Initial commit

.github/workflows/CI.yml

@@ -0,0 +1,154 @@
+# This file is autogenerated by maturin v1.3.0
+# To update, run
+#
+#    maturin generate-ci github
+#
+name: CI
+
+on:
+  push:
+    branches:
+      - '*'
+    tags:
+      - '*'
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target: [x86_64, x86, aarch64, armv7, s390x, ppc64le]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Run tests (Rust)
+        run: |
+          cargo test -- --nocapture
+      - name: Run tests (Python)
+        run: |
+          python -m pip install tox
+          python -m tox
+      - name: Build wheels
+        uses: PyO3/maturin-action@v1
+        with:
+          target: ${{ matrix.target }}
+          args: --release --out dist --find-interpreter
+          sccache: 'true'
+          manylinux: auto
+      - name: Upload wheels
+        uses: actions/upload-artifact@v3
+        with:
+          name: wheels
+          path: dist
+
+  windows:
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        target: [x64, x86]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+          architecture: ${{ matrix.target }}
+      - name: Run tests (Rust)
+        # x86 builds fail with "error: your Rust target architecture
+        # (64-bit) does not match your python interpreter (32-bit)"
+        if: matrix.target != 'x86' # FIXME
+        run: |
+          cargo test -- --nocapture
+      - name: Run tests (Python)
+        # x86 builds fail with "error: your Rust target architecture
+        # (64-bit) does not match your python interpreter (32-bit)"
+        if: matrix.target != 'x86' # FIXME
+        run: |
+          python -m pip install tox
+          python -m tox
+      - name: Build wheels
+        uses: PyO3/maturin-action@v1
+        with:
+          target: ${{ matrix.target }}
+          args: --release --out dist --find-interpreter
+          sccache: 'true'
+      - name: Upload wheels
+        uses: actions/upload-artifact@v3
+        with:
+          name: wheels
+          path: dist
+
+  macos:
+    runs-on: macos-latest
+    strategy:
+      matrix:
+        target: [x86_64, aarch64]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Run tests (Rust)
+        run: |
+          cargo test -- --nocapture
+      - name: Run tests (Python)
+        run: |
+          python -m pip install tox
+          python -m tox
+      - name: Build wheels
+        uses: PyO3/maturin-action@v1
+        with:
+          target: ${{ matrix.target }}
+          args: --release --out dist --find-interpreter
+          sccache: 'true'
+      - name: Upload wheels
+        uses: actions/upload-artifact@v3
+        with:
+          name: wheels
+          path: dist
+
+  sdist:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build sdist
+        uses: PyO3/maturin-action@v1
+        with:
+          command: sdist
+          args: --out dist
+      - name: Upload sdist
+        uses: actions/upload-artifact@v3
+        with:
+          name: wheels
+          path: dist
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    if: "startsWith(github.ref, 'refs/tags/')"
+    needs: [linux, windows, macos, sdist]
+    permissions:
+      # This permission is mandatory for trusted publishing as per
+      # https://docs.pypi.org/trusted-publishers/using-a-publisher/
+      id-token: write
+    steps:
+      - uses: actions/checkout@v3
+      - name: Publish to crates.io
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+        run: |
+          cargo publish -vv
+      - uses: actions/download-artifact@v3
+        with:
+          name: wheels
+          path: dist
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          print-hash: true

.gitignore

@@ -0,0 +1,72 @@
+/target
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+.pytest_cache/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+.venv/
+env/
+bin/
+build/
+develop-eggs/
+dist/
+eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+include/
+man/
+venv/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+pip-selfcheck.json
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.cache
+nosetests.xml
+coverage.xml
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Rope
+.ropeproject
+
+# Django stuff:
+*.log
+*.pot
+
+.DS_Store
+
+# Sphinx documentation
+docs/_build/
+
+# PyCharm
+.idea/
+
+# VSCode
+.vscode/
+
+# Pyenv
+.python-version

Cargo.toml

@@ -0,0 +1,31 @@
+[package]
+name = "lafs"
+version = "0.0.1"
+edition = "2021"
+description = "Least-Authority File Store utils"
+readme = "README.md"
+license = "MIT"
+repository = "https://github.com/crwood/lafs"
+keywords = [
+    "allmydata",
+    "tahoe-lafs",
+    "tahoe",
+    "lafs",
+]
+categories = ["cryptography"]
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+[lib]
+name = "lafs"
+crate-type = ["cdylib", "rlib"]
+
+[dependencies]
+bitcoin_hashes = "0.14.0"
+data-encoding = "2.6.0"
+pyo3 = "0.22.2"
+rsa = "0.10.0-pre.2"
+
+[dev-dependencies]
+rand = "0.8.5"
+serde = "1.0"
+serde_yaml = "0.9"

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Christopher R. Wood
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,25 @@
+# LAFS
+
+_LAFS_ is an **experimental** Rust crate that provides a limited implementation of some parts of [Tahoe-LAFS](https://tahoe-lafs.org) -- the Least-Authority File Store. More specifically, it offers Rust implementations of the following functions (from the original Python `allmydata` package):
+
+```
+allmydata.util.base32.b2a
+allmydata.util.hashutil.tagged_hash
+allmydata.util.hashutil.ssk_pubkey_fingerprint_hash
+allmydata.util.hashutil.ssk_writekey_hash
+allmydata.util.netstring.netstring
+```
+
+Taken together, these provide just enough functionality to derive valid mutable capability strings/URIs that are fully compatible with the original (Python) implementation (as confirmed by testing against Tahoe-LAFS' own test vectors). As such, this library can be used to generate or recover cryptographic capabilities completely "offline" (i.e., without the need to interact with a running Tahoe-LAFS node) and/or in environments -- such as mobile -- where running a full `tahoe` node may be infeasible or undesirable.
+
+
+## Usage
+
+Although Tahoe-LAFS does not provide a Python API, for the sake of consistency with the original implementation, paths exposed by this crate strive to match the namespaces defined in the original `allmydata` Python package. For example, the Python `allmydata.util.base32.b2a` function can be called via the `lafs::util::base32::b2a` path in Rust.
+
+Function signatures and types, likewise, aim to follow the original implementation as closely as possible (thus a Python function that returns a `bytes` of undefined length might return a `Vec<u8>` in Rust), however, given Python's dynamic type system and other fundamental language differences (like Python's exception system, "default" args., etc.), some concessions should be expected. When in doubt, consult the source code.
+
+
+## Python bindings
+
+In addition to the Rust crate, Python bindings are provided for each of the modules/functions defined by this library (using [pyo3](https://pyo3.rs/), however, due to the aforementioned essential language differences (as well as some [outstanding](https://github.com/PyO3/pyo3/issues/759) [issues](https://github.com/PyO3/pyo3/issues/1517) with pyo3 submodule imports), these should not be considered as suitable "drop-in" replacements for those defined by the `allmydata` Python package; these bindings are used mainly to support testing against the original implementation. (See the `test/` directory for examples.)

flake.nix

@@ -0,0 +1,55 @@
+{
+  description = "Rust development environment";
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    rust-overlay = {
+      url = "github:oxalica/rust-overlay";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+  outputs = { self, nixpkgs, rust-overlay }:
+    let
+      overlays = [
+        rust-overlay.overlays.default
+        (final: prev: {
+          rustToolchain =
+            let
+              rust = prev.rust-bin;
+            in
+            if builtins.pathExists ./rust-toolchain.toml then
+              rust.fromRustupToolchainFile ./rust-toolchain.toml
+            else if builtins.pathExists ./rust-toolchain then
+              rust.fromRustupToolchainFile ./rust-toolchain
+            else
+              rust.stable.latest.default;
+        })
+      ];
+      supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+      forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
+        pkgs = import nixpkgs { inherit overlays system; };
+      });
+    in
+    {
+      devShells = forEachSupportedSystem ({ pkgs }: {
+        default = pkgs.mkShell {
+          packages = with pkgs; [
+            cargo-deny
+            cargo-edit
+            cargo-tarpaulin
+            cargo-watch
+            maturin
+            python38
+            python39
+            python310
+            python311
+            python312
+            python311Packages.tox
+            rust-analyzer
+            rustToolchain
+            rustc.llvmPackages.llvm
+            virtualenv
+          ];
+        };
+      });
+    };
+}