1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
#![recursion_limit = "128"]
#[macro_use]
extern crate serde_derive;
#[macro_use]
extern crate base64_serde;
#[macro_use]
extern crate quick_error;
#[macro_use]
extern crate lazy_static;
#[cfg(test)]
#[macro_use]
extern crate galvanic_assert;
#[cfg(test)]
#[macro_use]
extern crate double;
#[macro_use]
extern crate percent_encoding;
mod crypto;
mod internal;
include!(concat!(env!("OUT_DIR"), "/transform.rs"));
pub mod document;
pub mod group;
pub mod user;
pub mod policy;
pub mod prelude;
use crate::internal::{
group_api::GroupId,
user_api::{UserId, UserResult},
};
pub use crate::internal::{
DeviceContext, DeviceSigningKeyPair, IronOxideErr, KeyPair, PrivateKey, PublicKey,
};
use itertools::EitherOrBoth;
use rand::{
rngs::{adapter::ReseedingRng, EntropyRng},
FromEntropy,
};
use rand_chacha::ChaChaCore;
use recrypt::api::{Ed25519, RandomBytes, Recrypt, Sha256};
use std::sync::Mutex;
use tokio::runtime::current_thread::Runtime;
pub type Result<T> = std::result::Result<T, IronOxideErr>;
use futures::prelude::*;
pub struct IronOxide {
pub(crate) recrypt: Recrypt<Sha256, Ed25519, RandomBytes<recrypt::api::DefaultRng>>,
pub(crate) user_master_pub_key: PublicKey,
pub(crate) device: DeviceContext,
pub(crate) rng: Mutex<ReseedingRng<ChaChaCore, EntropyRng>>,
}
pub enum InitAndRotationCheck {
NoRotationNeeded(IronOxide),
RotationNeeded(IronOxide, PrivateKeyRotationCheckResult),
}
impl InitAndRotationCheck {
pub fn discard_check(self) -> IronOxide {
match self {
InitAndRotationCheck::NoRotationNeeded(io)
| InitAndRotationCheck::RotationNeeded(io, _) => io,
}
}
}
const BYTES_BEFORE_RESEEDING: u64 = 1 * 1024 * 1024;
pub struct PrivateKeyRotationCheckResult {
pub rotations_needed: EitherOrBoth<UserId, Vec<GroupId>>,
}
impl PrivateKeyRotationCheckResult {
pub fn user_rotation_needed(&self) -> Option<UserId> {
match &self.rotations_needed {
EitherOrBoth::Left(u) | EitherOrBoth::Both(u, _) => Some(u.clone()),
_ => None,
}
}
}
pub fn initialize(device_context: &DeviceContext) -> Result<IronOxide> {
let mut rt = Runtime::new().unwrap();
rt.block_on(crate::internal::user_api::user_get_current(
&device_context.auth(),
))
.map(|current_user| IronOxide::create(¤t_user, device_context))
.map_err(|_| IronOxideErr::InitializeError)
}
pub fn initialize_check_rotation(device_context: &DeviceContext) -> Result<InitAndRotationCheck> {
Runtime::new().unwrap().block_on(
internal::user_api::user_get_current(device_context.auth()).and_then(|curr_user| {
let ironoxide = IronOxide::create(&curr_user, &device_context);
if curr_user.needs_rotation() {
Ok(InitAndRotationCheck::RotationNeeded(
ironoxide,
PrivateKeyRotationCheckResult {
rotations_needed: EitherOrBoth::Left(curr_user.account_id().clone()),
},
))
} else {
Ok(InitAndRotationCheck::NoRotationNeeded(ironoxide))
}
}),
)
}
impl IronOxide {
pub fn device(&self) -> &DeviceContext {
&self.device
}
fn create(curr_user: &UserResult, device_context: &DeviceContext) -> IronOxide {
IronOxide {
recrypt: Recrypt::new(),
device: device_context.clone(),
user_master_pub_key: curr_user.user_public_key().to_owned(),
rng: Mutex::new(ReseedingRng::new(
rand_chacha::ChaChaCore::from_entropy(),
BYTES_BEFORE_RESEEDING,
EntropyRng::new(),
)),
}
}
}
impl From<IronOxideErr> for String {
fn from(err: IronOxideErr) -> Self {
format!("{}", err)
}
}