keybase_keystore/
types.rs

1use crate::crypto::{AuthSecret, Secret, SECRET_LEN};
2use bip39::Mnemonic;
3use secrecy::SecretString;
4use strobe_rs::AuthError;
5use thiserror::Error;
6
7#[derive(Clone, Debug)]
8pub struct DeviceKey(Secret);
9
10impl DeviceKey {
11    pub async fn generate() -> Self {
12        Self(Secret::generate().await)
13    }
14
15    pub fn from_seed(secret: [u8; SECRET_LEN]) -> Self {
16        Self(Secret::new(secret))
17    }
18
19    pub fn from_mnemonic(mnemonic: &Mnemonic) -> Result<Self, NotEnoughEntropyError> {
20        let entropy = mnemonic.entropy();
21        if entropy.len() < SECRET_LEN {
22            return Err(NotEnoughEntropyError);
23        }
24        let mut buf = [0; SECRET_LEN];
25        buf.copy_from_slice(&entropy[..SECRET_LEN]);
26        Ok(Self(Secret::new(buf)))
27    }
28
29    pub fn expose_secret(&self) -> &[u8; SECRET_LEN] {
30        self.0.expose_secret()
31    }
32
33    pub(crate) async fn encrypt(&self, key: &RandomKey) -> EncryptedDeviceKey {
34        EncryptedDeviceKey(self.0.auth_encrypt(&key.0).await)
35    }
36}
37
38#[derive(Debug, Error)]
39#[error("Mnemonic didn't contain enough entropy. Needs to provide at least 256 bits of entropy.")]
40pub struct NotEnoughEntropyError;
41
42pub(crate) struct EncryptedDeviceKey(pub AuthSecret);
43
44impl EncryptedDeviceKey {
45    pub fn decrypt(&self, key: &RandomKey) -> Result<DeviceKey, AuthError> {
46        Ok(DeviceKey(self.0.auth_decrypt(&key.0)?))
47    }
48}
49
50pub(crate) struct RandomKey(Secret);
51
52impl RandomKey {
53    pub async fn generate() -> Self {
54        Self(Secret::generate().await)
55    }
56
57    pub fn public(&self, pass: &Password) -> PublicDeviceKey {
58        PublicDeviceKey(self.0.xor(&pass.0))
59    }
60
61    pub fn password(&self, pdk: &PublicDeviceKey) -> Password {
62        Password(self.0.xor(&pdk.0))
63    }
64
65    pub fn encrypt(&self, noise: &Secret) -> EncryptedRandomKey {
66        EncryptedRandomKey(self.0.encrypt(noise))
67    }
68}
69
70pub(crate) struct EncryptedRandomKey(pub Secret);
71
72impl EncryptedRandomKey {
73    pub fn decrypt(&self, key: &Secret) -> RandomKey {
74        RandomKey(self.0.decrypt(key))
75    }
76}
77
78#[derive(Clone, Debug)]
79pub struct Password(Secret);
80
81impl Password {
82    pub fn new(plain: &SecretString) -> Self {
83        Password(Secret::kdf(plain))
84    }
85
86    pub async fn generate() -> Self {
87        Self(Secret::generate().await)
88    }
89
90    pub fn expose_secret(&self) -> &[u8; SECRET_LEN] {
91        self.0.expose_secret()
92    }
93
94    pub(crate) fn mask(&self, other: &Password) -> Mask {
95        Mask(self.0.xor(&other.0))
96    }
97
98    pub(crate) fn apply_mask(&self, mask: &Mask) -> Password {
99        Password(self.0.xor(&mask.0))
100    }
101}
102
103impl PartialEq for Password {
104    fn eq(&self, other: &Password) -> bool {
105        self.expose_secret() == other.expose_secret()
106    }
107}
108
109impl Eq for Password {}
110
111impl From<String> for Password {
112    fn from(s: String) -> Password {
113        Self::new(&SecretString::new(s))
114    }
115}
116
117pub struct PublicDeviceKey(pub Secret);
118
119impl PublicDeviceKey {
120    pub fn new(pdk: [u8; SECRET_LEN]) -> Self {
121        Self(Secret::new(pdk))
122    }
123
124    pub(crate) fn private(&self, pass: &Password) -> RandomKey {
125        RandomKey(self.0.xor(&pass.0))
126    }
127}
128
129impl core::ops::Deref for PublicDeviceKey {
130    type Target = [u8; SECRET_LEN];
131
132    fn deref(&self) -> &Self::Target {
133        self.0.expose_secret()
134    }
135}
136
137pub struct Mask(Secret);
138
139impl Mask {
140    pub fn new(mask: [u8; SECRET_LEN]) -> Self {
141        Self(Secret::new(mask))
142    }
143}
144
145impl core::ops::Deref for Mask {
146    type Target = [u8; SECRET_LEN];
147
148    fn deref(&self) -> &Self::Target {
149        self.0.expose_secret()
150    }
151}
keybase_keystore/types.rs

keybase_keystore/
types.rs
