Merge pull request #8 from andrewwhitehead/more-keys

Merge 0.2 changes

.github/workflows/build.yml

@@ -39,6 +39,7 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: check
+          args: --workspace
 
       - name: Cargo fmt
         uses: actions-rs/cargo@v1
@@ -56,6 +57,7 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: test
+          args: --workspace
 
   build-manylinux:
     name: Build Library

Cargo.toml

@@ -1,10 +1,13 @@
+[workspace]
+members = ["askar-crypto"]
+
 [package]
 name = "aries-askar"
-version = "0.1.3"
+version = "0.2.0-pre.2"
 authors = ["Hyperledger Aries Contributors <[email protected]>"]
 edition = "2018"
 description = "Hyperledger Aries Askar secure storage"
-license = "MIT/Apache-2.0"
+license = "MIT OR Apache-2.0"
 readme = "README.md"
 repository = "https://github.com/hyperledger/aries-askar/"
 categories = ["cryptography", "database"]
@@ -16,75 +19,62 @@ path = "src/lib.rs"
 crate-type = ["staticlib", "rlib", "cdylib"]
 
 [package.metadata.docs.rs]
-features = ["all"]
+features = ["all_backends"]
 no-default-features = true
 rustdoc-args = ["--cfg", "docsrs"]
 
 [features]
-default = ["all", "ffi", "logger"]
-all = ["any", "postgres", "sqlite"]
+default = ["all_backends", "ffi", "logger"]
+all_backends = ["any", "postgres", "sqlite"]
 any = []
 ffi = ["any", "ffi-support", "logger"]
-indy_compat = ["sqlx", "sqlx/sqlite"]
 jemalloc = ["jemallocator"]
 logger = ["env_logger", "log"]
 postgres = ["sqlx", "sqlx/postgres", "sqlx/tls"]
 sqlite = ["num_cpus", "sqlx", "sqlx/sqlite"]
 pg_test = ["postgres"]
 
+[dev-dependencies]
+hex-literal = "0.3"
+
 [dependencies]
-aead = "0.3"
-async-global-executor = { version = "1.4", features = ["async-io"] }
+askar-crypto = { version = "0.2.0-pre.2", path = "./askar-crypto", features = ["argon2", "std"] }
 async-mutex = "1.4"
 async-stream = "0.3"
-async-std = "1.7"  # temporary addition to encourage common dependencies with sqlx
-blocking = "1.0"
-chacha20poly1305 = { version = "0.7", default-features = false, features = ["alloc", "chacha20"] }
+bs58 = "0.4"
 chrono = "0.4"
+digest = "0.9"
 env_logger = { version = "0.7", optional = true }
 ffi-support = { version = "0.4", optional = true }
 futures-lite = "1.7"
 hex = "0.4"
 hmac = "0.10"
+indy-wql = "0.4"
 itertools = "0.9"
 jemallocator = { version = "0.3", optional = true }
 log = { version = "0.4", optional = true }
 num_cpus = { version = "1.0", optional = true }
 once_cell = "1.5"
 percent-encoding = "2.0"
-rand = "0.7"
-rmp-serde = "0.14"
-rust-argon2 = "0.8"
 serde = { version = "1.0", features = ["derive"] }
 serde_bytes = "0.11"
+serde_cbor = "0.11"
 serde_json = "1.0"
 sha2 = "0.9"
+tokio = { version = "1.5", features = ["time"] }
 url = { version = "2.1", default-features = false }
 uuid = { version = "0.8", features = ["v4"] }
-zeroize = { version = "1.1.0", features = ["zeroize_derive"] }
-
-[dependencies.indy-utils]
-version = "=0.3.9"
-default-features = false
-features = ["ed25519", "pack", "serde_support", "wql"]
+zeroize = "1.1"
 
 [dependencies.sqlx]
-version = "0.5.1"
+version = "=0.5.1"
 default-features = false
-features = ["chrono", "runtime-async-std-rustls"]
+features = ["chrono", "runtime-tokio-rustls"]
 optional = true
 
-# [target.'cfg(target_os = "macos")'.dependencies]
-# keychain-services = { path = "../keychain-services.rs" }
-# keychain-services = { git = "https://github.com/iqlusioninc/keychain-services.rs", rev = "7410fb8baf4ecdf04cdcd7d06d02658f4f158d77" }
-
 [profile.release]
 lto = true
 codegen-units = 1
 
 [[test]]
 name = "backends"
-
-[[test]]
-name = "faber"
-required-features = ["indy_compat"]

README.md

@@ -1,10 +1,15 @@
 # aries-askar
 
-Aries-Askar, secure storage designed for Hyperledger Aries agents.
+[![Unit Tests](https://github.com/hyperledger/aries-askar/workflows/Aries-Askar/badge.svg)](https://github.com/hyperledger/aries-askar/actions)
+[![Rust Crate](https://img.shields.io/crates/v/aries-askar.svg)](https://crates.io/crates/aries-askar)
+[![Rust Documentation](https://docs.rs/aries-askar/badge.svg)](https://docs.rs/aries-askar)
+[![Python Package](https://img.shields.io/pypi/v/aries_askar)](https://pypi.org/project/aries-askar/)
+
+Secure storage and cryptographic support designed for Hyperledger Aries agents.
 
 ## Credit
 
-The initial implementation of `aries-askar` was developed by the Verifiable Organizations Network (VON) team based at the Province of British Columbia. The database structure derives largely from the wallet design within [Hyperledger Indy-SDK](https://github.com/hyperledger/indy-sdk). To learn more about VON and what's happening with decentralized identity in British Columbia, please go to [https://vonx.io](https://vonx.io).
+The initial implementation of `aries-askar` was developed by the Verifiable Organizations Network (VON) team based at the Province of British Columbia, and inspired by the wallet design within [Hyperledger Indy-SDK](https://github.com/hyperledger/indy-sdk). To learn more about VON and what's happening with decentralized identity in British Columbia, please go to [https://vonx.io](https://vonx.io).
 
 ## Contributing
 

askar-crypto/Cargo.toml

@@ -0,0 +1,70 @@
+[package]
+name = "askar-crypto"
+version = "0.2.0-pre.2"
+authors = ["Hyperledger Aries Contributors <[email protected]>"]
+edition = "2018"
+description = "Hyperledger Aries Askar cryptography"
+license = "MIT OR Apache-2.0"
+readme = "README.md"
+repository = "https://github.com/hyperledger/aries-askar/"
+categories = ["cryptography", "no-std"]
+keywords = ["hyperledger", "aries", "didcomm", "ssi"]
+
+[package.metadata.docs.rs]
+features = ["argon2", "std"]
+rustdoc-args = ["--cfg", "docsrs"]
+
+[features]
+default = ["alloc", "any_key", "all_keys", "crypto_box"]
+alloc = []
+std = ["alloc"]
+all_keys = ["aes", "bls", "chacha", "ec_curves", "ed25519"]
+any_key = ["alloc"]
+aes = ["aes-core", "aes-gcm", "block-modes", "hmac"]
+bls = ["bls12_381", "hkdf"]
+chacha = ["chacha20poly1305"]
+crypto_box = ["alloc", "crypto_box_rs", "ed25519"]
+ec_curves = ["k256", "p256"]
+ed25519 = ["curve25519-dalek", "ed25519-dalek", "x25519-dalek"]
+
+[dev-dependencies]
+base64 = { version = "0.13", default-features = false, features = ["alloc"] }
+criterion = "0.3"
+hex-literal = "0.3"
+serde_cbor = "0.11"
+
+[[bench]]
+name = "enc"
+harness = false
+
+[[bench]]
+name = "kdf"
+harness = false
+
+[dependencies]
+aead = "0.3"
+aes-core = { package = "aes", version = "0.6", default-features = false, optional = true }
+aes-gcm = { version = "0.8", default-features = false, features = ["aes"], optional = true }
+argon2 = { version = "0.1", default-features = false, features = ["password-hash"], optional = true }
+base64 = { version = "0.13", default-features = false }
+blake2 = { version = "0.9", default-features = false }
+block-modes = { version = "0.7", default-features = false, optional = true }
+bls12_381 = { version = "0.4", default-features = false, features = ["groups"], optional = true }
+chacha20 = { version = "0.6" }  # should match chacha20poly1305
+chacha20poly1305 = { version = "0.7", default-features = false, features = ["chacha20", "xchacha20poly1305"], optional = true }
+crypto_box_rs = { package = "crypto_box", version = "0.5", default-features = false, features = ["u64_backend"], optional = true }
+curve25519-dalek = { version = "3.1", default-features = false, features = ["u64_backend"], optional = true }
+ed25519-dalek = { version = "1.0", default-features = false, features = ["u64_backend"], optional = true }
+digest = "0.9"
+group = "0.9"
+hkdf = { version = "0.11", optional = true }
+hmac = { version = "0.11", optional = true }
+k256 = { version = "0.8", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "sha256", "zeroize"], optional = true }
+p256 = { version = "0.8", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "zeroize"], optional = true }
+rand = { version = "0.8", default-features = false, features = ["getrandom"] }
+serde = { version = "1.0", default-features = false, features = ["derive"] }
+serde_json = { version = "1.0", default-features = false }
+subtle = "2.4"
+sha2 = { version = "0.9", default-features = false }
+x25519-dalek = { version = "1.1", default-features = false, features = ["u64_backend"], optional = true }
+zeroize = { version = "1.1.0", features = ["zeroize_derive"] }

askar-crypto/README.md

@@ -0,0 +1,31 @@
+# askar-crypto
+
+[![Rust Crate](https://img.shields.io/crates/v/askar-crypto.svg)](https://crates.io/crates/askar-crypto)
+[![Rust Documentation](https://docs.rs/askar-crypto/badge.svg)](https://docs.rs/askar-crypto)
+
+The `askar-crypto` crate provides the basic key representations and cryptographic operations used by [`aries-askar`](https://github.com/hyperledger/aries-askar).
+
+## Supported Key Types
+
+| Key Type             | Feature   | Operations                                                                                                                     | Notes                           |
+| -------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- |
+| AES-GCM              | `aes`     | AEAD encryption<br>JWK export                                                                                                  | A128GCM and A256GCM             |
+| AES-CBC-HMAC-SHA2    | `aes`     | AEAD encryption<br>JWK export                                                                                                  | A128CBC-HS256 and A256CBC-HS512 |
+| (X)ChaCha20-Poly1305 | `chacha`  | AEAD encryption<br>JWK export                                                                                                  | aka C20P, XC20P                 |
+| BLS12-381            | `bls`     | [`bls-signature`](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04)-compatible key generation<br>JWK import/export | G1, G2, and G1G2 key types      |
+| Ed25519              | `ed25519` | EdDSA signatures<br>JWK import/export                                                                                          |                                 |
+| X25519               | `ed25519` | DH key exchange<br>JWK import/export                                                                                           |                                 |
+| K-256                | `k256`    | ECDSA signatures<br>DH key exchange<br>JWK import/export                                                                       | aka secp256k1                   |
+| P-256                | `p256`    | ECDSA signatures<br>DH key exchange<br>JWK import/export                                                                       | aka nist256p1, secp256r1        |
+
+## 'Any' Key support
+
+The `any_key` feature (which depends on `alloc`) provides a generic interface for creating and working with any supported key type.
+
+## JOSE Authenticated Encryption
+
+This crate provides implementations of the [ECDH-ES](https://tools.ietf.org/html/rfc7518#section-4.6) and [ECDH-1PU (draft 4)](https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-04) key agreement operations, for use in deriving the CEK or key wrapping key when producing or consuming JWE envelopes using these protection algorithms.
+
+## no-std
+
+This crate supports the optional `alloc` feature, gating types and operations that depend on a global allocator. The `std` feature depends on `alloc`, and adds support for `std::error::Error`.

askar-crypto/benches/enc.rs

@@ -0,0 +1,66 @@
+#[macro_use]
+extern crate criterion;
+
+#[macro_use]
+extern crate hex_literal;
+
+use askar_crypto::{
+    alg::{
+        chacha20::{Chacha20Key, C20P},
+        AnyKey, AnyKeyCreate, Chacha20Types, KeyAlg,
+    },
+    buffer::{SecretBytes, WriteBuffer, Writer},
+    encrypt::{KeyAeadInPlace, KeyAeadMeta},
+    random::fill_random,
+    repr::KeySecretBytes,
+};
+
+use criterion::{black_box, Criterion};
+
+fn criterion_benchmark(c: &mut Criterion) {
+    {
+        let message = b"test message for encrypting";
+
+        let key = &hex!("451b5b8e8725321541954997781de51f4142e4a56bab68d24f6a6b92615de5ee");
+
+        c.bench_function(&format!("chacha20-poly1305 encrypt"), move |b| {
+            b.iter(|| {
+                let key = Chacha20Key::<C20P>::from_secret_bytes(&key[..]).unwrap();
+                let mut buffer = [0u8; 255];
+                buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
+                let nonce = Chacha20Key::<C20P>::random_nonce();
+                let mut writer = Writer::from_slice_position(&mut buffer, message.len());
+                key.encrypt_in_place(&mut writer, &nonce, &[]).unwrap();
+            })
+        });
+        c.bench_function(&format!("chacha20-poly1305 encrypt alloc"), move |b| {
+            b.iter(|| {
+                let key = Chacha20Key::<C20P>::from_secret_bytes(&key[..]).unwrap();
+                let mut buffer = SecretBytes::with_capacity(255);
+                buffer.buffer_write(black_box(&message[..])).unwrap();
+                let nonce = Chacha20Key::<C20P>::random_nonce();
+                key.encrypt_in_place(&mut buffer, &nonce, &[]).unwrap();
+            })
+        });
+        c.bench_function(&format!("chacha20-poly1305 encrypt as any"), move |b| {
+            b.iter(|| {
+                let key = Box::<AnyKey>::from_secret_bytes(
+                    KeyAlg::Chacha20(Chacha20Types::C20P),
+                    &key[..],
+                )
+                .unwrap();
+                let mut buffer = [0u8; 255];
+                buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
+                let mut nonce = [0u8; 255];
+                let nonce_len = key.aead_params().nonce_length;
+                fill_random(&mut nonce[..nonce_len]);
+                let mut writer = Writer::from_slice_position(&mut buffer, message.len());
+                key.encrypt_in_place(&mut writer, &nonce[..nonce_len], &[])
+                    .unwrap();
+            })
+        });
+    }
+}
+
+criterion_group!(benches, criterion_benchmark);
+criterion_main!(benches);

askar-crypto/benches/kdf.rs

@@ -0,0 +1,32 @@
+#[macro_use]
+extern crate criterion;
+
+use askar_crypto::kdf::concat::{ConcatKDF, ConcatKDFParams};
+use sha2::Sha256;
+
+use criterion::{black_box, Criterion};
+
+fn criterion_benchmark(c: &mut Criterion) {
+    {
+        let message = b"test message for encrypting";
+
+        let params = ConcatKDFParams {
+            alg: b"A256GCM",
+            apu: b"sender name",
+            apv: b"recipient name",
+            pub_info: &(256u32).to_be_bytes(),
+            prv_info: &[],
+        };
+
+        c.bench_function(&format!("concat kdf sha256"), move |b| {
+            b.iter(|| {
+                let mut output = [0u8; 32];
+                ConcatKDF::<Sha256>::derive_key(black_box(message), black_box(params), &mut output)
+                    .unwrap();
+            })
+        });
+    }
+}
+
+criterion_group!(benches, criterion_benchmark);
+criterion_main!(benches);