Skip to content

Commit

Permalink
Merge pull request #8 from andrewwhitehead/more-keys
Browse files Browse the repository at this point in the history
Merge 0.2 changes
  • Loading branch information
andrewwhitehead authored May 7, 2021
2 parents 0f09ef0 + 5804a5e commit 2ab2e50
Show file tree
Hide file tree
Showing 101 changed files with 12,388 additions and 3,988 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ jobs:
uses: actions-rs/cargo@v1
with:
command: check
args: --workspace

- name: Cargo fmt
uses: actions-rs/cargo@v1
Expand All @@ -56,6 +57,7 @@ jobs:
uses: actions-rs/cargo@v1
with:
command: test
args: --workspace

build-manylinux:
name: Build Library
Expand Down
50 changes: 20 additions & 30 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
[workspace]
members = ["askar-crypto"]

[package]
name = "aries-askar"
version = "0.1.3"
version = "0.2.0-pre.2"
authors = ["Hyperledger Aries Contributors <aries@lists.hyperledger.org>"]
edition = "2018"
description = "Hyperledger Aries Askar secure storage"
license = "MIT/Apache-2.0"
license = "MIT OR Apache-2.0"
readme = "README.md"
repository = "https://github.com/hyperledger/aries-askar/"
categories = ["cryptography", "database"]
Expand All @@ -16,75 +19,62 @@ path = "src/lib.rs"
crate-type = ["staticlib", "rlib", "cdylib"]

[package.metadata.docs.rs]
features = ["all"]
features = ["all_backends"]
no-default-features = true
rustdoc-args = ["--cfg", "docsrs"]

[features]
default = ["all", "ffi", "logger"]
all = ["any", "postgres", "sqlite"]
default = ["all_backends", "ffi", "logger"]
all_backends = ["any", "postgres", "sqlite"]
any = []
ffi = ["any", "ffi-support", "logger"]
indy_compat = ["sqlx", "sqlx/sqlite"]
jemalloc = ["jemallocator"]
logger = ["env_logger", "log"]
postgres = ["sqlx", "sqlx/postgres", "sqlx/tls"]
sqlite = ["num_cpus", "sqlx", "sqlx/sqlite"]
pg_test = ["postgres"]

[dev-dependencies]
hex-literal = "0.3"

[dependencies]
aead = "0.3"
async-global-executor = { version = "1.4", features = ["async-io"] }
askar-crypto = { version = "0.2.0-pre.2", path = "./askar-crypto", features = ["argon2", "std"] }
async-mutex = "1.4"
async-stream = "0.3"
async-std = "1.7" # temporary addition to encourage common dependencies with sqlx
blocking = "1.0"
chacha20poly1305 = { version = "0.7", default-features = false, features = ["alloc", "chacha20"] }
bs58 = "0.4"
chrono = "0.4"
digest = "0.9"
env_logger = { version = "0.7", optional = true }
ffi-support = { version = "0.4", optional = true }
futures-lite = "1.7"
hex = "0.4"
hmac = "0.10"
indy-wql = "0.4"
itertools = "0.9"
jemallocator = { version = "0.3", optional = true }
log = { version = "0.4", optional = true }
num_cpus = { version = "1.0", optional = true }
once_cell = "1.5"
percent-encoding = "2.0"
rand = "0.7"
rmp-serde = "0.14"
rust-argon2 = "0.8"
serde = { version = "1.0", features = ["derive"] }
serde_bytes = "0.11"
serde_cbor = "0.11"
serde_json = "1.0"
sha2 = "0.9"
tokio = { version = "1.5", features = ["time"] }
url = { version = "2.1", default-features = false }
uuid = { version = "0.8", features = ["v4"] }
zeroize = { version = "1.1.0", features = ["zeroize_derive"] }

[dependencies.indy-utils]
version = "=0.3.9"
default-features = false
features = ["ed25519", "pack", "serde_support", "wql"]
zeroize = "1.1"

[dependencies.sqlx]
version = "0.5.1"
version = "=0.5.1"
default-features = false
features = ["chrono", "runtime-async-std-rustls"]
features = ["chrono", "runtime-tokio-rustls"]
optional = true

# [target.'cfg(target_os = "macos")'.dependencies]
# keychain-services = { path = "../keychain-services.rs" }
# keychain-services = { git = "https://github.com/iqlusioninc/keychain-services.rs", rev = "7410fb8baf4ecdf04cdcd7d06d02658f4f158d77" }

[profile.release]
lto = true
codegen-units = 1

[[test]]
name = "backends"

[[test]]
name = "faber"
required-features = ["indy_compat"]
9 changes: 7 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
# aries-askar

Aries-Askar, secure storage designed for Hyperledger Aries agents.
[![Unit Tests](https://github.com/hyperledger/aries-askar/workflows/Aries-Askar/badge.svg)](https://github.com/hyperledger/aries-askar/actions)
[![Rust Crate](https://img.shields.io/crates/v/aries-askar.svg)](https://crates.io/crates/aries-askar)
[![Rust Documentation](https://docs.rs/aries-askar/badge.svg)](https://docs.rs/aries-askar)
[![Python Package](https://img.shields.io/pypi/v/aries_askar)](https://pypi.org/project/aries-askar/)

Secure storage and cryptographic support designed for Hyperledger Aries agents.

## Credit

The initial implementation of `aries-askar` was developed by the Verifiable Organizations Network (VON) team based at the Province of British Columbia. The database structure derives largely from the wallet design within [Hyperledger Indy-SDK](https://github.com/hyperledger/indy-sdk). To learn more about VON and what's happening with decentralized identity in British Columbia, please go to [https://vonx.io](https://vonx.io).
The initial implementation of `aries-askar` was developed by the Verifiable Organizations Network (VON) team based at the Province of British Columbia, and inspired by the wallet design within [Hyperledger Indy-SDK](https://github.com/hyperledger/indy-sdk). To learn more about VON and what's happening with decentralized identity in British Columbia, please go to [https://vonx.io](https://vonx.io).

## Contributing

Expand Down
70 changes: 70 additions & 0 deletions askar-crypto/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
[package]
name = "askar-crypto"
version = "0.2.0-pre.2"
authors = ["Hyperledger Aries Contributors <aries@lists.hyperledger.org>"]
edition = "2018"
description = "Hyperledger Aries Askar cryptography"
license = "MIT OR Apache-2.0"
readme = "README.md"
repository = "https://github.com/hyperledger/aries-askar/"
categories = ["cryptography", "no-std"]
keywords = ["hyperledger", "aries", "didcomm", "ssi"]

[package.metadata.docs.rs]
features = ["argon2", "std"]
rustdoc-args = ["--cfg", "docsrs"]

[features]
default = ["alloc", "any_key", "all_keys", "crypto_box"]
alloc = []
std = ["alloc"]
all_keys = ["aes", "bls", "chacha", "ec_curves", "ed25519"]
any_key = ["alloc"]
aes = ["aes-core", "aes-gcm", "block-modes", "hmac"]
bls = ["bls12_381", "hkdf"]
chacha = ["chacha20poly1305"]
crypto_box = ["alloc", "crypto_box_rs", "ed25519"]
ec_curves = ["k256", "p256"]
ed25519 = ["curve25519-dalek", "ed25519-dalek", "x25519-dalek"]

[dev-dependencies]
base64 = { version = "0.13", default-features = false, features = ["alloc"] }
criterion = "0.3"
hex-literal = "0.3"
serde_cbor = "0.11"

[[bench]]
name = "enc"
harness = false

[[bench]]
name = "kdf"
harness = false

[dependencies]
aead = "0.3"
aes-core = { package = "aes", version = "0.6", default-features = false, optional = true }
aes-gcm = { version = "0.8", default-features = false, features = ["aes"], optional = true }
argon2 = { version = "0.1", default-features = false, features = ["password-hash"], optional = true }
base64 = { version = "0.13", default-features = false }
blake2 = { version = "0.9", default-features = false }
block-modes = { version = "0.7", default-features = false, optional = true }
bls12_381 = { version = "0.4", default-features = false, features = ["groups"], optional = true }
chacha20 = { version = "0.6" } # should match chacha20poly1305
chacha20poly1305 = { version = "0.7", default-features = false, features = ["chacha20", "xchacha20poly1305"], optional = true }
crypto_box_rs = { package = "crypto_box", version = "0.5", default-features = false, features = ["u64_backend"], optional = true }
curve25519-dalek = { version = "3.1", default-features = false, features = ["u64_backend"], optional = true }
ed25519-dalek = { version = "1.0", default-features = false, features = ["u64_backend"], optional = true }
digest = "0.9"
group = "0.9"
hkdf = { version = "0.11", optional = true }
hmac = { version = "0.11", optional = true }
k256 = { version = "0.8", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "sha256", "zeroize"], optional = true }
p256 = { version = "0.8", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "zeroize"], optional = true }
rand = { version = "0.8", default-features = false, features = ["getrandom"] }
serde = { version = "1.0", default-features = false, features = ["derive"] }
serde_json = { version = "1.0", default-features = false }
subtle = "2.4"
sha2 = { version = "0.9", default-features = false }
x25519-dalek = { version = "1.1", default-features = false, features = ["u64_backend"], optional = true }
zeroize = { version = "1.1.0", features = ["zeroize_derive"] }
31 changes: 31 additions & 0 deletions askar-crypto/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# askar-crypto

[![Rust Crate](https://img.shields.io/crates/v/askar-crypto.svg)](https://crates.io/crates/askar-crypto)
[![Rust Documentation](https://docs.rs/askar-crypto/badge.svg)](https://docs.rs/askar-crypto)

The `askar-crypto` crate provides the basic key representations and cryptographic operations used by [`aries-askar`](https://github.com/hyperledger/aries-askar).

## Supported Key Types

| Key Type | Feature | Operations | Notes |
| -------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- |
| AES-GCM | `aes` | AEAD encryption<br>JWK export | A128GCM and A256GCM |
| AES-CBC-HMAC-SHA2 | `aes` | AEAD encryption<br>JWK export | A128CBC-HS256 and A256CBC-HS512 |
| (X)ChaCha20-Poly1305 | `chacha` | AEAD encryption<br>JWK export | aka C20P, XC20P |
| BLS12-381 | `bls` | [`bls-signature`](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04)-compatible key generation<br>JWK import/export | G1, G2, and G1G2 key types |
| Ed25519 | `ed25519` | EdDSA signatures<br>JWK import/export | |
| X25519 | `ed25519` | DH key exchange<br>JWK import/export | |
| K-256 | `k256` | ECDSA signatures<br>DH key exchange<br>JWK import/export | aka secp256k1 |
| P-256 | `p256` | ECDSA signatures<br>DH key exchange<br>JWK import/export | aka nist256p1, secp256r1 |

## 'Any' Key support

The `any_key` feature (which depends on `alloc`) provides a generic interface for creating and working with any supported key type.

## JOSE Authenticated Encryption

This crate provides implementations of the [ECDH-ES](https://tools.ietf.org/html/rfc7518#section-4.6) and [ECDH-1PU (draft 4)](https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-04) key agreement operations, for use in deriving the CEK or key wrapping key when producing or consuming JWE envelopes using these protection algorithms.

## no-std

This crate supports the optional `alloc` feature, gating types and operations that depend on a global allocator. The `std` feature depends on `alloc`, and adds support for `std::error::Error`.
66 changes: 66 additions & 0 deletions askar-crypto/benches/enc.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#[macro_use]
extern crate criterion;

#[macro_use]
extern crate hex_literal;

use askar_crypto::{
alg::{
chacha20::{Chacha20Key, C20P},
AnyKey, AnyKeyCreate, Chacha20Types, KeyAlg,
},
buffer::{SecretBytes, WriteBuffer, Writer},
encrypt::{KeyAeadInPlace, KeyAeadMeta},
random::fill_random,
repr::KeySecretBytes,
};

use criterion::{black_box, Criterion};

fn criterion_benchmark(c: &mut Criterion) {
{
let message = b"test message for encrypting";

let key = &hex!("451b5b8e8725321541954997781de51f4142e4a56bab68d24f6a6b92615de5ee");

c.bench_function(&format!("chacha20-poly1305 encrypt"), move |b| {
b.iter(|| {
let key = Chacha20Key::<C20P>::from_secret_bytes(&key[..]).unwrap();
let mut buffer = [0u8; 255];
buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
let nonce = Chacha20Key::<C20P>::random_nonce();
let mut writer = Writer::from_slice_position(&mut buffer, message.len());
key.encrypt_in_place(&mut writer, &nonce, &[]).unwrap();
})
});
c.bench_function(&format!("chacha20-poly1305 encrypt alloc"), move |b| {
b.iter(|| {
let key = Chacha20Key::<C20P>::from_secret_bytes(&key[..]).unwrap();
let mut buffer = SecretBytes::with_capacity(255);
buffer.buffer_write(black_box(&message[..])).unwrap();
let nonce = Chacha20Key::<C20P>::random_nonce();
key.encrypt_in_place(&mut buffer, &nonce, &[]).unwrap();
})
});
c.bench_function(&format!("chacha20-poly1305 encrypt as any"), move |b| {
b.iter(|| {
let key = Box::<AnyKey>::from_secret_bytes(
KeyAlg::Chacha20(Chacha20Types::C20P),
&key[..],
)
.unwrap();
let mut buffer = [0u8; 255];
buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
let mut nonce = [0u8; 255];
let nonce_len = key.aead_params().nonce_length;
fill_random(&mut nonce[..nonce_len]);
let mut writer = Writer::from_slice_position(&mut buffer, message.len());
key.encrypt_in_place(&mut writer, &nonce[..nonce_len], &[])
.unwrap();
})
});
}
}

criterion_group!(benches, criterion_benchmark);
criterion_main!(benches);
32 changes: 32 additions & 0 deletions askar-crypto/benches/kdf.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#[macro_use]
extern crate criterion;

use askar_crypto::kdf::concat::{ConcatKDF, ConcatKDFParams};
use sha2::Sha256;

use criterion::{black_box, Criterion};

fn criterion_benchmark(c: &mut Criterion) {
{
let message = b"test message for encrypting";

let params = ConcatKDFParams {
alg: b"A256GCM",
apu: b"sender name",
apv: b"recipient name",
pub_info: &(256u32).to_be_bytes(),
prv_info: &[],
};

c.bench_function(&format!("concat kdf sha256"), move |b| {
b.iter(|| {
let mut output = [0u8; 32];
ConcatKDF::<Sha256>::derive_key(black_box(message), black_box(params), &mut output)
.unwrap();
})
});
}
}

criterion_group!(benches, criterion_benchmark);
criterion_main!(benches);
Loading

0 comments on commit 2ab2e50

Please sign in to comment.