feat(unseal): add unseal protocol and crypto infrastructure

server/crates/arbiter-server/src/db/models.rs

@@ -0,0 +1,57 @@
+#![allow(unused)]
+#![allow(clippy::all)]
+
+use crate::db::schema::{self, aead_encrypted, arbiter_settings};
+use diesel::{prelude::*, sqlite::Sqlite};
+
+pub mod types {
+    use chrono::{DateTime, Utc};
+    pub struct SqliteTimestamp(DateTime<Utc>);
+}
+
+#[derive(Queryable, Debug, Insertable)]
+#[diesel(table_name = aead_encrypted, check_for_backend(Sqlite))]
+pub struct AeadEncrypted {
+    pub id: i32,
+    pub ciphertext: Vec<u8>,
+    pub tag: Vec<u8>,
+    pub current_nonce: i32,
+    pub schema_version: i32,
+}
+
+#[derive(Queryable, Debug, Insertable)]
+#[diesel(table_name = arbiter_settings, check_for_backend(Sqlite))]
+pub struct ArbiterSetting {
+    pub id: i32,
+    pub root_key_id: Option<i32>, // references aead_encrypted.id
+    pub cert_key: Vec<u8>,
+    pub cert: Vec<u8>,
+}
+
+#[derive(Queryable, Debug)]
+#[diesel(table_name = schema::key_identity, check_for_backend(Sqlite))]
+pub struct KeyIdentity {
+    pub id: i32,
+    pub name: String,
+    pub public_key: String,
+    pub created_at: i32,
+    pub updated_at: i32,
+}
+
+#[derive(Queryable, Debug)]
+#[diesel(table_name = schema::program_client, check_for_backend(Sqlite))]
+pub struct ProgramClient {
+    pub id: i32,
+    pub key_identity_id: i32,
+    pub created_at: i32,
+    pub updated_at: i32,
+}
+
+#[derive(Queryable, Debug)]
+#[diesel(table_name = schema::useragent_client, check_for_backend(Sqlite))]
+pub struct UseragentClient {
+    pub id: i32,
+    pub key_identity_id: i32,
+    pub created_at: i32,
+    pub updated_at: i32,
+}

server/crates/arbiter-server/src/db/schema.rs

@@ -1,9 +1,19 @@
 // @generated automatically by Diesel CLI.
 
 diesel::table! {
-    arbiter_settings (rowid) {
-        rowid -> Integer,
-        root_key_enc -> Nullable<Binary>,
+    aead_encrypted (id) {
+        id -> Integer,
+        current_nonce -> Integer,
+        ciphertext -> Binary,
+        tag -> Binary,
+        schema_version -> Integer,
+    }
+}
+
+diesel::table! {
+    arbiter_settings (id) {
+        id -> Integer,
+        root_key_id -> Nullable<Integer>,
         cert_key -> Binary,
         cert -> Binary,
     }
@@ -11,7 +21,7 @@ diesel::table! {
 
 diesel::table! {
     key_identity (id) {
-        id -> Nullable<Integer>,
+        id -> Integer,
         name -> Text,
         public_key -> Text,
         created_at -> Integer,
@@ -21,7 +31,7 @@ diesel::table! {
 
 diesel::table! {
     program_client (id) {
-        id -> Nullable<Integer>,
+        id -> Integer,
         key_identity_id -> Integer,
         created_at -> Integer,
         updated_at -> Integer,
@@ -30,17 +40,19 @@ diesel::table! {
 
 diesel::table! {
     useragent_client (id) {
-        id -> Nullable<Integer>,
+        id -> Integer,
         key_identity_id -> Integer,
         created_at -> Integer,
         updated_at -> Integer,
     }
 }
 
+diesel::joinable!(arbiter_settings -> aead_encrypted (root_key_id));
 diesel::joinable!(program_client -> key_identity (key_identity_id));
 diesel::joinable!(useragent_client -> key_identity (key_identity_id));
 
 diesel::allow_tables_to_appear_in_same_query!(
+    aead_encrypted,
     arbiter_settings,
     key_identity,
     program_client,