diff --git a/rosenpass/benches/handshake.rs b/rosenpass/benches/handshake.rs index 6516a31..a47e9a6 100644 --- a/rosenpass/benches/handshake.rs +++ b/rosenpass/benches/handshake.rs @@ -1,7 +1,6 @@ use anyhow::Result; -use rosenpass::protocol::{ - CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, ProtocolVersion, SPk, SSk, SymKey, -}; +use rosenpass::protocol::basic_types::{MsgBuf, SPk, SSk, SymKey}; +use rosenpass::protocol::{CryptoServer, HandleMsgResult, PeerPtr, ProtocolVersion}; use std::ops::DerefMut; use rosenpass_cipher_traits::primitives::Kem; diff --git a/rosenpass/benches/trace_handshake.rs b/rosenpass/benches/trace_handshake.rs index 95a7bdb..b83c135 100644 --- a/rosenpass/benches/trace_handshake.rs +++ b/rosenpass/benches/trace_handshake.rs @@ -14,9 +14,8 @@ use rosenpass_ciphers::StaticKem; use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets; use rosenpass_util::trace_bench::RpEventType; -use rosenpass::protocol::{ - CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, ProtocolVersion, SPk, SSk, SymKey, -}; +use rosenpass::protocol::basic_types::{MsgBuf, SPk, SSk, SymKey}; +use rosenpass::protocol::{CryptoServer, HandleMsgResult, PeerPtr, ProtocolVersion}; const ITERATIONS: usize = 100; diff --git a/rosenpass/src/api/api_handler.rs b/rosenpass/src/api/api_handler.rs index c86d57c..dcd85cc 100644 --- a/rosenpass/src/api/api_handler.rs +++ b/rosenpass/src/api/api_handler.rs @@ -158,10 +158,10 @@ where ); // Actually read the secrets - let mut sk = crate::protocol::SSk::zero(); + let mut sk = crate::protocol::basic_types::SSk::zero(); sk_io.read_exact_til_end(sk.secret_mut()).einvalid_req()?; - let mut pk = crate::protocol::SPk::zero(); + let mut pk = crate::protocol::basic_types::SPk::zero(); pk_io.read_exact_til_end(pk.borrow_mut()).einvalid_req()?; // Retrieve the construction site diff --git a/rosenpass/src/app_server.rs b/rosenpass/src/app_server.rs index 55162ad..8d3fd0a 100644 --- a/rosenpass/src/app_server.rs +++ b/rosenpass/src/app_server.rs @@ -47,7 +47,8 @@ use crate::protocol::BuildCryptoServer; use crate::protocol::HostIdentification; use crate::{ config::Verbosity, - protocol::{timing::Timing, CryptoServer, MsgBuf, PeerPtr, SPk, SSk, SymKey}, + protocol::basic_types::{MsgBuf, SPk, SSk, SymKey}, + protocol::{timing::Timing, CryptoServer, PeerPtr}, }; use rosenpass_util::attempt; use rosenpass_util::b64::B64Display; diff --git a/rosenpass/src/cli.rs b/rosenpass/src/cli.rs index 4d80761..107ec9b 100644 --- a/rosenpass/src/cli.rs +++ b/rosenpass/src/cli.rs @@ -17,7 +17,7 @@ use std::path::PathBuf; use crate::app_server::AppServerTest; use crate::app_server::{AppServer, BrokerPeer}; -use crate::protocol::{SPk, SSk, SymKey}; +use crate::protocol::basic_types::{SPk, SSk, SymKey}; use super::config; @@ -607,8 +607,8 @@ impl CliArgs { /// generate secret and public keys, store in files according to the paths passed as arguments pub fn generate_and_save_keypair(secret_key: PathBuf, public_key: PathBuf) -> anyhow::Result<()> { - let mut ssk = crate::protocol::SSk::random(); - let mut spk = crate::protocol::SPk::random(); + let mut ssk = crate::protocol::basic_types::SSk::random(); + let mut spk = crate::protocol::basic_types::SPk::random(); StaticKem.keygen(ssk.secret_mut(), spk.deref_mut())?; ssk.store_secret(secret_key)?; spk.store(public_key) diff --git a/rosenpass/src/config.rs b/rosenpass/src/config.rs index 5dc925c..330ccea 100644 --- a/rosenpass/src/config.rs +++ b/rosenpass/src/config.rs @@ -7,7 +7,7 @@ //! - TODO: support `~` in //! - TODO: provide tooling to create config file from shell -use crate::protocol::{SPk, SSk}; +use crate::protocol::basic_types::{SPk, SSk}; use rosenpass_util::file::LoadValue; use std::{ collections::HashSet, diff --git a/rosenpass/src/protocol/basic_types.rs b/rosenpass/src/protocol/basic_types.rs new file mode 100644 index 0000000..a810d6f --- /dev/null +++ b/rosenpass/src/protocol/basic_types.rs @@ -0,0 +1,38 @@ +//! Key types and other fundamental types used in the Rosenpass protocol + +use rosenpass_cipher_traits::primitives::{Aead, Kem}; +use rosenpass_ciphers::{EphemeralKem, StaticKem, XAead, KEY_LEN}; +use rosenpass_secret_memory::{Public, PublicBox, Secret}; + +use crate::msgs::{BISCUIT_ID_LEN, MAX_MESSAGE_LEN, SESSION_ID_LEN}; + +/// Static public key +/// +/// Using [PublicBox] instead of [Public] because Classic McEliece keys are very large. +pub type SPk = PublicBox<{ StaticKem::PK_LEN }>; +/// Static secret key +pub type SSk = Secret<{ StaticKem::SK_LEN }>; +/// Ephemeral public key +pub type EPk = Public<{ EphemeralKem::PK_LEN }>; +pub type ESk = Secret<{ EphemeralKem::SK_LEN }>; + +/// Symmetric key +pub type SymKey = Secret; +/// Symmetric hash +pub type SymHash = Public; + +/// Peer ID (derived from the public key, see the hash derivations in the [whitepaper](https://rosenpass.eu/whitepaper.pdf)) +pub type PeerId = Public; +/// Session ID +pub type SessionId = Public; +/// Biscuit ID +pub type BiscuitId = Public; + +/// Nonce for use with random-nonce AEAD +pub type XAEADNonce = Public<{ XAead::NONCE_LEN }>; + +/// Buffer capably of holding any Rosenpass protocol message +pub type MsgBuf = Public; + +/// Server-local peer number; this is just the index in [super::CryptoServer::peers] +pub type PeerNo = usize; diff --git a/rosenpass/src/protocol/build_crypto_server.rs b/rosenpass/src/protocol/build_crypto_server.rs index f372e4e..f3ded3d 100644 --- a/rosenpass/src/protocol/build_crypto_server.rs +++ b/rosenpass/src/protocol/build_crypto_server.rs @@ -1,4 +1,5 @@ -use super::{CryptoServer, PeerPtr, SPk, SSk, SymKey}; +use super::basic_types::{SPk, SSk, SymKey}; +use super::{CryptoServer, PeerPtr}; use crate::config::ProtocolVersion; use rosenpass_util::{ build::Build, @@ -47,7 +48,8 @@ impl Keypair { /// # Example /// /// ```rust - /// use rosenpass::protocol::{Keypair, SSk, SPk}; + /// use rosenpass::protocol::basic_types::{SSk, SPk}; + /// use rosenpass::protocol::Keypair; /// /// // We have to define the security policy before using Secrets. /// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets; @@ -66,12 +68,13 @@ impl Keypair { /// Creates a new "empty" key pair. All bytes are initialized to zero. /// - /// See [SSk:zero()][crate::protocol::SSk::zero] and [SPk:zero()][crate::protocol::SPk::zero], respectively. + /// See [SSk:zero()][SSk::zero] and [SPk:zero()][SPk::zero], respectively. /// /// # Example /// /// ```rust - /// use rosenpass::protocol::{Keypair, SSk, SPk}; + /// use rosenpass::protocol::basic_types::{SSk, SPk}; + /// use rosenpass::protocol::Keypair; /// /// // We have to define the security policy before using Secrets. /// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets; @@ -90,7 +93,7 @@ impl Keypair { /// Creates a new (securely-)random key pair. The mechanism is described in [rosenpass_secret_memory::Secret]. /// - /// See [SSk:random()][crate::protocol::SSk::random] and [SPk:random()][crate::protocol::SPk::random], respectively. + /// See [SSk:random()][SSk::random] and [SPk:random()][SPk::random], respectively. pub fn random() -> Self { Self::new(SSk::random(), SPk::random()) } @@ -127,7 +130,7 @@ pub struct MissingKeypair; /// /// There are multiple ways of creating a crypto server: /// -/// 1. Provide the key pair at initialization time (using [CryptoServer::new][crate::protocol::CryptoServer::new]) +/// 1. Provide the key pair at initialization time (using [CryptoServer::new][CryptoServer::new]) /// 2. Provide the key pair at a later time (using [BuildCryptoServer::empty]) /// /// With BuildCryptoServer, you can gradually configure parameters as they become available. @@ -145,7 +148,8 @@ pub struct MissingKeypair; /// /// ```rust /// use rosenpass_util::build::Build; -/// use rosenpass::protocol::{BuildCryptoServer, Keypair, PeerParams, SPk, SymKey}; +/// use rosenpass::protocol::basic_types::{SPk, SymKey}; +/// use rosenpass::protocol::{BuildCryptoServer, Keypair, PeerParams}; /// use rosenpass::config::ProtocolVersion; /// /// // We have to define the security policy before using Secrets. @@ -205,13 +209,13 @@ impl Build for BuildCryptoServer { } #[derive(Debug)] -/// Cryptographic key(s) identifying the connected [peer][crate::protocol::Peer] ("client") +/// Cryptographic key(s) identifying the connected [peer][super::Peer] ("client") /// for a given session that is being managed by the crypto server. /// -/// Each peer must be identified by a [public key (SPk)][crate::protocol::SPk]. -/// Optionally, a [symmetric key (SymKey)][crate::protocol::SymKey] +/// Each peer must be identified by a [public key (SPk)][SPk]. +/// Optionally, a [symmetric key (SymKey)][SymKey] /// can be provided when setting up the connection. -/// For more information on the intended usage and security considerations, see [Peer::psk][crate::protocol::Peer::psk] and [Peer::spkt][crate::protocol::Peer::spkt]. +/// For more information on the intended usage and security considerations, see [Peer::psk][super::Peer::psk] and [Peer::spkt][super::Peer::spkt]. pub struct PeerParams { /// Pre-shared (symmetric) encryption keys that should be used with this peer. pub psk: Option, @@ -322,7 +326,8 @@ impl BuildCryptoServer { /// secret_policy_use_only_malloc_secrets(); /// /// use rosenpass_util::build::Build; - /// use rosenpass::protocol::{BuildCryptoServer, Keypair, SymKey, SPk}; + /// use rosenpass::protocol::basic_types::{SymKey, SPk}; + /// use rosenpass::protocol::{BuildCryptoServer, Keypair}; /// /// // Deferred initialization: Create builder first, add some peers later /// let keypair_option = Some(Keypair::random()); @@ -388,7 +393,8 @@ impl BuildCryptoServer { /// secret_policy_use_only_malloc_secrets(); /// /// use rosenpass_util::build::Build; - /// use rosenpass::protocol::{BuildCryptoServer, Keypair, SymKey, SPk}; + /// use rosenpass::protocol::basic_types::{SymKey, SPk}; + /// use rosenpass::protocol::{BuildCryptoServer, Keypair}; /// /// let keypair = Keypair::random(); /// let peer_pk = SPk::random(); diff --git a/rosenpass/src/protocol/mod.rs b/rosenpass/src/protocol/mod.rs index b648903..de8f435 100644 --- a/rosenpass/src/protocol/mod.rs +++ b/rosenpass/src/protocol/mod.rs @@ -27,9 +27,8 @@ //! use rosenpass_secret_memory::policy::*; //! use rosenpass_cipher_traits::primitives::Kem; //! use rosenpass_ciphers::StaticKem; -//! use rosenpass::{ -//! protocol::{SSk, SPk, MsgBuf, PeerPtr, CryptoServer, SymKey}, -//! }; +//! use rosenpass::protocol::basic_types::{SSk, SPk, MsgBuf, SymKey}; +//! use rosenpass::protocol::{PeerPtr, CryptoServer}; //! # fn main() -> anyhow::Result<()> { //! // Set security policy for storing secrets //! @@ -78,6 +77,7 @@ mod build_crypto_server; pub use build_crypto_server::*; +pub mod basic_types; pub mod constants; pub mod timing; diff --git a/rosenpass/src/protocol/protocol.rs b/rosenpass/src/protocol/protocol.rs index c95ff0c..9c367f0 100644 --- a/rosenpass/src/protocol/protocol.rs +++ b/rosenpass/src/protocol/protocol.rs @@ -24,7 +24,7 @@ use rosenpass_cipher_traits::primitives::{ use rosenpass_ciphers::hash_domain::{SecretHashDomain, SecretHashDomainNamespace}; use rosenpass_ciphers::{Aead, EphemeralKem, KeyedHash, StaticKem, XAead, KEY_LEN}; use rosenpass_constant_time as constant_time; -use rosenpass_secret_memory::{Public, PublicBox, Secret}; +use rosenpass_secret_memory::{Public, Secret}; use rosenpass_to::{ops::copy_slice, To}; use rosenpass_util::{ cat, @@ -35,6 +35,9 @@ use rosenpass_util::{ use crate::{hash_domains, msgs::*, RosenpassError}; +use super::basic_types::{ + BiscuitId, EPk, ESk, MsgBuf, PeerId, PeerNo, SPk, SSk, SessionId, SymKey, XAEADNonce, +}; use super::constants::{ BISCUIT_EPOCH, COOKIE_SECRET_EPOCH, COOKIE_SECRET_LEN, COOKIE_VALUE_LEN, PEER_COOKIE_VALUE_EPOCH, REJECT_AFTER_TIME, REKEY_AFTER_TIME_INITIATOR, @@ -47,38 +50,6 @@ use super::timing::{has_happened, Timing, BCE, UNENDING}; use rosenpass_util::trace_bench::Trace as _; // DATA STRUCTURES & BASIC TRAITS & ACCESSORS //// - -/// Static public key -/// -/// Using [PublicBox] instead of [Public] because Classic McEliece keys are very large. -pub type SPk = PublicBox<{ StaticKem::PK_LEN }>; -/// Static secret key -pub type SSk = Secret<{ StaticKem::SK_LEN }>; -/// Ephemeral public key -pub type EPk = Public<{ EphemeralKem::PK_LEN }>; -pub type ESk = Secret<{ EphemeralKem::SK_LEN }>; - -/// Symmetric key -pub type SymKey = Secret; -/// Symmetric hash -pub type SymHash = Public; - -/// Peer ID (derived from the public key, see the hash derivations in the [whitepaper](https://rosenpass.eu/whitepaper.pdf)) -pub type PeerId = Public; -/// Session ID -pub type SessionId = Public; -/// Biscuit ID -pub type BiscuitId = Public; - -/// Nonce for use with random-nonce AEAD -pub type XAEADNonce = Public<{ XAead::NONCE_LEN }>; - -/// Buffer capably of holding any Rosenpass protocol message -pub type MsgBuf = Public; - -/// Server-local peer number; this is just the index in [CryptoServer::peers] -pub type PeerNo = usize; - /// This is the implementation of our cryptographic protocol. /// /// The scope of this is: @@ -172,7 +143,7 @@ pub struct CryptoServer { /// /// ``` /// use rosenpass_util::time::Timebase; -/// use rosenpass::protocol::{timing::BCE, SymKey, CookieStore}; +/// use rosenpass::protocol::{timing::BCE, basic_types::SymKey, CookieStore}; /// /// rosenpass_secret_memory::secret_policy_try_use_memfd_secrets(); /// @@ -299,7 +270,8 @@ impl From for ProtocolVersion { /// /// ``` /// use std::ops::DerefMut; -/// use rosenpass::protocol::{SSk, SPk, SymKey, Peer, ProtocolVersion}; +/// use rosenpass::protocol::basic_types::{SSk, SPk, SymKey}; +/// use rosenpass::protocol::{Peer, ProtocolVersion}; /// use rosenpass_ciphers::StaticKem; /// use rosenpass_cipher_traits::primitives::Kem; /// @@ -387,7 +359,8 @@ impl Peer { /// This is dirty but allows us to perform easy incremental construction of [Self]. /// /// ``` - /// use rosenpass::protocol::{Peer, SymKey, SPk, ProtocolVersion}; + /// use rosenpass::protocol::basic_types::{SymKey, SPk}; + /// use rosenpass::protocol::{Peer, ProtocolVersion}; /// rosenpass_secret_memory::secret_policy_try_use_memfd_secrets(); /// let p = Peer::zero(ProtocolVersion::V03); /// assert_eq!(p.psk.secret(), SymKey::zero().secret()); @@ -735,7 +708,8 @@ pub trait Mortal { /// ``` /// use std::ops::DerefMut; /// use rosenpass_ciphers::StaticKem; -/// use rosenpass::protocol::{SSk, SPk, testutils::ServerForTesting, ProtocolVersion}; +/// use rosenpass::protocol::basic_types::{SSk, SPk}; +/// use rosenpass::protocol::{testutils::ServerForTesting, ProtocolVersion}; /// /// rosenpass_secret_memory::secret_policy_try_use_memfd_secrets(); /// @@ -1275,7 +1249,8 @@ impl CryptoServer { /// /// ``` /// use std::ops::DerefMut; - /// use rosenpass::protocol::{SSk, SPk, CryptoServer, ProtocolVersion}; + /// use rosenpass::protocol::basic_types::{SSk, SPk}; + /// use rosenpass::protocol::{CryptoServer, ProtocolVersion}; /// use rosenpass_ciphers::StaticKem; /// use rosenpass_cipher_traits::primitives::Kem; /// @@ -1339,7 +1314,8 @@ impl CryptoServer { /// /// ``` /// use std::ops::DerefMut; - /// use rosenpass::protocol::{SSk, SPk, SymKey, CryptoServer, ProtocolVersion}; + /// use rosenpass::protocol::basic_types::{SSk, SPk, SymKey}; + /// use rosenpass::protocol::{CryptoServer, ProtocolVersion}; /// use rosenpass_ciphers::StaticKem; /// use rosenpass_cipher_traits::primitives::Kem; /// diff --git a/rosenpass/tests/api-integration-tests-api-setup.rs b/rosenpass/tests/api-integration-tests-api-setup.rs index c4f2d22..8313bb8 100644 --- a/rosenpass/tests/api-integration-tests-api-setup.rs +++ b/rosenpass/tests/api-integration-tests-api-setup.rs @@ -15,7 +15,7 @@ use rosenpass::api::{ supply_keypair_response_status, }; use rosenpass::config::ProtocolVersion; -use rosenpass::protocol::SymKey; +use rosenpass::protocol::basic_types::SymKey; use rosenpass_util::{ b64::B64Display, file::LoadValueB64, diff --git a/rosenpass/tests/api-integration-tests.rs b/rosenpass/tests/api-integration-tests.rs index de02832..b3b638d 100644 --- a/rosenpass/tests/api-integration-tests.rs +++ b/rosenpass/tests/api-integration-tests.rs @@ -17,7 +17,7 @@ use tempfile::TempDir; use zerocopy::AsBytes; use rosenpass::config::ProtocolVersion; -use rosenpass::protocol::SymKey; +use rosenpass::protocol::basic_types::SymKey; struct KillChild(std::process::Child); diff --git a/rosenpass/tests/app_server_example.rs b/rosenpass/tests/app_server_example.rs index 555b96c..d384b79 100644 --- a/rosenpass/tests/app_server_example.rs +++ b/rosenpass/tests/app_server_example.rs @@ -10,7 +10,7 @@ use std::{ use rosenpass::config::ProtocolVersion; use rosenpass::{ app_server::{AppServer, AppServerTest, MAX_B64_KEY_SIZE}, - protocol::{SPk, SSk, SymKey}, + protocol::basic_types::{SPk, SSk, SymKey}, }; use rosenpass_cipher_traits::primitives::Kem; use rosenpass_ciphers::StaticKem; diff --git a/rosenpass/tests/poll_example.rs b/rosenpass/tests/poll_example.rs index cabded0..43a4d86 100644 --- a/rosenpass/tests/poll_example.rs +++ b/rosenpass/tests/poll_example.rs @@ -10,10 +10,10 @@ use rosenpass_ciphers::StaticKem; use rosenpass_util::result::OkExt; use rosenpass::protocol::{ + basic_types::{MsgBuf, SPk, SSk, SymKey}, testutils::time_travel_forward, timing::{Timing, UNENDING}, - CryptoServer, HostIdentification, MsgBuf, PeerPtr, PollResult, ProtocolVersion, SPk, SSk, - SymKey, + CryptoServer, HostIdentification, PeerPtr, PollResult, ProtocolVersion, }; // TODO: Most of the utility functions in here should probably be moved to diff --git a/rp/src/exchange.rs b/rp/src/exchange.rs index bbbac0d..e1e7544 100644 --- a/rp/src/exchange.rs +++ b/rp/src/exchange.rs @@ -206,7 +206,7 @@ pub async fn exchange(options: ExchangeOptions) -> Result<()> { use rosenpass::{ app_server::{AppServer, BrokerPeer}, config::Verbosity, - protocol::{SPk, SSk, SymKey}, + protocol::basic_types::{SPk, SSk, SymKey}, }; use rosenpass_secret_memory::Secret; use rosenpass_util::file::{LoadValue as _, LoadValueB64}; diff --git a/rp/src/key.rs b/rp/src/key.rs index f8f7f3d..f6089e7 100644 --- a/rp/src/key.rs +++ b/rp/src/key.rs @@ -9,7 +9,7 @@ use anyhow::{anyhow, Result}; use rosenpass_util::file::{LoadValueB64, StoreValue, StoreValueB64}; use zeroize::Zeroize; -use rosenpass::protocol::{SPk, SSk}; +use rosenpass::protocol::basic_types::{SPk, SSk}; use rosenpass_cipher_traits::primitives::Kem; use rosenpass_ciphers::StaticKem; use rosenpass_secret_memory::{file::StoreSecret as _, Public, Secret}; @@ -118,7 +118,7 @@ pub fn pubkey(private_keys_dir: &Path, public_keys_dir: &Path) -> Result<()> { mod tests { use std::fs; - use rosenpass::protocol::{SPk, SSk}; + use rosenpass::protocol::basic_types::{SPk, SSk}; use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets; use rosenpass_secret_memory::Secret; use rosenpass_util::file::LoadValue;