wnfs 0.3.0

WebNative filesystem core implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

use crate::{
    error::FsError,
    private::{KEY_BYTE_SIZE, PrivateRefSerializable, TemporalKey},
};
use anyhow::Result;
use serde::{Deserialize, Serialize, de::Error as DeError, ser::Error as SerError};
use std::fmt::Debug;
use wnfs_common::{Cid, HashOutput};

//--------------------------------------------------------------------------------------------------
// Type Definitions
//--------------------------------------------------------------------------------------------------

/// PrivateRef holds the information to fetch a specific node from the private forest and decrypt it.
///
/// It also includes required key material to decrypt/encrypt any future revisions of the node it points to.
#[derive(Clone, PartialEq, Eq)]
pub struct PrivateRef {
    /// Blake3 hash of the revision name. Used as the label for identifying revisions of PrivateNodes in the PrivateForest.
    pub label: HashOutput,
    /// Skip-ratchet-derived key. Gives read access to the revision pointed to and any newer revisions.
    pub temporal_key: TemporalKey,
    /// CID that identifies the exact value in the multivalue.
    pub content_cid: Cid,
}

// TODO(appcypher): Remove RevisionRef eventually.
/// A pointer to a specific revision in the private forest
/// together with the TemporalKey to decrypt any of these
/// revisions.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub(crate) struct RevisionRef {
    /// Blake3 hash of the revision name. Used as the label for private nodes in the private forest.
    pub label: HashOutput,
    /// Skip-ratchet-derived key. Gives read access to the revision pointed to and any newer revisions.
    pub temporal_key: TemporalKey,
}

//--------------------------------------------------------------------------------------------------
// Implementations
//--------------------------------------------------------------------------------------------------

impl PrivateRef {
    /// Creates a PrivateRef from provided revision name hash and temporal key.
    pub(crate) fn with_temporal_key(
        label: HashOutput,
        temporal_key: TemporalKey,
        content_cid: Cid,
    ) -> Self {
        Self {
            label,
            temporal_key,
            content_cid,
        }
    }

    pub(crate) fn to_serializable(
        &self,
        parent_temporal_key: &TemporalKey,
    ) -> Result<PrivateRefSerializable> {
        let snapshot_key = self.temporal_key.derive_snapshot_key();

        // encrypt temporal key
        let temporal_key_wrapped = parent_temporal_key.key_wrap_encrypt(&self.temporal_key.0)?;

        Ok(PrivateRefSerializable {
            label: self.label,
            snapshot_key,
            temporal_key: temporal_key_wrapped,
            content_cid: self.content_cid,
        })
    }

    pub(crate) fn from_serializable(
        private_ref: PrivateRefSerializable,
        parent_temporal_key: &TemporalKey,
    ) -> Result<Self> {
        let temporal_key_decrypted =
            parent_temporal_key.key_wrap_decrypt(&private_ref.temporal_key)?;

        let temporal_key_raw: [u8; KEY_BYTE_SIZE] =
            temporal_key_decrypted.try_into().map_err(|e: Vec<u8>| {
                FsError::InvalidDeserialization(format!(
                    "Expected 32 bytes for ratchet key, but got {}",
                    e.len()
                ))
            })?;

        Ok(Self {
            label: private_ref.label,
            temporal_key: TemporalKey(temporal_key_raw),
            content_cid: private_ref.content_cid,
        })
    }

    #[allow(unused)]
    pub(crate) fn serialize<S>(
        &self,
        serializer: S,
        temporal_key: &TemporalKey,
    ) -> Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        self.to_serializable(temporal_key)
            .map_err(SerError::custom)?
            .serialize(serializer)
    }

    #[allow(unused)]
    pub(crate) fn deserialize<'de, D>(
        deserializer: D,
        temporal_key: &TemporalKey,
    ) -> Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        let private_ref = PrivateRefSerializable::deserialize(deserializer)?;
        PrivateRef::from_serializable(private_ref, temporal_key).map_err(DeError::custom)
    }
}

impl Debug for PrivateRef {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        let mut rev_name_hash_str = String::from("0x");
        for byte in self.label {
            rev_name_hash_str.push_str(&format!("{byte:02X}"));
        }

        f.debug_struct("PrivateRef")
            .field("label", &rev_name_hash_str)
            .field("temporal_key", &hex::encode(self.temporal_key.0))
            .field("content_cid", &format!("{}", self.content_cid))
            .finish()
    }
}

impl RevisionRef {
    /// Turns a reivison ref into a more specific pointer, a private ref.
    ///
    /// The revision ref refers to a whole multivalue that may or may not exist
    /// or may refer to multiple private nodes.
    ///
    /// The resulting private ref refers to the given CID in the multivalue.
    pub(crate) fn into_private_ref(self, content_cid: Cid) -> PrivateRef {
        PrivateRef {
            label: self.label,
            temporal_key: self.temporal_key,
            content_cid,
        }
    }
}