initial public commit

Author: bitkeks

.gitignore

@@ -0,0 +1,3 @@
+.idea
+test_age.txt
+arcus-thunderbird-*.zip

Containerfile

@@ -0,0 +1,9 @@
+FROM fedora:36
+
+RUN dnf install -y git perl \
+    rust cargo pkg-config openssl openssl-devel \
+    rust-std-static-wasm32-unknown-unknown.noarch
+
+RUN cargo install wasm-pack
+
+ENV USER bitkeks

LICENSE_MIT

@@ -0,0 +1,25 @@
+Copyright (c) 2023 Dominik Pataky
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,13 @@
+# Arcus
+
+This project contains the source code of the Thunderbird add-on Arcus.
+
+It's a Rust-based encryption and decryption tool integrated into the email client, powered by Rust, https://github.com/str4d/rage and WebAssembly.
+
+See: [addons.thunderbird.net/en-GB/thunderbird/addon/arcus/](https://addons.thunderbird.net/en-GB/thunderbird/addon/arcus/)
+
+## License
+
+Copyright 2023 Dominik Pataky
+
+Licensed under the MIT license.

arcus-wasm/.gitignore

@@ -0,0 +1,9 @@
+/target
+**/*.rs.bk
+Cargo.lock
+bin/
+pkg/
+wasm-pack.log
+
+index.html
+index.js

arcus-wasm/Cargo.toml

@@ -0,0 +1,53 @@
+[package]
+name = "arcus"
+version = "0.9.0"
+authors = ["bitkeks"]
+edition = "2021"
+
+[lib]
+crate-type = ["cdylib", "rlib"]
+
+[features]
+default = ["console_error_panic_hook", "wee_alloc"]
+
+[dependencies]
+wasm-bindgen = "0.2.63"
+wasm-streams = "0.3"
+js-sys = "0.3"
+chrono = { version = "0.4", features = ["wasmbind"] }
+getrandom = { version = "0.2", features = ["js"] }
+getrandom_1 = { package = "getrandom", version = "0.1", features = ["wasm-bindgen"] }
+
+# The `console_error_panic_hook` crate provides better debugging of panics by
+# logging them with `console.error`. This is great for development, but requires
+# all the `std::fmt` and `std::panicking` infrastructure, so isn't great for
+# code size when deploying.
+console_error_panic_hook = { version = "0.1.6", optional = true }
+
+# `wee_alloc` is a tiny allocator for wasm that is only ~1K in code size
+# compared to the default allocator's ~10K. It is slower than the default
+# allocator, however.
+wee_alloc = { version = "0.4.5", optional = true }
+
+[dependencies.age]
+version = "0.9"
+features = ["armor", "async", "web-sys"]
+
+[dependencies.web-sys]
+version = "0.3"
+features = [
+    "Blob",
+    "BlobPropertyBag",
+    "File",
+    "ReadableStream",
+    "console",
+]
+
+[dev-dependencies]
+wasm-bindgen-test = "0.3.13"
+
+[profile.release]
+# Tell `rustc` to optimize for small code size.
+opt-level = "s"
+# Tell LLVM to optimize as well
+lto = true

arcus-wasm/src/encrypt.rs

@@ -0,0 +1,50 @@
+use age;
+use age::secrecy::{ExposeSecret, SecretString};
+use chrono;
+use js_sys::Array;
+use wasm_bindgen::prelude::*;
+use wasm_streams::{readable::ReadableStream, writable::WritableStream};
+use web_sys::{Blob, BlobPropertyBag};
+
+use crate::utils;
+
+/// A newtype around an [`age::Encryptor`].
+#[wasm_bindgen]
+pub struct Encryptor(age::Encryptor);
+
+#[wasm_bindgen]
+impl Encryptor {
+    /// Returns an `Encryptor` that will create an age file encrypted with a passphrase.
+    ///
+    /// This API should only be used with a passphrase that was provided by (or generated
+    /// for) a human. For programmatic use cases, instead generate a `SecretKey` and then
+    /// use `Encryptor::with_recipients`.
+    pub fn with_user_passphrase(passphrase: String) -> Encryptor {
+        // This is an entrance from JS to our WASM APIs; perform one-time setup steps.
+        utils::set_panic_hook();
+
+        Encryptor(age::Encryptor::with_user_passphrase(SecretString::new(
+            passphrase,
+        )))
+    }
+
+    // /// Creates a wrapper around a writer that will encrypt its input.
+    // ///
+    // /// Returns errors from the underlying writer while writing the header.
+    // pub async fn wrap_output(
+    //     self,
+    //     output: wasm_streams::writable::sys::WritableStream,
+    // ) -> Result<wasm_streams::writable::sys::WritableStream, JsValue> {
+    //     // Convert from the opaque web_sys::WritableStream Rust type to the fully-functional
+    //     // wasm_streams::writable::WritableStream.
+    //     let stream = WritableStream::from_raw(output);
+    //
+    //     let writer = self
+    //         .0
+    //         .wrap_async_output(stream.into_async_write())
+    //         .await
+    //         .map_err(|e| JsValue::from(format!("{}", e)))?;
+    //
+    //     Ok(WritableStream::from_sink(shim::WriteSinker::new(writer)).into_raw())
+    // }
+}

arcus-wasm/src/lib.rs

@@ -0,0 +1,227 @@
+use std::error::Error;
+use std::io::{Read, Write};
+use std::iter;
+use std::str::FromStr;
+use std::string::FromUtf8Error;
+use age;
+use age::armor::{ArmoredReader, ArmoredWriter};
+use age::armor::Format::AsciiArmor;
+use age::{DecryptError, Decryptor};
+use age::secrecy::{ExposeSecret, Secret, SecretString};
+use age::x25519::{Identity, Recipient};
+use chrono;
+use js_sys::{Array, JsString};
+use wasm_bindgen::prelude::*;
+use wasm_streams::{readable::ReadableStream, writable::WritableStream};
+use web_sys::{Blob, BlobPropertyBag};
+
+mod utils;
+mod encrypt;
+
+#[cfg(feature = "wee_alloc")]
+#[global_allocator]
+static ALLOC: wee_alloc::WeeAlloc = wee_alloc::WeeAlloc::INIT;
+
+#[wasm_bindgen]
+extern {
+    #[wasm_bindgen(js_namespace = console)]
+    fn log(s: &str);
+}
+
+macro_rules! console_log {
+    // Note that this is using the `log` function imported above during
+    // `bare_bones`
+    ($($t:tt)*) => (log(&format_args!($($t)*).to_string()))
+}
+
+#[wasm_bindgen]
+pub struct ArcusKeypair {
+    pubkey: Recipient,
+    secret: SecretString
+}
+
+#[wasm_bindgen]
+impl ArcusKeypair {
+    #[wasm_bindgen(constructor)]
+    pub fn new() -> Self {
+        let kp = Identity::generate();
+        Self {
+            pubkey: kp.to_public(),
+            secret: kp.to_string()
+        }
+    }
+
+    pub fn get_pubkey(&self) -> String {
+        self.pubkey.to_string().clone()
+    }
+
+    pub fn get_secret(&self) -> String {
+        self.secret.expose_secret().to_string().clone()
+    }
+}
+
+#[wasm_bindgen]
+pub struct Arcus {}
+
+#[wasm_bindgen]
+impl Arcus {
+    #[wasm_bindgen(constructor)]
+    pub fn new() -> Self {
+        Self {}
+    }
+
+    pub fn encrypt_text(&self, cleartext: String, recipient_pubkey: String) -> String {
+        utils::set_panic_hook();
+
+        let new_array = Array::new();
+        new_array.push(&JsString::from(recipient_pubkey));
+
+        self.encrypt_text_multi(cleartext, new_array)
+    }
+
+    pub fn encrypt_text_multi(&self, cleartext: String, recipient_pubkeys: Array) -> String {
+        utils::set_panic_hook();
+
+        let mut recs: Vec<Box<dyn age::Recipient + Send + 'static>> = Vec::new();
+
+        for recipient_pubkey in recipient_pubkeys.iter() {
+            if !recipient_pubkey.is_string() {
+                console_log!("{:?} is not a string", recipient_pubkey);
+                continue;
+            }
+
+            let pubkey = recipient_pubkey.as_string().unwrap();
+            let rpk_str = pubkey.as_str();
+
+            let re = match age::x25519::Recipient::from_str(rpk_str) {
+                Ok(recipient) => recipient,
+                Err(e) => return "invalid recipient string".to_string()
+            };
+
+            recs.push(Box::new(re));
+        }
+
+        let encrypted = {
+            let encryptor = age::Encryptor::with_recipients(recs)
+                .expect("we provided a recipient");
+
+            let mut enc_vec = vec![];
+            let mut writer = encryptor.wrap_output(
+                ArmoredWriter::wrap_output(&mut enc_vec, AsciiArmor)
+                    .expect("armored wrap_output failed"))
+                .expect("wrap_output failed");
+
+            writer.write_all(cleartext.as_bytes())
+                .expect("write_all failed");
+
+            match writer.finish() {
+                Ok(aw) => {
+                    aw.finish().expect("armored writer could not finish");
+                },
+                Err(e) => {
+                    console_log!("{:?}", e);
+                }
+            };
+
+            enc_vec
+        };
+
+        let res = match String::from_utf8(encrypted) {
+            Ok(ct) => ct,
+            Err(e) => e.to_string()
+        };
+
+        res
+    }
+
+    pub fn decrypt_text(&self, ciphertext: String, own_secretkey: String) -> String {
+        utils::set_panic_hook();
+
+        let secret_id = match age::x25519::Identity::from_str(own_secretkey.as_str()) {
+            Ok(identity) => identity,
+            Err(e) => {
+                console_log!("{:?}", e);
+                return "error parsing secret key".to_string()
+            }
+        };
+
+        let decrypted = {
+            let decryptor = match age::Decryptor::new(ArmoredReader::new(ciphertext.as_bytes())).expect("Error") {
+                age::Decryptor::Recipients(d) => d,
+                _ => unreachable!(),
+            };
+
+            let key = age::x25519::Identity::from_str(own_secretkey.as_str()).unwrap();
+
+            let mut dec_vec = vec![];
+            let mut reader = decryptor
+                .decrypt(iter::once(&key as &dyn age::Identity))
+                .expect("decryptor.decrypt failed");
+            reader.read_to_end(&mut dec_vec).expect("read_to_end failed");
+            dec_vec
+        };
+
+        let res = match String::from_utf8(decrypted) {
+            Ok(ct) => ct,
+            Err(e) => e.to_string()
+        };
+
+        res
+    }
+
+    pub fn generate_key(&self) -> ArcusKeypair {
+        ArcusKeypair::new()
+    }
+
+    pub fn pub_from_secret(&self, secret_key: String) -> String {
+        let id = match age::x25519::Identity::from_str(secret_key.as_str()) {
+            Ok(parsed_id) => parsed_id,
+            Err(e) => return e.to_string()
+        };
+
+        id.to_public().to_string()
+    }
+}
+
+
+#[wasm_bindgen]
+pub struct X25519Identity {
+    identity: age::x25519::Identity,
+    created: chrono::DateTime<chrono::Local>,
+}
+
+#[wasm_bindgen]
+impl X25519Identity {
+    /// Generates a new age identity.
+    pub fn generate() -> Self {
+        // This is an entrance from JS to our WASM APIs; perform one-time setup steps.
+        utils::set_panic_hook();
+
+        X25519Identity {
+            identity: age::x25519::Identity::generate(),
+            created: chrono::Local::now(),
+        }
+    }
+
+    /// Writes this identity to a blob that can be saved as a file.
+    pub fn write(&self) -> Result<Blob, JsValue> {
+        let output = format!(
+            "# created: {}\n# recipient: {}\n{}",
+            self.created
+                .to_rfc3339_opts(chrono::SecondsFormat::Secs, true),
+            self.identity.to_public(),
+            self.identity.to_string().expose_secret()
+        );
+
+        Blob::new_with_u8_array_sequence_and_options(
+            &Array::of1(&JsValue::from_str(&output)).into(),
+            &BlobPropertyBag::new().type_("text/plain;charset=utf-8"),
+        )
+    }
+
+    /// Returns the recipient corresponding to this identity.
+    pub fn recipient(&self) -> String {
+        self.identity.to_public().to_string()
+    }
+}
+