Merge pull request #67 from MichielP1807/crypto-type-improvements

Crypto type improvements
openwallet-foundation-labs · Sep 4, 2024 · ff20159 · ff20159
2 parents 576b6a8 + 092767d
commit ff20159
Show file tree

Hide file tree

Showing 21 changed files with 379 additions and 181 deletions.
diff --git a/examples/Cargo.toml b/examples/Cargo.toml
@@ -8,6 +8,9 @@ homepage.workspace = true
 publish.workspace = true
 rust-version.workspace = true
 
+[features]
+nacl = ["tsp/nacl"]
+
 [[bin]]
 name = "create-did-web"
 path = "src/create-did-web.rs"

diff --git a/examples/cli-test-cross-type.sh b/examples/cli-test-cross-type.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+HPKE="./build-hpke"
+NACL="./build-nacl"
+
+HPKE_TSP="$HPKE/bin/tsp"
+NACL_TSP="$NACL/bin/tsp"
+
+# install two different versions of the TSP command line example tool
+cargo install --path . --bin tsp --root "$HPKE"
+cargo install --path . --bin tsp --features nacl --root "$NACL"
+
+randuser() {
+    head -c4 /dev/urandom | shasum | head -c8
+}
+
+echo "---- cleanup the database"
+rm -f marlon.sqlite marc.sqlite
+
+echo "---- create a new sender identity"
+$HPKE_TSP --database marlon create --alias marlon `randuser`
+
+echo "---- create a new receiver identity"
+$NACL_TSP --database marc create --alias marc `randuser`
+
+DID_MARC=$($NACL_TSP --database marc print marc)
+DID_MARLON=$($HPKE_TSP --database marlon print marlon)
+
+echo "---- verify the address of the receiver"
+$HPKE_TSP --database marlon verify --alias marc "$DID_MARC"
+
+echo "---- verify the address of the sender"
+$NACL_TSP --database marc verify --alias marlon "$DID_MARLON"
+
+echo "---- wait 2 seconds and then send a message to the receiver"
+sleep 2 && echo "Oh hi Marc" | $HPKE_TSP --database marlon send -s marlon -r marc &
+
+echo "---- receive the message"
+$NACL_TSP --database marc receive --one marc
+
+echo "---- wait 1 seconds and then send a message back"
+sleep 1 && echo "Oh hello Marlon" | $NACL_TSP --database marc send -s marc -r marlon &
+
+echo "---- receive the message"
+$HPKE_TSP --database marlon receive --one marlon
+
+echo "---- cleanup databases"
+rm -f marc.sqlite marlon.sqlite
+
+echo "---- cleanup install"
+rm -rf "$HPKE"
+rm -rf "$NACL"
diff --git a/examples/src/cli.rs b/examples/src/cli.rs
@@ -447,13 +447,23 @@ async fn run() -> Result<(), Error> {
                             message,
                             message_type,
                         } => {
-                            use tsp::definitions::MessageType;
-                            let status = match message_type {
-                                MessageType::Signed => "NON-CONFIDENTIAL",
-                                MessageType::SignedAndEncrypted => "confidential",
+                            let status = match message_type.crypto_type {
+                                tsp::cesr::CryptoType::Plaintext => "NON-CONFIDENTIAL",
+                                _ => "confidential",
+                            };
+                            let crypto_type = match message_type.crypto_type {
+                                tsp::cesr::CryptoType::Plaintext => "Plain text",
+                                tsp::cesr::CryptoType::HpkeAuth => "HPKE Auth",
+                                tsp::cesr::CryptoType::HpkeEssr => "HPKE ESSR",
+                                tsp::cesr::CryptoType::NaclAuth => "NaCl Auth",
+                                tsp::cesr::CryptoType::NaclEssr => "NaCl ESSR",
+                            };
+                            let signature_type = match message_type.signature_type {
+                                tsp::cesr::SignatureType::NoSignature => "no signature",
+                                tsp::cesr::SignatureType::Ed25519 => "Ed25519 signature",
                             };
                             info!(
-                                "received {status} message ({} bytes) from {}",
+                                "received {status} message ({} bytes) from {} ({crypto_type}, {signature_type})",
                                 message.len(),
                                 sender,
                             );

diff --git a/examples/src/server.rs b/examples/src/server.rs
@@ -596,7 +596,7 @@ async fn websocket(stream: WebSocket, state: Arc<AppState>) {
 
             // if the sender is verified, decrypt the message
             let result = if let Some(sender_vid) = incoming_senders_read.get(&sender_id) {
-                let Ok((_, payload)) =
+                let Ok((_, payload, _, _)) =
                     tsp::crypto::open(receiver_vid, sender_vid, &mut encrypted_message)
                 else {
                     continue;

diff --git a/tsp-javascript/src/lib.rs b/tsp-javascript/src/lib.rs
@@ -442,9 +442,19 @@ impl From<&tsp::ReceivedTspMessage> for ReceivedTspMessageVariant {
 
 #[wasm_bindgen]
 #[derive(Debug, Clone, Copy, Serialize, Deserialize)]
-pub enum MessageType {
-    Signed,
-    SignedAndEncrypted,
+pub enum CryptoType {
+    Plaintext = 0,
+    HpkeAuth = 1,
+    HpkeEssr = 2,
+    NaclAuth = 3,
+    NaclEssr = 4,
+}
+
+#[wasm_bindgen]
+#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
+pub enum SignatureType {
+    NoSignature = 0,
+    Ed25519 = 1,
 }
 
 #[wasm_bindgen(inspectable)]
@@ -454,7 +464,8 @@ pub struct FlatReceivedTspMessage {
     sender: Option<String>,
     nonconfidential_data: Option<Option<Vec<u8>>>,
     message: Option<Vec<u8>>,
-    pub message_type: Option<MessageType>,
+    pub crypto_type: Option<CryptoType>,
+    pub signature_type: Option<SignatureType>,
     route: Option<Option<Vec<Vec<u8>>>>,
     nested_vid: Option<Option<String>>,
     thread_id: Option<Vec<u8>>,
@@ -555,7 +566,8 @@ impl From<tsp::ReceivedTspMessage> for FlatReceivedTspMessage {
             sender: None,
             nonconfidential_data: None,
             message: None,
-            message_type: None,
+            crypto_type: None,
+            signature_type: None,
             route: None,
             nested_vid: None,
             thread_id: None,
@@ -577,11 +589,16 @@ impl From<tsp::ReceivedTspMessage> for FlatReceivedTspMessage {
                 this.sender = Some(sender);
                 this.nonconfidential_data = Some(nonconfidential_data);
                 this.message = Some(message);
-                this.message_type = match message_type {
-                    tsp::definitions::MessageType::Signed => Some(MessageType::Signed),
-                    tsp::definitions::MessageType::SignedAndEncrypted => {
-                        Some(MessageType::SignedAndEncrypted)
-                    }
+                this.crypto_type = match message_type.crypto_type {
+                    tsp::cesr::CryptoType::Plaintext => Some(CryptoType::Plaintext),
+                    tsp::cesr::CryptoType::HpkeAuth => Some(CryptoType::HpkeAuth),
+                    tsp::cesr::CryptoType::HpkeEssr => Some(CryptoType::HpkeEssr),
+                    tsp::cesr::CryptoType::NaclAuth => Some(CryptoType::NaclAuth),
+                    tsp::cesr::CryptoType::NaclEssr => Some(CryptoType::NaclEssr),
+                };
+                this.signature_type = match message_type.signature_type {
+                    tsp::cesr::SignatureType::NoSignature => Some(SignatureType::NoSignature),
+                    tsp::cesr::SignatureType::Ed25519 => Some(SignatureType::Ed25519),
                 };
             }
             tsp::ReceivedTspMessage::RequestRelationship {

diff --git a/tsp-node/test.js b/tsp-node/test.js
@@ -1,7 +1,7 @@
 const assert = require('assert');
 
 const tsp = require('./tsp');
-const { Store, OwnedVid, MessageType, GenericMessage, RequestRelationship, AcceptRelationship, CancelRelationship, ForwardRequest} = tsp;
+const { Store, OwnedVid, CryptoType, SignatureType, GenericMessage, RequestRelationship, AcceptRelationship, CancelRelationship, ForwardRequest} = tsp;
 
 function new_vid() {
     return OwnedVid.new_did_peer("tcp://127.0.0.1:1337");
@@ -29,11 +29,12 @@ describe('tsp node tests', function() {
         let received = store.open_message(sealed);
 
         if (received instanceof GenericMessage) {
-            const { sender, message: messageBytes, message_type } = received;
+            const { sender, message: messageBytes, crypto_type, signature_type } = received;
             assert.strictEqual(sender, alice_identifier, "Sender does not match Alice's identifier");
             let receivedMessage = String.fromCharCode.apply(null, messageBytes);
             assert.strictEqual(receivedMessage, message, "Received message does not match");
-            assert.strictEqual(message_type, MessageType.SignedAndEncrypted, "Message type does not match SignedAndEncrypted");
+            assert.notStrictEqual(crypto_type, CryptoType.Plaintext, "Crypto type should not be Plaintext");
+            assert.notStrictEqual(signature_type, SignatureType.NoSignature, "Signature type should not be NoSignature");
         } else {
             assert.fail(`Unexpected message type: ${received}`);
         }
@@ -205,11 +206,12 @@ describe('tsp node tests', function() {
 
                 // Check the final received message in d_store
                 if (received instanceof GenericMessage) {
-                    const { sender, nonconfidential_data: _, message: messageBytes, message_type } = received;
+                    const { sender, nonconfidential_data: _, message: messageBytes, crypto_type, signature_type } = received;
                     assert.strictEqual(sender, sneaky_a.identifier());
                     message = String.fromCharCode.apply(null, messageBytes);
                     assert.strictEqual(message, hello_world, "Received message does not match");
-                    assert.strictEqual(message_type, MessageType.SignedAndEncrypted, "Message type does not match SignedAndEncrypted");
+                    assert.notStrictEqual(crypto_type, CryptoType.Plaintext, "Crypto type should not be Plaintext");
+                    assert.notStrictEqual(signature_type, SignatureType.NoSignature, "Signature type should not be NoSignature");
                 } else {
                     assert.fail(`Unexpected message type in d_store: ${received.type}`);
                 }
@@ -279,14 +281,15 @@ describe('tsp node tests', function() {
 
                         // Pattern match for GenericMessage in received message
                         if (received_3 instanceof GenericMessage) {
-                            let { sender, nonconfidential_data, message: messageBytes, message_type } = received_3;
+                            let { sender, nonconfidential_data, message: messageBytes, crypto_type, signature_type } = received_3;
 
                             // Assertions for GenericMessage
                             assert.strictEqual(sender, nested_vid_1);
                             assert.strictEqual(nonconfidential_data, null);
                             message = String.fromCharCode.apply(null, messageBytes);
                             assert.strictEqual(message, hello_world, "Received message does not match");
-                            assert.strictEqual(message_type, MessageType.SignedAndEncrypted);
+                            assert.notStrictEqual(crypto_type, CryptoType.Plaintext, "Crypto type should not be Plaintext");
+                            assert.notStrictEqual(signature_type, SignatureType.NoSignature, "Signature type should not be NoSignature");
                         } else {
                             throw new Error("Unexpected message type");
                         }

diff --git a/tsp-node/tsp.js b/tsp-node/tsp.js
@@ -1,11 +1,19 @@
 const wasm = require('tsp-javascript');
 const { OwnedVid } = wasm;
 
-const MessageType = {
-    Signed: 0, 
-    SignedAndEncrypted: 1, 
+const CryptoType = {
+    Plaintext: 0,
+    HpkeAuth: 1,
+    HpkeEssr: 2,
+    NaclAuth: 3,
+    NaclEssr: 4,
 };
 
+const SignatureType = {
+    NoSignature: 0,
+    Ed25519: 1,
+}
+
 class Store {
     constructor() {
         this.inner = new wasm.Store();
@@ -169,7 +177,8 @@ class ForwardRequest extends ReceivedTspMessage {
 }
 
 module.exports = {
-    MessageType,
+    CryptoType,
+    SignatureType,
     Store,
     OwnedVid,
     ReceivedTspMessage,

diff --git a/tsp-python/src/lib.rs b/tsp-python/src/lib.rs
@@ -5,7 +5,8 @@ fn tsp_python(m: &Bound<'_, PyModule>) -> PyResult<()> {
     m.add_class::<Store>()?;
     m.add_class::<OwnedVid>()?;
 
-    m.add_class::<MessageType>()?;
+    m.add_class::<CryptoType>()?;
+    m.add_class::<SignatureType>()?;
     m.add_class::<ReceivedTspMessageVariant>()?;
     m.add_class::<FlatReceivedTspMessage>()?;
 
@@ -237,9 +238,19 @@ impl From<&tsp::ReceivedTspMessage> for ReceivedTspMessageVariant {
 
 #[pyclass]
 #[derive(Debug, Clone, Copy)]
-enum MessageType {
-    Signed,
-    SignedAndEncrypted,
+pub enum CryptoType {
+    Plaintext = 0,
+    HpkeAuth = 1,
+    HpkeEssr = 2,
+    NaclAuth = 3,
+    NaclEssr = 4,
+}
+
+#[pyclass]
+#[derive(Debug, Clone, Copy)]
+pub enum SignatureType {
+    NoSignature = 0,
+    Ed25519 = 1,
 }
 
 #[pyclass]
@@ -254,7 +265,9 @@ struct FlatReceivedTspMessage {
     #[pyo3(get, set)]
     message: Option<Vec<u8>>,
     #[pyo3(get, set)]
-    message_type: Option<MessageType>,
+    crypto_type: Option<CryptoType>,
+    #[pyo3(get, set)]
+    signature_type: Option<SignatureType>,
     #[pyo3(get, set)]
     route: Option<Option<Vec<Vec<u8>>>>,
     #[pyo3(get, set)]
@@ -291,7 +304,8 @@ impl From<tsp::ReceivedTspMessage> for FlatReceivedTspMessage {
             sender: None,
             nonconfidential_data: None,
             message: None,
-            message_type: None,
+            crypto_type: None,
+            signature_type: None,
             route: None,
             nested_vid: None,
             thread_id: None,
@@ -313,11 +327,16 @@ impl From<tsp::ReceivedTspMessage> for FlatReceivedTspMessage {
                 this.sender = Some(sender);
                 this.nonconfidential_data = Some(nonconfidential_data);
                 this.message = Some(message);
-                this.message_type = match message_type {
-                    tsp::definitions::MessageType::Signed => Some(MessageType::Signed),
-                    tsp::definitions::MessageType::SignedAndEncrypted => {
-                        Some(MessageType::SignedAndEncrypted)
-                    }
+                this.crypto_type = match message_type.crypto_type {
+                    tsp::cesr::CryptoType::Plaintext => Some(CryptoType::Plaintext),
+                    tsp::cesr::CryptoType::HpkeAuth => Some(CryptoType::HpkeAuth),
+                    tsp::cesr::CryptoType::HpkeEssr => Some(CryptoType::HpkeEssr),
+                    tsp::cesr::CryptoType::NaclAuth => Some(CryptoType::NaclAuth),
+                    tsp::cesr::CryptoType::NaclEssr => Some(CryptoType::NaclEssr),
+                };
+                this.signature_type = match message_type.signature_type {
+                    tsp::cesr::SignatureType::NoSignature => Some(SignatureType::NoSignature),
+                    tsp::cesr::SignatureType::Ed25519 => Some(SignatureType::Ed25519),
                 };
             }
             tsp::ReceivedTspMessage::RequestRelationship {

diff --git a/tsp-python/test.py b/tsp-python/test.py
@@ -23,10 +23,11 @@ def test_open_seal(self):
         received = self.store.open_message(sealed)
 
         match received:
-            case GenericMessage(sender, _, received_message, message_type):
+            case GenericMessage(sender, _, received_message, crypto_type, signature_type):
                 self.assertEqual(sender, self.alice.identifier())
                 self.assertEqual(received_message, message)
-                self.assertEqual(message_type, MessageType.SignedAndEncrypted)
+                self.assertNotEqual(crypto_type, CryptoType.Plaintext)
+                self.assertNotEqual(signature_type, SignatureType.NoSignature)
 
             case other:
                 self.fail(f"unexpected message type {other}")
@@ -182,11 +183,12 @@ def test_routed(self):
         received = d_store.open_message(sealed)
 
         match received:
-            case GenericMessage(sender, nonconfidential_data, message, message_type):
+            case GenericMessage(sender, nonconfidential_data, message, crypto_type, signature_type):
                 self.assertEqual(sender, sneaky_a.identifier())
                 self.assertEqual(nonconfidential_data, None)
                 self.assertEqual(message, hello_world)
-                self.assertEqual(message_type, MessageType.SignedAndEncrypted)
+                self.assertNotEqual(crypto_type, CryptoType.Plaintext)
+                self.assertNotEqual(signature_type, SignatureType.NoSignature)
 
             case other:
                 self.fail(f"unexpected message type {other}")
@@ -254,10 +256,11 @@ def test_nested_automatic(self):
         received = b_store.open_message(sealed)
 
         match received:
-            case GenericMessage(sender, _, received_message, message_type):
+            case GenericMessage(sender, _, received_message, crypto_type, signature_type):
                 self.assertEqual(sender, nested_a.identifier())
                 self.assertEqual(received_message, hello_world)
-                self.assertEqual(message_type, MessageType.SignedAndEncrypted)
+                self.assertNotEqual(crypto_type, CryptoType.Plaintext)
+                self.assertNotEqual(signature_type, SignatureType.NoSignature)
 
             case other:
                 self.fail(f"unexpected message type {other}")