volt_ws_protocol/

crypto_utils.rs

use crate::{
    constant::{DERIVED_KEY_INFO, DERIVED_KEY_SALT, PUBLIC_KEY_PREFIX},
    log,
};
use aes::Aes256;
use base64ct::{Base64, Base64UrlUnpadded, Encoding, LineEnding};
use cbc::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit};
use ed25519_dalek::{
    pkcs8::{DecodePublicKey, EncodePublicKey},
    Signature, Signer, SigningKey, Verifier, VerifyingKey,
};
use hkdf::Hkdf;
use serde_json::json;
use sha2::{Digest, Sha256};
use std::convert::TryInto;
use x25519_dalek::{PublicKey, ReusableSecret};

#[cfg(feature = "rand")]
use rand::rngs::OsRng;

#[cfg(feature = "rand")]
use ed25519_dalek::pkcs8::{EncodePrivateKey, KeypairBytes};

type Aes256CbcEnc = cbc::Encryptor<Aes256>;
type Aes256CbcDec = cbc::Decryptor<Aes256>;

pub struct SigningKeyPair {
    pub private_key: Option<SigningKey>,
    pub public_key_pem: Option<String>,
}

pub struct IdentityToken {
    pub token: String,
    pub encryption_key: Option<(ReusableSecret, String)>,
}

#[cfg(feature = "rand")]
pub fn create_signing_key() -> Result<(String, String), String> {
    // Generate a new signing keypair.
    let mut csprng = OsRng;
    let signing_key = SigningKey::generate(&mut csprng);
    let key_bytes = signing_key.to_keypair_bytes();

    // Remove the public key portion of the keypair.
    let mut key_pair = KeypairBytes::from_bytes(&key_bytes);
    key_pair.public_key = None;

    // Encode the private key in PEM format.
    let private_pem = key_pair.to_pkcs8_pem(LineEnding::LF).unwrap();

    // Extract the public key from the signing key, and encode it in PEM format.
    let public_key = signing_key.verifying_key();
    let public_pem = public_key.to_public_key_pem(LineEnding::LF).unwrap();

    Ok((private_pem.to_string(), public_pem))
}

pub fn random_bytes(length: usize) -> Vec<u8> {
    let mut bytes = vec![0u8; length];
    let _ = getrandom::getrandom(&mut bytes);

    bytes
}

pub fn derive_shared_key(
    private_key: &ReusableSecret,
    public_key_pem: &str,
) -> Result<[u8; 32], String> {
    // Parse the PEM-formatted public key
    let public_key_bytes = parse_pem(public_key_pem).map_err(|e| e.to_string())?;

    // Strip asn1 header from public key bytes.
    let public_key_bytes = &public_key_bytes[public_key_bytes.len() - 32..];

    let public_key_array: [u8; 32] = public_key_bytes
        .try_into()
        .map_err(|_| "Invalid public key length".to_string())?;

    let public_key = PublicKey::from(public_key_array);

    // Derive the shared key
    let shared_secret = private_key.diffie_hellman(&public_key);

    let salt = DERIVED_KEY_SALT;
    let info = DERIVED_KEY_INFO;

    // Use HKDF to derive a key from the shared secret, with the specified salt and info
    let hk = Hkdf::<Sha256>::new(Some(salt), shared_secret.as_bytes());

    // Initialise the output key material as a zero-filled 32 byte array
    let mut okm = [0u8; 32];
    hk.expand(info, &mut okm)
        .expect("HKDF expand should not fail");

    Ok(okm)
}

fn parse_pem(pem_str: &str) -> Result<Vec<u8>, String> {
    match pem_rfc7468::decode_vec(pem_str.as_bytes()) {
        Ok((_, contents)) => Ok(contents),
        Err(e) => Err(e.to_string()),
    }
}

fn der_to_pem(der: &[u8], label: &str) -> String {
    let base64_encoded = Base64::encode_string(der);
    let mut pem = format!("-----BEGIN {}-----\n", label);
    for chunk in base64_encoded.as_bytes().chunks(64) {
        pem.push_str(std::str::from_utf8(chunk).unwrap());
        pem.push('\n');
    }
    pem.push_str(&format!("-----END {}-----\n", label));
    pem
}

pub fn sign_jwt(signing_key: &SigningKey, payload: &str) -> Result<String, String> {
    // Create the JWT header as a JSON string
    let header = json!({
        "alg": "EdDSA",
        "typ": "JWT"
    })
    .to_string();

    let header_and_payload = format!(
        "{}.{}",
        Base64UrlUnpadded::encode_string(header.as_bytes()),
        Base64UrlUnpadded::encode_string(payload.as_bytes())
    );

    // Sign the payload using the private key
    let signature = signing_key
        .try_sign(&header_and_payload.as_bytes())
        .map_err(|e| e.to_string())?;

    let signature_bytes = signature.to_bytes();

    log(&format!(
        "signature bytes: {}",
        Base64UrlUnpadded::encode_string(&signature_bytes)
    ));

    let token = format!(
        "{}.{}",
        header_and_payload,
        Base64UrlUnpadded::encode_string(&signature_bytes)
    );

    Ok(token)
}

/**
 * Extract the raw private key along with the public key in pem format from an ed25519 private key in pem format.
 * @param pem The private key in pem format.
 * @returns The raw private key and the public key in pem format, as a SigningKeyPair.
 */
pub fn signing_key_from_pem(pem: &str) -> Result<SigningKeyPair, String> {
    pkcs8::DecodePrivateKey::from_pkcs8_pem(str::as_ref(pem))
        .map_err(|e| e.to_string())
        .map(|private_key: SigningKey| {
            let public_key_pem = private_key
                .verifying_key()
                .to_public_key_pem(LineEnding::LF);

            SigningKeyPair {
                private_key: Some(private_key),
                public_key_pem: public_key_pem.ok(),
            }
        })
}

/**
 * Extract the public key in pem format from an ed25519 private key in pem format.
 * @param pem The private key in pem format.
 * @returns The public key in pem format.
 */
pub fn signing_public_key_from_pem(pem: &str) -> Result<String, String> {
    match signing_key_from_pem(pem) {
        Ok(key_pair) => Ok(key_pair.public_key_pem.unwrap()),
        Err(e) => Err(e),
    }
}

fn der_encode_x25519_public_key(public_key_bytes: &[u8]) -> Vec<u8> {
    // ASN.1 structure for an X25519 public key
    let mut der_encoded_key = Vec::new();

    // Sequence header for SubjectPublicKeyInfo
    der_encoded_key.extend_from_slice(&[
        0x30, 0x2A, // SEQUENCE, length 42
        0x30, 0x05, // SEQUENCE, length 5 (AlgorithmIdentifier)
        0x06, 0x03, // OBJECT IDENTIFIER, length 3
        0x2B, 0x65, 0x6E, // OID for X25519 (1.3.101.110)
        0x03, 0x21, // BIT STRING, length 33
        0x00, // Unused bits
    ]);

    // Public key bytes
    der_encoded_key.extend_from_slice(public_key_bytes);

    der_encoded_key
}

fn get_encryption_key() -> (ReusableSecret, String) {
    let private_key = ReusableSecret::random();
    let public_key = PublicKey::from(&private_key);
    let public_key_bytes = public_key.as_bytes();
    let der_encoded_key = der_encode_x25519_public_key(public_key_bytes);
    let public_key_pem = der_to_pem(&der_encoded_key, PUBLIC_KEY_PREFIX);

    (private_key, public_key_pem)
}

pub fn strip_pem_headers(pem: &str) -> String {
    let lines: Vec<&str> = pem.lines().collect();
    let mut stripped = String::new();
    for line in lines.iter().skip(1).take(lines.len() - 2) {
        stripped.push_str(line);
    }
    stripped
}

pub fn get_identity_token(
    subject: &str,
    key: &SigningKeyPair,
    target_audience: &str,
    tunnelling: bool,
    token_time: u64,
    ttl: u32,
) -> IdentityToken {
    // Issued at time is the time now in seconds minus the ttl.
    let issued_at = token_time - ttl as u64;

    // Expires at time is the time now in seconds plus the ttl.
    let expires_at = token_time + ttl as u64;

    let mut shared_key = None;

    // Allow TTL either side of the current time.
    // @todo - fix with server time sync on volt connection.
    let payload: String;

    match tunnelling {
        true => {
            shared_key = Some(get_encryption_key());

            // Send the public key portion of our ephemeral key.
            let public_key = strip_pem_headers(&shared_key.as_ref().unwrap().1);
            payload = format!(
                r#"{{"aud":"{}","iat":{},"exp":{},"sub":"{}","k":"{}"}}"#,
                target_audience, issued_at, expires_at, subject, public_key
            );
        }
        false => {
            payload = format!(
                r#"{{"aud":"{}","iat":{},"exp":{},"sub":"{}"}}"#,
                target_audience, issued_at, expires_at, subject
            );
        }
    }

    // Sign synchronously.
    let token = sign_jwt(key.private_key.as_ref().unwrap(), &payload).unwrap();

    log(&format!("signed token: {}", token));

    // Return the token along with any encryption key details.
    IdentityToken {
        token,
        encryption_key: shared_key,
    }
}

pub fn aes_encrypt(payload: &str, key: &[u8; 32], iv: &[u8; 16]) -> Vec<u8> {
    // Create an AES 256 CBC cipher instance for encryption
    let cipher_enc = Aes256CbcEnc::new(key.into(), iv.into());

    // Encrypt the plaintext with padding
    let mut buffer = vec![0u8; payload.len() + 16];
    let pos = payload.len();
    buffer[..pos].copy_from_slice(payload.as_bytes());

    let ciphertext = cipher_enc
        .encrypt_padded_mut::<cbc::cipher::block_padding::Pkcs7>(&mut buffer, pos)
        .unwrap();

    ciphertext.to_vec()
}

pub fn aes_decrypt(ciphertext: &mut [u8], key: &[u8; 32], iv: &[u8; 16]) -> String {
    // Create an AES 256 CBC cipher instance for decryption
    let cipher_dec = Aes256CbcDec::new(key.into(), iv.into());

    // Decrypt the ciphertext with padding
    let decrypted_ciphertext = cipher_dec
        .decrypt_padded_mut::<cbc::cipher::block_padding::Pkcs7>(ciphertext)
        .unwrap();
    let decrypted_text = String::from_utf8_lossy(decrypted_ciphertext);

    decrypted_text.to_string()
}

pub fn verify_signature(public_key_pem: &str, message: &[u8], sig: &[u8]) -> bool {
    let public_key = VerifyingKey::from_public_key_pem(public_key_pem)
        .map_err(|e| e.to_string())
        .unwrap();

    // Load the signature into [u8; 64].
    let mut sig_array = [0u8; 64];
    sig_array.copy_from_slice(sig);

    let signature = Signature::from_bytes(&sig_array);

    // Verify the signature.
    let verify_result = public_key
        .verify(message, &signature)
        .map_err(|e| e.to_string());

    // Return the result.
    match verify_result {
        Ok(_) => true,
        Err(_) => false,
    }
}

pub fn sha256_base64(data: &[u8]) -> String {
    let mut hasher = Sha256::new();
    hasher.update(data);

    let result = hasher.finalize();
    let base64_encoded = Base64UrlUnpadded::encode_string(&result);

    base64_encoded
}

pub fn sign_base64(key_pem: &str, data: &str) -> Result<String, String> {
    let key = match signing_key_from_pem(key_pem) {
        Ok(key_pair) => key_pair.private_key.unwrap(),
        Err(e) => {
            log(&format!("failed to load key pair: {}", e));
            return Err("Failed to load key pair".to_string());
        }
    };

    // Sign the payload using the private key
    let signature = match key.try_sign(data.as_bytes()) {
        Ok(signature) => signature,
        Err(e) => {
            log(&format!("failed to sign data: {}", e));
            return Err("Failed to sign data".to_string());
        }
    };

    let signature_bytes = signature.to_bytes();

    let signature_base64 = Base64UrlUnpadded::encode_string(&signature_bytes);

    Ok(signature_base64)
}

pub fn to_base64_url(data: &[u8]) -> String {
    Base64UrlUnpadded::encode_string(data)
}

pub fn from_base64_url(data: &str) -> Result<Vec<u8>, String> {
    Base64UrlUnpadded::decode_vec(data).map_err(|e| e.to_string())
}

pub fn to_base64(data: &[u8]) -> String {
    Base64::encode_string(data)
}

pub fn from_base64(data: &str) -> Result<Vec<u8>, String> {
    Base64::decode_vec(data).map_err(|e| e.to_string())
}

pub fn fingerprint_from_pem(pem: &str) -> Result<String, String> {
    let public_key = match VerifyingKey::from_public_key_pem(pem) {
        Ok(key) => key,
        Err(e) => return Err(e.to_string()),
    };

    // Compute the SHA-256 hash of the public key
    let mut hasher = Sha256::new();
    hasher.update(public_key);
    let public_key_hash = hasher.finalize();

    // Encode the hash using Base58
    let fingerprint = bs58::encode(public_key_hash).into_string();

    Ok(fingerprint)
}