auth::Tag as AuthTag;
pub use sign::{
    sign_detached, verify_detached, PublicKey, SecretKey, Signature, PUBLICKEYBYTES,
    SECRETKEYBYTES, SIGNATUREBYTES,
};
pub use sodiumoxide::crypto::secretbox;

pub mod handshake;
pub mod hash;
pub mod utils;

static INIT: Once = Once::new();
pub fn init() {
    INIT.call_once(|| {
        sodiumoxide::init().expect("Failed to initialize libsodium.");
    });
}

pub fn generate_longterm_keypair() -> (PublicKey, SecretKey) {
    sign::gen_keypair()
}

/// 32-byte network key, known by client and server. Usually `NetworkKey::SSB_MAIN_NET`
#[derive(Clone, Debug, PartialEq)]
pub struct NetworkKey(auth::Key);
impl NetworkKey {
    pub const SSB_MAIN_NET: NetworkKey = NetworkKey(auth::Key([
        0xd4, 0xa1, 0xcb, 0x88, 0xa6, 0x6f, 0x02, 0xf8, 0xdb, 0x63, 0x5c, 0xe2, 0x64, 0x41, 0xcc,
        0x5d, 0xac, 0x1b, 0x08, 0x42, 0x0c, 0xea, 0xac, 0x23, 0x08, 0x39, 0xb7, 0x55, 0x84, 0x5a,
        0x9f, 0xfb,
    ]));

    pub fn random() -> NetworkKey {
        let mut buf = [0u8; NetworkKey::size()];
        utils::randombytes_into(&mut buf);
        NetworkKey::from_slice(&buf).unwrap()
    }

    pub fn as_slice(&self) -> &[u8] {
        &self.0[..]
    }
    pub fn from_slice(b: &[u8]) -> Option<NetworkKey> {
        Some(NetworkKey(auth::Key::from_slice(b)?))
    }

    pub fn authenticate(&self, data: &[u8]) -> AuthTag {
        auth::authenticate(data, &self.0)
    }

    pub fn verify(&self, tag: &AuthTag, data: &[u8]) -> bool {
        auth::verify(tag, data, &self.0)
    }

    pub const fn size() -> usize {
        size_of::<auth::Key>()
    }
}

pub struct NonceGen {
    next_nonce: secretbox::Nonce,
}

impl NonceGen {
    pub fn new(pk: &handshake::EphPublicKey, net_id: &NetworkKey) -> NonceGen {
        let hmac = auth::authenticate(&pk[..], &net_id.0);
        const N: usize = size_of::<secretbox::Nonce>();
        NonceGen {
            next_nonce: secretbox::Nonce::from_slice(&hmac[..N]).unwrap(),
        }
    }

    /// #Examples
    /// ```rust
    /// use ssb_crypto::NonceGen;
    /// use sodiumoxide::crypto::secretbox::Nonce;
    ///
    /// let nonce_bytes = [0, 0, 0, 0, 0, 0, 0, 0,
    ///                    0, 0, 0, 0, 0, 0, 0, 0,
    ///                    0, 0, 0, 0, 0, 0, 255, 255];
    /// let mut gen = NonceGen::with_starting_nonce(Nonce::from_slice(&nonce_bytes).unwrap());
    /// let n1 = gen.next();
    /// assert_eq!(&n1[..], &nonce_bytes);
    /// let n2 = gen.next();
    /// assert_eq!(&n2[..], [0, 0, 0, 0, 0, 0, 0, 0,
    ///                      0, 0, 0, 0, 0, 0, 0, 0,
    ///                      0, 0, 0, 0, 0, 1, 0, 0]);
    /// ```
    pub fn with_starting_nonce(nonce: secretbox::Nonce) -> NonceGen {
        NonceGen { next_nonce: nonce }
    }

    pub fn next(&mut self) -> secretbox::Nonce {
        let n = self.next_nonce;

        // Increment the nonce as a big-endian u24
        for byte in self.next_nonce.0.iter_mut().rev() {
            *byte = byte.wrapping_add(1);
            if *byte != 0 {
                break;
            }
        }
        n
    }
}

#[cfg(test)]
mod tests {
    use super::{generate_longterm_keypair, handshake::*, NetworkKey, PublicKey};
    use core::mem::size_of;

    #[test]
    fn networkkey_random() {
        let a = NetworkKey::random();
        let b = NetworkKey::random();

        assert_ne!(a, b);
        assert_ne!(
            a,
            NetworkKey::from_slice(&[0u8; NetworkKey::size()]).unwrap()
        );
    }

    #[test]
    fn shared_secret_with_zero() {
        let (c_eph_pk, _) = generate_ephemeral_keypair();
        let (c_pk, _) = generate_longterm_keypair();

        let (_, s_eph_sk) = generate_ephemeral_keypair();
        let (_, s_sk) = generate_longterm_keypair();

        assert!(derive_shared_secret(&s_eph_sk, &c_eph_pk).is_some());
        let zero_eph_pk = EphPublicKey::from_slice(&[0; size_of::<EphPublicKey>()]).unwrap();
        assert!(derive_shared_secret(&s_eph_sk, &zero_eph_pk).is_none());

        assert!(derive_shared_secret_pk(&s_eph_sk, &c_pk).is_some());
        let zero_pk = PublicKey::from_slice(&[0; size_of::<PublicKey>()]).unwrap();
        assert!(derive_shared_secret_pk(&s_eph_sk, &zero_pk).is_none());

        assert!(derive_shared_secret_sk(&s_sk, &c_eph_pk).is_some());
        assert!(derive_shared_secret_sk(&s_sk, &zero_eph_pk).is_none());
    }
}