src/login/mod.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245

pub mod demo_provider;
pub mod ldap_provider;
pub mod static_provider;

use base64::Engine;
use std::sync::Arc;

use anyhow::{anyhow, bail, Context, Result};
use async_trait::async_trait;
use rand::prelude::*;

use crate::cryptoblob::*;
use crate::storage::*;

/// The trait LoginProvider defines the interface for a login provider that allows
/// to retrieve storage and cryptographic credentials for access to a user account
/// from their username and password.
#[async_trait]
pub trait LoginProvider {
    /// The login method takes an account's password as an input to decypher
    /// decryption keys and obtain full access to the user's account.
    async fn login(&self, username: &str, password: &str) -> Result<Credentials>;
    /// The public_login method takes an account's email address and returns
    /// public credentials for adding mails to the user's inbox.
    async fn public_login(&self, email: &str) -> Result<PublicCredentials>;
}

/// ArcLoginProvider is simply an alias on a structure that is used
/// in many places in the code
pub type ArcLoginProvider = Arc<dyn LoginProvider + Send + Sync>;

/// The struct Credentials represent all of the necessary information to interact
/// with a user account's data after they are logged in.
#[derive(Clone, Debug)]
pub struct Credentials {
    /// The storage credentials are used to authenticate access to the underlying storage (S3, K2V)
    pub storage: Builder,
    /// The cryptographic keys are used to encrypt and decrypt data stored in S3 and K2V
    pub keys: CryptoKeys,
}

#[derive(Clone, Debug)]
pub struct PublicCredentials {
    /// The storage credentials are used to authenticate access to the underlying storage (S3, K2V)
    pub storage: Builder,
    pub public_key: PublicKey,
}

use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct CryptoRoot(pub String);

impl CryptoRoot {
    pub fn create_pass(password: &str, k: &CryptoKeys) -> Result<Self> {
        let bytes = k.password_seal(password)?;
        let b64 = base64::engine::general_purpose::STANDARD_NO_PAD.encode(bytes);
        let cr = format!("aero:cryptoroot:pass:{}", b64);
        Ok(Self(cr))
    }

    pub fn create_cleartext(k: &CryptoKeys) -> Self {
        let bytes = k.serialize();
        let b64 = base64::engine::general_purpose::STANDARD_NO_PAD.encode(bytes);
        let cr = format!("aero:cryptoroot:cleartext:{}", b64);
        Self(cr)
    }

    pub fn create_incoming(pk: &PublicKey) -> Self {
        let bytes: &[u8] = &pk[..];
        let b64 = base64::engine::general_purpose::STANDARD_NO_PAD.encode(bytes);
        let cr = format!("aero:cryptoroot:incoming:{}", b64);
        Self(cr)
    }

    pub fn public_key(&self) -> Result<PublicKey> {
        match self.0.splitn(4, ':').collect::<Vec<&str>>()[..] {
            ["aero", "cryptoroot", "pass", b64blob] => {
                let blob = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64blob)?;
                if blob.len() < 32 {
                    bail!(
                        "Decoded data is {} bytes long, expect at least 32 bytes",
                        blob.len()
                    );
                }
                PublicKey::from_slice(&blob[..32]).context("must be a valid public key")
            }
            ["aero", "cryptoroot", "cleartext", b64blob] => {
                let blob = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64blob)?;
                Ok(CryptoKeys::deserialize(&blob)?.public)
            }
            ["aero", "cryptoroot", "incoming", b64blob] => {
                let blob = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64blob)?;
                if blob.len() < 32 {
                    bail!(
                        "Decoded data is {} bytes long, expect at least 32 bytes",
                        blob.len()
                    );
                }
                PublicKey::from_slice(&blob[..32]).context("must be a valid public key")
            }
            ["aero", "cryptoroot", "keyring", _] => {
                bail!("keyring is not yet implemented!")
            }
            _ => bail!(format!(
                "passed string '{}' is not a valid cryptoroot",
                self.0
            )),
        }
    }
    pub fn crypto_keys(&self, password: &str) -> Result<CryptoKeys> {
        match self.0.splitn(4, ':').collect::<Vec<&str>>()[..] {
            ["aero", "cryptoroot", "pass", b64blob] => {
                let blob = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64blob)?;
                CryptoKeys::password_open(password, &blob)
            }
            ["aero", "cryptoroot", "cleartext", b64blob] => {
                let blob = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64blob)?;
                CryptoKeys::deserialize(&blob)
            }
            ["aero", "cryptoroot", "incoming", _] => {
                bail!("incoming cryptoroot does not contain a crypto key!")
            }
            ["aero", "cryptoroot", "keyring", _] => {
                bail!("keyring is not yet implemented!")
            }
            _ => bail!(format!(
                "passed string '{}' is not a valid cryptoroot",
                self.0
            )),
        }
    }
}

/// The struct CryptoKeys contains the cryptographic keys used to encrypt and decrypt
/// data in a user's mailbox.
#[derive(Clone, Debug)]
pub struct CryptoKeys {
    /// Master key for symmetric encryption of mailbox data
    pub master: Key,
    /// Public/private keypair for encryption of incomming emails (secret part)
    pub secret: SecretKey,
    /// Public/private keypair for encryption of incomming emails (public part)
    pub public: PublicKey,
}

// ----

impl CryptoKeys {
    /// Initialize a new cryptography root
    pub fn init() -> Self {
        let (public, secret) = gen_keypair();
        let master = gen_key();
        CryptoKeys {
            master,
            secret,
            public,
        }
    }

    // Clear text serialize/deserialize
    /// Serialize the root as bytes without encryption
    fn serialize(&self) -> [u8; 64] {
        let mut res = [0u8; 64];
        res[..32].copy_from_slice(self.master.as_ref());
        res[32..].copy_from_slice(self.secret.as_ref());
        res
    }

    /// Deserialize a clear text crypto root without encryption
    fn deserialize(bytes: &[u8]) -> Result<Self> {
        if bytes.len() != 64 {
            bail!("Invalid length: {}, expected 64", bytes.len());
        }
        let master = Key::from_slice(&bytes[..32]).unwrap();
        let secret = SecretKey::from_slice(&bytes[32..]).unwrap();
        let public = secret.public_key();
        Ok(Self {
            master,
            secret,
            public,
        })
    }

    // Password sealed keys serialize/deserialize
    pub fn password_open(password: &str, blob: &[u8]) -> Result<Self> {
        let _pubkey = &blob[0..32];
        let kdf_salt = &blob[32..64];
        let password_openned = try_open_encrypted_keys(kdf_salt, password, &blob[64..])?;

        let keys = Self::deserialize(&password_openned)?;
        Ok(keys)
    }

    pub fn password_seal(&self, password: &str) -> Result<Vec<u8>> {
        let mut kdf_salt = [0u8; 32];
        thread_rng().fill(&mut kdf_salt);

        // Calculate key for password secret box
        let password_key = derive_password_key(&kdf_salt, password)?;

        // Seal a secret box that contains our crypto keys
        let password_sealed = seal(&self.serialize(), &password_key)?;

        // Create blob
        let password_blob = [&self.public[..], &kdf_salt[..], &password_sealed].concat();

        Ok(password_blob)
    }
}

fn derive_password_key(kdf_salt: &[u8], password: &str) -> Result<Key> {
    Ok(Key::from_slice(&argon2_kdf(kdf_salt, password.as_bytes(), 32)?).unwrap())
}

fn try_open_encrypted_keys(
    kdf_salt: &[u8],
    password: &str,
    encrypted_keys: &[u8],
) -> Result<Vec<u8>> {
    let password_key = derive_password_key(kdf_salt, password)?;
    open(encrypted_keys, &password_key)
}

// ---- UTIL ----

pub fn argon2_kdf(salt: &[u8], password: &[u8], output_len: usize) -> Result<Vec<u8>> {
    use argon2::{password_hash, Algorithm, Argon2, ParamsBuilder, PasswordHasher, Version};

    let params = ParamsBuilder::new()
        .output_len(output_len)
        .build()
        .map_err(|e| anyhow!("Invalid argon2 params: {}", e))?;
    let argon2 = Argon2::new(Algorithm::default(), Version::default(), params);

    let b64_salt = base64::engine::general_purpose::STANDARD_NO_PAD.encode(salt);
    let valid_salt = password_hash::Salt::from_b64(&b64_salt)
        .map_err(|e| anyhow!("Invalid salt, error {}", e))?;
    let hash = argon2
        .hash_password(password, valid_salt)
        .map_err(|e| anyhow!("Unable to hash: {}", e))?;

    let hash = hash.hash.ok_or(anyhow!("Missing output"))?;
    assert!(hash.len() == output_len);
    Ok(hash.as_bytes().to_vec())
}