## DigiSafe
---

In [2]:
:cache 1000
:dep apache-avro
:dep argon2
:dep base64ct = { features = ["alloc"] }
:dep chacha20poly1305
:dep getrandom
:dep lz4
:dep reed-solomon
:dep serde = { features = ["derive"] }
:dep sha3

cache: 1000 MiB


In [3]:
pub mod Database {

    // Database<Unlocked> <-> Avro <-> LZ4 <-> ChaCha20Poly1305 <-> Base64 <-> Database<Locked>
    // Database<Locked> -> Avro -> Reed-Solomon -> Vec<u8> -> name.digisafe

    use serde::{Deserialize, Serialize};
    use std::collections::HashMap;
    use std::io::{Read, Write};

    pub fn hash_lite(msg: &Vec<u8>) -> Vec<u8> {
        use sha3::{Digest, Sha3_256};
        Sha3_256::digest(Sha3_256::digest(msg)).to_vec()
    }

    pub fn hash_heavy(msg: String) -> Vec<u8> {
        use argon2::{Algorithm, Argon2, ParamsBuilder, password_hash::{PasswordHasher, SaltString}, Version};
        let lite_hash = hash_lite(&msg.into());
        let params = ParamsBuilder::new().m_cost(2u32.pow(20)).t_cost(2).p_cost(8).output_len(32).build().unwrap();
        let hasher = Argon2::new(Algorithm::Argon2id, Version::V0x13, params);
        let salt = SaltString::encode_b64(b"digisafe").unwrap();
        let heavy_hash = hasher.hash_password(&lite_hash, &salt).unwrap().hash.unwrap().as_bytes().to_owned();
        hash_lite(&heavy_hash)
    }

    pub fn to_base64(msg: &Vec<u8>) -> String {
        use base64ct::{Base64, Encoding};
        Base64::encode_string(msg)
    }

    pub fn from_base64(msg_enc: &String) -> Vec<u8> {
        use base64ct::{Base64, Encoding};
        Base64::decode_vec(&msg_enc).unwrap()
    }

    pub fn compress(msg: Vec<u8>) -> Vec<u8> {
        use lz4::{Decoder, EncoderBuilder};
        let mut encoder = EncoderBuilder::new().level(9).build(vec![]).unwrap();
        encoder.write(&msg[..]);
        encoder.finish().0
    }

    pub fn decompress(msg_enc: Vec<u8>) -> Vec<u8> {
        use lz4::Decoder;
        let mut msg = vec![];
        {
            let mut decoder = Decoder::new(&msg_enc[..]).unwrap();
            std::io::copy(&mut decoder, &mut msg);
        }
        msg
    }
    
    pub fn encrypt(msg: Vec<u8>, key: Vec<u8>, nonce: Vec<u8>) -> Vec<u8> {
        use chacha20poly1305::{aead::{Aead, KeyInit}, XChaCha20Poly1305};
        let key: [u8; 32] = key.try_into().unwrap();
        let nonce: [u8; 24] = nonce.try_into().unwrap();
        let cipher = XChaCha20Poly1305::new(&key.into());
        cipher.encrypt(&nonce.into(), &msg[..]).unwrap()
    }

    pub fn decrypt(msg_enc: Vec<u8>, key: Vec<u8>, nonce: Vec<u8>) -> Option<Vec<u8>> {
        use chacha20poly1305::{aead::{Aead, KeyInit}, XChaCha20Poly1305};
        let key: [u8; 32] = key.try_into().unwrap();
        let nonce: [u8; 24] = nonce.try_into().unwrap();
        let cipher = XChaCha20Poly1305::new(&key.into());
        if let Ok(msg) = cipher.decrypt(&nonce.into(), msg_enc.as_ref()) {
            Some(msg)
        } else {
            None
        }
    }

    fn to_ecc_batch(dat: Vec<u8>) -> Vec<u8> {
        use reed_solomon::Encoder;
        let enc = Encoder::new(8);
        Vec::from(&enc.encode(&dat[..])[..])
    }

    fn from_ecc_batch(dat_enc: Vec<u8>) -> Vec<u8> {
        use reed_solomon::Decoder;
        let dec = Decoder::new(8);
        dec.correct(&dat_enc[..], None).unwrap().data().to_owned()
    }

    fn to_ecc(dat: Vec<u8>) -> Vec<u8> {
        let dat_len = dat.len();
        let batch_size = 247usize;
        let batches = ((dat_len as f64)/(batch_size as f64)).ceil() as usize;
        let mut dat_enc = Vec::<u8>::with_capacity(dat_len + 8*batches);
        let mut a = 0usize;
        for _ in 0..batches {
            let b = std::cmp::min(a + batch_size, dat_len);
            let dat_slice = &dat[a..b];
            let enc_dat_slice = to_ecc_batch(dat_slice.to_vec());
            dat_enc.extend_from_slice(&enc_dat_slice[..]);
            a += batch_size;
            a = std::cmp::min(a, dat_len);
        }
        dat_enc
    }

    fn from_ecc(dat_enc: Vec<u8>) -> Vec<u8> {
        let dat_enc_len = dat_enc.len();
        let batch_size = 255usize;
        let batches = ((dat_enc_len as f64)/(batch_size as f64)).ceil() as usize;
        let mut dat = Vec::<u8>::with_capacity(dat_enc_len - 8*batches);
        let mut a = 0usize;
        for _ in 0..batches {
            let b = std::cmp::min(a + batch_size, dat_enc_len);
            let dat_enc_slice = &dat_enc[a..b];
            let dat_slice = from_ecc_batch(dat_enc_slice.to_vec());
            dat.extend_from_slice(&dat_slice[..]);
            a += batch_size;
            a = std::cmp::min(a, dat_enc_len);
        }
        dat
    }

    const unlocked_schema_raw: &str = r#"
    {
        "type": "record",
        "name": "unlocked",
        "fields": [
            {"name": "db", "type": {"type": "map", "values": "string"}},
            {"name": "info", "type": {"type": "map", "values": "string"}}
        ]
    }
    "#;

    #[derive(Debug, Deserialize, Serialize)]
    pub struct AvroUnlocked {
        db: HashMap<String, String>,
        info: HashMap<String, String>,
    }
    
    const locked_schema_raw: &str = r#"
    {
        "type": "record",
        "name": "locked",
        "fields": [
            {"name": "db", "type": "string"},
            {"name": "info", "type": {"type": "map", "values": "string"}}
        ]
    }
    "#;

    #[derive(Debug, Deserialize, Serialize)]
    pub struct AvroLocked {
        db: String,
        info: HashMap<String, String>,
    }

    #[derive(Default, Debug)]
    pub struct Unlocked {
        db: HashMap<String, String>,
        info: HashMap<String, String>,
        key: Vec<u8>,
    }

    #[derive(Debug, Default)]
    pub struct Locked {
        db: String,
        info: HashMap<String, String>,
    }


    impl AvroUnlocked {
        pub fn to_unlocked_struct(self, key: Vec<u8>) -> Unlocked {
             Unlocked {
                 db: self.db,
                 info: self.info,
                 key: key,
             }
        }
    }

    impl AvroLocked {
        pub fn to_locked_struct(self) -> Locked {
             Locked {
                 db: self.db,
                 info: self.info,
             }
        }
    }
    
    impl Unlocked {
        
        pub fn new(key: impl Into<String>) -> Self {
            let mut obj = Unlocked {
                db: Default::default(),
                info: Default::default(),
                key: hash_heavy(key.into()),
            };
            let mut randy = [0u8; 32];
            getrandom::getrandom(&mut randy);
            obj.set_info("uid", to_base64(&randy.to_vec()));
            obj
        }
        
        pub fn lock(self) -> Locked {
            let cadb = compress(self.to_avro());
            let nonce = hash_lite(&cadb)[..24].to_vec();
            let mut info = HashMap::<String, String>::new();
            info.extend(self.info);
            info.insert("nonce".into(), to_base64(&nonce));
            let db = to_base64(&encrypt(cadb, self.key, nonce));
            Locked {
                db: db,
                info: info,
            }
        }
    
        pub fn get(&self, akey: &String) -> Option<String> {
            self.db.get(akey).cloned()
        }
    
        
        pub fn set(&mut self, akey: impl Into<String>, aval: impl Into<String>) {
            self.db.insert(akey.into(), aval.into());
        }
    
        pub fn get_info(&self, akey: &String) -> Option<String> {
            self.info.get(akey).cloned()
        }
    
        
        pub fn set_info(&mut self, akey: impl Into<String>, aval: impl Into<String>) {
            self.info.insert(akey.into(), aval.into());
        }

        pub fn merge(&mut self, other: Unlocked) {
            self.db.extend(other.db);
        }

        pub fn to_avro_struct(&self) -> AvroUnlocked {
            AvroUnlocked {
                db: self.db.clone(),
                info: self.info.clone(),
            }
        }

        pub fn to_avro(&self) -> Vec<u8> {
            use apache_avro::{to_value, Schema, Writer};
            let schema = Schema::parse_str(unlocked_schema_raw).unwrap();
            let mut writer = Writer::new(&schema, Vec::new());
            writer.append(to_value(&self.to_avro_struct()).unwrap()).unwrap();
            let avro_dat = writer.into_inner().unwrap();
            avro_dat
        }

        pub fn from_avro(avro_dat: Vec<u8>, key: Vec<u8>) -> Unlocked {
            use apache_avro::{from_value, Reader};
            let reader = Reader::new(&avro_dat[..]).unwrap();
            let db = from_value::<AvroUnlocked>(&reader.last().unwrap().unwrap()).unwrap();
            db.to_unlocked_struct(key)
        }
    }

    /*
    impl std::fmt::Debug for Unlocked {
        fn fmt(&self, objf: &mut std::fmt::Formatter) -> std::fmt::Result {
            write!(objf, "Database::Unlocked: {{ redacted }}")
        }
    }

    impl std::fmt::Debug for AvroUnlocked {
        fn fmt(&self, objf: &mut std::fmt::Formatter) -> std::fmt::Result {
            write!(objf, "Database::Unlocked: {{ redacted }}")
        }
    }
    */

    impl Locked {
        
        pub fn unlock(self, password: impl Into<String>) -> Option<Unlocked> {
            let key = hash_heavy(password.into());
            let nonce = from_base64(&self.info.get("nonce").unwrap());
            let cradb = decrypt(from_base64(&self.db), key.clone(), nonce);
            if cradb.is_none() {
                return None;
            }
            let radb = decompress(cradb.unwrap());
            let db = Unlocked::from_avro(radb, key);
            Some(db)
        }

        pub fn to_avro_struct(&self) -> AvroLocked {
            AvroLocked {
                db: self.db.clone(),
                info: self.info.clone(),
            }
        }

        pub fn to_avro(&self) -> Vec<u8> {
            use apache_avro::{to_value, Schema, Writer};
            let schema = Schema::parse_str(locked_schema_raw).unwrap();
            let mut writer = Writer::new(&schema, Vec::new());
            writer.append(to_value(&self.to_avro_struct()).unwrap()).unwrap();
            let avro_dat = writer.into_inner().unwrap();
            avro_dat
        }

        pub fn from_avro(avro_dat: Vec<u8>) -> Locked {
            use apache_avro::{from_value, Reader};
            let reader = Reader::new(&avro_dat[..]).unwrap();
            let db = from_value::<AvroLocked>(&reader.last().unwrap().unwrap()).unwrap();
            db.to_locked_struct()
        }

        pub fn to_vec(&self) -> Vec<u8> {
            to_ecc(self.to_avro())
        }

        pub fn from_vec(dat_ecc: Vec<u8>) -> Locked {
            let dat = from_ecc(dat_ecc);
            Locked::from_avro(dat)
        }

    }

}

In [4]:
let mut db = Database::Unlocked::new("test_key");
db

Unlocked { db: {}, info: {"uid": "zSTe0INvE0ev1nMH+J4LURNuwkjG9w1exVBUYo3AVZ8="}, key: [146, 251, 216, 195, 51, 10, 173, 46, 196, 91, 169, 181, 149, 93, 179, 66, 192, 91, 240, 175, 185, 222, 31, 183, 198, 99, 75, 154, 88, 8, 146, 245] }

In [5]:
db.set_info("name", "test_db");
db

Unlocked { db: {}, info: {"name": "test_db", "uid": "zSTe0INvE0ev1nMH+J4LURNuwkjG9w1exVBUYo3AVZ8="}, key: [146, 251, 216, 195, 51, 10, 173, 46, 196, 91, 169, 181, 149, 93, 179, 66, 192, 91, 240, 175, 185, 222, 31, 183, 198, 99, 75, 154, 88, 8, 146, 245] }

In [6]:
db.set("k1", "v1");
db.set("k2", "v2");
db.set("k3", "v3");
db

Unlocked { db: {"k3": "v3", "k1": "v1", "k2": "v2"}, info: {"name": "test_db", "uid": "zSTe0INvE0ev1nMH+J4LURNuwkjG9w1exVBUYo3AVZ8="}, key: [146, 251, 216, 195, 51, 10, 173, 46, 196, 91, 169, 181, 149, 93, 179, 66, 192, 91, 240, 175, 185, 222, 31, 183, 198, 99, 75, 154, 88, 8, 146, 245] }

In [7]:
let db = db.lock();
db

Locked { db: "F90pTjzWPrjTjz9HcGnisi+LY9gIOBi2JsqR4VoXu1iagy8VDQUnsidsTh4WyXJJ0b7if41clgfuVvdeldzSKxryp9iihBdwl+exilAAJNFGw93qEPW39Y7tm4RpMtH37k+AU+7nKoBDRwUFfoKwVwzkLGzniclzd39bWRt3qsaCqZLOZsm1zdvdFBjLw+huHzZNpTxXn8gsRHFTGgQzVEp/nPv23F1RVK6tM7tiYVGpbFM49FT1lG5eoRlPN7mJ/ozOG1IcZSLDoniZvbINuU5a/ym3QTvT/LGvTQd5Nwtwt0/yXkCP77Iqul0/4Sq1gwSiJk/FqroNd+7bkukrFPUo315urGFurnTcoMv8t+u8eHVK2A==", info: {"name": "test_db", "uid": "zSTe0INvE0ev1nMH+J4LURNuwkjG9w1exVBUYo3AVZ8=", "nonce": "hb436MIp3KV85eTjSp6unRrh632XU6YD"} }

In [8]:
let db = db.unlock("test_key").unwrap();
db

Unlocked { db: {"k1": "v1", "k2": "v2", "k3": "v3"}, info: {"name": "test_db", "uid": "zSTe0INvE0ev1nMH+J4LURNuwkjG9w1exVBUYo3AVZ8="}, key: [146, 251, 216, 195, 51, 10, 173, 46, 196, 91, 169, 181, 149, 93, 179, 66, 192, 91, 240, 175, 185, 222, 31, 183, 198, 99, 75, 154, 88, 8, 146, 245] }

In [9]:
let db = db.lock();
db

Locked { db: "SB7kLpfGw2uMYkwgYnS6G+wmIbUYgNAcfhF324rA9cS3IKs/x3dcJL9dM9LzOu1+7bLh/MXNKHj/ZQz/e+G4OkPUGvhNKNFJJYqWhkhwxroAKP4JvWgSBj+6CrAmUwiKVqLZrzYH47W+dZ1XFel0hnX0BjlES6Xy+Sj1YAyZ/XtnLVmiax0s4tS0mnaS/EvDGFXfthbG84helvg1Irf84nzTQzQt4/DRtSIs/a6rbgjga0fjacw0O76G0d33MUBGN8SQyUyaR7Kw9ACsUJFndrNZ8Jmyf3YtwpNK7YcJ2dJIq1R+UXRp09eiRXeaQlflbO0P+Zj+NsPrjVZmCbsiKw+EfOQKuhm0AGh0zaM+cJVAV2woDac0", info: {"nonce": "TFZBaj8yP5eYVjrAfMEqUW3iCzpuV4a1", "uid": "zSTe0INvE0ev1nMH+J4LURNuwkjG9w1exVBUYo3AVZ8=", "name": "test_db"} }

In [10]:
let mut db_vec = db.to_vec();
db_vec

[79, 98, 106, 1, 4, 20, 97, 118, 114, 111, 46, 99, 111, 100, 101, 99, 8, 110, 117, 108, 108, 22, 97, 118, 114, 111, 46, 115, 99, 104, 101, 109, 97, 132, 2, 123, 34, 116, 121, 112, 101, 34, 58, 34, 114, 101, 99, 111, 114, 100, 34, 44, 34, 110, 97, 109, 101, 34, 58, 34, 108, 111, 99, 107, 101, 100, 34, 44, 34, 102, 105, 101, 108, 100, 115, 34, 58, 91, 123, 34, 110, 97, 109, 101, 34, 58, 34, 100, 98, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 44, 123, 34, 110, 97, 109, 101, 34, 58, 34, 105, 110, 102, 111, 34, 44, 34, 116, 121, 112, 101, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 109, 97, 112, 34, 44, 34, 118, 97, 108, 117, 101, 115, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 93, 125, 0, 69, 109, 160, 48, 23, 220, 59, 4, 202, 210, 188, 0, 216, 158, 247, 123, 2, 186, 7, 232, 5, 83, 66, 55, 107, 76, 112, 102, 71, 119, 50, 117, 77, 89, 107, 119, 103, 89, 110, 83, 54, 71, 43, 119, 109, 73, 98, 85, 89, 103, 78, 65, 99, 102, 104, 70, 51,

In [11]:
db_vec[0] = 0;
db_vec[10] = 0;
db_vec[100] = 0;
db_vec[200] = 0;
db_vec

[0, 98, 106, 1, 4, 20, 97, 118, 114, 111, 0, 99, 111, 100, 101, 99, 8, 110, 117, 108, 108, 22, 97, 118, 114, 111, 46, 115, 99, 104, 101, 109, 97, 132, 2, 123, 34, 116, 121, 112, 101, 34, 58, 34, 114, 101, 99, 111, 114, 100, 34, 44, 34, 110, 97, 109, 101, 34, 58, 34, 108, 111, 99, 107, 101, 100, 34, 44, 34, 102, 105, 101, 108, 100, 115, 34, 58, 91, 123, 34, 110, 97, 109, 101, 34, 58, 34, 100, 98, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 0, 114, 105, 110, 103, 34, 125, 44, 123, 34, 110, 97, 109, 101, 34, 58, 34, 105, 110, 102, 111, 34, 44, 34, 116, 121, 112, 101, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 109, 97, 112, 34, 44, 34, 118, 97, 108, 117, 101, 115, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 93, 125, 0, 69, 109, 160, 48, 23, 220, 59, 4, 202, 210, 188, 0, 216, 158, 247, 123, 2, 186, 7, 232, 5, 83, 66, 55, 107, 76, 112, 102, 71, 119, 50, 117, 77, 89, 0, 119, 103, 89, 110, 83, 54, 71, 43, 119, 109, 73, 98, 85, 89, 103, 78, 65, 99, 102, 104, 70, 51, 50, 5

In [12]:
Database::Locked::from_vec(db_vec)

Locked { db: "SB7kLpfGw2uMYkwgYnS6G+wmIbUYgNAcfhF324rA9cS3IKs/x3dcJL9dM9LzOu1+7bLh/MXNKHj/ZQz/e+G4OkPUGvhNKNFJJYqWhkhwxroAKP4JvWgSBj+6CrAmUwiKVqLZrzYH47W+dZ1XFel0hnX0BjlES6Xy+Sj1YAyZ/XtnLVmiax0s4tS0mnaS/EvDGFXfthbG84helvg1Irf84nzTQzQt4/DRtSIs/a6rbgjga0fjacw0O76G0d33MUBGN8SQyUyaR7Kw9ACsUJFndrNZ8Jmyf3YtwpNK7YcJ2dJIq1R+UXRp09eiRXeaQlflbO0P+Zj+NsPrjVZmCbsiKw+EfOQKuhm0AGh0zaM+cJVAV2woDac0", info: {"name": "test_db", "uid": "zSTe0INvE0ev1nMH+J4LURNuwkjG9w1exVBUYo3AVZ8=", "nonce": "TFZBaj8yP5eYVjrAfMEqUW3iCzpuV4a1"} }

In [13]:
// todo: app, nonce, uid, version, revision, name, type, subtype, timestamp

In [14]:
// todo: manage key during locked state. what is current api???