tauri-plugin-keyring-store 0.1.5

Stronghold-inspired secrets and crypto helpers backed by the OS credential store (keyring-core).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272

//! Request and response types shared between Rust, IPC, and TypeScript (camelCase where noted).
//!
//! Use [`BytesDto`] for Stronghold-compatible `string | bytes` payloads and [`ProcedureDto`] for
//! optional `crypto` feature procedures.

use std::{fmt, time::Duration};

use serde::{de::Visitor, Deserialize, Deserializer, Serialize, Serializer};

#[derive(Debug, Deserialize, Serialize, Clone)]
#[serde(rename_all = "camelCase")]
/// IPC ping request (health / round-trip).
pub struct PingRequest {
    /// Echo payload from the client, if any.
    pub value: Option<String>,
}

#[derive(Debug, Clone, Default, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
/// IPC ping response.
pub struct PingResponse {
    /// Echo payload returned to the client.
    pub value: Option<String>,
}

/// Bytes payload compatible with Stronghold's JS API (`string | bytes`).
///
/// # Example
///
/// ```
/// use tauri_plugin_keyring_store::BytesDto;
///
/// let text = BytesDto::Text("client-id".into());
/// let raw = BytesDto::Raw(vec![0x01, 0xff]);
/// assert_eq!(text.as_ref(), b"client-id");
/// assert_eq!(raw.as_ref(), [1, 255]);
/// ```
#[derive(Debug, Clone, Deserialize, Serialize, Hash, Eq, PartialEq, Ord, PartialOrd)]
#[serde(untagged)]
pub enum BytesDto {
    /// UTF-8 string (stored/compared as bytes via [`AsRef`]).
    Text(String),
    /// Raw binary (e.g. client id bytes).
    Raw(Vec<u8>),
}

impl AsRef<[u8]> for BytesDto {
    fn as_ref(&self) -> &[u8] {
        match self {
            Self::Text(t) => t.as_bytes(),
            Self::Raw(b) => b.as_ref(),
        }
    }
}

impl From<BytesDto> for Vec<u8> {
    fn from(v: BytesDto) -> Self {
        match v {
            BytesDto::Text(t) => t.into_bytes(),
            BytesDto::Raw(b) => b,
        }
    }
}

/// Stronghold-compatible duration (ignored for OS keyring persistence).
///
/// # Example
///
/// ```
/// use tauri_plugin_keyring_store::DurationDto;
/// use std::time::Duration;
///
/// let d = DurationDto { secs: 1, nanos: 500 };
/// let std_d: Duration = d.into();
/// assert_eq!(std_d.as_secs(), 1);
/// ```
#[derive(Debug, Clone, Copy, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct DurationDto {
    /// Whole seconds.
    pub secs: u64,
    /// Sub-second nanoseconds (`0..1_000_000_000`).
    pub nanos: u32,
}

impl From<DurationDto> for Duration {
    fn from(d: DurationDto) -> Self {
        Duration::new(d.secs, d.nanos)
    }
}

#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(tag = "type", content = "payload")]
/// Logical storage location inside a snapshot (vault + record or counter row).
pub enum LocationDto {
    /// Arbitrary record under a named vault.
    Generic {
        /// Vault id (often a string name).
        vault: BytesDto,
        /// Record path inside the vault.
        record: BytesDto,
    },
    /// Counter-style record (`counter` serialized as text for hashing).
    Counter {
        /// Vault id.
        vault: BytesDto,
        /// Monotonic row index.
        counter: usize,
    },
}

#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(tag = "type", content = "payload")]
/// SLIP10 derive input: either a seed blob or an extended parent key.
pub enum Slip10DeriveInputDto {
    /// Read SLIP10 seed bytes from this location.
    Seed(LocationDto),
    /// Read 65-byte extended SLIP10 key from this location.
    Key(LocationDto),
}

#[derive(Debug, Clone, Copy)]
/// Asymmetric key kind for `PublicKey` procedure (string JSON: `ed25519` / `x25519`).
pub enum KeyType {
    /// Ed25519 curve (supported for derive/sign/public key).
    Ed25519,
    /// X25519 (public key extraction not implemented in this plugin).
    X25519,
}

impl<'de> Deserialize<'de> for KeyType {
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
    where
        D: Deserializer<'de>,
    {
        struct KeyTypeVisitor;

        impl<'de> Visitor<'de> for KeyTypeVisitor {
            type Value = KeyType;

            fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result {
                formatter.write_str("ed25519 or x25519")
            }

            fn visit_str<E>(self, value: &str) -> std::result::Result<Self::Value, E>
            where
                E: serde::de::Error,
            {
                match value.to_lowercase().as_str() {
                    "ed25519" => Ok(KeyType::Ed25519),
                    "x25519" => Ok(KeyType::X25519),
                    _ => Err(serde::de::Error::custom("unknown key type")),
                }
            }
        }

        deserializer.deserialize_str(KeyTypeVisitor)
    }
}

impl Serialize for KeyType {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: Serializer,
    {
        let s = match self {
            KeyType::Ed25519 => "ed25519",
            KeyType::X25519 => "x25519",
        };
        serializer.serialize_str(s)
    }
}

/// Stronghold-shaped crypto or signing operation (requires the **`crypto`** crate feature).
#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(tag = "type", content = "payload")]
pub enum ProcedureDto {
    /// Generate a new SLIP10 master and write the extended key to `output`.
    SLIP10Generate {
        /// Target vault location for the new master key material.
        output: LocationDto,
        /// Seed length in bytes (default 32, clamped to at least 16).
        #[serde(rename = "sizeBytes")]
        size_bytes: Option<usize>,
    },
    /// Derive a child SLIP10 key along `chain` and write to `output`.
    SLIP10Derive {
        /// Hardened segment indices (same semantics as Stronghold).
        chain: Vec<u32>,
        /// Parent seed or extended key read from `input`.
        input: Slip10DeriveInputDto,
        /// Where to write derived extended key bytes.
        output: LocationDto,
    },
    /// Restore BIP39 mnemonic to SLIP10 master at `output`.
    BIP39Recover {
        /// Space-separated mnemonic (English wordlist).
        mnemonic: String,
        /// Optional BIP39 passphrase.
        passphrase: Option<String>,
        /// Where to write extended master key bytes.
        output: LocationDto,
    },
    /// Generate entropy, build an English mnemonic, derive the BIP39 seed → SLIP10 master, and write extended key bytes to `output` (return value matches written bytes).
    BIP39Generate {
        /// Optional BIP39 passphrase for seed derivation.
        passphrase: Option<String>,
        /// Where to write extended master key bytes.
        output: LocationDto,
    },
    /// Extract public key bytes (32-byte Ed25519 pk) from a private or extended key at `private_key`.
    PublicKey {
        /// Curve / algorithm selector.
        #[serde(rename = "type")]
        ty: KeyType,
        /// Location of 32-byte secret key or 65-byte extended SLIP10 key.
        #[serde(rename = "privateKey")]
        private_key: LocationDto,
    },
    /// Sign `msg` (UTF-8 interpreted as bytes) with Ed25519 private key at `private_key`.
    Ed25519Sign {
        /// Location of signing key material.
        #[serde(rename = "privateKey")]
        private_key: LocationDto,
        /// Message to sign (UTF-8 string, not hex).
        msg: String,
    },
}

/// One row for the bulk **set passwords** IPC command (`account` + plaintext `secret`).
#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PasswordEntryDto {
    /// Logical account id (often `prefix.name` from [`crate::join_prefix`]).
    pub account: String,
    /// Secret value to store (plaintext over IPC — see README security notes).
    pub secret: String,
}

/// Single entry in a plaintext password backup (export/import).
#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PasswordBackupEntryDto {
    /// Account id included in the backup.
    pub account: String,
    /// Stored secret, or [`None`] if the credential was missing at export time.
    pub secret: Option<String>,
}

/// Plaintext backup blob shared by export/import JSON over IPC.
#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PasswordBackupPlainDto {
    /// Schema version for forward compatibility.
    pub format_version: u32,
    /// All exported rows.
    pub entries: Vec<PasswordBackupEntryDto>,
}

/// Argon2id + ChaCha20-Poly1305 backup envelope (always built).
#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PasswordBackupEncryptedDto {
    /// Schema version for forward compatibility.
    pub format_version: u32,
    /// Salt for Argon2 (Base64).
    pub salt: String,
    /// Nonce for ChaCha20-Poly1305 (Base64).
    pub nonce: String,
    /// Ciphertext including Poly1305 tag (Base64).
    pub ciphertext: String,
}