hyper_keyring/

vault.rs

use serde::{Deserialize, Serialize};

use crate::controller::WalletController;
use crate::KeyringError;

use aes_gcm::{
    aead::{Aead, KeyInit},
    Aes256Gcm, Nonce,
};
use base64::{engine::general_purpose::STANDARD as BASE64, Engine};
use hmac::Hmac;
use pbkdf2::pbkdf2;
use rand::RngCore;
use sha2::Sha256;

/// OWASP 2023 recommended minimum for PBKDF2-SHA256.
const PBKDF2_ITERATIONS: u32 = 600_000;
const SALT_LEN: usize = 32;
const NONCE_LEN: usize = 12;
const KEY_LEN: usize = 32; // AES-256

/// Current vault format version.
const VAULT_VERSION: u32 = 1;

// ---------------------------------------------------------------------------
// Error
// ---------------------------------------------------------------------------

#[derive(Debug, thiserror::Error)]
pub enum VaultError {
    #[error("Vault is locked")]
    Locked,
    #[error("Wrong password")]
    WrongPassword,
    #[error("Vault not initialized")]
    NotInitialized,
    #[error("Encryption error: {0}")]
    EncryptionError(String),
    #[error("Keyring error: {0}")]
    KeyringError(#[from] KeyringError),
}

// ---------------------------------------------------------------------------
// Persisted structures
// ---------------------------------------------------------------------------

/// Encrypted vault metadata (stored alongside the encrypted data).
#[derive(Serialize, Deserialize, Clone, Debug)]
pub struct VaultMetadata {
    pub version: u32,
    pub pbkdf2_iterations: u32,
    pub salt: String,  // Base64-encoded 32-byte salt
    pub nonce: String, // Base64-encoded 12-byte AES-GCM nonce
}

/// Full vault structure (what gets persisted as JSON).
#[derive(Serialize, Deserialize, Clone, Debug)]
pub struct EncryptedVault {
    pub metadata: VaultMetadata,
    pub ciphertext: String, // Base64-encoded encrypted keyring states
}

// ---------------------------------------------------------------------------
// In-memory state
// ---------------------------------------------------------------------------

/// Decrypted vault state (in-memory only).
pub struct VaultState {
    pub controller: WalletController,
}

pub struct Vault {
    state: Option<VaultState>,         // None when locked
    encrypted: Option<EncryptedVault>, // The persisted form
}

// ---------------------------------------------------------------------------
// Crypto helpers
// ---------------------------------------------------------------------------

fn derive_key(password: &str, salt: &[u8], iterations: u32) -> [u8; KEY_LEN] {
    let mut key = [0u8; KEY_LEN];
    pbkdf2::<Hmac<Sha256>>(password.as_bytes(), salt, iterations, &mut key)
        .expect("HMAC can be initialized with any key length");
    key
}

fn encrypt(plaintext: &[u8], password: &str) -> Result<EncryptedVault, VaultError> {
    let mut rng = rand::thread_rng();

    let mut salt = [0u8; SALT_LEN];
    rng.fill_bytes(&mut salt);

    let mut nonce_bytes = [0u8; NONCE_LEN];
    rng.fill_bytes(&mut nonce_bytes);

    let key = derive_key(password, &salt, PBKDF2_ITERATIONS);
    let cipher =
        Aes256Gcm::new_from_slice(&key).map_err(|e| VaultError::EncryptionError(e.to_string()))?;

    let nonce = Nonce::from(nonce_bytes);
    let ciphertext = cipher
        .encrypt(&nonce, plaintext)
        .map_err(|e| VaultError::EncryptionError(e.to_string()))?;

    Ok(EncryptedVault {
        metadata: VaultMetadata {
            version: VAULT_VERSION,
            pbkdf2_iterations: PBKDF2_ITERATIONS,
            salt: BASE64.encode(salt),
            nonce: BASE64.encode(nonce_bytes),
        },
        ciphertext: BASE64.encode(ciphertext),
    })
}

fn decrypt(vault: &EncryptedVault, password: &str) -> Result<Vec<u8>, VaultError> {
    let salt = BASE64
        .decode(&vault.metadata.salt)
        .map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    let nonce_vec = BASE64
        .decode(&vault.metadata.nonce)
        .map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    let nonce_bytes: [u8; NONCE_LEN] = nonce_vec
        .try_into()
        .map_err(|_| VaultError::EncryptionError("invalid nonce length".to_string()))?;
    let ciphertext = BASE64
        .decode(&vault.ciphertext)
        .map_err(|e| VaultError::EncryptionError(e.to_string()))?;

    let key = derive_key(password, &salt, vault.metadata.pbkdf2_iterations);
    let cipher =
        Aes256Gcm::new_from_slice(&key).map_err(|e| VaultError::EncryptionError(e.to_string()))?;

    let nonce = Nonce::from(nonce_bytes);
    cipher
        .decrypt(&nonce, ciphertext.as_ref())
        .map_err(|_| VaultError::WrongPassword)
}

// ---------------------------------------------------------------------------
// File persistence helpers
// ---------------------------------------------------------------------------

/// Return the default vault file path: `<data_dir>/hyper-agent/vault.json`.
pub fn default_vault_path() -> Option<std::path::PathBuf> {
    dirs::data_dir().map(|d| d.join("hyper-agent").join("vault.json"))
}

/// Load an `EncryptedVault` from the default file location.
pub fn load_vault_from_file() -> Result<Option<EncryptedVault>, VaultError> {
    let path = match default_vault_path() {
        Some(p) => p,
        None => return Ok(None),
    };
    if !path.exists() {
        return Ok(None);
    }
    let data =
        std::fs::read_to_string(&path).map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    let vault: EncryptedVault =
        serde_json::from_str(&data).map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    Ok(Some(vault))
}

/// Persist an `EncryptedVault` to the default file location.
pub fn save_vault_to_file(vault: &EncryptedVault) -> Result<(), VaultError> {
    let path = match default_vault_path() {
        Some(p) => p,
        None => {
            return Err(VaultError::EncryptionError(
                "Cannot determine data directory".to_string(),
            ))
        }
    };
    if let Some(parent) = path.parent() {
        std::fs::create_dir_all(parent).map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    }
    let json = serde_json::to_string_pretty(vault)
        .map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    std::fs::write(&path, json).map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    Ok(())
}

/// Store the encrypted vault JSON as a single keychain entry (fallback).
pub fn save_vault_to_keychain(vault: &EncryptedVault) -> Result<(), VaultError> {
    let json =
        serde_json::to_string(vault).map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    let entry = keyring::Entry::new("hyper-agent", "encrypted-vault")
        .map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    entry
        .set_password(&json)
        .map_err(|e| VaultError::EncryptionError(e.to_string()))?;
    Ok(())
}

/// Load the encrypted vault from the OS keychain (fallback).
pub fn load_vault_from_keychain() -> Result<Option<EncryptedVault>, VaultError> {
    let entry = match keyring::Entry::new("hyper-agent", "encrypted-vault") {
        Ok(e) => e,
        Err(_) => return Ok(None),
    };
    match entry.get_password() {
        Ok(json) => {
            let vault: EncryptedVault = serde_json::from_str(&json)
                .map_err(|e| VaultError::EncryptionError(e.to_string()))?;
            Ok(Some(vault))
        }
        Err(_) => Ok(None),
    }
}

// ---------------------------------------------------------------------------
// Vault implementation
// ---------------------------------------------------------------------------

impl Vault {
    /// Create a new empty vault.
    pub fn new() -> Self {
        Self {
            state: None,
            encrypted: None,
        }
    }

    /// Create vault from existing encrypted data.
    pub fn from_encrypted(encrypted: EncryptedVault) -> Self {
        Self {
            state: None,
            encrypted: Some(encrypted),
        }
    }

    /// Unlock vault with password (decrypt keyring states).
    pub fn unlock(&mut self, password: &str) -> Result<(), VaultError> {
        let enc = self.encrypted.as_ref().ok_or(VaultError::NotInitialized)?;
        let plaintext = decrypt(enc, password)?;
        let controller = WalletController::deserialize(&plaintext)?;
        self.state = Some(VaultState { controller });
        Ok(())
    }

    /// Lock vault (clear decrypted state from memory).
    pub fn lock(&mut self) {
        self.state = None;
    }

    /// Check if vault is unlocked.
    pub fn is_unlocked(&self) -> bool {
        self.state.is_some()
    }

    /// Get the wallet controller (must be unlocked).
    pub fn controller(&self) -> Result<&WalletController, VaultError> {
        self.state
            .as_ref()
            .map(|s| &s.controller)
            .ok_or(VaultError::Locked)
    }

    /// Get mutable wallet controller (must be unlocked).
    pub fn controller_mut(&mut self) -> Result<&mut WalletController, VaultError> {
        self.state
            .as_mut()
            .map(|s| &mut s.controller)
            .ok_or(VaultError::Locked)
    }

    /// Save current state: encrypt with password and return EncryptedVault.
    pub fn save(&self, password: &str) -> Result<EncryptedVault, VaultError> {
        let ctrl = self.controller()?;
        let plaintext = ctrl.serialize()?;
        encrypt(&plaintext, password)
    }

    /// Initialize a new vault with password (for first-time setup).
    /// Creates an empty WalletController inside.
    pub fn initialize(&mut self, password: &str) -> Result<EncryptedVault, VaultError> {
        let controller = WalletController::new();
        let plaintext = controller.serialize()?;
        let enc = encrypt(&plaintext, password)?;
        self.encrypted = Some(enc.clone());
        self.state = Some(VaultState { controller });
        Ok(enc)
    }
}

impl Default for Vault {
    fn default() -> Self {
        Self::new()
    }
}

// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------

#[cfg(test)]
mod tests {
    use super::*;

    const TEST_PASSWORD: &str = "correct-horse-battery-staple";
    const WRONG_PASSWORD: &str = "wrong-password";
    const TEST_MNEMONIC: &str =
        "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about";

    #[test]
    fn test_initialize_unlock_get_controller() {
        let mut vault = Vault::new();
        assert!(!vault.is_unlocked());

        let enc = vault.initialize(TEST_PASSWORD).unwrap();
        assert!(vault.is_unlocked());

        // Should be able to get controller
        let ctrl = vault.controller().unwrap();
        assert_eq!(ctrl.get_accounts().len(), 0);

        // Re-create vault from encrypted and unlock
        let mut vault2 = Vault::from_encrypted(enc);
        assert!(!vault2.is_unlocked());
        vault2.unlock(TEST_PASSWORD).unwrap();
        assert!(vault2.is_unlocked());
    }

    #[test]
    fn test_lock_vault_controller_inaccessible() {
        let mut vault = Vault::new();
        vault.initialize(TEST_PASSWORD).unwrap();
        assert!(vault.is_unlocked());

        vault.lock();
        assert!(!vault.is_unlocked());

        let result = vault.controller();
        assert!(matches!(result, Err(VaultError::Locked)));
    }

    #[test]
    fn test_encrypt_decrypt_roundtrip() {
        let mut vault = Vault::new();
        vault.initialize(TEST_PASSWORD).unwrap();

        // Add an HD wallet
        vault
            .controller_mut()
            .unwrap()
            .create_hd_wallet(Some(TEST_MNEMONIC))
            .unwrap();

        let accounts_before = vault.controller().unwrap().get_accounts();
        assert_eq!(accounts_before.len(), 1);

        // Save (encrypt)
        let enc = vault.save(TEST_PASSWORD).unwrap();

        // Load into a new vault and unlock
        let mut vault2 = Vault::from_encrypted(enc);
        vault2.unlock(TEST_PASSWORD).unwrap();

        let accounts_after = vault2.controller().unwrap().get_accounts();
        assert_eq!(accounts_before.len(), accounts_after.len());
        assert_eq!(accounts_before[0].address, accounts_after[0].address);
    }

    #[test]
    fn test_wrong_password_fails() {
        let mut vault = Vault::new();
        let enc = vault.initialize(TEST_PASSWORD).unwrap();

        let mut vault2 = Vault::from_encrypted(enc);
        let result = vault2.unlock(WRONG_PASSWORD);
        assert!(matches!(result, Err(VaultError::WrongPassword)));
        assert!(!vault2.is_unlocked());
    }

    #[test]
    fn test_hd_wallet_survives_save_reload() {
        let mut vault = Vault::new();
        vault.initialize(TEST_PASSWORD).unwrap();

        // Create HD wallet and derive additional accounts
        let ctrl = vault.controller_mut().unwrap();
        ctrl.create_hd_wallet(Some(TEST_MNEMONIC)).unwrap();
        ctrl.derive_next_agent().unwrap();
        ctrl.derive_next_agent().unwrap();

        let accounts_before: Vec<String> = vault
            .controller()
            .unwrap()
            .get_accounts()
            .iter()
            .map(|a| a.address.clone())
            .collect();
        assert_eq!(accounts_before.len(), 3);

        // Save, reload, verify
        let enc = vault.save(TEST_PASSWORD).unwrap();
        let mut vault2 = Vault::from_encrypted(enc);
        vault2.unlock(TEST_PASSWORD).unwrap();

        let accounts_after: Vec<String> = vault2
            .controller()
            .unwrap()
            .get_accounts()
            .iter()
            .map(|a| a.address.clone())
            .collect();
        assert_eq!(accounts_before, accounts_after);

        // Verify private keys match
        for addr in &accounts_before {
            let key1 = vault.controller().unwrap().export_account(addr).unwrap();
            let key2 = vault2.controller().unwrap().export_account(addr).unwrap();
            assert_eq!(key1, key2);
        }
    }

    #[test]
    fn test_unlock_not_initialized_fails() {
        let mut vault = Vault::new();
        let result = vault.unlock(TEST_PASSWORD);
        assert!(matches!(result, Err(VaultError::NotInitialized)));
    }

    #[test]
    fn test_save_while_locked_fails() {
        let mut vault = Vault::new();
        vault.initialize(TEST_PASSWORD).unwrap();
        vault.lock();
        let result = vault.save(TEST_PASSWORD);
        assert!(matches!(result, Err(VaultError::Locked)));
    }

    #[test]
    fn test_encrypt_decrypt_raw_helpers() {
        let plaintext = b"hello vault";
        let enc = encrypt(plaintext, TEST_PASSWORD).unwrap();

        // Correct password
        let decrypted = decrypt(&enc, TEST_PASSWORD).unwrap();
        assert_eq!(decrypted, plaintext);

        // Wrong password
        let result = decrypt(&enc, WRONG_PASSWORD);
        assert!(matches!(result, Err(VaultError::WrongPassword)));
    }

    #[test]
    fn test_vault_metadata_version() {
        let mut vault = Vault::new();
        let enc = vault.initialize(TEST_PASSWORD).unwrap();
        assert_eq!(enc.metadata.version, VAULT_VERSION);
        assert_eq!(enc.metadata.pbkdf2_iterations, PBKDF2_ITERATIONS);
    }

    #[test]
    fn test_encrypted_vault_serializable_as_json() {
        let mut vault = Vault::new();
        let enc = vault.initialize(TEST_PASSWORD).unwrap();

        // Should roundtrip through JSON
        let json = serde_json::to_string(&enc).unwrap();
        let enc2: EncryptedVault = serde_json::from_str(&json).unwrap();

        // Unlock with the deserialized copy
        let mut vault2 = Vault::from_encrypted(enc2);
        vault2.unlock(TEST_PASSWORD).unwrap();
        assert!(vault2.is_unlocked());
    }
}