Merge pull request #44 from sentclose/crypto-rewrite

Crypto rewrite

.github/workflows/rust.yml

@@ -26,7 +26,25 @@ jobs:
           key: ${{ runner.os }}-cargo-core-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Core tests
-        run: cargo test --package sentc-crypto-core --lib test
+        run: cargo test --package sentc-crypto-core test
+
+  std-keys-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-core-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Std keys tests
+        run: cargo test --package sentc-crypto-std-keys --lib test --features=full
 
   crypto-default:
     runs-on: ubuntu-latest
@@ -44,7 +62,7 @@ jobs:
           key: ${{ runner.os }}-cargo-crypto_default-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Crypto default tests
-        run: cargo test --package sentc-crypto --lib test --features=server
+        run: cargo test --package sentc-crypto --lib test --features=server,export
 
   crypto-rust:
     runs-on: ubuntu-latest
@@ -62,7 +80,7 @@ jobs:
           key: ${{ runner.os }}-cargo-crypto_rust-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Crypto rust tests
-        run: cargo test --package sentc-crypto --lib test --features=rust,server
+        run: cargo test --package sentc-crypto --lib test --features=server
 
   crypto-light-default:
     runs-on: ubuntu-latest
@@ -80,7 +98,7 @@ jobs:
           key: ${{ runner.os }}-cargo-crypto_rust-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Crypto light default tests
-        run: cargo test --package sentc-crypto-light --lib test
+        run: cargo test --package sentc-crypto-light --lib test --features=export
 
   crypto-light-rust:
     runs-on: ubuntu-latest
@@ -98,4 +116,4 @@ jobs:
           key: ${{ runner.os }}-cargo-crypto_rust-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Crypto light rust tests
-        run: cargo test --package sentc-crypto-light --lib test --features=rust
+        run: cargo test --package sentc-crypto-light --lib test

Cargo.toml

@@ -8,11 +8,12 @@ members = [
     "implementation/js/sentc_wasm",
     "implementation/js/sentc_wasm_light",
     "implementation/dart/sentc_flutter_rust",
-    "implementation/dart/sentc_flutter_rust_light"
+    "implementation/dart/sentc_flutter_rust_light",
+    "crypto_keys/crypto_std_keys",
 ]
 
 [workspace.package]
-version = "0.12.0"
+version = "0.13.0"
 edition = "2021"
 license-file = "LICENSE"
 authors = ["Sentclose <[email protected]>", "Jörn Heinemann <[email protected]>"]
@@ -25,10 +26,11 @@ rust-version = "1.75.0"
 sentc-crypto-common = { version = "0.10.0", git = "https://github.com/sentclose/sentc-common.git", rev = "de513a82b0200b476d9592ba1de38c73c6a32354" }
 #sentc-crypto-common = { path = "../backend/sentc-api/sdk-common" }    # for local dev
 
-sentc-crypto-core = { version = "0.12.0", path = "crypto_core" }
-sentc-crypto-utils = { version = "0.12.0", path = "crypto_utils" }
-sentc-crypto = { version = "0.12.0", path = "crypto", default-features = false }
-sentc-crypto-light = { version = "0.12.0", path = "crypto_light", default-features = false }
+sentc-crypto-core = { version = "0.13.0", path = "crypto_core" }
+sentc-crypto-utils = { version = "0.13.0", path = "crypto_utils" }
+sentc-crypto = { version = "0.13.0", path = "crypto", default-features = false }
+sentc-crypto-light = { version = "0.13.0", path = "crypto_light", default-features = false }
+sentc-crypto-std-keys = { version = "0.13.0", path = "crypto_keys/crypto_std_keys" }
 
 [profile.dev]
 # Must always use panic = "abort" to avoid needing to define the unstable eh_personality lang item.
@@ -41,14 +43,14 @@ strip = true
 
 [profile.release.package.sentc_wasm]
 opt-level = "z"
-overflow-checks = true
+overflow-checks = false
 debug = 0
 debug-assertions = false
 codegen-units = 1
 
 [profile.release.package.sentc_wasm_light]
 opt-level = "z"
-overflow-checks = true
+overflow-checks = false
 debug = 0
 debug-assertions = false
 codegen-units = 1

crypto/Cargo.toml

@@ -21,6 +21,7 @@ include = [
 sentc-crypto-core = { workspace = true }
 sentc-crypto-utils = { workspace = true, features = ["encryption"] }
 sentc-crypto-common = { workspace = true }
+sentc-crypto-std-keys = { workspace = true, features = ["full"], optional = true }
 
 # key and data export
 base64ct = { version = "1.0.1", default-features = false, features = ["alloc"] }  # must use this version because it is not comp. with password_hash from argon2
@@ -30,8 +31,12 @@ pem-rfc7468 = { version = "0.3.1", features = ["alloc"] }
 serde_json = { version = "1.0.81", default-features = false, features = ["alloc"] }
 serde = { version = "1.0", default-features = false, features = ["derive", "alloc"] }
 
+[dev-dependencies]
+sentc-crypto-std-keys = { workspace = true, features = ["full"] }
+
 [features]
-export = []
+export = ["std_keys"]
+std_keys = ["sentc-crypto-std-keys"]
 
 server = []
 server_test = []

crypto/src/crypto/crypto.rs

@@ -9,6 +9,7 @@ use sentc_crypto_core::cryptomat::{CryptoAlg, SymKeyComposer, SymKeyGen};
 use sentc_crypto_utils::cryptomat::{PkFromUserKeyWrapper, PkWrapper, SkWrapper, SymKeyComposerWrapper, SymKeyGenWrapper, SymKeyWrapper};
 use serde::{Deserialize, Serialize};
 
+use crate::util::public::handle_server_response;
 use crate::SdkError;
 
 /**
@@ -18,9 +19,7 @@ This can not only be used internally, to get the used key_id
  */
 pub fn split_head_and_encrypted_data<'a, T: Deserialize<'a>>(data_with_head: &'a [u8]) -> Result<(T, &[u8]), SdkError>
 {
-	Ok(sentc_crypto_utils::keys::split_head_and_encrypted_data(
-		data_with_head,
-	)?)
+	Ok(sentc_crypto_utils::split_head_and_encrypted_data(data_with_head)?)
 }
 
 /**
@@ -71,6 +70,42 @@ pub struct KeyGenerator<SGen, SC, P>
 
 impl<SGen: SymKeyGenWrapper, SC: SymKeyComposerWrapper, P: PkFromUserKeyWrapper> KeyGenerator<SGen, SC, P>
 {
+	/**
+	# Get the key from server fetch
+
+	Decrypted the server output with the master key
+	 */
+	pub fn done_fetch_sym_key(master_key: &impl SymKeyWrapper, server_out: &str, non_registered: bool) -> Result<SC::SymmetricKeyWrapper, SdkError>
+	{
+		let out: GeneratedSymKeyHeadServerOutput = if non_registered {
+			GeneratedSymKeyHeadServerOutput::from_string(server_out)?
+		} else {
+			handle_server_response(server_out)?
+		};
+
+		Self::decrypt_sym_key(master_key, &out)
+	}
+
+	/**
+	# Get the key from server fetch
+
+	decrypt it with the private key
+	 */
+	pub fn done_fetch_sym_key_by_private_key(
+		private_key: &impl SkWrapper,
+		server_out: &str,
+		non_registered: bool,
+	) -> Result<SC::SymmetricKeyWrapper, SdkError>
+	{
+		let out: GeneratedSymKeyHeadServerOutput = if non_registered {
+			GeneratedSymKeyHeadServerOutput::from_string(server_out)?
+		} else {
+			handle_server_response(server_out)?
+		};
+
+		Self::decrypt_sym_key_by_private_key(private_key, &out)
+	}
+
 	/**
 	# Get a symmetric key which was encrypted by a master key
 
@@ -172,8 +207,8 @@ impl<SGen: SymKeyGenWrapper, SC: SymKeyComposerWrapper, P: PkFromUserKeyWrapper>
 #[cfg(test)]
 mod test
 {
+	use sentc_crypto_std_keys::util::{PublicKey, SignKey, SymmetricKey};
 	use sentc_crypto_utils::cryptomat::{PkFromUserKeyWrapper, SkCryptoWrapper, SymKeyCrypto};
-	use sentc_crypto_utils::keys::{PublicKey, SignKey, SymmetricKey};
 
 	use super::*;
 	use crate::group::test_fn::create_group;

crypto/src/crypto/crypto_export.rs

@@ -3,8 +3,8 @@ use alloc::vec::Vec;
 
 use sentc_crypto_common::crypto::{EncryptedHead, GeneratedSymKeyHeadServerOutput};
 use sentc_crypto_common::user::{UserPublicKeyData, UserVerifyKeyData};
+use sentc_crypto_std_keys::util::{PublicKey, SecretKey, SignKey, SymmetricKey};
 use sentc_crypto_utils::cryptomat::{KeyToString, PkFromUserKeyWrapper, SkCryptoWrapper, SymKeyCrypto};
-use sentc_crypto_utils::keys::{PublicKey, SecretKey, SignKey, SymmetricKey};
 
 use crate::{SdkError, StdKeyGenerator};
 
@@ -243,6 +243,24 @@ pub fn decrypt_string_asymmetric(private_key: &str, encrypted_data: &str, verify
 
 //__________________________________________________________________________________________________
 
+pub fn done_fetch_sym_key(master_key: &str, server_out: &str, non_registered: bool) -> Result<String, String>
+{
+	let master_key: SymmetricKey = master_key.parse()?;
+
+	let out = StdKeyGenerator::done_fetch_sym_key(&master_key, server_out, non_registered)?;
+
+	Ok(out.to_string()?)
+}
+
+pub fn done_fetch_sym_key_by_private_key(private_key: &str, server_out: &str, non_registered: bool) -> Result<String, String>
+{
+	let private_key: SecretKey = private_key.parse()?;
+
+	let out = StdKeyGenerator::done_fetch_sym_key_by_private_key(&private_key, server_out, non_registered)?;
+
+	Ok(out.to_string()?)
+}
+
 pub fn decrypt_sym_key(master_key: &str, encrypted_symmetric_key_info: &str) -> Result<String, String>
 {
 	let master_key: SymmetricKey = master_key.parse()?;

crypto/src/crypto/mimic_keys.rs

@@ -10,7 +10,7 @@ use sentc_crypto_utils::error::SdkUtilError;
 
 use crate::SdkError;
 
-pub(crate) struct FakeSig;
+pub struct FakeSig;
 
 impl CryptoAlg for FakeSig
 {
@@ -31,7 +31,7 @@ impl Into<Vec<u8>> for FakeSig
 
 impl Sig for FakeSig {}
 
-pub(crate) struct FakeSignKey;
+pub struct FakeSignKey;
 
 impl CryptoAlg for FakeSignKey
 {
@@ -61,7 +61,7 @@ impl SignK for FakeSignKey
 	}
 }
 
-pub(crate) struct FakeSignKeyWrapper;
+pub struct FakeSignKeyWrapper;
 
 impl FromStr for FakeSignKeyWrapper
 {

crypto/src/crypto/mod.rs

@@ -1,7 +1,7 @@
 pub(crate) mod crypto;
 #[cfg(feature = "export")]
 mod crypto_export;
-pub(crate) mod mimic_keys;
+pub mod mimic_keys;
 
 pub use self::crypto::KeyGenerator;
 #[cfg(not(feature = "export"))]