nkode-protocol/src/shared/models/opaque.rs

use opaque_ke::{Ristretto255, TripleDh, ServerSetup, CredentialResponse, RegistrationUploadLen, RegistrationResponse};
use opaque_ke::keypair::{OprfSeed, PrivateKey};
use sha2::Sha512;
use opaque_ke::CipherSuite;
use opaque_ke::argon2::Argon2;
use opaque_ke::generic_array::GenericArray;
use uuid::Uuid;
use nkode_rs::nkode_core::chacha20prng::SecretKey;
use zeroize::Zeroizing;
use nkode_rs::from_bytes::FromBytes;

const USER_KEY_SIZE: usize = 16;

#[derive(Clone, Eq, PartialEq)]
pub struct UserSecretKey(Zeroizing<[u8; USER_KEY_SIZE]>);

impl UserSecretKey {
    pub fn chacha20_secret_key(&self) -> SecretKey {
        let out = blake3::derive_key("your-app chacha20 secret key v1", &self.0.as_slice());
        SecretKey::from_bytes(&out).unwrap()
    }

    pub fn as_slice(&self) -> &[u8] {
        self.0.as_slice()
    }
}

impl FromBytes<USER_KEY_SIZE> for UserSecretKey {
    fn from_array(arr: [u8; USER_KEY_SIZE]) -> Self {
        Self(Zeroizing::new(arr))
    }
}

const OPAQUE_SESSION_KEY_SIZE: usize = 64;

#[derive(Debug, Clone)]
pub struct OpaqueSessionKey(Zeroizing<[u8; OPAQUE_SESSION_KEY_SIZE]>);

impl FromBytes<OPAQUE_SESSION_KEY_SIZE> for OpaqueSessionKey {
    fn from_array(arr: [u8; OPAQUE_SESSION_KEY_SIZE]) -> Self {
        Self(Zeroizing::new(arr))
    }
}

pub struct NKodeCipherSuite;

impl CipherSuite for NKodeCipherSuite {
    type OprfCs = Ristretto255;
    type KeyExchange = TripleDh<Ristretto255, Sha512>;
    type Ksf = Argon2<'static>;
}

pub type NKodeServerSetup = ServerSetup<NKodeCipherSuite, PrivateKey<Ristretto255>, OprfSeed<Sha512>>;


pub type PasswordFile = GenericArray<u8, RegistrationUploadLen<NKodeCipherSuite>>;

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct OpaqueLoginSession {
    pub response: CredentialResponse<NKodeCipherSuite>,
    pub session_id: Uuid
}

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct OpaqueRegisterSession {
    pub response: RegistrationResponse<NKodeCipherSuite>,
    pub session_id: Uuid
}