Grcov report - vault.rs

1

//! Encryption and secret management.

2

//!

3

//! `BonsaiDb`'s vault is the core of encryption and secret management. To offer

4

//! this security, `BonsaiDb` relies on external [`VaultKeyStorage`] to provide

5

//! the key needed to decrypt the master keys. After the master keys have been

6

//! decrypted, the vault is able to function without [`VaultKeyStorage`]. This

7

//! design ensures that if a copy of a database was stolen, the data that is

8

//! stored at-rest cannot be decrypted without gaining access to

9

//! [`VaultKeyStorage`].

10

//!

11

//! ## At-Rest Encryption

12

//!

13

//! At-rest encryption only ensures that if the database files are stolen that

14

//! an attacker cannot access the data without the encryption key. `BonsaiDb`

15

//! will regularly decrypt data to process it, and while the data is in-memory,

16

//! it is subject to the security of the machine running it. If using `BonsaiDb`

17

//! over a network, the network transport layer's encryption is what ensures

18

//! your data's safety.

19

//!

20

//! ## Security Best Practices

21

//!

22

//! ### Vault Key Storage

23

//!

24

//! In most situations, do not use [`LocalVaultKeyStorage`] in a production

25

//! environment. If you store the vault keys on the same disk as the database,

26

//! it's similar to hiding a key to your house under your doormat. It might stop

27

//! the casual person from entering your house, but give any attacker a few

28

//! minutes, and they'll find the key.

29

//!

30

//! Instead, you should use a storage location that provides authentication and

31

//! encryption. Our recommendation for production enviroments is to find an

32

//! Amazon S3-compatible storage service and use

33

//! [`S3VaultKeyStorage`](https://dev.bonsaidb.io/main/docs/bonsaidb_keystorage_s3/struct.S3VaultKeyStorage.html).

34

//! Eventually, other `BonsaiDb` servers will be able to operate as key storage

35

//! for each other.

36

//!

37

//! ## Encryption Algorithms Used

38

//!

39

//! `BonsaiDb` uses the [`hpke`](https://github.com/rozbb/rust-hpke) crate to

40

//! provide Hybrid Public Key Encryption (HPKE) when public key encryption is

41

//! being used. This is currently only utilized for encrypting the master keys

42

//! with the vault key. Our HPKE uses `P256+HKDF-SHA256+ChaCha20Poly1305`.

43

//! Long term, we plan to offer public key encryption APIs on top of these same

44

//! choices.

45

//!

46

//! For at-rest data encryption, the [`AEAD`

47

//! `XChaCha20Poly1305`](https://github.com/RustCrypto/AEADs) implementation is

48

//! used directly. This variant of `ChaCha20Poly1305` extends the nonce from 12

49

//! bytes to 24 bytes, which allows for random nonces to be used.

50

51

use std::{

52

    borrow::Cow,

53

    collections::HashMap,

54

    fmt::{Debug, Display},

55

    path::{Path, PathBuf},

56

    sync::Arc,

57

};

58

59

use async_trait::async_trait;

60

use bonsaidb_core::{

61

    arc_bytes::serde::Bytes,

62

    document::KeyId,

63

    permissions::{

64

        bonsai::{encryption_key_resource_name, EncryptionKeyAction},

65

        Permissions,

66

},

67

};

68

use chacha20poly1305::{

69

    aead::{generic_array::GenericArray, Aead, NewAead, Payload},

70

    XChaCha20Poly1305,

71

};

72

use futures::TryFutureExt;

73

use hpke::{

74

    self,

75

    aead::{AeadTag, ChaCha20Poly1305},

76

    kdf::HkdfSha256,

77

    kem::DhP256HkdfSha256,

78

    Deserializable, Kem, OpModeS, Serializable,

79

};

80

use rand::{thread_rng, Rng};

81

use serde::{Deserialize, Serialize};

82

use tokio::{

83

    fs::{self, File},

84

    io::{AsyncReadExt, AsyncWriteExt},

85

};

86

use zeroize::{Zeroize, Zeroizing};

87

88

/// A private encryption key.

89

6123

#[derive(Serialize, Deserialize)]

90

pub enum KeyPair {

91

    /// A P256 keypair.

92

    P256 {

93

        /// The private key.

94

        private: <DhP256HkdfSha256 as Kem>::PrivateKey,

95

        /// The public key.

96

        public: <DhP256HkdfSha256 as Kem>::PublicKey,

97

},

98

99

100

impl KeyPair {

101

    /// Serializes the private key into bytes.

102

22

    pub fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>, Error> {

103

22

        Ok(Zeroizing::new(bincode::serialize(self)?))

104

22

105

106

    /// Deserializes the private key.

107

44

    pub fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {

108

44

        bincode::deserialize(bytes).map_err(Error::from)

109

44

110

111

112

/// A public key corresponding to a [`KeyPair`].

113

7448

#[derive(Serialize, Deserialize)]

114

pub enum PublicKey {

115

    /// A P256 public key.

116

    P256(<DhP256HkdfSha256 as Kem>::PublicKey),

117

118

119

impl PublicKey {

120

    /// Serializes the public key into bytes.

121

3724

    pub fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>, Error> {

122

3724

        Ok(Zeroizing::new(bincode::serialize(self)?))

123

3724

124

125

    /// Deserializes the public key.

126

    pub fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {

127

        bincode::deserialize(bytes).map_err(Error::from)

128

129

130

131

impl<'a> From<&'a KeyPair> for PublicKey {

132

2041

    fn from(key: &'a KeyPair) -> Self {

133

2041

        match key {

134

2041

            KeyPair::P256 { public, .. } => PublicKey::P256(public.clone()),

135

2041

136

2041

137

138

139

use crate::storage::StorageId;

140

141

pub(crate) struct Vault {

142

    _vault_public_key: PublicKey,

143

    master_keys: HashMap<u32, EncryptionKey>,

144

    current_master_key_id: u32,

145

    master_key_storage: Box<dyn AnyVaultKeyStorage>,

146

147

148

impl Debug for Vault {

149

    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {

150

        f.debug_struct("Vault")

151

            .field("master_keys", &self.master_keys)

152

            .field("current_master_key_id", &self.current_master_key_id)

153

            .field("master_key_storage", &self.master_key_storage)

154

            .finish_non_exhaustive()

155

156

157

158

/// Errors relating to encryption and/or secret storage.

159

1

#[derive(thiserror::Error, Debug)]

160

pub enum Error {

161

    /// An error occurred during encryption or decryption.

162

    #[error("error with encryption: {0}")]

163

    Encryption(String),

164

    /// An error occurred within the vault key storage.

165

    #[error("error from vault key storage: {0}")]

166

    VaultKeyStorage(String),

167

    /// An error occurred initializing the vault.

168

    #[error("error occurred while initializing: {0}")]

169

    Initializing(String),

170

    /// A previously initialized vault was found, but the vault key storage

171

    /// doesn't contain the key.

172

    #[error("vault key not found")]

173

    VaultKeyNotFound,

174

175

176

impl From<chacha20poly1305::aead::Error> for Error {

177

1

    fn from(err: chacha20poly1305::aead::Error) -> Self {

178

1

        Self::Encryption(err.to_string())

179

1

180

181

182

impl From<hpke::HpkeError> for Error {

183

    fn from(err: hpke::HpkeError) -> Self {

184

        Self::Encryption(err.to_string())

185

186

187

188

impl From<bincode::Error> for Error {

189

    fn from(err: bincode::Error) -> Self {

190

        Self::Initializing(err.to_string())

191

192

193

194

impl Vault {

195

2063

    pub async fn initialize(

196

2063

        server_id: StorageId,

197

2063

        server_directory: &Path,

198

2063

        master_key_storage: Box<dyn AnyVaultKeyStorage>,

199

2063

    ) -> Result<Self, Error> {

200

131

        let master_keys_path = server_directory.join("master-keys");

201

131

        if master_keys_path.exists() {

202

98

            Self::unseal(&master_keys_path, server_id, master_key_storage).await

203

        } else {

204

948

            Self::initialize_vault_key_storage(&master_keys_path, server_id, master_key_storage)

205

948

                .await

206

207

131

208

209

1862

    async fn initialize_vault_key_storage(

210

1862

        master_keys_path: &Path,

211

1862

        server_id: StorageId,

212

1862

        master_key_storage: Box<dyn AnyVaultKeyStorage>,

213

1862

    ) -> Result<Self, Error> {

214

119

        let master_key = EncryptionKey::random();

215

119

        let (private, public) = DhP256HkdfSha256::gen_keypair(&mut thread_rng());

216

119

217

119

        master_key_storage

218

119

            .set_vault_key_for(

219

119

                server_id,

220

119

                KeyPair::P256 {

221

119

                    private: private.clone(),

222

119

                    public: public.clone(),

223

119

},

224

234

225

232

            .await

226

119

            .map_err(|err| Error::VaultKeyStorage(err.to_string()))?;

227

119

        let mut master_keys = HashMap::new();

228

119

        master_keys.insert(0_u32, master_key);

229

        // Beacuse this is such a critical step, let's verify that we can

230

        // retrieve the key before we store the sealing key.

231

119

        let retrieved = master_key_storage

232

548

            .vault_key_for(server_id)

233

546

            .await

234

119

            .map_err(|err| Error::VaultKeyStorage(err.to_string()))?;

235

119

        let expected_public_key_bytes = PublicKey::P256(public.clone()).to_bytes().unwrap();

236

119

        let retrieved_key_matches = retrieved

237

119

            .map(|r| PublicKey::from(&r).to_bytes().ok() == Some(expected_public_key_bytes))

238

119

            .unwrap_or_default();

239

119

        if retrieved_key_matches {

240

119

            let mut serialized_master_keys = bincode::serialize(&master_keys)?;

241

242

119

            let (encapsulated_key, aead_tag) = hpke::single_shot_seal_in_place_detached::<

243

119

                ChaCha20Poly1305,

244

119

                HkdfSha256,

245

119

                DhP256HkdfSha256,

246

119

_,

247

119

>(

248

119

                &OpModeS::Base,

249

119

                &public,

250

119

                b"",

251

119

                &mut serialized_master_keys,

252

119

                b"",

253

119

                &mut thread_rng(),

254

119

)?;

255

119

            let mut tag = [0_u8; 16];

256

119

            tag.copy_from_slice(&aead_tag.to_bytes());

257

258

119

            let encrypted_master_keys_payload = bincode::serialize(&HpkePayload {

259

119

                encryption: PublicKeyEncryption::DhP256HkdfSha256ChaCha20,

260

119

                payload: Bytes::from(serialized_master_keys),

261

119

                encapsulated_key,

262

119

                tag,

263

119

            })?;

264

265

119

            File::create(master_keys_path)

266

119

                .and_then(|mut file| async move {

267

119

                    file.write_all(&encrypted_master_keys_payload).await?;

268

119

                    file.shutdown().await

269

172

})

270

170

                .await

271

119

                .map_err(|err| Error::Initializing(format!("error saving vault key: {:?}", err)))?;

272

273

119

            Ok(Self {

274

119

                _vault_public_key: PublicKey::P256(public),

275

119

                master_keys,

276

119

                current_master_key_id: 0,

277

119

                master_key_storage,

278

119

})

279

        } else {

280

            Err(Error::VaultKeyStorage(String::from(

281

                "vault key storage failed to return the same stored key during initialization",

282

)))

283

284

119

285

286

201

    async fn unseal(

287

201

        master_keys_path: &Path,

288

201

        server_id: StorageId,

289

201

        master_key_storage: Box<dyn AnyVaultKeyStorage>,

290

201

    ) -> Result<Self, Error> {

291

        // The vault has been initilized previously. Do not overwrite this file voluntarily.

292

12

        let encrypted_master_keys = tokio::fs::read(master_keys_path)

293

12

            .await

294

12

            .map_err(|err| Error::Initializing(format!("error reading master keys: {:?}", err)))?;

295

12

        let mut encrypted_master_keys =

296

12

            bincode::deserialize::<HpkePayload>(&encrypted_master_keys)?;

297

12

        let PublicKeyEncryption::DhP256HkdfSha256ChaCha20 = &encrypted_master_keys.encryption;

298

12

        if let Some(vault_key) = master_key_storage

299

86

            .vault_key_for(server_id)

300

86

            .await

301

12

            .map_err(|err| Error::VaultKeyStorage(err.to_string()))?

302

303

11

            let master_keys = match &vault_key {

304

11

                KeyPair::P256 { private, .. } => {

305

11

                    let mut decryption_context =

306

11

                        hpke::setup_receiver::<ChaCha20Poly1305, HkdfSha256, DhP256HkdfSha256>(

307

11

                            &hpke::OpModeR::Base,

308

11

                            private,

309

11

                            &encrypted_master_keys.encapsulated_key,

310

11

                            b"",

311

11

312

11

                        .unwrap();

313

11

314

11

                    decryption_context

315

11

                        .open_in_place_detached(

316

11

                            &mut encrypted_master_keys.payload.0,

317

11

                            b"",

318

11

                            &AeadTag::<ChaCha20Poly1305>::from_bytes(&encrypted_master_keys.tag)

319

11

                                .unwrap(),

320

11

321

11

                        .unwrap();

322

11

323

11

                    bincode::deserialize::<HashMap<u32, EncryptionKey>>(

324

11

                        &encrypted_master_keys.payload,

325

11

)?

326

327

};

328

329

11

            let current_master_key_id = *master_keys.keys().max().unwrap();

330

11

            Ok(Self {

331

11

                _vault_public_key: PublicKey::from(&vault_key),

332

11

                master_keys,

333

11

                current_master_key_id,

334

11

                master_key_storage,

335

11

})

336

        } else {

337

1

            Err(Error::VaultKeyNotFound)

338

339

12

340

341

37239

    fn current_master_key(&self) -> &EncryptionKey {

342

37239

        self.master_keys.get(&self.current_master_key_id).unwrap()

343

37239

344

345

29062

    pub fn encrypt_payload(

346

29062

        &self,

347

29062

        key_id: &KeyId,

348

29062

        payload: &[u8],

349

29062

        permissions: Option<&Permissions>,

350

29062

    ) -> Result<Vec<u8>, crate::Error> {

351

29062

        if let Some(permissions) = permissions {

352

1

            permissions.check(

353

1

                encryption_key_resource_name(key_id),

354

1

                &EncryptionKeyAction::Encrypt,

355

1

)?;

356

29061

357

358

29061

        let (key, version) = match key_id {

359

29061

            KeyId::Master => (self.current_master_key(), self.current_master_key_id),

360

            KeyId::Id(_) => todo!(),

361

            KeyId::None => unreachable!(),

362

};

363

29061

        let payload = key.encrypt_payload(key_id.clone(), version, payload);

364

29061

        Ok(payload.to_vec())

365

29062

366

367

    pub fn decrypt_payload(

368

        &self,

369

        payload: &[u8],

370

        permissions: Option<&Permissions>,

371

    ) -> Result<Vec<u8>, crate::Error> {

372

8201

        if let Ok(payload) = VaultPayload::from_slice(payload).map_err(|err| {

373

            Error::Encryption(format!("error deserializing encrypted payload: {:?}", err))

374

8201

        }) {

375

8201

            self.decrypt(&payload, permissions)

376

        } else {

377

            // If we can't parse it as a VaultPayload, it might have been stored

378

            // decrypted originally.

379

            Ok(payload.to_vec())

380

381

8201

382

383

8201

    fn decrypt(

384

8201

        &self,

385

8201

        payload: &VaultPayload<'_>,

386

8201

        permissions: Option<&Permissions>,

387

8201

    ) -> Result<Vec<u8>, crate::Error> {

388

8201

        if let Some(permissions) = permissions {

389

1

            permissions.check(

390

1

                encryption_key_resource_name(&payload.key_id),

391

1

                &EncryptionKeyAction::Decrypt,

392

1

)?;

393

8200

394

395

        // TODO handle key version

396

8200

        let key = match &payload.key_id {

397

8200

            KeyId::Master => self.current_master_key(),

398

            KeyId::Id(_) => todo!(),

399

            KeyId::None => unreachable!(),

400

};

401

8200

        Ok(key.decrypt_payload(payload)?)

402

8201

403

404

405

/// Stores encrypted keys for a vault.

406

#[async_trait]

407

pub trait VaultKeyStorage: Send + Sync + Debug + 'static {

408

    /// The error type that the functions return.

409

    type Error: Display;

410

    /// Store a key. Each server id should have unique storage.

411

    async fn set_vault_key_for(

412

        &self,

413

        storage_id: StorageId,

414

        key: KeyPair,

415

    ) -> Result<(), Self::Error>;

416

417

    /// Retrieve all previously stored vault key for a given storage id.

418

    async fn vault_key_for(&self, storage_id: StorageId) -> Result<Option<KeyPair>, Self::Error>;

419

420

421

240

#[derive(Serialize, Deserialize)]

422

struct EncryptionKey([u8; 32], #[serde(skip)] Option<region::LockGuard>);

423

424

impl EncryptionKey {

425

1864

    pub fn new(secret: [u8; 32]) -> Self {

426

1864

        let mut new_key = Self(secret, None);

427

1864

        new_key.lock_memory();

428

1864

        new_key

429

1864

430

431

3728

    pub fn key(&self) -> &[u8] {

432

3728

        &self.0

433

3728

434

435

1864

    pub fn lock_memory(&mut self) {

436

1864

        if self.1.is_none() {

437

1864

            match region::lock(self.key().as_ptr(), self.key().len()) {

438

1864

                Ok(guard) => self.1 = Some(guard),

439

                Err(err) => log::error!("Security Warning: Unable to lock memory {:?}", err),

440

441

442

1864

443

444

1864

    pub fn random() -> Self {

445

1864

        Self::new(thread_rng().gen())

446

1864

447

448

29061

    pub fn encrypt_payload(

449

29061

        &self,

450

29061

        key_id: KeyId,

451

29061

        key_version: u32,

452

29061

        payload: &[u8],

453

29061

    ) -> VaultPayload<'static> {

454

29061

        let mut rng = thread_rng();

455

29061

        let nonce: [u8; 24] = rng.gen();

456

29061

        self.encrypt_payload_with_nonce(key_id, key_version, payload, &nonce)

457

29061

458

459

29083

    pub fn encrypt_payload_with_nonce(

460

29083

        &self,

461

29083

        key_id: KeyId,

462

29083

        key_version: u32,

463

29083

        payload: &[u8],

464

29083

        nonce: &[u8],

465

29083

    ) -> VaultPayload<'static> {

466

29083

        let encrypted = XChaCha20Poly1305::new(GenericArray::from_slice(&self.0))

467

29083

            .encrypt(

468

29083

                GenericArray::from_slice(nonce),

469

29083

                Payload {

470

29083

                    msg: payload,

471

29083

                    aad: b"",

472

29083

},

473

29083

474

29083

            .unwrap();

475

29083

        VaultPayload {

476

29083

            key_id,

477

29083

            encryption: Encryption::XChaCha20Poly1305,

478

29083

            payload: Cow::Owned(encrypted),

479

29083

            nonce: Cow::Owned(nonce.to_vec()),

480

29083

            key_version,

481

29083

482

29083

483

484

8200

    pub fn decrypt_payload(&self, payload: &VaultPayload<'_>) -> Result<Vec<u8>, Error> {

485

        // This is a no-op, but it will cause a compiler error if we introduce additional encryption methods

486

8200

        let encrypted = match payload.encryption {

487

8200

            Encryption::XChaCha20Poly1305 => {

488

8200

                XChaCha20Poly1305::new(GenericArray::from_slice(&self.0)).decrypt(

489

8200

                    GenericArray::from_slice(&payload.nonce),

490

8200

                    Payload {

491

8200

                        msg: &payload.payload,

492

8200

                        aad: b"",

493

8200

},

494

8200

)?

495

496

};

497

8199

        Ok(encrypted)

498

8200

499

500

501

impl Drop for EncryptionKey {

502

1839

    fn drop(&mut self) {

503

1839

        self.0.zeroize();

504

1839

505

506

507

impl Debug for EncryptionKey {

508

    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {

509

        f.debug_struct("PrivateKey").finish_non_exhaustive()

510

511

512

513

/// A [`VaultKeyStorage`] trait that wraps the Error type before returning. This

514

/// type is used to allow the Vault to operate without any generic parameters.

515

/// This trait is auto-implemented for all [`VaultKeyStorage`] implementors.

516

#[async_trait]

517

pub trait AnyVaultKeyStorage: Send + Sync + Debug + 'static {

518

    /// Retrieve all previously stored master keys for a given storage id.

519

    async fn vault_key_for(&self, storage_id: StorageId) -> Result<Option<KeyPair>, Error>;

520

521

    /// Store a key. Each server id should have unique storage. The keys are

522

    /// uniquely encrypted per storage id and can only be decrypted by keys

523

    /// contained in the storage itself.

524

    async fn set_vault_key_for(&self, storage_id: StorageId, key: KeyPair) -> Result<(), Error>;

525

526

527

#[async_trait]

528

impl<T> AnyVaultKeyStorage for T

529

where

530

    T: VaultKeyStorage + 'static,

531

532

131

    async fn vault_key_for(&self, server_id: StorageId) -> Result<Option<KeyPair>, Error> {

533

634

        VaultKeyStorage::vault_key_for(self, server_id)

534

632

            .await

535

131

            .map_err(|err| Error::VaultKeyStorage(err.to_string()))

536

262

537

538

119

    async fn set_vault_key_for(&self, server_id: StorageId, key: KeyPair) -> Result<(), Error> {

539

234

        VaultKeyStorage::set_vault_key_for(self, server_id, key)

540

232

            .await

541

119

            .map_err(|err| Error::VaultKeyStorage(err.to_string()))

542

238

543

544

545

/// Stores vault key locally on disk. This is in general considered insecure,

546

/// and shouldn't be used without careful consideration.

547

///

548

/// The primary goal of encryption within `BonsaiDb` is to offer limited

549

/// encryption at-rest. Within these goals, the primary attack vector being

550

/// protected against is an attacker being able to copy the data off of the

551

/// disks, either by physically gaining access to the drives or having

552

/// filesystem access. By storing the vault key on the same physical media, the

553

/// encryption should be considered insecure because if you can gain access to

554

/// the data, you have access to the keys as well.

555

///

556

/// For production environments, it is much more secure to store the vault key

557

/// in a separate location. We recommand any S3-compatible backend.

558

#[derive(Debug, Clone)]

559

pub struct LocalVaultKeyStorage {

560

    directory: PathBuf,

561

562

563

impl LocalVaultKeyStorage {

564

    /// Creates a new file-based vaultr key storage, storing files within

565

    /// `path`. The path provided shouod be a directory. If it doesn't exist, it

566

    /// will be created.

567

128

    pub async fn new<P: AsRef<Path>>(path: P) -> Result<Self, tokio::io::Error> {

568

128

        let directory = path.as_ref().to_owned();

569

128

        if !directory.exists() {

570

117

            fs::create_dir_all(&directory).await?;

571

11

572

128

        Ok(Self { directory })

573

128

574

575

576

/// Errors from local vault key storage.

577

#[derive(thiserror::Error, Debug)]

578

pub enum LocalVaultKeyStorageError {

579

    /// An error interacting with the filesystem.

580

    #[error("io error: {0}")]

581

    Io(#[from] tokio::io::Error),

582

583

    /// An error serializing or deserializing the keys.

584

    #[error("serialization error: {0}")]

585

    Serialization(#[from] bincode::Error),

586

587

    /// The file was not the correct size.

588

    #[error("file was not the correct size")]

589

    InvalidFile,

590

591

592

#[async_trait]

593

impl VaultKeyStorage for LocalVaultKeyStorage {

594

    type Error = LocalVaultKeyStorageError;

595

596

1997

    async fn vault_key_for(&self, server_id: StorageId) -> Result<Option<KeyPair>, Self::Error> {

597

1997

        let server_file = self.directory.join(server_id.to_string());

598

1997

        if !server_file.exists() {

599

            return Ok(None);

600

1997

601

1997

        let mut contents = File::open(server_file)

602

1997

            .and_then(|mut f| async move {

603

1997

                let mut bytes = Vec::new();

604

7140

                f.read_to_end(&mut bytes).await.map(|_| bytes)

605

8936

})

606

8936

            .await?;

607

608

1997

        let key = bincode::deserialize::<KeyPair>(&contents)?;

609

1997

        contents.zeroize();

610

1997

611

1997

        Ok(Some(key))

612

3994

613

614

1840

    async fn set_vault_key_for(

615

1840

        &self,

616

1840

        server_id: StorageId,

617

1840

        key: KeyPair,

618

1840

    ) -> Result<(), Self::Error> {

619

1840

        let server_file = self.directory.join(server_id.to_string());

620

1840

        let bytes = bincode::serialize(&key)?;

621

1840

        File::create(server_file)

622

1840

            .and_then(|mut file| async move {

623

1818

                file.write_all(&bytes).await?;

624

1840

                file.shutdown().await

625

3279

})

626

3279

            .await?;

627

1840

        Ok(())

628

3680

629

630

631

58166

#[derive(Serialize, Deserialize)]

632

struct VaultPayload<'a> {

633

    // TODO make key_id be the additional data

634

    key_id: KeyId,

635

    key_version: u32,

636

    encryption: Encryption,

637

    payload: Cow<'a, [u8]>,

638

    nonce: Cow<'a, [u8]>,

639

640

641

impl<'a> VaultPayload<'a> {

642

8179

    fn from_slice(bytes: &'a [u8]) -> Result<Self, Error> {

643

8179

        bincode::deserialize(bytes).map_err(|err| {

644

            Error::Encryption(format!("error deserializing encrypted payload: {:?}", err))

645

8179

})

646

8179

647

648

29061

    fn to_vec(&self) -> Vec<u8> {

649

29061

        bincode::serialize(self).unwrap()

650

29061

651

652

653

240

#[derive(Serialize, Deserialize)]

654

struct HpkePayload {

655

    encryption: PublicKeyEncryption,

656

    payload: Bytes,

657

    tag: [u8; 16],

658

    encapsulated_key: <DhP256HkdfSha256 as Kem>::EncappedKey,

659

660

661

58078

#[derive(Serialize, Deserialize)]

662

enum Encryption {

663

    XChaCha20Poly1305,

664

665

666

248

#[derive(Serialize, Deserialize)]

667

enum PublicKeyEncryption {

668

    DhP256HkdfSha256ChaCha20,

669

670

671

#[cfg(test)]

672

mod tests {

673

    use super::*;

674

675

    #[derive(Debug)]

676

    struct NullKeyStorage;

677

    #[async_trait]

678

    impl VaultKeyStorage for NullKeyStorage {

679

        type Error = anyhow::Error;

680

681

        async fn set_vault_key_for(

682

            &self,

683

            _storage_id: StorageId,

684

            _key: KeyPair,

685

        ) -> Result<(), Self::Error> {

686

            unreachable!()

687

688

689

        async fn vault_key_for(

690

            &self,

691

            _storage_id: StorageId,

692

        ) -> Result<Option<KeyPair>, Self::Error> {

693

            unreachable!()

694

695

696

697

2

    fn random_null_vault() -> Vault {

698

2

        let mut master_keys = HashMap::new();

699

2

        master_keys.insert(0, EncryptionKey::random());

700

2

701

2

        let (_, public_key) = <DhP256HkdfSha256 as Kem>::gen_keypair(&mut thread_rng());

702

2

703

2

        Vault {

704

2

            _vault_public_key: PublicKey::P256(public_key),

705

2

            master_keys,

706

2

            current_master_key_id: 0,

707

2

            master_key_storage: Box::new(NullKeyStorage),

708

2

709

2

710

711

1

    #[test]

712

1

    fn vault_encryption_test() {

713

1

        let vault = random_null_vault();

714

1

        let encrypted = vault

715

1

            .encrypt_payload(&KeyId::Master, b"hello", None)

716

1

            .unwrap();

717

1

        let decrypted = vault.decrypt_payload(&encrypted, None).unwrap();

718

1

719

1

        assert_eq!(decrypted, b"hello");

720

1

721

722

1

    #[test]

723

1

    fn vault_permissions_test() {

724

1

        let vault = random_null_vault();

725

1

        assert!(matches!(

726

1

            vault.encrypt_payload(&KeyId::Master, b"hello", Some(&Permissions::default()),),

727

            Err(crate::Error::Core(bonsaidb_core::Error::PermissionDenied(

728

729

)))

730

));

731

1

        let encrypted = vault

732

1

            .encrypt_payload(&KeyId::Master, b"hello", None)

733

1

            .unwrap();

734

1

        assert!(matches!(

735

1

            vault.decrypt_payload(&encrypted, Some(&Permissions::default())),

736

            Err(crate::Error::Core(bonsaidb_core::Error::PermissionDenied(

737

738

)))

739

));

740

1

741

742

743

#[derive(Debug, Clone)]

744

pub(crate) struct TreeVault {

745

    pub key: KeyId,

746

    pub vault: Arc<Vault>,

747

748

749

impl nebari::Vault for TreeVault {

750

    type Error = crate::Error;

751

752

29037

    fn encrypt(&self, payload: &[u8]) -> Result<Vec<u8>, crate::Error> {

753

29037

        self.vault.encrypt_payload(&self.key, payload, None)

754

29037

755

756

8199

    fn decrypt(&self, payload: &[u8]) -> Result<Vec<u8>, crate::Error> {

757

8199

        self.vault.decrypt_payload(payload, None)

758

8199

759