use crate::crypto::shared_secretbox;
use crate::errors::CoreError;
use crate::ffi::arrays::{SymNonce, SymSecretKey};
use crate::ffi::{md_kind_clone_from_repr_c, md_kind_into_repr_c, MDataInfo as FfiMDataInfo};
use crate::ipc::IpcError;
use crate::utils::{
self, symmetric_decrypt, symmetric_encrypt, SymEncKey, SymEncNonce, SYM_ENC_NONCE_LEN,
};
use ffi_utils::ReprC;
use safe_nd::{
MDataAddress, MDataKind, MDataSeqEntries, MDataSeqEntryAction, MDataSeqValue, XorName,
};
use serde::{Deserialize, Serialize};
use std::collections::{BTreeMap, BTreeSet};
use std::convert::TryInto;
use tiny_keccak::sha3_256;
use unwrap::unwrap;
#[derive(Clone, Debug, Eq, PartialEq, Deserialize, Serialize)]
pub struct MDataInfo {
pub address: MDataAddress,
pub enc_info: Option<(shared_secretbox::Key, SymEncNonce)>,
pub new_enc_info: Option<(shared_secretbox::Key, SymEncNonce)>,
}
impl MDataInfo {
pub fn new_private(
address: MDataAddress,
enc_info: (shared_secretbox::Key, SymEncNonce),
) -> Self {
Self {
address,
enc_info: Some(enc_info),
new_enc_info: None,
}
}
pub fn new_public(address: MDataAddress) -> Self {
Self {
address,
enc_info: None,
new_enc_info: None,
}
}
pub fn random_private(kind: MDataKind, type_tag: u64) -> Result<Self, CoreError> {
let address = MDataAddress::from_kind(kind, rand::random(), type_tag);
let enc_info = (shared_secretbox::gen_key(), utils::generate_nonce());
Ok(Self::new_private(address, enc_info))
}
pub fn random_public(kind: MDataKind, type_tag: u64) -> Result<Self, CoreError> {
let address = MDataAddress::from_kind(kind, rand::random(), type_tag);
Ok(Self::new_public(address))
}
pub fn name(&self) -> XorName {
*self.address.name()
}
pub fn type_tag(&self) -> u64 {
self.address.tag()
}
pub fn address(&self) -> &MDataAddress {
&self.address
}
pub fn kind(&self) -> MDataKind {
self.address.kind()
}
pub fn enc_key(&self) -> Option<&shared_secretbox::Key> {
self.enc_info.as_ref().map(|&(ref key, _)| key)
}
pub fn nonce(&self) -> Option<&SymEncNonce> {
self.enc_info.as_ref().map(|&(_, ref nonce)| nonce)
}
pub fn enc_entry_key(&self, plain_text: &[u8]) -> Result<Vec<u8>, CoreError> {
if let Some((ref key, seed)) = self.new_enc_info {
enc_entry_key(plain_text, key, seed)
} else if let Some((ref key, seed)) = self.enc_info {
enc_entry_key(plain_text, key, seed)
} else {
Ok(plain_text.to_vec())
}
}
pub fn enc_entry_value(&self, plain_text: &[u8]) -> Result<Vec<u8>, CoreError> {
if let Some((ref key, _)) = self.new_enc_info {
symmetric_encrypt(plain_text, key, None)
} else if let Some((ref key, _)) = self.enc_info {
symmetric_encrypt(plain_text, key, None)
} else {
Ok(plain_text.to_vec())
}
}
pub fn decrypt(&self, cipher: &[u8]) -> Result<Vec<u8>, CoreError> {
if let Some((ref key, _)) = self.new_enc_info {
if let Ok(plain) = symmetric_decrypt(cipher, key) {
return Ok(plain);
}
}
if let Some((ref key, _)) = self.enc_info {
symmetric_decrypt(cipher, key)
} else {
Ok(cipher.to_vec())
}
}
pub fn start_new_enc_info(&mut self) {
if self.enc_info.is_some() && self.new_enc_info.is_none() {
self.new_enc_info = Some((shared_secretbox::gen_key(), utils::generate_nonce()));
}
}
pub fn commit_new_enc_info(&mut self) {
if let Some(new_enc_info) = self.new_enc_info.take() {
self.enc_info = Some(new_enc_info);
}
}
pub fn into_repr_c(self) -> FfiMDataInfo {
let (name, type_tag, kind) = (self.name().0, self.type_tag(), self.kind());
let seq = md_kind_into_repr_c(kind);
let (has_enc_info, enc_key, enc_nonce) = enc_info_into_repr_c(self.enc_info);
let (has_new_enc_info, new_enc_key, new_enc_nonce) =
enc_info_into_repr_c(self.new_enc_info);
FfiMDataInfo {
seq,
name,
type_tag,
has_enc_info,
enc_key,
enc_nonce,
has_new_enc_info,
new_enc_key,
new_enc_nonce,
}
}
}
pub fn encrypt_entries(
info: &MDataInfo,
entries: &MDataSeqEntries,
) -> Result<MDataSeqEntries, CoreError> {
let mut output = BTreeMap::new();
for (key, value) in entries {
let encrypted_key = info.enc_entry_key(key)?;
let encrypted_value = encrypt_value(info, value)?;
let _ = output.insert(encrypted_key, encrypted_value);
}
Ok(output)
}
pub fn encrypt_entry_actions(
info: &MDataInfo,
actions: &BTreeMap<Vec<u8>, MDataSeqEntryAction>,
) -> Result<BTreeMap<Vec<u8>, MDataSeqEntryAction>, CoreError> {
let mut output = BTreeMap::new();
for (key, action) in actions {
let encrypted_key = info.enc_entry_key(key)?;
let encrypted_action = match *action {
MDataSeqEntryAction::Ins(ref value) => {
MDataSeqEntryAction::Ins(encrypt_value(info, value)?)
}
MDataSeqEntryAction::Update(ref value) => {
MDataSeqEntryAction::Update(encrypt_value(info, value)?)
}
MDataSeqEntryAction::Del(version) => MDataSeqEntryAction::Del(version),
};
let _ = output.insert(encrypted_key, encrypted_action);
}
Ok(output)
}
pub fn decrypt_entries(
info: &MDataInfo,
entries: &MDataSeqEntries,
) -> Result<MDataSeqEntries, CoreError> {
let mut output = BTreeMap::new();
for (key, value) in entries {
let decrypted_key = info.decrypt(key)?;
let decrypted_value = decrypt_value(info, value)?;
let _ = output.insert(decrypted_key, decrypted_value);
}
Ok(output)
}
pub fn decrypt_keys(
info: &MDataInfo,
keys: &BTreeSet<Vec<u8>>,
) -> Result<BTreeSet<Vec<u8>>, CoreError> {
let mut output = BTreeSet::new();
for key in keys {
let _ = output.insert(info.decrypt(key)?);
}
Ok(output)
}
pub fn decrypt_values(
info: &MDataInfo,
values: &[MDataSeqValue],
) -> Result<Vec<MDataSeqValue>, CoreError> {
let mut output = Vec::with_capacity(values.len());
for value in values {
output.push(decrypt_value(info, value)?);
}
Ok(output)
}
fn encrypt_value(info: &MDataInfo, value: &MDataSeqValue) -> Result<MDataSeqValue, CoreError> {
Ok(MDataSeqValue {
data: info.enc_entry_value(&value.data)?,
version: value.version,
})
}
fn decrypt_value(info: &MDataInfo, value: &MDataSeqValue) -> Result<MDataSeqValue, CoreError> {
Ok(MDataSeqValue {
data: info.decrypt(&value.data)?,
version: value.version,
})
}
fn enc_entry_key(
plain_text: &[u8],
key: &SymEncKey,
seed: SymEncNonce,
) -> Result<Vec<u8>, CoreError> {
let nonce: SymEncNonce = {
let mut pt = plain_text.to_vec();
pt.extend_from_slice(&seed[..]);
unwrap!(sha3_256(&pt)[..SYM_ENC_NONCE_LEN].try_into())
};
symmetric_encrypt(plain_text, key, Some(&nonce))
}
impl ReprC for MDataInfo {
type C = *const FfiMDataInfo;
type Error = IpcError;
#[allow(unsafe_code)]
unsafe fn clone_from_repr_c(repr_c: Self::C) -> Result<Self, Self::Error> {
let FfiMDataInfo {
seq,
name,
type_tag,
has_enc_info,
enc_key,
enc_nonce,
has_new_enc_info,
new_enc_key,
new_enc_nonce,
} = *repr_c;
let name = XorName(name);
let kind = md_kind_clone_from_repr_c(seq);
Ok(Self {
address: MDataAddress::from_kind(kind, name, type_tag),
enc_info: enc_info_from_repr_c(has_enc_info, enc_key, enc_nonce),
new_enc_info: enc_info_from_repr_c(has_new_enc_info, new_enc_key, new_enc_nonce),
})
}
}
fn enc_info_into_repr_c(
info: Option<(shared_secretbox::Key, SymEncNonce)>,
) -> (bool, SymSecretKey, SymNonce) {
if let Some((key, nonce)) = info {
(true, *key, nonce)
} else {
(false, Default::default(), Default::default())
}
}
fn enc_info_from_repr_c(
is_set: bool,
key: SymSecretKey,
nonce: SymNonce,
) -> Option<(shared_secretbox::Key, SymEncNonce)> {
if is_set {
Some((shared_secretbox::Key::from_raw(&key), nonce))
} else {
None
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn private_mdata_info_encrypts() {
let info = unwrap!(MDataInfo::random_private(MDataKind::Seq, 0));
let key = Vec::from("str of key");
let val = Vec::from("other is value");
let enc_key = unwrap!(info.enc_entry_key(&key));
let enc_val = unwrap!(info.enc_entry_value(&val));
assert_ne!(enc_key, key);
assert_ne!(enc_val, val);
assert_eq!(unwrap!(info.decrypt(&enc_key)), key);
assert_eq!(unwrap!(info.decrypt(&enc_val)), val);
}
#[test]
fn public_mdata_info_doesnt_encrypt() {
let info = unwrap!(MDataInfo::random_public(MDataKind::Seq, 0));
let key = Vec::from("str of key");
let val = Vec::from("other is value");
assert_eq!(unwrap!(info.enc_entry_key(&key)), key);
assert_eq!(unwrap!(info.enc_entry_value(&val)), val);
assert_eq!(unwrap!(info.decrypt(&val)), val);
}
#[test]
fn decrypt() {
let mut info = unwrap!(MDataInfo::random_private(MDataKind::Seq, 0));
let plain = Vec::from("plaintext");
let old_cipher = unwrap!(info.enc_entry_value(&plain));
info.start_new_enc_info();
let new_cipher = unwrap!(info.enc_entry_value(&plain));
assert_eq!(unwrap!(info.decrypt(&old_cipher)), plain);
assert_eq!(unwrap!(info.decrypt(&new_cipher)), plain);
info.commit_new_enc_info();
match info.decrypt(&old_cipher) {
Err(CoreError::SymmetricDecipherFailure) => (),
x => panic!("Unexpected {:?}", x),
}
assert_eq!(unwrap!(info.decrypt(&new_cipher)), plain);
}
}