initial commit

src/protocol.rs

@@ -0,0 +1,189 @@
+use opaque_ke::{CredentialFinalization, CredentialRequest, RegistrationRequest, RegistrationResponse, Ristretto255, TripleDh, ServerLogin, ServerLoginParameters, ServerLoginStartResult, ServerRegistration, ServerSetup, ClientRegistrationStartResult, ClientLogin, ClientLoginFinishParameters, ClientLoginFinishResult, ClientLoginStartResult, ClientRegistration, ClientRegistrationFinishParameters, CredentialResponse, RegistrationUploadLen, ServerLoginFinishResult};
+use opaque_ke::errors::ProtocolError;
+use opaque_ke::keypair::{OprfSeed, PrivateKey};
+use sha2::Sha512;
+use opaque_ke::CipherSuite;
+use opaque_ke::argon2::Argon2;
+use opaque_ke::generic_array::GenericArray;
+use uuid::Uuid;
+use opaque_ke::rand::rngs::OsRng;
+use std::marker::PhantomData;
+
+pub const NONCE_SIZE: usize = 12;
+pub const SECRET_KEY_SIZE: usize = 16;
+pub const SESSION_KEY_SIZE: usize = 32;
+
+pub struct NKodeCipherSuite;
+
+impl CipherSuite for NKodeCipherSuite {
+    type OprfCs = Ristretto255;
+    type KeyExchange = TripleDh<Ristretto255, Sha512>;
+    type Ksf = Argon2<'static>;
+}
+
+pub type NKodeServerSetup = ServerSetup<NKodeCipherSuite, PrivateKey<Ristretto255>, OprfSeed<Sha512>>;
+
+pub struct RegisterSession {
+    response: RegistrationResponse<NKodeCipherSuite>,
+    session_id: Uuid
+}
+
+type PasswordFile = GenericArray<u8, RegistrationUploadLen<NKodeCipherSuite>>;
+
+
+pub async fn register_secret_key<R,S>(
+    email: &String,
+    key: &[u8; SECRET_KEY_SIZE],
+    server: &mut NKodeServer<KeyRegister, R, S>
+) -> Result<(),String>
+where
+    R: Repo,
+    S: Sessions
+{
+    let mut client_rng = OsRng;
+    let client_reg_start = ClientRegistration::<NKodeCipherSuite>::start(&mut client_rng, key).expect("error starting registration");
+    let server_response = server.start(email, &client_reg_start.message).await.expect("error getting server response");
+    let client_finish = client_reg_start.state.finish(&mut client_rng, key, server_response.response, ClientRegistrationFinishParameters::default()).expect("");
+    server.finish(&server_response.session_id, &client_finish.message.serialize()).await.expect("server to finish secret reg without error");
+    Ok(())
+}
+
+pub struct LoginSession {
+    response: CredentialResponse<NKodeCipherSuite>,
+    session_id: Uuid
+}
+
+
+pub async fn login_secret_key<R, S>(email: &String, key: &[u8; SECRET_KEY_SIZE], server: &mut NKodeServer<KeyLoginI, R, S>) -> Result<Vec<u8>, String>
+where
+    R: Repo,
+    S: Sessions
+{
+    let mut client_rng = OsRng;
+    let client_start = ClientLogin::<NKodeCipherSuite>::start(&mut client_rng, key).expect("client secret key login to start result");
+    let server_response = server.start(email, client_start.message).await.expect("server secret key login start response");
+    let client_finish = client_start.state.finish(&mut client_rng, key,server_response.response,ClientLoginFinishParameters::default()).expect("");
+    server.finish(&server_response.session_id, client_finish.message).await.expect("server secret key login to finish");
+    Ok(client_finish.session_key.to_vec())
+}
+pub trait Repo {}
+pub trait Sessions {}
+
+pub struct NKodeServer<State, R: Repo, S: Sessions> {
+    server_setup: NKodeServerSetup,
+    repo: R,
+    session: S,
+    _state: PhantomData<State>
+}
+
+pub type KeyRegisterSession = RegisterSession;
+pub struct KeyRegister;
+pub struct KeyLoginI;
+pub struct CodeRegister;
+
+impl<R, S> NKodeServer<KeyRegister, R, S>
+where
+    R: Repo,
+    S: Sessions
+{
+    pub fn new(server_setup: NKodeServerSetup, repo: R, sessions: S) -> Self {
+        todo!()
+    }
+
+    pub async fn start(
+        &mut self,
+        email: &String,
+        message: &RegistrationRequest<NKodeCipherSuite>
+    ) -> Result<KeyRegisterSession, ProtocolError> {
+        todo!()
+    }
+
+    pub async fn finish(
+        &mut self,
+        session_id: &Uuid,
+        password_file: &PasswordFile
+    ) -> Result<NKodeServer<KeyLoginI, R, S>, ProtocolError> {
+       todo!()
+    }
+}
+
+pub type KeyLoginPhaseISession = LoginSession;
+
+impl<R,S> NKodeServer<KeyLoginI, R, S>
+where
+    R: Repo,
+    S: Sessions
+{
+    pub async fn start(
+        &mut self,
+        email: &String,
+        request_bytes:CredentialRequest<NKodeCipherSuite>
+    ) -> Result<KeyLoginPhaseISession, ProtocolError> {
+       todo!()
+    }
+
+    pub async fn finish(
+        &mut self,
+        session_id: &Uuid,
+        message: CredentialFinalization<NKodeCipherSuite>
+    ) -> Result<NKodeServer<CodeRegister, R, S>, ProtocolError> {
+        todo!()
+    }
+}
+
+pub type CodeRegisterSession = RegisterSession;
+pub struct CodeLogin;
+
+impl<R, S> NKodeServer<CodeRegister, R, S>
+where
+    R: Repo,
+    S: Sessions
+{
+    pub fn new(server_setup: NKodeServerSetup) -> Self {
+        todo!()
+    }
+
+    pub async fn start(
+        &mut self,
+        email: &String,
+        message: &RegistrationRequest<NKodeCipherSuite>
+    ) -> Result<CodeRegisterSession, ProtocolError> {
+        todo!()
+    }
+
+    pub async fn finish(
+        &mut self,
+        session_id: &Uuid,
+        password_file: &PasswordFile) -> Result<NKodeServer<CodeLogin, R, S>, ProtocolError> {
+        todo!()
+    }
+}
+
+pub type CodeLoginSession = LoginSession;
+
+impl <R, S> NKodeServer<CodeLogin, R, S>
+where
+    R: Repo,
+    S: Sessions
+{
+   pub async fn start(
+       &mut self,
+       email: &String,
+       request_bytes:CredentialRequest<NKodeCipherSuite>
+   ) -> Result<CodeLoginSession, ProtocolError> {
+       todo!()
+   }
+
+    pub async fn finish(
+        &mut self,
+        session_id: &Uuid,
+        message:CredentialFinalization<NKodeCipherSuite>
+    ) -> Result<LoggedIn, ProtocolError> {
+        todo!()
+    }
+}
+
+pub struct LoggedIn {
+    session_key: Vec<u8>,
+    session_id: Uuid,
+}