veilid_core/crypto/crypto_system/
mod.rs

1use super::*;
2mod blake3digest512;
3
4#[cfg(feature = "enable-crypto-none")]
5pub(crate) mod none;
6#[cfg(feature = "enable-crypto-vld0")]
7pub(crate) mod vld0;
8// #[cfg(feature = "enable-crypto-vld1")]
9// pub(crate) mod vld1;
10
11pub(crate) const VEILID_DOMAIN_API: &[u8] = b"VEILID_API";
12
13#[cfg(feature = "enable-crypto-none")]
14pub use none::sizes::*;
15#[cfg(feature = "enable-crypto-none")]
16pub use none::*;
17#[cfg(feature = "enable-crypto-vld0")]
18pub use vld0::sizes::*;
19#[cfg(feature = "enable-crypto-vld0")]
20pub use vld0::*;
21// #[cfg(feature = "enable-crypto-vld1")]
22// pub use vld1::*;
23
24pub use blake3digest512::*;
25
26pub trait CryptoSystem {
27    // Accessors
28    fn kind(&self) -> CryptoKind;
29    fn crypto(&self) -> VeilidComponentGuard<'_, Crypto>;
30
31    // Cached Operations
32    fn cached_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret>;
33
34    // Generation
35    fn random_bytes(&self, len: usize) -> Vec<u8>;
36    fn hash_password(&self, password: &[u8], salt: &[u8]) -> VeilidAPIResult<String>;
37    fn verify_password(&self, password: &[u8], password_hash: &str) -> VeilidAPIResult<bool>;
38    fn derive_shared_secret(&self, password: &[u8], salt: &[u8]) -> VeilidAPIResult<SharedSecret>;
39    fn random_nonce(&self) -> Nonce;
40    fn random_shared_secret(&self) -> SharedSecret;
41    fn compute_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret>;
42    fn generate_shared_secret(
43        &self,
44        key: &PublicKey,
45        secret: &SecretKey,
46        domain: &[u8],
47    ) -> VeilidAPIResult<SharedSecret> {
48        let dh = self.compute_dh(key, secret)?;
49        let hash = self.generate_hash(&[&dh.into_value(), domain, VEILID_DOMAIN_API].concat());
50        Ok(SharedSecret::new(
51            hash.kind(),
52            BareSharedSecret::new(&hash.into_value()),
53        ))
54    }
55    fn generate_keypair(&self) -> KeyPair;
56    fn generate_hash(&self, data: &[u8]) -> HashDigest;
57    fn generate_hash_reader(&self, reader: &mut dyn std::io::Read) -> VeilidAPIResult<PublicKey>;
58
59    // Validation
60    fn shared_secret_length(&self) -> usize;
61    fn nonce_length(&self) -> usize;
62    fn hash_digest_length(&self) -> usize;
63    fn public_key_length(&self) -> usize;
64    fn secret_key_length(&self) -> usize;
65    fn signature_length(&self) -> usize;
66    fn default_salt_length(&self) -> usize;
67    fn aead_overhead(&self) -> usize;
68
69    fn check_shared_secret(&self, secret: &SharedSecret) -> VeilidAPIResult<()> {
70        if secret.kind() != self.kind() {
71            apibail_generic!("incorrect shared secret kind");
72        }
73        if secret.value().len() != self.shared_secret_length() {
74            apibail_generic!(
75                "invalid shared secret length: {} != {}",
76                secret.value().len(),
77                self.shared_secret_length()
78            );
79        }
80        Ok(())
81    }
82    fn check_nonce(&self, nonce: &Nonce) -> VeilidAPIResult<()> {
83        if nonce.len() != self.nonce_length() {
84            apibail_generic!(
85                "invalid nonce length: {} != {}",
86                nonce.len(),
87                self.nonce_length()
88            );
89        }
90        Ok(())
91    }
92    fn check_hash_digest(&self, hash: &HashDigest) -> VeilidAPIResult<()> {
93        if hash.kind() != self.kind() {
94            apibail_generic!("incorrect hash digest kind");
95        }
96        if hash.value().len() != self.hash_digest_length() {
97            apibail_generic!(
98                "invalid hash digest length: {} != {}",
99                hash.value().len(),
100                self.hash_digest_length()
101            );
102        }
103        Ok(())
104    }
105    fn check_public_key(&self, key: &PublicKey) -> VeilidAPIResult<()> {
106        if key.kind() != self.kind() {
107            apibail_generic!("incorrect public key kind");
108        }
109        if key.value().len() != self.public_key_length() {
110            apibail_generic!(
111                "invalid public key length: {} != {}",
112                key.value().len(),
113                self.public_key_length()
114            );
115        }
116        Ok(())
117    }
118    fn check_secret_key(&self, key: &SecretKey) -> VeilidAPIResult<()> {
119        if key.kind() != self.kind() {
120            apibail_generic!("incorrect secret key kind");
121        }
122        if key.value().len() != self.secret_key_length() {
123            apibail_generic!(
124                "invalid secret key length: {} != {}",
125                key.value().len(),
126                self.secret_key_length()
127            );
128        }
129        Ok(())
130    }
131    fn check_signature(&self, signature: &Signature) -> VeilidAPIResult<()> {
132        if signature.kind() != self.kind() {
133            apibail_generic!("incorrect signature kind");
134        }
135        if signature.value().len() != self.signature_length() {
136            apibail_generic!(
137                "invalid signature length: {} != {}",
138                signature.value().len(),
139                self.signature_length()
140            );
141        }
142        Ok(())
143    }
144    fn check_keypair(&self, keypair: &KeyPair) -> VeilidAPIResult<()> {
145        if keypair.kind() != self.kind() {
146            apibail_generic!("incorrect keypair kind");
147        }
148        self.check_public_key(&keypair.key())?;
149        self.check_secret_key(&keypair.secret())?;
150        Ok(())
151    }
152
153    fn validate_keypair(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<bool>;
154    fn validate_hash(&self, data: &[u8], hash: &HashDigest) -> VeilidAPIResult<bool>;
155    fn validate_hash_reader(
156        &self,
157        reader: &mut dyn std::io::Read,
158        hash: &HashDigest,
159    ) -> VeilidAPIResult<bool>;
160
161    // Authentication
162    fn sign(&self, key: &PublicKey, secret: &SecretKey, data: &[u8]) -> VeilidAPIResult<Signature>;
163    fn verify(&self, key: &PublicKey, data: &[u8], signature: &Signature) -> VeilidAPIResult<bool>;
164
165    // AEAD Encrypt/Decrypt
166    fn decrypt_in_place_aead(
167        &self,
168        body: &mut Vec<u8>,
169        nonce: &Nonce,
170        shared_secret: &SharedSecret,
171        associated_data: Option<&[u8]>,
172    ) -> VeilidAPIResult<()>;
173    fn decrypt_aead(
174        &self,
175        body: &[u8],
176        nonce: &Nonce,
177        shared_secret: &SharedSecret,
178        associated_data: Option<&[u8]>,
179    ) -> VeilidAPIResult<Vec<u8>>;
180    fn encrypt_in_place_aead(
181        &self,
182        body: &mut Vec<u8>,
183        nonce: &Nonce,
184        shared_secret: &SharedSecret,
185        associated_data: Option<&[u8]>,
186    ) -> VeilidAPIResult<()>;
187    fn encrypt_aead(
188        &self,
189        body: &[u8],
190        nonce: &Nonce,
191        shared_secret: &SharedSecret,
192        associated_data: Option<&[u8]>,
193    ) -> VeilidAPIResult<Vec<u8>>;
194
195    // NoAuth Encrypt/Decrypt
196    fn crypt_in_place_no_auth(
197        &self,
198        body: &mut [u8],
199        nonce: &Nonce,
200        shared_secret: &SharedSecret,
201    ) -> VeilidAPIResult<()>;
202    fn crypt_b2b_no_auth(
203        &self,
204        in_buf: &[u8],
205        out_buf: &mut [u8],
206        nonce: &Nonce,
207        shared_secret: &SharedSecret,
208    ) -> VeilidAPIResult<()>;
209    fn crypt_no_auth_aligned_8(
210        &self,
211        body: &[u8],
212        nonce: &Nonce,
213        shared_secret: &SharedSecret,
214    ) -> VeilidAPIResult<Vec<u8>>;
215    fn crypt_no_auth_unaligned(
216        &self,
217        body: &[u8],
218        nonce: &Nonce,
219        shared_secret: &SharedSecret,
220    ) -> VeilidAPIResult<Vec<u8>>;
221}
veilid_core/crypto/crypto_system/mod.rs

veilid_core/crypto/crypto_system/
mod.rs
