@Dhole, with the same spirit than #48 Do notallow builds with warnings, what about checking in CI that all code has been formatted with rustfmt?

• actix/tokio/no_std interop
• compressed feed database
• architecture PoC
• kv database
• muxrpc server
• feed sync
• command processor
• solar api
• command line

iot-solar allows to use ssb to interface with solar mini/microgrids allowing to have a secure way to control them.

The general context is

• AYO, BAAKO, CHIKE, DESTA and EKENE (*1) are the members of a small community powered by solar energy.

• Each member have its own laptop, so there's no central servers to make backups, and they want to manage all the solar energy stuff and keep a track of all things done there.

• For this, the community creates an special SSB network only to manage the microgrids. The community uses SSB to communicate and share things as usual:

  • discuss about what needs to be done
  • votings
  • share manuals, schemas, etc...
  • anotate operation on solar panels

• but also wants some extra functionality

  • allow grid to be operated remotely, via admin feed subscription
    commands the device will process
  • allow grid to to generate feed about its status, by generating a message each day about its performance

• iot-solar, is the bot that is installed in the microgrid allowing interaction

command line

iot-solar setup - creates an identity and setups the database
iot-solar admin add @id - adds a friend (can send commands)
iot-solar admin remove @id - removes a friend (cannot send commands)
iot-solar report filename.txt - generates a post with the report
iot-solar action action.txt - generates a post with the action (self-consumed)

config.toml

netid = # networkid to use
actionpath = # executable to call when an action is triggered via special admin feed

storage

KV database

• current admins

filesystem

• own feed
• admin feeds

api (actix)

POST /api/admin/add/ @id
POST /api/admin/rm/ @id
POST /api/admin/report in body is the report content
POST /api/admin/action in body is the action content

app architecture draft

                  http
+------+           +           +------------+
|cmd   +-+http+--+ |       +-->+ssb rpc(ro) +---+
+------+         | |       |   +------------+   |
                 v v       |                    |
+------+    +----+-+---+   |   +------------+   |
|tokio +-+->+actix     +---+-->+solar api   |   |
+------+ |  +----------+       +-----+------+   |
         |                           |          |
         |  +----------+             |          |
         |  |command   +<-+msg chan<-+---+      |
         +->+processor |                 |      |
         |  |loop      +---------+       |      |
         |  +----+-----+         |       |      |
         |       ^ term ch       |       |      |
         |  +----+-----+     +---v---+   |      |
         +->+SIGTERMhnd|     |storage|   |      |
         |  +----+-----+     |KV + fs+<---------+
         |       | term ch   +-------+   |
         |  +----v-----+         ^       |
         +->+feed sync +---------+-------+
         |  +----------+
         +->+peer disc |
            +----+-----+
                 |
                 v
           ssbrpc/bot/lan

(*1) https://www.babynames.net/girl/african

There are different modules that currently import sodiumoxide.

This issue is about moving all the cryptographic functions (for now taken from sodiumoxide) into a module and only import that module in the rest of the library without importing sodiumoxide.

Building with async_std feature, needs also the sync feature, this should not be needed.

Some examples are just old code used to prototype the implementation of different ssb algorithms. They should be removed because they are not examples that use this crate.

It seems that in this commit the cargo test was removed from the github workflows d8fa4f1#diff-c280b6da21bc0899f2ba5421def8e5d9L16

In #22 mentions that he updated Cargo.toml to use the last version of each library, but he hasn't checked if there are any libraries that are not used. We need to check them and remove any library that is not used.

Edit: I think arrayref is not currently used. But we need to check it.

@Dhole crate sodiumoxide = { git = "https://github.com/Dhole/sodiumoxidez", branch = "extra" } reports a problem when using cargo audit

ID:       RUSTSEC-2019-0026
Crate:    sodiumoxide
Version:  0.2.4
Date:     2019-10-11
URL:      https://rustsec.org/advisories/RUSTSEC-2019-0026
Title:    generichash::Digest::eq always return true
Solution:  upgrade to >= 0.2.5
Dependency tree: 
sodiumoxide 0.2.4

@Dhole What about adding the funding button? See https://help.github.com/es/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository

This repository was initially created as a gathering of resources and study of the ssb, but it already contains a library in the code folder with working and somehow tested modules.

We should reorganize the entire repository so that it can be offered as a rust crate, also renaming to stop using the ssb-study name. In case we need a space to discuss and study further stuff, we may create another repository.

It's open to debate whether to make a single crate out of this, or offer multiple crates.

Depends on #15

Depends on #6

We need an easy way to test the handshake and boxstream happening over a network connection in various conditions (fragmentation for example).

sodiumoxidez was the fork I made of sodiumoxide that adds the functions to convert from ed25519 to curve25519 which in the original sodiumoxide, but it's implemented in libsodium. Maybe instead of using a fork we should solve this via the kuska-crypto crate? Or maybe we could keep sodiumoxidez and move it here?

At this moment we are running the test coverage tests, do running the tests without coverage are not requiered.

@Dhole, IMO compilation warnings introduces noise in the development process, should we force the compilation to fail if there are present?

Have an specific file named error.rs in each module that contains its Error and Result

cc/ @Dhole

Available options

• https://docs.rs/thiserror/1.0.10/thiserror
• others?

Currently handshake has an agnostic implementation that works just with slices. There's a "sync" wrapper to use the handshake with a sync stream (std::io::Read, std::io::Write). And the "async" wrapper is pending (currently we have an async handshake but it doesn't reuse code).

This issue is about doing the same for boxstream.

There is travis/circlesCI, but also is also interesting github actions ( see https://github.com/actions-rs/example/actions )

Additionally we can also run

• clippy
• audit
• code coverage

Depends on #3

In https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html

If you’re building a non-end product, such as a rust library that other rust packages will depend on, put Cargo.lock in your .gitignore.

There are some points in the ed25519 curve that could be problematic, consider to blacklist then and check that are not being used.

https://crypto.stackexchange.com/questions/55632/libsodium-x25519-and-ed25519-small-order-check
https://github.com/cryptoscope/secretstream/blob/master/internal/lo25519/ed25519.go
golang/go#31846

I haven't managed to get async closures working to replicate the api of the test_utils sync net functions :(

Use these functions in handshake_async.

Depends on #6

Hi,

I'd like to publish on crates.io a crate that depends on kuska-handshake, but it seems that I can't do that for the moment because kuska-handshake itself is not on crates.io. Are you considering publishing it anytime soon?