1
//! Encryption and secret management.
2
//!
3
//! BonsaiDb's vault is the core of encryption and secret management. To offer
4
//! this security, BonsaiDb relies on external [`VaultKeyStorage`] to provide
5
//! the key needed to decrypt the master keys. After the master keys have been
6
//! decrypted, the vault is able to function without [`VaultKeyStorage`]. This
7
//! design ensures that if a copy of a database was stolen, the data that is
8
//! stored at-rest cannot be decrypted without gaining access to
9
//! [`VaultKeyStorage`].
10
//!
11
//! ## At-Rest Encryption
12
//!
13
//! At-rest encryption only ensures that if the database files are stolen that
14
//! an attacker cannot access the data without the encryption key. BonsaiDb
15
//! will regularly decrypt data to process it, and while the data is in-memory,
16
//! it is subject to the security of the machine running it. If using BonsaiDb
17
//! over a network, the network transport layer's encryption is what ensures
18
//! your data's safety.
19
//!
20
//! ## Security Best Practices
21
//!
22
//! ### Vault Key Storage
23
//!
24
//! In most situations, do not use [`LocalVaultKeyStorage`] in a production
25
//! environment. If you store the vault keys on the same disk as the database,
26
//! it's similar to hiding a key to your house under your doormat. It might stop
27
//! the casual person from entering your house, but give any attacker a few
28
//! minutes, and they'll find the key.
29
//!
30
//! Instead, you should use a storage location that provides authentication and
31
//! encryption. Our recommendation for production enviroments is to find an
32
//! Amazon S3-compatible storage service and use
33
//! [`S3VaultKeyStorage`](https://dev.bonsaidb.io/main/docs/bonsaidb_keystorage_s3/struct.S3VaultKeyStorage.html).
34
//! Eventually, other BonsaiDb servers will be able to operate as key storage
35
//! for each other.
36
//!
37
//! ## Encryption Algorithms Used
38
//!
39
//! BonsaiDb uses the [`hpke`](https://github.com/rozbb/rust-hpke) crate to
40
//! provide Hybrid Public Key Encryption (HPKE) when public key encryption is
41
//! being used. This is currently only utilized for encrypting the master keys
42
//! with the vault key. Our HPKE uses `P256+HKDF-SHA256+ChaCha20Poly1305`.
43
//! Long term, we plan to offer public key encryption APIs on top of these same
44
//! choices.
45
//!
46
//! For at-rest data encryption, the [`AEAD`
47
//! `XChaCha20Poly1305`](https://github.com/RustCrypto/AEADs) implementation is
48
//! used directly. This variant of `ChaCha20Poly1305` extends the nonce from 12
49
//! bytes to 24 bytes, which allows for random nonces to be used.
50

            
51
use std::{
52
    borrow::Cow,
53
    collections::HashMap,
54
    fmt::{Debug, Display},
55
    fs::{self, File},
56
    io::{Read, Write},
57
    path::{Path, PathBuf},
58
    sync::Arc,
59
};
60

            
61
use bonsaidb_core::{
62
    arc_bytes::serde::Bytes,
63
    document::KeyId,
64
    permissions::{
65
        bonsai::{encryption_key_resource_name, EncryptionKeyAction},
66
        Permissions,
67
    },
68
};
69
use chacha20poly1305::{
70
    aead::{generic_array::GenericArray, Aead, NewAead, Payload},
71
    XChaCha20Poly1305,
72
};
73
use hpke::{
74
    self,
75
    aead::{AeadTag, ChaCha20Poly1305},
76
    kdf::HkdfSha256,
77
    kem::DhP256HkdfSha256,
78
    Deserializable, Kem, OpModeS, Serializable,
79
};
80
use rand::{thread_rng, Rng};
81
use serde::{Deserialize, Serialize};
82
use zeroize::{Zeroize, Zeroizing};
83

            
84
/// A private encryption key.
85
10221
#[derive(Serialize, Deserialize)]
86
pub enum KeyPair {
87
    /// A P256 keypair.
88
    P256 {
89
        /// The private key.
90
        private: <DhP256HkdfSha256 as Kem>::PrivateKey,
91
        /// The public key.
92
        public: <DhP256HkdfSha256 as Kem>::PublicKey,
93
    },
94
}
95

            
96
impl KeyPair {
97
    /// Serializes the private key into bytes.
98
60
    pub fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>, Error> {
99
60
        Ok(Zeroizing::new(bincode::serialize(self)?))
100
60
    }
101

            
102
    /// Deserializes the private key.
103
120
    pub fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {
104
120
        bincode::deserialize(bytes).map_err(Error::from)
105
120
    }
106
}
107

            
108
/// A public key corresponding to a [`KeyPair`].
109
11924
#[derive(Serialize, Deserialize)]
110
pub enum PublicKey {
111
    /// A P256 public key.
112
    P256(<DhP256HkdfSha256 as Kem>::PublicKey),
113
}
114

            
115
impl PublicKey {
116
    /// Serializes the public key into bytes.
117
5962
    pub fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>, Error> {
118
5962
        Ok(Zeroizing::new(bincode::serialize(self)?))
119
5962
    }
120

            
121
    /// Deserializes the public key.
122
    pub fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {
123
        bincode::deserialize(bytes).map_err(Error::from)
124
    }
125
}
126

            
127
impl<'a> From<&'a KeyPair> for PublicKey {
128
3407
    fn from(key: &'a KeyPair) -> Self {
129
3407
        match key {
130
3407
            KeyPair::P256 { public, .. } => PublicKey::P256(public.clone()),
131
3407
        }
132
3407
    }
133
}
134

            
135
use crate::storage::StorageId;
136

            
137
pub(crate) struct Vault {
138
    _vault_public_key: PublicKey,
139
    master_keys: HashMap<u32, EncryptionKey>,
140
    current_master_key_id: u32,
141
    master_key_storage: Arc<dyn AnyVaultKeyStorage>,
142
}
143

            
144
impl Debug for Vault {
145
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
146
        f.debug_struct("Vault")
147
            .field("master_keys", &self.master_keys)
148
            .field("current_master_key_id", &self.current_master_key_id)
149
            .field("master_key_storage", &self.master_key_storage)
150
            .finish_non_exhaustive()
151
    }
152
}
153

            
154
/// Errors relating to encryption and/or secret storage.
155
119361
#[derive(thiserror::Error, Debug)]
156
pub enum Error {
157
    /// An error occurred during encryption or decryption.
158
    #[error("error with encryption: {0}")]
159
    Encryption(String),
160
    /// An error occurred within the vault key storage.
161
    #[error("error from vault key storage: {0}")]
162
    VaultKeyStorage(String),
163
    /// An error occurred initializing the vault.
164
    #[error("error occurred while initializing: {0}")]
165
    Initializing(String),
166
    /// A previously initialized vault was found, but the vault key storage
167
    /// doesn't contain the key.
168
    #[error("vault key not found")]
169
    VaultKeyNotFound,
170
}
171

            
172
impl From<chacha20poly1305::aead::Error> for Error {
173
1
    fn from(err: chacha20poly1305::aead::Error) -> Self {
174
1
        Self::Encryption(err.to_string())
175
1
    }
176
}
177

            
178
impl From<hpke::HpkeError> for Error {
179
    fn from(err: hpke::HpkeError) -> Self {
180
        Self::Encryption(err.to_string())
181
    }
182
}
183

            
184
impl From<bincode::Error> for Error {
185
    fn from(err: bincode::Error) -> Self {
186
        Self::Initializing(err.to_string())
187
    }
188
}
189

            
190
impl Vault {
191
3467
    pub fn initialize(
192
3467
        server_id: StorageId,
193
3467
        server_directory: &Path,
194
3467
        master_key_storage: Arc<dyn AnyVaultKeyStorage>,
195
3467
    ) -> Result<Self, Error> {
196
3467
        let master_keys_path = server_directory.join("master-keys");
197
3467
        if master_keys_path.exists() {
198
486
            Self::unseal(&master_keys_path, server_id, master_key_storage)
199
        } else {
200
2981
            Self::initialize_vault_key_storage(&master_keys_path, server_id, master_key_storage)
201
        }
202
3467
    }
203

            
204
2981
    fn initialize_vault_key_storage(
205
2981
        master_keys_path: &Path,
206
2981
        server_id: StorageId,
207
2981
        master_key_storage: Arc<dyn AnyVaultKeyStorage>,
208
2981
    ) -> Result<Self, Error> {
209
2981
        let master_key = EncryptionKey::random();
210
2981
        let (private, public) = DhP256HkdfSha256::gen_keypair(&mut thread_rng());
211
2981

            
212
2981
        master_key_storage
213
2981
            .set_vault_key_for(
214
2981
                server_id,
215
2981
                KeyPair::P256 {
216
2981
                    private,
217
2981
                    public: public.clone(),
218
2981
                },
219
2981
            )
220
2981
            .map_err(|err| Error::VaultKeyStorage(err.to_string()))?;
221
2981
        let mut master_keys = HashMap::new();
222
2981
        master_keys.insert(0_u32, master_key);
223
        // Beacuse this is such a critical step, let's verify that we can
224
        // retrieve the key before we store the sealing key.
225
2981
        let retrieved = master_key_storage
226
2981
            .vault_key_for(server_id)
227
2981
            .map_err(|err| Error::VaultKeyStorage(err.to_string()))?;
228
2981
        let expected_public_key_bytes = PublicKey::P256(public.clone()).to_bytes().unwrap();
229
2981
        let retrieved_key_matches = retrieved
230
2981
            .map(|r| PublicKey::from(&r).to_bytes().ok() == Some(expected_public_key_bytes))
231
2981
            .unwrap_or_default();
232
2981
        if retrieved_key_matches {
233
2981
            let mut serialized_master_keys = bincode::serialize(&master_keys)?;
234

            
235
2981
            let (encapsulated_key, aead_tag) = hpke::single_shot_seal_in_place_detached::<
236
2981
                ChaCha20Poly1305,
237
2981
                HkdfSha256,
238
2981
                DhP256HkdfSha256,
239
2981
                _,
240
2981
            >(
241
2981
                &OpModeS::Base,
242
2981
                &public,
243
2981
                b"",
244
2981
                &mut serialized_master_keys,
245
2981
                b"",
246
2981
                &mut thread_rng(),
247
2981
            )?;
248
2981
            let mut tag = [0_u8; 16];
249
2981
            tag.copy_from_slice(&aead_tag.to_bytes());
250

            
251
2981
            let encrypted_master_keys_payload = bincode::serialize(&HpkePayload {
252
2981
                encryption: PublicKeyEncryption::DhP256HkdfSha256ChaCha20,
253
2981
                payload: Bytes::from(serialized_master_keys),
254
2981
                encapsulated_key,
255
2981
                tag,
256
2981
            })?;
257

            
258
2981
            File::create(master_keys_path)
259
2981
                .and_then(move |mut file| file.write_all(&encrypted_master_keys_payload))
260
2981
                .map_err(|err| Error::Initializing(format!("error saving vault key: {:?}", err)))?;
261

            
262
2981
            Ok(Self {
263
2981
                _vault_public_key: PublicKey::P256(public),
264
2981
                master_keys,
265
2981
                current_master_key_id: 0,
266
2981
                master_key_storage,
267
2981
            })
268
        } else {
269
            Err(Error::VaultKeyStorage(String::from(
270
                "vault key storage failed to return the same stored key during initialization",
271
            )))
272
        }
273
2981
    }
274

            
275
486
    fn unseal(
276
486
        master_keys_path: &Path,
277
486
        server_id: StorageId,
278
486
        master_key_storage: Arc<dyn AnyVaultKeyStorage>,
279
486
    ) -> Result<Self, Error> {
280
        // The vault has been initilized previously. Do not overwrite this file voluntarily.
281
486
        let encrypted_master_keys = std::fs::read(master_keys_path)
282
486
            .map_err(|err| Error::Initializing(format!("error reading master keys: {:?}", err)))?;
283
486
        let mut encrypted_master_keys =
284
486
            bincode::deserialize::<HpkePayload>(&encrypted_master_keys)?;
285
486
        let PublicKeyEncryption::DhP256HkdfSha256ChaCha20 = &encrypted_master_keys.encryption;
286
486
        if let Some(vault_key) = master_key_storage
287
486
            .vault_key_for(server_id)
288
486
            .map_err(|err| Error::VaultKeyStorage(err.to_string()))?
289
        {
290
426
            let master_keys = match &vault_key {
291
426
                KeyPair::P256 { private, .. } => {
292
426
                    let mut decryption_context =
293
426
                        hpke::setup_receiver::<ChaCha20Poly1305, HkdfSha256, DhP256HkdfSha256>(
294
426
                            &hpke::OpModeR::Base,
295
426
                            private,
296
426
                            &encrypted_master_keys.encapsulated_key,
297
426
                            b"",
298
426
                        )
299
426
                        .unwrap();
300
426

            
301
426
                    decryption_context
302
426
                        .open_in_place_detached(
303
426
                            &mut encrypted_master_keys.payload.0,
304
426
                            b"",
305
426
                            &AeadTag::<ChaCha20Poly1305>::from_bytes(&encrypted_master_keys.tag)
306
426
                                .unwrap(),
307
426
                        )
308
426
                        .unwrap();
309
426

            
310
426
                    bincode::deserialize::<HashMap<u32, EncryptionKey>>(
311
426
                        &encrypted_master_keys.payload,
312
426
                    )?
313
                }
314
            };
315

            
316
426
            let current_master_key_id = *master_keys.keys().max().unwrap();
317
426
            Ok(Self {
318
426
                _vault_public_key: PublicKey::from(&vault_key),
319
426
                master_keys,
320
426
                current_master_key_id,
321
426
                master_key_storage,
322
426
            })
323
        } else {
324
60
            Err(Error::VaultKeyNotFound)
325
        }
326
486
    }
327

            
328
63746
    fn current_master_key(&self) -> &EncryptionKey {
329
63746
        self.master_keys.get(&self.current_master_key_id).unwrap()
330
63746
    }
331

            
332
52404
    pub fn encrypt_payload(
333
52404
        &self,
334
52404
        key_id: &KeyId,
335
52404
        payload: &[u8],
336
52404
        permissions: Option<&Permissions>,
337
52404
    ) -> Result<Vec<u8>, crate::Error> {
338
52404
        if let Some(permissions) = permissions {
339
1
            permissions.check(
340
1
                encryption_key_resource_name(key_id),
341
1
                &EncryptionKeyAction::Encrypt,
342
1
            )?;
343
52403
        }
344

            
345
52403
        let (key, version) = match key_id {
346
52403
            KeyId::Master => (self.current_master_key(), self.current_master_key_id),
347
            KeyId::Id(_) => todo!(),
348
            KeyId::None => unreachable!(),
349
        };
350
52403
        let payload = key.encrypt_payload(key_id.clone(), version, payload);
351
52403
        Ok(payload.to_vec())
352
52404
    }
353

            
354
    pub fn decrypt_payload(
355
        &self,
356
        payload: &[u8],
357
        permissions: Option<&Permissions>,
358
    ) -> Result<Vec<u8>, crate::Error> {
359
130705
        if let Ok(payload) = VaultPayload::from_slice(payload).map_err(|err| {
360
119361
            Error::Encryption(format!("error deserializing encrypted payload: {:?}", err))
361
130705
        }) {
362
11344
            self.decrypt(&payload, permissions)
363
        } else {
364
            // If we can't parse it as a VaultPayload, it might have been stored
365
            // decrypted originally.
366
119361
            Ok(payload.to_vec())
367
        }
368
130705
    }
369

            
370
11344
    fn decrypt(
371
11344
        &self,
372
11344
        payload: &VaultPayload<'_>,
373
11344
        permissions: Option<&Permissions>,
374
11344
    ) -> Result<Vec<u8>, crate::Error> {
375
11344
        if let Some(permissions) = permissions {
376
1
            permissions.check(
377
1
                encryption_key_resource_name(&payload.key_id),
378
1
                &EncryptionKeyAction::Decrypt,
379
1
            )?;
380
11343
        }
381

            
382
        // TODO handle key version
383
11343
        let key = match &payload.key_id {
384
11343
            KeyId::Master => self.current_master_key(),
385
            KeyId::Id(_) => todo!(),
386
            KeyId::None => unreachable!(),
387
        };
388
11343
        Ok(key.decrypt_payload(payload)?)
389
11344
    }
390
}
391

            
392
/// Stores encrypted keys for a vault.
393
pub trait VaultKeyStorage: Send + Sync + Debug + 'static {
394
    /// The error type that the functions return.
395
    type Error: Display;
396
    /// Store a key. Each server id should have unique storage.
397
    fn set_vault_key_for(&self, storage_id: StorageId, key: KeyPair) -> Result<(), Self::Error>;
398

            
399
    /// Retrieve all previously stored vault key for a given storage id.
400
    fn vault_key_for(&self, storage_id: StorageId) -> Result<Option<KeyPair>, Self::Error>;
401
}
402

            
403
5962
#[derive(Serialize, Deserialize)]
404
struct EncryptionKey([u8; 32], #[serde(skip)] Option<region::LockGuard>);
405

            
406
impl EncryptionKey {
407
2983
    pub fn new(secret: [u8; 32]) -> Self {
408
2983
        let mut new_key = Self(secret, None);
409
2983
        new_key.lock_memory();
410
2983
        new_key
411
2983
    }
412

            
413
5966
    pub fn key(&self) -> &[u8] {
414
5966
        &self.0
415
5966
    }
416

            
417
2983
    pub fn lock_memory(&mut self) {
418
2983
        if self.1.is_none() {
419
2983
            match region::lock(self.key().as_ptr(), self.key().len()) {
420
2983
                Ok(guard) => self.1 = Some(guard),
421
                Err(err) => log::error!("Security Warning: Unable to lock memory {:?}", err),
422
            }
423
        }
424
2983
    }
425

            
426
2983
    pub fn random() -> Self {
427
2983
        Self::new(thread_rng().gen())
428
2983
    }
429

            
430
52373
    pub fn encrypt_payload(
431
52373
        &self,
432
52373
        key_id: KeyId,
433
52373
        key_version: u32,
434
52373
        payload: &[u8],
435
52373
    ) -> VaultPayload<'static> {
436
52373
        let mut rng = thread_rng();
437
52373
        let nonce: [u8; 24] = rng.gen();
438
52373
        self.encrypt_payload_with_nonce(key_id, key_version, payload, &nonce)
439
52373
    }
440

            
441
52403
    pub fn encrypt_payload_with_nonce(
442
52403
        &self,
443
52403
        key_id: KeyId,
444
52403
        key_version: u32,
445
52403
        payload: &[u8],
446
52403
        nonce: &[u8],
447
52403
    ) -> VaultPayload<'static> {
448
52403
        let encrypted = XChaCha20Poly1305::new(GenericArray::from_slice(&self.0))
449
52403
            .encrypt(
450
52403
                GenericArray::from_slice(nonce),
451
52403
                Payload {
452
52403
                    msg: payload,
453
52403
                    aad: b"",
454
52403
                },
455
52403
            )
456
52403
            .unwrap();
457
52403
        VaultPayload {
458
52403
            key_id,
459
52403
            encryption: Encryption::XChaCha20Poly1305,
460
52403
            payload: Cow::Owned(encrypted),
461
52403
            nonce: Cow::Owned(nonce.to_vec()),
462
52403
            key_version,
463
52403
        }
464
52403
    }
465

            
466
11343
    pub fn decrypt_payload(&self, payload: &VaultPayload<'_>) -> Result<Vec<u8>, Error> {
467
        // This is a no-op, but it will cause a compiler error if we introduce additional encryption methods
468
11343
        let encrypted = match payload.encryption {
469
11343
            Encryption::XChaCha20Poly1305 => {
470
11343
                XChaCha20Poly1305::new(GenericArray::from_slice(&self.0)).decrypt(
471
11343
                    GenericArray::from_slice(&payload.nonce),
472
11343
                    Payload {
473
11343
                        msg: &payload.payload,
474
11343
                        aad: b"",
475
11343
                    },
476
11343
                )?
477
            }
478
        };
479
11342
        Ok(encrypted)
480
11343
    }
481
}
482

            
483
impl Drop for EncryptionKey {
484
3319
    fn drop(&mut self) {
485
3319
        self.0.zeroize();
486
3319
    }
487
}
488

            
489
impl Debug for EncryptionKey {
490
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
491
        f.debug_struct("PrivateKey").finish_non_exhaustive()
492
    }
493
}
494

            
495
/// A [`VaultKeyStorage`] trait that wraps the Error type before returning. This
496
/// type is used to allow the Vault to operate without any generic parameters.
497
/// This trait is auto-implemented for all [`VaultKeyStorage`] implementors.
498
pub trait AnyVaultKeyStorage: Send + Sync + Debug + 'static {
499
    /// Retrieve all previously stored master keys for a given storage id.
500
    fn vault_key_for(&self, storage_id: StorageId) -> Result<Option<KeyPair>, Error>;
501

            
502
    /// Store a key. Each server id should have unique storage. The keys are
503
    /// uniquely encrypted per storage id and can only be decrypted by keys
504
    /// contained in the storage itself.
505
    fn set_vault_key_for(&self, storage_id: StorageId, key: KeyPair) -> Result<(), Error>;
506
}
507

            
508
impl<T> AnyVaultKeyStorage for T
509
where
510
    T: VaultKeyStorage + 'static,
511
{
512
3293
    fn vault_key_for(&self, server_id: StorageId) -> Result<Option<KeyPair>, Error> {
513
3293
        VaultKeyStorage::vault_key_for(self, server_id)
514
3293
            .map_err(|err| Error::VaultKeyStorage(err.to_string()))
515
3293
    }
516

            
517
2923
    fn set_vault_key_for(&self, server_id: StorageId, key: KeyPair) -> Result<(), Error> {
518
2923
        VaultKeyStorage::set_vault_key_for(self, server_id, key)
519
2923
            .map_err(|err| Error::VaultKeyStorage(err.to_string()))
520
2923
    }
521
}
522

            
523
/// Stores vault key locally on disk. This is in general considered insecure,
524
/// and shouldn't be used without careful consideration.
525
///
526
/// The primary goal of encryption within BonsaiDb is to offer limited
527
/// encryption at-rest. Within these goals, the primary attack vector being
528
/// protected against is an attacker being able to copy the data off of the
529
/// disks, either by physically gaining access to the drives or having
530
/// filesystem access. By storing the vault key on the same physical media, the
531
/// encryption should be considered insecure because if you can gain access to
532
/// the data, you have access to the keys as well.
533
///
534
/// For production environments, it is much more secure to store the vault key
535
/// in a separate location. We recommand any S3-compatible backend.
536
#[derive(Debug, Clone)]
537
pub struct LocalVaultKeyStorage {
538
    directory: PathBuf,
539
}
540

            
541
impl LocalVaultKeyStorage {
542
    /// Creates a new file-based vaultr key storage, storing files within
543
    /// `path`. The path provided shouod be a directory. If it doesn't exist, it
544
    /// will be created.
545
3227
    pub fn new<P: AsRef<Path>>(path: P) -> Result<Self, std::io::Error> {
546
3227
        let directory = path.as_ref().to_owned();
547
3227
        if !directory.exists() {
548
2890
            fs::create_dir_all(&directory)?;
549
337
        }
550
3257
        Ok(Self { directory })
551
3257
    }
552
}
553

            
554
/// Errors from local vault key storage.
555
#[derive(thiserror::Error, Debug)]
556
pub enum LocalVaultKeyStorageError {
557
    /// An error interacting with the filesystem.
558
    #[error("io error: {0}")]
559
    Io(#[from] std::io::Error),
560

            
561
    /// An error serializing or deserializing the keys.
562
    #[error("serialization error: {0}")]
563
    Serialization(#[from] bincode::Error),
564

            
565
    /// The file was not the correct size.
566
    #[error("file was not the correct size")]
567
    InvalidFile,
568
}
569

            
570
impl VaultKeyStorage for LocalVaultKeyStorage {
571
    type Error = LocalVaultKeyStorageError;
572

            
573
3287
    fn vault_key_for(&self, server_id: StorageId) -> Result<Option<KeyPair>, Self::Error> {
574
3287
        let server_file = self.directory.join(server_id.to_string());
575
3287
        if !server_file.exists() {
576
            return Ok(None);
577
3287
        }
578
3287
        let mut contents = File::open(server_file).and_then(|mut f| {
579
3287
            let mut bytes = Vec::new();
580
3287
            f.read_to_end(&mut bytes).map(|_| bytes)
581
3287
        })?;
582

            
583
3287
        let key = bincode::deserialize::<KeyPair>(&contents)?;
584
3287
        contents.zeroize();
585
3287

            
586
3287
        Ok(Some(key))
587
3287
    }
588

            
589
2921
    fn set_vault_key_for(&self, server_id: StorageId, key: KeyPair) -> Result<(), Self::Error> {
590
2921
        let server_file = self.directory.join(server_id.to_string());
591
2921
        let bytes = bincode::serialize(&key)?;
592
2921
        File::create(server_file).and_then(|mut file| file.write_all(&bytes))?;
593
2921
        Ok(())
594
2921
    }
595
}
596

            
597
130705
#[derive(Serialize, Deserialize)]
598
struct VaultPayload<'a> {
599
    // TODO make key_id be the additional data
600
    key_id: KeyId,
601
    key_version: u32,
602
    encryption: Encryption,
603
    payload: Cow<'a, [u8]>,
604
    nonce: Cow<'a, [u8]>,
605
}
606

            
607
impl<'a> VaultPayload<'a> {
608
130705
    fn from_slice(bytes: &'a [u8]) -> Result<Self, Error> {
609
130705
        bincode::deserialize(bytes).map_err(|err| {
610
119361
            Error::Encryption(format!("error deserializing encrypted payload: {:?}", err))
611
130705
        })
612
130705
    }
613

            
614
52403
    fn to_vec(&self) -> Vec<u8> {
615
52403
        bincode::serialize(self).unwrap()
616
52403
    }
617
}
618

            
619
5962
#[derive(Serialize, Deserialize)]
620
struct HpkePayload {
621
    encryption: PublicKeyEncryption,
622
    payload: Bytes,
623
    tag: [u8; 16],
624
    encapsulated_key: <DhP256HkdfSha256 as Kem>::EncappedKey,
625
}
626

            
627
229118
#[derive(Serialize, Deserialize)]
628
enum Encryption {
629
    XChaCha20Poly1305,
630
}
631

            
632
5962
#[derive(Serialize, Deserialize)]
633
enum PublicKeyEncryption {
634
    DhP256HkdfSha256ChaCha20,
635
}
636

            
637
#[cfg(test)]
638
mod tests {
639
    use super::*;
640

            
641
    #[derive(Debug)]
642
    struct NullKeyStorage;
643
    impl VaultKeyStorage for NullKeyStorage {
644
        type Error = anyhow::Error;
645

            
646
        fn set_vault_key_for(
647
            &self,
648
            _storage_id: StorageId,
649
            _key: KeyPair,
650
        ) -> Result<(), Self::Error> {
651
            unreachable!()
652
        }
653

            
654
        fn vault_key_for(&self, _storage_id: StorageId) -> Result<Option<KeyPair>, Self::Error> {
655
            unreachable!()
656
        }
657
    }
658

            
659
2
    fn random_null_vault() -> Vault {
660
2
        let mut master_keys = HashMap::new();
661
2
        master_keys.insert(0, EncryptionKey::random());
662
2

            
663
2
        let (_, public_key) = <DhP256HkdfSha256 as Kem>::gen_keypair(&mut thread_rng());
664
2

            
665
2
        Vault {
666
2
            _vault_public_key: PublicKey::P256(public_key),
667
2
            master_keys,
668
2
            current_master_key_id: 0,
669
2
            master_key_storage: Arc::new(NullKeyStorage),
670
2
        }
671
2
    }
672

            
673
1
    #[test]
674
1
    fn vault_encryption_test() {
675
1
        let vault = random_null_vault();
676
1
        let encrypted = vault
677
1
            .encrypt_payload(&KeyId::Master, b"hello", None)
678
1
            .unwrap();
679
1
        let decrypted = vault.decrypt_payload(&encrypted, None).unwrap();
680
1

            
681
1
        assert_eq!(decrypted, b"hello");
682
1
    }
683

            
684
1
    #[test]
685
1
    fn vault_permissions_test() {
686
1
        let vault = random_null_vault();
687
1
        assert!(matches!(
688
1
            vault.encrypt_payload(&KeyId::Master, b"hello", Some(&Permissions::default()),),
689
            Err(crate::Error::Core(bonsaidb_core::Error::PermissionDenied(
690
                _
691
            )))
692
        ));
693
1
        let encrypted = vault
694
1
            .encrypt_payload(&KeyId::Master, b"hello", None)
695
1
            .unwrap();
696
1
        assert!(matches!(
697
1
            vault.decrypt_payload(&encrypted, Some(&Permissions::default())),
698
            Err(crate::Error::Core(bonsaidb_core::Error::PermissionDenied(
699
                _
700
            )))
701
        ));
702
1
    }
703
}