From eaf4cee4ee3be3feb2051209df8b72be837a5a5b Mon Sep 17 00:00:00 2001 From: c0repwn3r Date: Wed, 29 Mar 2023 13:13:50 -0400 Subject: [PATCH] port crypto.go --- Cargo.lock | 1 + dnapi-rs/Cargo.toml | 3 ++- dnapi-rs/src/crypto.rs | 41 +++++++++++++++++++++++++++++++++++++++++ dnapi-rs/src/lib.rs | 3 ++- 4 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 dnapi-rs/src/crypto.rs diff --git a/Cargo.lock b/Cargo.lock index 4bcaaa2..22d5dcf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -626,6 +626,7 @@ dependencies = [ "base64 0.21.0", "base64-serde", "log", + "rand", "reqwest", "serde", "serde_json", diff --git a/dnapi-rs/Cargo.toml b/dnapi-rs/Cargo.toml index 8f4b645..87b08d6 100644 --- a/dnapi-rs/Cargo.toml +++ b/dnapi-rs/Cargo.toml @@ -19,4 +19,5 @@ reqwest = { version = "0.11.16", features = ["blocking", "json"] } url = "2.3.1" base64 = "0.21.0" serde_json = "1.0.95" -trifid-pki = { version = "0.1.6", path = "../trifid-pki" } \ No newline at end of file +trifid-pki = { version = "0.1.6", path = "../trifid-pki" } +rand = "0.8.5" \ No newline at end of file diff --git a/dnapi-rs/src/crypto.rs b/dnapi-rs/src/crypto.rs new file mode 100644 index 0000000..c05e814 --- /dev/null +++ b/dnapi-rs/src/crypto.rs @@ -0,0 +1,41 @@ +//! Functions for generating keys and nonces for use in API calls + +use rand::Rng; +use rand::rngs::OsRng; +use trifid_pki::cert::{serialize_x25519_private, serialize_x25519_public}; +use trifid_pki::ed25519_dalek::{SigningKey, VerifyingKey}; +use trifid_pki::x25519_dalek::{PublicKey, StaticSecret}; + +/// Generate a new random set of Nebula (Diffie-Hellman) and Ed25519 (API calls) keys for use in your client +pub fn new_keys() -> (Vec, Vec, VerifyingKey, SigningKey) { + let (dh_pub, dh_priv) = new_nebula_keypair(); + let (ed_pub, ed_priv) = new_ed25519_keypair(); + (dh_pub, dh_priv, ed_pub, ed_priv) +} + +/// Generate a new PEM-encoded Nebula keypair +pub fn new_nebula_keypair() -> (Vec, Vec) { + let (pub_key, priv_key) = new_x25519_keypair(); + let pub_key_encoded = serialize_x25519_public(&pub_key); + let priv_key_encoded = serialize_x25519_private(&priv_key); + (pub_key_encoded, priv_key_encoded) +} + +/// Generate a new 32-byte X25519 keypair +pub fn new_x25519_keypair() -> ([u8; 32], [u8; 32]) { + let priv_key = StaticSecret::new(&mut OsRng); + let pub_key = PublicKey::from(&priv_key); + (pub_key.to_bytes(), priv_key.to_bytes()) +} + +/// Generate a new random Ed25519 signing keypair for signing API calls +pub fn new_ed25519_keypair() -> (VerifyingKey, SigningKey) { + let secret = SigningKey::generate(&mut OsRng); + let public = secret.verifying_key(); + (public, secret) +} + +/// Generates a 16-byte random nonce for use in API calls +pub fn nonce() -> [u8; 16] { + rand::thread_rng().gen() +} \ No newline at end of file diff --git a/dnapi-rs/src/lib.rs b/dnapi-rs/src/lib.rs index 3cc1117..8603e30 100644 --- a/dnapi-rs/src/lib.rs +++ b/dnapi-rs/src/lib.rs @@ -17,4 +17,5 @@ pub mod message; pub mod client; -pub mod credentials; \ No newline at end of file +pub mod credentials; +pub mod crypto; \ No newline at end of file