# stronghold.rs - feat/refactoring ###### tags: `Stronghold` `P2P` Deadline 30 October 1. Rewrite of stronghold crate (high level) - facilitate future code ownership - wrap cryptographic operations in `crate::runtime::zone` - message interface (rewrite client) - evict wallet specific logic (e.g. password clear timeout) - use a key derivation function to push the "human readable password UTF-8 string" out of the interfaces - Security Levels marker - Rate limiter - noise for remote vs local ? - ed25519 -> https://github.com/ZcashFoundation/ed25519-zebra 2. top level actor for engine ## Message Requirements: Using a macro for the DSL Think about backwards compatibility of the messages! ### Commands: (Procedures) - Digest/KDF - Sign verify (including multiple signers/verifiers) - Derive pubkey - Generate private key - Encrypt decrypt (note that here we might want to restrict/configure what data are allowed to exist outside of the vault) * this also functions as a database's write and read - Purge (with optional ttl (0 means request immediate garbage colllect) - RNG (does this put unnecessary exposure on the cryptographic source in use?) - HD key derivation (slip10 bip32 whatever) ### Payloads: (Intents?) - key material - serializable data - signatures ### Expected Response: - status code - transformation ### Auxiliary commands: (Procedures) - relay message to other stronghold via peer ID - current time? - capability negotiation: * security level * topology * available algorithms * software version * system metadata * peers (with their pubkeys (verifiable identity)) * whois # Input/output port style ```rust enum Input { Const(Vec<u8>), Record(RecordId), } enum Output { Return, Record(RecordId), OhShit(Error) } enum Digest_aka_KDF { Noop, // check lengths SHA1, } struct Sign { key: Input, digest: Digest, out: Output, } struct DerivePubkey { } struct Encrypt { } struct Decrypt ``` ### Abstract Syntax Tree (AST) "Using the wallet snapshot file, this $password to decrypt it, and my seed $record stored inside of it, please return the ed25519 $signature for this $transaction and the transaction $checksum" ------ snapshot: ‘~/.engine/wallet.stronghold’ password: ‘***************************’ record_id: { 'a': ‘0d0140252ad234923’, 'b': '0ab012' }, payload: ‘A letter to Bob from Alice that I want signed.’ action: [‘sign::ed25519(a, digest::sha1(payload))’, ‘checksum(b)’] return: [‘signature’, ‘checksum’] ------