citadel-tools/libcitadel/src/keys.rs

use sodiumoxide::randombytes::randombytes_into;
use sodiumoxide::crypto::sign::{self,Seed,SEEDBYTES,PUBLICKEYBYTES};
use hex;

use crate::Result;

///
/// Keys for signing or verifying signatures.  Small convenience
/// wrapper around `sodiumoxide::crypto::sign`.
///
///

#[derive(Clone)]
pub struct PublicKey(sign::PublicKey);
pub struct KeyPair(Seed);
pub struct Signature(sign::Signature);

impl PublicKey {

    pub fn from_hex(hex: &str) -> Result<PublicKey> {
        let bytes = hex::decode(hex)
            .map_err(context!("error hex decoding public key"))?;

        if bytes.len() != PUBLICKEYBYTES {
            bail!("hex encoded public key has invalid length: {}", bytes.len());
        }
        let pubkey = sign::PublicKey::from_slice(&bytes)
            .expect("PublicKey::from_slice() failed");
        Ok(PublicKey(pubkey))
    }

    pub fn to_hex(&self) -> String {
        hex::encode(&(self.0).0)
    }

    pub fn verify(&self, data: &[u8], signature: &[u8]) -> bool {
        let sig = sign::Signature::from_slice(signature)
            .expect("Signature::from_slice() failed");
        sign::verify_detached(&sig, data, &self.0)
    }
}

impl KeyPair {
    /// Create a new pair of signing/verifying keys by generating a random seed
    /// The secret and public keys can be derived from the seed.
    pub fn generate() -> KeyPair {
        let mut seedbuf = [0; SEEDBYTES];
        randombytes_into(&mut seedbuf);
        KeyPair(sign::Seed(seedbuf))
    }

    pub fn from_hex(hex: &str) -> Result<KeyPair> {
        let bytes = hex::decode(hex)
            .map_err(context!("Error hex decoding key pair"))?;
        KeyPair::from_bytes(&bytes)
    }

    pub fn from_bytes(bytes: &[u8]) -> Result<KeyPair> {
        if bytes.len() != SEEDBYTES {
            bail!("hex encoded keypair has incorrect length");
        }
        let seed = sign::Seed::from_slice(&bytes).expect("Seed::from_slice() failed");
        Ok(KeyPair(seed))
    }

    pub fn public_key(&self) -> PublicKey {
        let (pk,_) = sign::keypair_from_seed(&self.0);
        PublicKey(pk)
    }

    pub fn to_hex(&self) -> String {
        hex::encode(&(self.0).0)
    }

    pub fn sign(&self, data: &[u8]) -> Signature {
        let (_,sk) = sign::keypair_from_seed(&self.0);
        let signature = sign::sign_detached(data, &sk);
        Signature(signature)
    }

    pub fn verify(&self, data: &[u8], signature: &[u8]) -> bool {
        self.public_key().verify(data, signature)
    }
}

impl Signature {
    pub fn to_bytes(&self) -> &[u8] {
        &(self.0).0
    }
}
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`use sodiumoxide::randombytes::randombytes_into;`
			`use sodiumoxide::crypto::sign::{self,Seed,SEEDBYTES,PUBLICKEYBYTES};`
			`use hex;`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00
Refactor of error handling to replace 'failure' and to display more context for some errors. 2020-07-02 09:34:09 -04:00			`use crate::Result;`

migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`///`
			`/// Keys for signing or verifying signatures. Small convenience`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			/// wrapper around `sodiumoxide::crypto::sign`.
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`///`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`///`

refactor partition signature verification 2019-01-17 09:05:53 -05:00			`#[derive(Clone)]`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`pub struct PublicKey(sign::PublicKey);`
			`pub struct KeyPair(Seed);`
			`pub struct Signature(sign::Signature);`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`impl PublicKey {`
Clean up keys api 2019-01-05 20:38:57 -05:00
			`pub fn from_hex(hex: &str) -> Result<PublicKey> {`
Refactor of error handling to replace 'failure' and to display more context for some errors. 2020-07-02 09:34:09 -04:00			`let bytes = hex::decode(hex)`
			`.map_err(context!("error hex decoding public key"))?;`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00
			`if bytes.len() != PUBLICKEYBYTES {`
Refactor of error handling to replace 'failure' and to display more context for some errors. 2020-07-02 09:34:09 -04:00			`bail!("hex encoded public key has invalid length: {}", bytes.len());`
Clean up keys api 2019-01-05 20:38:57 -05:00			`}`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`let pubkey = sign::PublicKey::from_slice(&bytes)`
			`.expect("PublicKey::from_slice() failed");`
			`Ok(PublicKey(pubkey))`
Clean up keys api 2019-01-05 20:38:57 -05:00			`}`

			`pub fn to_hex(&self) -> String {`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`hex::encode(&(self.0).0)`
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`}`
Clean up keys api 2019-01-05 20:38:57 -05:00
			`pub fn verify(&self, data: &[u8], signature: &[u8]) -> bool {`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`let sig = sign::Signature::from_slice(signature)`
			`.expect("Signature::from_slice() failed");`
			`sign::verify_detached(&sig, data, &self.0)`
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`}`
			`}`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`impl KeyPair {`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`/// Create a new pair of signing/verifying keys by generating a random seed`
			`/// The secret and public keys can be derived from the seed.`
			`pub fn generate() -> KeyPair {`
			`let mut seedbuf = [0; SEEDBYTES];`
			`randombytes_into(&mut seedbuf);`
			`KeyPair(sign::Seed(seedbuf))`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`}`

Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`pub fn from_hex(hex: &str) -> Result<KeyPair> {`
Refactor of error handling to replace 'failure' and to display more context for some errors. 2020-07-02 09:34:09 -04:00			`let bytes = hex::decode(hex)`
			`.map_err(context!("Error hex decoding key pair"))?;`
method added to construct keypair from raw bytes 2019-04-02 15:15:28 -04:00			`KeyPair::from_bytes(&bytes)`
			`}`

			`pub fn from_bytes(bytes: &[u8]) -> Result<KeyPair> {`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`if bytes.len() != SEEDBYTES {`
Refactor of error handling to replace 'failure' and to display more context for some errors. 2020-07-02 09:34:09 -04:00			`bail!("hex encoded keypair has incorrect length");`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`}`
			`let seed = sign::Seed::from_slice(&bytes).expect("Seed::from_slice() failed");`
			`Ok(KeyPair(seed))`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`}`

Clean up keys api 2019-01-05 20:38:57 -05:00			`pub fn public_key(&self) -> PublicKey {`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`let (pk,_) = sign::keypair_from_seed(&self.0);`
			`PublicKey(pk)`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`}`

goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`pub fn to_hex(&self) -> String {`
			`hex::encode(&(self.0).0)`
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`}`
Clean up keys api 2019-01-05 20:38:57 -05:00
			`pub fn sign(&self, data: &[u8]) -> Signature {`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`let (_,sk) = sign::keypair_from_seed(&self.0);`
			`let signature = sign::sign_detached(data, &sk);`
Clean up keys api 2019-01-05 20:38:57 -05:00			`Signature(signature)`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`}`

Clean up keys api 2019-01-05 20:38:57 -05:00			`pub fn verify(&self, data: &[u8], signature: &[u8]) -> bool {`
			`self.public_key().verify(data, signature)`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`}`
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`}`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00			`impl Signature {`
			`pub fn to_bytes(&self) -> &[u8] {`
goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00			`&(self.0).0`
migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00			`}`
			`}`
Big refactor for citadel installer 2018-12-31 18:27:17 -05:00