spacedrive/crates/crypto/README.md

# Crypto

This crate contains Spacedrive's cryptographic modules.

This includes things such as:

- The key manager
- Encryption and decryption
- Encrypted file header formats (with extremely fast serialization and deserialization)
- Key hashing and derivation
- Keyring interfaces to access native OS keystores

It has support for the following cryptographic functions:

- `Argon2id`
- `Balloon` hashing
- `BLAKE3` key derivation
- `XChaCha20-Poly1305`
- `AES-256-GCM-SIV`

It aims to be (relatively) lightweight, easy to maintain and platform-agnostic where possible. It does contain some platform-specific code, although it's only built if the target matches.

## Features

A list of all features can be found below (NOTE: none of these features are enabled by default)

- `serde` - provides integration with `serde` and `serde_json`
<!-- - `uuid` - enables the `uuid` crate -->
- `tokio` - provides integration with the `tokio` crate
- `specta` - provides integration with the `specta` crate
- `bincode` - provides integration with the `bincode` crate (this will likely become part of the crate)
- `keyring` - provides a unified interface for interacting with OS-keyrings (currently only supports MacOS/iOS/Linux `keyutils`). `keyutils` is not persistent, so is best used in a headless server/docker environment, as keys are wiped on-reboot. The Secret Service API is not practically available in headless environments.
- `secret-service` - enables `keyring` but also enables the Secret Service API (a persistent keyring targeted at Gnome/KDE (via `gnome-keyring` and `kwallet` respectively)). Is a pretty heavy dependency.

## Security Notice

This crate has NOT received any security audit - however, a couple of our upstream libraries (provided by [RustCrypto](https://github.com/RustCrypto)) have.

You may find them below:

- AES-GCM and XChaCha20-Poly1305 audit by NCC group ([link](https://research.nccgroup.com/wp-content/uploads/2020/02/NCC_Group_MobileCoin_RustCrypto_AESGCM_ChaCha20Poly1305_Implementation_Review_2020-02-12_v1.0.pdf))

Breaking changes are very likely! Use at your own risk - no stability or security is guaranteed.
[ENG-341] OS Keychains (#554) * super barebones keychain start * working+unfinished linux keychain * add `copy` to `Identifier` and add `delete()` * add generic errors + code cleanup * cleanup code & add support for apple keychains * remove `users` dep * use uppercase UUID and tweak apple `account` variable * revert uppercase change and clean up linux labels * code cleanup & add a readme to the crypto crate * remove useless `map` * correctly handle keyring not supported errors * add `Send` to `Box<dyn Keyring>` * remove useless `cfg`s * only return `Ok()` if we support keychains (pls work CI) * clippy * Minor fixes --------- Co-authored-by: Ericson Fogo Soares <ericson.ds999@gmail.com> 2023-02-01 00:11:03 +00:00			`# Crypto`

			`This crate contains Spacedrive's cryptographic modules.`

			`This includes things such as:`

[ENG 239] Onboarding Flow & Location Settings (#529) * begin better onboarding * added input and altered text * better router & text + database icon Co-authored-by: maxichrome <maxichrome@users.noreply.github.com> * work on privacy screen + radio buttons * fix video extension bug and alter screens * add pending schema and location manager helper * functional onboarding * added secure temp store and started creating library loading screen * fix secure temp keystore + api * better onboarding * added location settings and some overview concept, all WIP * fix switch * prep * fix location router * added backend settings * attempted to fix form * begin indexer rules editor, plus tweaks * indexer rules coming soon * fix onboarding img size * cleanup * clone is needed here, but clippy no like * sike * whole bunch of fixes * clippy + ts * Removing some TODOs from api/libraries.rs and fixing db size calculation * moved object kind to client, added half functionality for appearance settings * fix RadioGroup helper * fix type issues * cargo fmt * fix creating library error handling + invalidate location list on update * forgot to switch back to onError * Invalidating getStatistics query on library creation and introducing the concept of waiting for a job on FileCopierJob * F* cargo fmt * fix RadioGroup interactivity * wipe all migrations * put back COLLATE NOCASE on extension columns * update core.ts * remove unused device component * fix typeerror in mobile --------- Co-authored-by: maxichrome <maxichrome@users.noreply.github.com> Co-authored-by: Brendan Allan <brendonovich@outlook.com> Co-authored-by: Ericson Soares <ericson.ds999@gmail.com> Co-authored-by: Utku Bakir <74243531+utkubakir@users.noreply.github.com> 2023-02-10 22:08:13 +00:00			`- The key manager`
			`- Encryption and decryption`
			`- Encrypted file header formats (with extremely fast serialization and deserialization)`
			`- Key hashing and derivation`
			`- Keyring interfaces to access native OS keystores`
[ENG-341] OS Keychains (#554) * super barebones keychain start * working+unfinished linux keychain * add `copy` to `Identifier` and add `delete()` * add generic errors + code cleanup * cleanup code & add support for apple keychains * remove `users` dep * use uppercase UUID and tweak apple `account` variable * revert uppercase change and clean up linux labels * code cleanup & add a readme to the crypto crate * remove useless `map` * correctly handle keyring not supported errors * add `Send` to `Box<dyn Keyring>` * remove useless `cfg`s * only return `Ok()` if we support keychains (pls work CI) * clippy * Minor fixes --------- Co-authored-by: Ericson Fogo Soares <ericson.ds999@gmail.com> 2023-02-01 00:11:03 +00:00
[ENG-429] Crypto organization/refactor (#607) * update comment * key manager feature gating * update deps & more feature gating * fix keyring feature gating * add an `exhaustive_read` function for crypto/stream * restructure STREAM module * move tests+shared utils * clean up stream decryption * further cleanup * impl to `GenericArray` for `Nonce` * update examples * update refs & `use`s * fix `Nonce` -> `GenericArray` conversions * better `Protected` conversions + remove `Password` type * a work of art * finishing touches * some API changes * rename `StreamX` to `X` * fix everything else * separate `primitives` from `types` * update imports & fix build 2023-03-15 16:09:36 +00:00			`It has support for the following cryptographic functions:`

			- `Argon2id`
			- `Balloon` hashing
			- `BLAKE3` key derivation
			- `XChaCha20-Poly1305`
[ENG-440] Crypto Refactor (#2115) * rebase: `crates/crypto` into current `main` * refactor: remove `mnemonic` module * feat: disable secure erase temporarily * fix: tsc * fix: tsc due to unused import * fix: remove `cli` crypto info * deps: update * chore: remove dead comment * refactor: remove `bincode` feature * refactor: give `keyring` a dedicated feature so it's not reliant on `sys` as well * fix: remove `aes-gcm` as it's no longer supported * refactor: remove dead comment * fix: update `keyring` imports * refactor: change tests to `aes-256-gcm` * feat: make `Key` a `Box<>` internally to ensure it's heap allocated (and fix tests) * chore: clippy * fix: hashing tests now that `const` keys aren't available this will be cleaned up with test vectors and `include_bytes!()` * chore: clippy * refactor: remove dead code * test: bring back `encrypt_with_invalid_nonce` test * fix: secret service keyring * fix: `zbus` build issues * doc: update comment for clearer reasoning * fix: cargo fmt * fix: use bytes directly * deps: update lockfile * fix: secret service keyring * fix: comment out windows keyring for now * fix: use session keyring if no keyring backend * fix: completely remove keyring module if no keyring is available for that OS * fix: clippy * fix: move iimport to correct conditional compilation * fix: fmt 2024-03-07 08:00:37 +00:00			- `AES-256-GCM-SIV`
[ENG-429] Crypto organization/refactor (#607) * update comment * key manager feature gating * update deps & more feature gating * fix keyring feature gating * add an `exhaustive_read` function for crypto/stream * restructure STREAM module * move tests+shared utils * clean up stream decryption * further cleanup * impl to `GenericArray` for `Nonce` * update examples * update refs & `use`s * fix `Nonce` -> `GenericArray` conversions * better `Protected` conversions + remove `Password` type * a work of art * finishing touches * some API changes * rename `StreamX` to `X` * fix everything else * separate `primitives` from `types` * update imports & fix build 2023-03-15 16:09:36 +00:00
[ENG-341] OS Keychains (#554) * super barebones keychain start * working+unfinished linux keychain * add `copy` to `Identifier` and add `delete()` * add generic errors + code cleanup * cleanup code & add support for apple keychains * remove `users` dep * use uppercase UUID and tweak apple `account` variable * revert uppercase change and clean up linux labels * code cleanup & add a readme to the crypto crate * remove useless `map` * correctly handle keyring not supported errors * add `Send` to `Box<dyn Keyring>` * remove useless `cfg`s * only return `Ok()` if we support keychains (pls work CI) * clippy * Minor fixes --------- Co-authored-by: Ericson Fogo Soares <ericson.ds999@gmail.com> 2023-02-01 00:11:03 +00:00			`It aims to be (relatively) lightweight, easy to maintain and platform-agnostic where possible. It does contain some platform-specific code, although it's only built if the target matches.`
[ENG-429] Crypto organization/refactor (#607) * update comment * key manager feature gating * update deps & more feature gating * fix keyring feature gating * add an `exhaustive_read` function for crypto/stream * restructure STREAM module * move tests+shared utils * clean up stream decryption * further cleanup * impl to `GenericArray` for `Nonce` * update examples * update refs & `use`s * fix `Nonce` -> `GenericArray` conversions * better `Protected` conversions + remove `Password` type * a work of art * finishing touches * some API changes * rename `StreamX` to `X` * fix everything else * separate `primitives` from `types` * update imports & fix build 2023-03-15 16:09:36 +00:00
			`## Features`

			`A list of all features can be found below (NOTE: none of these features are enabled by default)`

[ENG-440] Crypto Refactor (#2115) * rebase: `crates/crypto` into current `main` * refactor: remove `mnemonic` module * feat: disable secure erase temporarily * fix: tsc * fix: tsc due to unused import * fix: remove `cli` crypto info * deps: update * chore: remove dead comment * refactor: remove `bincode` feature * refactor: give `keyring` a dedicated feature so it's not reliant on `sys` as well * fix: remove `aes-gcm` as it's no longer supported * refactor: remove dead comment * fix: update `keyring` imports * refactor: change tests to `aes-256-gcm` * feat: make `Key` a `Box<>` internally to ensure it's heap allocated (and fix tests) * chore: clippy * fix: hashing tests now that `const` keys aren't available this will be cleaned up with test vectors and `include_bytes!()` * chore: clippy * refactor: remove dead code * test: bring back `encrypt_with_invalid_nonce` test * fix: secret service keyring * fix: `zbus` build issues * doc: update comment for clearer reasoning * fix: cargo fmt * fix: use bytes directly * deps: update lockfile * fix: secret service keyring * fix: comment out windows keyring for now * fix: use session keyring if no keyring backend * fix: completely remove keyring module if no keyring is available for that OS * fix: clippy * fix: move iimport to correct conditional compilation * fix: fmt 2024-03-07 08:00:37 +00:00			- `serde` - provides integration with `serde` and `serde_json`
			<!-- - `uuid` - enables the `uuid` crate -->
			- `tokio` - provides integration with the `tokio` crate
			- `specta` - provides integration with the `specta` crate
			- `bincode` - provides integration with the `bincode` crate (this will likely become part of the crate)
			- `keyring` - provides a unified interface for interacting with OS-keyrings (currently only supports MacOS/iOS/Linux `keyutils`). `keyutils` is not persistent, so is best used in a headless server/docker environment, as keys are wiped on-reboot. The Secret Service API is not practically available in headless environments.
			- `secret-service` - enables `keyring` but also enables the Secret Service API (a persistent keyring targeted at Gnome/KDE (via `gnome-keyring` and `kwallet` respectively)). Is a pretty heavy dependency.
[ENG-429] Crypto organization/refactor (#607) * update comment * key manager feature gating * update deps & more feature gating * fix keyring feature gating * add an `exhaustive_read` function for crypto/stream * restructure STREAM module * move tests+shared utils * clean up stream decryption * further cleanup * impl to `GenericArray` for `Nonce` * update examples * update refs & `use`s * fix `Nonce` -> `GenericArray` conversions * better `Protected` conversions + remove `Password` type * a work of art * finishing touches * some API changes * rename `StreamX` to `X` * fix everything else * separate `primitives` from `types` * update imports & fix build 2023-03-15 16:09:36 +00:00
			`## Security Notice`

			`This crate has NOT received any security audit - however, a couple of our upstream libraries (provided by [RustCrypto](https://github.com/RustCrypto)) have.`

			`You may find them below:`

			`- AES-GCM and XChaCha20-Poly1305 audit by NCC group ([link](https://research.nccgroup.com/wp-content/uploads/2020/02/NCC_Group_MobileCoin_RustCrypto_AESGCM_ChaCha20Poly1305_Implementation_Review_2020-02-12_v1.0.pdf))`

			`Breaking changes are very likely! Use at your own risk - no stability or security is guaranteed.`