feat(share): add api/share/ types package with crypto helper

Define share membership types (Member, Invitation, ExternalInvitation),
request payloads, response wrappers, and permission constants in
api/share/. This is the types layer — no API calls.

Add GenerateKeyPacket() for encrypting a share session key for an
invitee. Decrypts the share passphrase, re-encrypts with the invitee
public key, and signs with the inviter address key. The decrypted
session key is not retained beyond the function call.

Property tests: key packet round-trip (100 iterations) and JSON
round-trip for all struct types.

Assisted-by: Kiro <noreply@kiro.dev>

Author: major0

api/share/crypto.go

@@ -0,0 +1,49 @@
+package share
+
+import (
+	"encoding/base64"
+	"fmt"
+
+	"github.com/ProtonMail/gopenpgp/v2/crypto"
+)
+
+// GenerateKeyPacket encrypts the share's session key for the invitee.
+// It decrypts the share passphrase using shareKR, re-encrypts the resulting
+// session key with inviteeKR, and signs the key packet with inviterAddrKR.
+// Returns (keyPacketBase64, keyPacketSignatureArmored, error).
+// The decrypted session key is not retained beyond this function call.
+func GenerateKeyPacket(shareKR, inviterAddrKR, inviteeKR *crypto.KeyRing, sharePassphrase string) (string, string, error) {
+	// Decrypt the share passphrase to obtain the session key material.
+	enc, err := crypto.NewPGPMessageFromArmored(sharePassphrase)
+	if err != nil {
+		return "", "", fmt.Errorf("generate key packet: parse passphrase: %w", err)
+	}
+
+	dec, err := shareKR.Decrypt(enc, nil, crypto.GetUnixTime())
+	if err != nil {
+		return "", "", fmt.Errorf("generate key packet: decrypt passphrase: %w", err)
+	}
+
+	// Re-encrypt the session key material with the invitee's public key.
+	plainMsg := crypto.NewPlainMessage(dec.GetBinary())
+	encMsg, err := inviteeKR.Encrypt(plainMsg, nil)
+	if err != nil {
+		return "", "", fmt.Errorf("generate key packet: encrypt for invitee: %w", err)
+	}
+
+	keyPacketBytes := encMsg.GetBinary()
+	keyPacketB64 := base64.StdEncoding.EncodeToString(keyPacketBytes)
+
+	// Sign the encrypted key packet with the inviter's address key.
+	sig, err := inviterAddrKR.SignDetached(crypto.NewPlainMessage(keyPacketBytes))
+	if err != nil {
+		return "", "", fmt.Errorf("generate key packet: sign: %w", err)
+	}
+
+	sigArmored, err := sig.GetArmored()
+	if err != nil {
+		return "", "", fmt.Errorf("generate key packet: armor signature: %w", err)
+	}
+
+	return keyPacketB64, sigArmored, nil
+}

api/share/crypto_test.go

@@ -0,0 +1,117 @@
+package share
+
+import (
+	"bytes"
+	"encoding/base64"
+	"testing"
+
+	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v2/helper"
+	"pgregory.net/rapid"
+)
+
+// genKeyRing generates a fresh PGP key pair and returns the keyring.
+func genKeyRing(t *testing.T, name string) *crypto.KeyRing {
+	t.Helper()
+	armored, err := helper.GenerateKey(name, name+"@test.local", nil, "x25519", 0)
+	if err != nil {
+		t.Fatalf("generate key %s: %v", name, err)
+	}
+	key, err := crypto.NewKeyFromArmored(armored)
+	if err != nil {
+		t.Fatalf("parse key %s: %v", name, err)
+	}
+	kr, err := crypto.NewKeyRing(key)
+	if err != nil {
+		t.Fatalf("keyring %s: %v", name, err)
+	}
+	return kr
+}
+
+// encryptPassphrase encrypts a plaintext passphrase with the share keyring,
+// simulating how a share passphrase is stored.
+func encryptPassphrase(t *testing.T, shareKR *crypto.KeyRing, plaintext []byte) string {
+	t.Helper()
+	msg, err := shareKR.Encrypt(crypto.NewPlainMessage(plaintext), nil)
+	if err != nil {
+		t.Fatalf("encrypt passphrase: %v", err)
+	}
+	armored, err := msg.GetArmored()
+	if err != nil {
+		t.Fatalf("armor passphrase: %v", err)
+	}
+	return armored
+}
+
+// TestGenerateKeyPacketRoundTrip_Property verifies that for any valid
+// share keyring, inviter address keyring, and invitee key pair, generating
+// a key packet and decrypting it with the invitee's private key yields
+// the original share passphrase.
+//
+// **Property 1: Key Packet Round-Trip**
+// **Validates: Requirements 3.2, 5.2, 5.4**
+func TestGenerateKeyPacketRoundTrip_Property(t *testing.T) {
+	// Key generation is expensive — generate once, randomize passphrase.
+	shareKR := genKeyRing(t, "share")
+	inviterKR := genKeyRing(t, "inviter")
+	inviteeKR := genKeyRing(t, "invitee")
+
+	rapid.Check(t, func(t *rapid.T) {
+		// Generate random passphrase content (8-64 bytes).
+		passphraseLen := rapid.IntRange(8, 64).Draw(t, "passphraseLen")
+		passphrase := make([]byte, passphraseLen)
+		for i := range passphrase {
+			passphrase[i] = byte(rapid.IntRange(0, 255).Draw(t, "byte"))
+		}
+
+		// Encrypt the passphrase with the share keyring (simulates stored share passphrase).
+		msg, err := shareKR.Encrypt(crypto.NewPlainMessage(passphrase), nil)
+		if err != nil {
+			t.Fatalf("encrypt passphrase: %v", err)
+		}
+		encPassphrase, err := msg.GetArmored()
+		if err != nil {
+			t.Fatalf("armor passphrase: %v", err)
+		}
+
+		// Generate the key packet for the invitee.
+		keyPacketB64, sigArmored, err := GenerateKeyPacket(shareKR, inviterKR, inviteeKR, encPassphrase)
+		if err != nil {
+			t.Fatalf("GenerateKeyPacket: %v", err)
+		}
+
+		if keyPacketB64 == "" {
+			t.Fatal("key packet is empty")
+		}
+		if sigArmored == "" {
+			t.Fatal("signature is empty")
+		}
+
+		// Decrypt the key packet with the invitee's private key.
+		keyPacketBytes, err := base64.StdEncoding.DecodeString(keyPacketB64)
+		if err != nil {
+			t.Fatalf("decode key packet: %v", err)
+		}
+
+		encMsg := crypto.NewPGPMessage(keyPacketBytes)
+		decMsg, err := inviteeKR.Decrypt(encMsg, nil, crypto.GetUnixTime())
+		if err != nil {
+			t.Fatalf("decrypt key packet: %v", err)
+		}
+
+		// Verify the recovered passphrase matches the original.
+		if !bytes.Equal(decMsg.GetBinary(), passphrase) {
+			t.Fatalf("round-trip mismatch: got %x, want %x", decMsg.GetBinary(), passphrase)
+		}
+
+		// Verify the signature is valid (signed by inviter).
+		sig, err := crypto.NewPGPSignatureFromArmored(sigArmored)
+		if err != nil {
+			t.Fatalf("parse signature: %v", err)
+		}
+
+		if err := inviterKR.VerifyDetached(crypto.NewPlainMessage(keyPacketBytes), sig, crypto.GetUnixTime()); err != nil {
+			t.Fatalf("signature verification failed: %v", err)
+		}
+	})
+}

api/share/types.go

@@ -0,0 +1,106 @@
+// Package share defines types for Proton Drive share membership and
+// invitation management. This is the types layer — it does not make
+// API calls. HTTP operations live in api/share/client/.
+package share
+
+// Permission bitmask values for share members.
+const (
+	PermRead  = 4
+	PermWrite = 2
+	PermAdmin = 16
+
+	PermViewer = PermRead              // 4
+	PermEditor = PermRead | PermWrite  // 6
+)
+
+// FormatPermissions returns a human-readable label for a permission bitmask.
+func FormatPermissions(p int) string {
+	switch {
+	case p&PermAdmin != 0:
+		return "admin"
+	case p == PermEditor:
+		return "editor"
+	case p == PermViewer:
+		return "viewer"
+	default:
+		return "unknown"
+	}
+}
+
+// Member represents an existing member of a share.
+type Member struct {
+	MemberID            string `json:"MemberID"`
+	Email               string `json:"Email"`
+	InviterEmail        string `json:"InviterEmail"`
+	AddressID           string `json:"AddressID"`
+	CreateTime          int64  `json:"CreateTime"`
+	ModifyTime          int64  `json:"ModifyTime"`
+	Permissions         int    `json:"Permissions"`
+	KeyPacketSignature  string `json:"KeyPacketSignature"`
+	SessionKeySignature string `json:"SessionKeySignature"`
+}
+
+// Invitation represents a pending invite for a Proton user.
+type Invitation struct {
+	InvitationID       string `json:"InvitationID"`
+	InviterEmail       string `json:"InviterEmail"`
+	InviteeEmail       string `json:"InviteeEmail"`
+	Permissions        int    `json:"Permissions"`
+	KeyPacket          string `json:"KeyPacket"`
+	KeyPacketSignature string `json:"KeyPacketSignature"`
+	CreateTime         int64  `json:"CreateTime"`
+	State              int    `json:"State"`
+}
+
+// ExternalInvitation represents a pending invite for a non-Proton email.
+type ExternalInvitation struct {
+	ExternalInvitationID        string `json:"ExternalInvitationID"`
+	InviterEmail                string `json:"InviterEmail"`
+	InviteeEmail                string `json:"InviteeEmail"`
+	CreateTime                  int64  `json:"CreateTime"`
+	Permissions                 int    `json:"Permissions"`
+	State                       int    `json:"State"`
+	ExternalInvitationSignature string `json:"ExternalInvitationSignature"`
+}
+
+// InviteProtonUserPayload is the request body for creating a Proton-user invitation.
+type InviteProtonUserPayload struct {
+	Invitation struct {
+		InviterEmail         string `json:"InviterEmail"`
+		InviteeEmail         string `json:"InviteeEmail"`
+		Permissions          int    `json:"Permissions"`
+		KeyPacket            string `json:"KeyPacket"`
+		KeyPacketSignature   string `json:"KeyPacketSignature"`
+		ExternalInvitationID string `json:"ExternalInvitationID,omitempty"`
+	} `json:"Invitation"`
+}
+
+// InviteExternalUserPayload is the request body for creating an external-user invitation.
+type InviteExternalUserPayload struct {
+	ExternalInvitation struct {
+		InviterAddressID            string `json:"InviterAddressID"`
+		InviteeEmail                string `json:"InviteeEmail"`
+		Permissions                 int    `json:"Permissions"`
+		ExternalInvitationSignature string `json:"ExternalInvitationSignature"`
+	} `json:"ExternalInvitation"`
+}
+
+// Response wrappers used by the client layer to unmarshal API responses.
+
+// MembersResponse wraps the list-members API response.
+type MembersResponse struct {
+	Code    int      `json:"Code"`
+	Members []Member `json:"Members"`
+}
+
+// InvitationsResponse wraps the list-invitations API response.
+type InvitationsResponse struct {
+	Code        int          `json:"Code"`
+	Invitations []Invitation `json:"Invitations"`
+}
+
+// ExternalInvitationsResponse wraps the list-external-invitations API response.
+type ExternalInvitationsResponse struct {
+	Code                int                  `json:"Code"`
+	ExternalInvitations []ExternalInvitation `json:"ExternalInvitations"`
+}

api/share/types_test.go

@@ -0,0 +1,123 @@
+package share
+
+import (
+	"encoding/json"
+	"reflect"
+	"testing"
+
+	"pgregory.net/rapid"
+)
+
+func genMember(t *rapid.T) Member {
+	return Member{
+		MemberID:            rapid.String().Draw(t, "MemberID"),
+		Email:               rapid.String().Draw(t, "Email"),
+		InviterEmail:        rapid.String().Draw(t, "InviterEmail"),
+		AddressID:           rapid.String().Draw(t, "AddressID"),
+		CreateTime:          rapid.Int64().Draw(t, "CreateTime"),
+		ModifyTime:          rapid.Int64().Draw(t, "ModifyTime"),
+		Permissions:         rapid.Int().Draw(t, "Permissions"),
+		KeyPacketSignature:  rapid.String().Draw(t, "KeyPacketSignature"),
+		SessionKeySignature: rapid.String().Draw(t, "SessionKeySignature"),
+	}
+}
+
+func genInvitation(t *rapid.T) Invitation {
+	return Invitation{
+		InvitationID:       rapid.String().Draw(t, "InvitationID"),
+		InviterEmail:       rapid.String().Draw(t, "InviterEmail"),
+		InviteeEmail:       rapid.String().Draw(t, "InviteeEmail"),
+		Permissions:        rapid.Int().Draw(t, "Permissions"),
+		KeyPacket:          rapid.String().Draw(t, "KeyPacket"),
+		KeyPacketSignature: rapid.String().Draw(t, "KeyPacketSignature"),
+		CreateTime:         rapid.Int64().Draw(t, "CreateTime"),
+		State:              rapid.Int().Draw(t, "State"),
+	}
+}
+
+func genExternalInvitation(t *rapid.T) ExternalInvitation {
+	return ExternalInvitation{
+		ExternalInvitationID:        rapid.String().Draw(t, "ExternalInvitationID"),
+		InviterEmail:                rapid.String().Draw(t, "InviterEmail"),
+		InviteeEmail:                rapid.String().Draw(t, "InviteeEmail"),
+		CreateTime:                  rapid.Int64().Draw(t, "CreateTime"),
+		Permissions:                 rapid.Int().Draw(t, "Permissions"),
+		State:                       rapid.Int().Draw(t, "State"),
+		ExternalInvitationSignature: rapid.String().Draw(t, "ExternalInvitationSignature"),
+	}
+}
+
+// TestMemberJSONRoundTrip_Property verifies that Member survives JSON
+// marshal/unmarshal without data loss.
+//
+// **Property 2: Share Type JSON Round-Trip**
+// **Validates: Requirements 1.4**
+func TestMemberJSONRoundTrip_Property(t *testing.T) {
+	rapid.Check(t, func(t *rapid.T) {
+		orig := genMember(t)
+		data, err := json.Marshal(orig)
+		if err != nil {
+			t.Fatalf("marshal: %v", err)
+		}
+		var got Member
+		if err := json.Unmarshal(data, &got); err != nil {
+			t.Fatalf("unmarshal: %v", err)
+		}
+		if !reflect.DeepEqual(orig, got) {
+			t.Fatalf("round-trip mismatch:\norig: %+v\ngot:  %+v", orig, got)
+		}
+	})
+}
+
+func TestInvitationJSONRoundTrip_Property(t *testing.T) {
+	rapid.Check(t, func(t *rapid.T) {
+		orig := genInvitation(t)
+		data, err := json.Marshal(orig)
+		if err != nil {
+			t.Fatalf("marshal: %v", err)
+		}
+		var got Invitation
+		if err := json.Unmarshal(data, &got); err != nil {
+			t.Fatalf("unmarshal: %v", err)
+		}
+		if !reflect.DeepEqual(orig, got) {
+			t.Fatalf("round-trip mismatch:\norig: %+v\ngot:  %+v", orig, got)
+		}
+	})
+}
+
+func TestExternalInvitationJSONRoundTrip_Property(t *testing.T) {
+	rapid.Check(t, func(t *rapid.T) {
+		orig := genExternalInvitation(t)
+		data, err := json.Marshal(orig)
+		if err != nil {
+			t.Fatalf("marshal: %v", err)
+		}
+		var got ExternalInvitation
+		if err := json.Unmarshal(data, &got); err != nil {
+			t.Fatalf("unmarshal: %v", err)
+		}
+		if !reflect.DeepEqual(orig, got) {
+			t.Fatalf("round-trip mismatch:\norig: %+v\ngot:  %+v", orig, got)
+		}
+	})
+}
+
+func TestFormatPermissions(t *testing.T) {
+	tests := []struct {
+		perm int
+		want string
+	}{
+		{PermViewer, "viewer"},
+		{PermEditor, "editor"},
+		{PermAdmin | PermRead, "admin"},
+		{0, "unknown"},
+		{1, "unknown"},
+	}
+	for _, tt := range tests {
+		got := FormatPermissions(tt.perm)
+		if got != tt.want {
+			t.Errorf("FormatPermissions(%d) = %q, want %q", tt.perm, got, tt.want)
+		}
+	}
+}