manawenuz/featherChat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
81954b1b0c4c50c085d9dd1c8d0d72d4c7d70884
featherChat/warzone/crates/warzone-protocol/src/crypto.rs
Siavash Sameni 651396fa13 Scaffold Rust workspace: warzone-protocol, server, client, mule 
4 crates, all compile. 16/17 tests pass.

warzone-protocol (core crypto):
- Seed-based identity (Ed25519 + X25519 from 32-byte seed via HKDF)
- BIP39 mnemonic encode/decode (24 words)
- Fingerprint type (SHA-256 truncated, displayed as xxxx:xxxx:xxxx:xxxx)
- ChaCha20-Poly1305 AEAD encrypt/decrypt with random nonce
- HKDF-SHA256 key derivation
- Pre-key bundle generation with Ed25519 signatures
- X3DH key exchange (simplified, needs X25519 identity key in bundle)
- Double Ratchet: full implementation with DH ratchet, chain ratchet,
  out-of-order message handling via skipped keys cache
- Message format (WarzoneMessage envelope + RatchetHeader)
- Session type with ratchet state
- Storage trait definitions (PreKeyStore, SessionStore, MessageQueue)

warzone-server (axum):
- sled database (keys, messages, one-time pre-keys)
- Routes: /v1/health, /v1/keys/register, /v1/keys/{fp},
  /v1/messages/send, /v1/messages/poll/{fp}, /v1/messages/{id}/ack

warzone-client (CLI):
- `warzone init` — generate seed, show mnemonic, save to ~/.warzone/
- `warzone recover <words>` — restore from mnemonic
- `warzone info` — show fingerprint and keys
- Seed storage at ~/.warzone/identity.seed (600 perms)
- Stubs for send, recv, chat commands

warzone-mule: Phase 4 placeholder

Known issue: X3DH test fails (initiate/respond use different DH ops
due to missing X25519 identity key in bundle). Fix in next step.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 21:27:48 +04:00

88 lines
2.7 KiB
Rust
Raw Blame History

use chacha20poly1305::{
aead::{Aead, KeyInit},
ChaCha20Poly1305, Nonce,
};
use hkdf::Hkdf;
use sha2::Sha256;
use crate::errors::ProtocolError;
/// HKDF-SHA256 key derivation.
pub fn hkdf_derive(ikm: &[u8], salt: &[u8], info: &[u8], len: usize) -> Vec<u8> {
let salt = if salt.is_empty() { None } else { Some(salt) };
let hk = Hkdf::<Sha256>::new(salt, ikm);
let mut output = vec![0u8; len];
hk.expand(info, &mut output)
.expect("HKDF output length should be valid");
output
}
/// Encrypt with ChaCha20-Poly1305. Returns nonce (12 bytes) || ciphertext.
pub fn aead_encrypt(key: &[u8; 32], plaintext: &[u8], aad: &[u8]) -> Vec<u8> {
let cipher = ChaCha20Poly1305::new(key.into());
let mut nonce_bytes = [0u8; 12];
rand::RngCore::fill_bytes(&mut rand::rngs::OsRng, &mut nonce_bytes);
let nonce = Nonce::from_slice(&nonce_bytes);
let ciphertext = cipher
.encrypt(nonce, chacha20poly1305::aead::Payload { msg: plaintext, aad })
.expect("encryption should not fail");
let mut result = Vec::with_capacity(12 + ciphertext.len());
result.extend_from_slice(&nonce_bytes);
result.extend_from_slice(&ciphertext);
result
}
/// Decrypt ChaCha20-Poly1305. Input: nonce (12 bytes) || ciphertext.
pub fn aead_decrypt(key: &[u8; 32], data: &[u8], aad: &[u8]) -> Result<Vec<u8>, ProtocolError> {
if data.len() < 12 {
return Err(ProtocolError::DecryptionFailed);
}
let (nonce_bytes, ciphertext) = data.split_at(12);
let cipher = ChaCha20Poly1305::new(key.into());
let nonce = Nonce::from_slice(nonce_bytes);
cipher
.decrypt(nonce, chacha20poly1305::aead::Payload { msg: ciphertext, aad })
.map_err(|_| ProtocolError::DecryptionFailed)
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn aead_roundtrip() {
let key = [42u8; 32];
let plaintext = b"hello warzone";
let aad = b"associated data";
let encrypted = aead_encrypt(&key, plaintext, aad);
let decrypted = aead_decrypt(&key, &encrypted, aad).unwrap();
assert_eq!(decrypted, plaintext);
}
#[test]
fn aead_wrong_key_fails() {
let key = [42u8; 32];
let wrong_key = [99u8; 32];
let encrypted = aead_encrypt(&key, b"secret", b"");
assert!(aead_decrypt(&wrong_key, &encrypted, b"").is_err());
}
#[test]
fn aead_wrong_aad_fails() {
let key = [42u8; 32];
let encrypted = aead_encrypt(&key, b"secret", b"aad1");
assert!(aead_decrypt(&key, &encrypted, b"aad2").is_err());
}
#[test]
fn hkdf_deterministic() {
let a = hkdf_derive(b"input", b"salt", b"info", 32);
let b = hkdf_derive(b"input", b"salt", b"info", 32);
assert_eq!(a, b);
}
}
Reference in New Issue View Git Blame Copy Permalink