first commit

clients/desktop/src-tauri/src/lib.rs

@@ -0,0 +1,101 @@
+use tauri::State;
+use std::sync::Mutex;
+use aes_gcm::{
+    aead::{Aead, KeyInit},
+    Aes256Gcm, Nonce
+};
+use aes_gcm::aead::rand_core::RngCore;
+use argon2::{
+    password_hash::{
+        rand_core::OsRng,
+        PasswordHasher, SaltString
+    },
+    Argon2
+};
+use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64};
+
+struct VaultState {
+    cipher: Mutex<Option<Aes256Gcm>>,
+}
+
+#[tauri::command]
+fn derive_key(password: String, salt: String, state: State<'_, VaultState>) -> Result<String, String> {
+    // In a real app, we'd use Argon2id to derive a 32-byte key from password + salt
+    // For simplicity/speed in this prototype, we'll verify logic.
+    // Ideally: Argon2 to get 32 bytes.
+    
+    // Note: 'salt' from DB is usually a string.
+    
+    let mut key_material = [0u8; 32];
+    let salt_bytes = salt.as_bytes(); // Should be decoded if stored as base64/hex? assuming raw string for now or robust handling needed
+    
+    let argon2 = Argon2::default();
+    // We need to derive raw bytes, not PHC string.
+    // Using simple_pbkdf2 or manual params for Argon2.
+    // For this prototype, lets use a simple hash or assuming the 'salt' is adequate.
+    
+    // Using Argon2 to fill key_material
+    let res = argon2.hash_password_simple(password.as_bytes(), &SaltString::generate(&mut OsRng))
+        .map_err(|e| e.to_string())?;
+        
+    // Wait, hash_password_simple returns a PasswordHash string. We want raw key bytes (KDF).
+    // Correct usage for KDF:
+    let mut output_key = [0u8; 32];
+    argon2.hash_password_into(password.as_bytes(), salt.as_bytes(), &mut output_key)
+        .map_err(|e| e.to_string())?;
+
+    let key = aes_gcm::Key::<Aes256Gcm>::from_slice(&output_key);
+    let cipher = Aes256Gcm::new(key);
+
+    *state.cipher.lock().unwrap() = Some(cipher);
+    
+    Ok("Key derived and stored in memory".into())
+}
+
+#[tauri::command]
+fn encrypt_val(cleartext: String, state: State<'_, VaultState>) -> Result<String, String> {
+    let cipher_guard = state.cipher.lock().unwrap();
+    let cipher = cipher_guard.as_ref().ok_or("Vault locked")?;
+
+    let mut nonce_bytes = [0u8; 12];
+    OsRng.fill_bytes(&mut nonce_bytes);
+    let nonce = Nonce::from_slice(&nonce_bytes);
+
+    let ciphertext = cipher.encrypt(nonce, cleartext.as_bytes())
+        .map_err(|e| e.to_string())?;
+
+    // Return format: nonce:ciphertext (base64 encoded)
+    let mut combined = nonce_bytes.to_vec();
+    combined.extend(ciphertext);
+    
+    Ok(BASE64.encode(combined))
+}
+
+#[tauri::command]
+fn decrypt_val(encrypted: String, state: State<'_, VaultState>) -> Result<String, String> {
+    let cipher_guard = state.cipher.lock().unwrap();
+    let cipher = cipher_guard.as_ref().ok_or("Vault locked")?;
+
+    let data = BASE64.decode(encrypted).map_err(|e| e.to_string())?;
+    if data.len() < 12 {
+        return Err("Invalid data".into());
+    }
+
+    let nonce = Nonce::from_slice(&data[0..12]);
+    let payload = &data[12..];
+
+    let plaintext = cipher.decrypt(nonce, payload)
+        .map_err(|e| e.to_string())?;
+
+    Ok(String::from_utf8(plaintext).map_err(|e| e.to_string())?)
+}
+
+#[cfg_attr(mobile, tauri::mobile_entry_point)]
+pub fn run() {
+    tauri::Builder::default()
+        .plugin(tauri_plugin_opener::init())
+        .manage(VaultState { cipher: Mutex::new(None) })
+        .invoke_handler(tauri::generate_handler![derive_key, encrypt_val, decrypt_val])
+        .run(tauri::generate_context!())
+        .expect("error while running tauri application");
+}

clients/desktop/src-tauri/src/main.rs

@@ -0,0 +1,6 @@
+// Prevents additional console window on Windows in release, DO NOT REMOVE!!
+#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
+
+fn main() {
+    clientsdesktopsecrets_desktop_lib::run()
+}