diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2022-11-03 18:19:22 -0700 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2022-11-03 18:19:22 -0700 |
commit | 95c05cc53c5b42b535cf70f8cee69c1a0be958b7 (patch) | |
tree | afe00f175bf83228f319fbc214c0ba81f7cb6dfd /adenosine-pds/src/crypto.rs | |
parent | 2004d5ea148b8b21cd0cffeb82fd8f07f52d1ba7 (diff) | |
download | adenosine-95c05cc53c5b42b535cf70f8cee69c1a0be958b7.tar.gz adenosine-95c05cc53c5b42b535cf70f8cee69c1a0be958b7.zip |
pds: various bugfixes
Diffstat (limited to 'adenosine-pds/src/crypto.rs')
-rw-r--r-- | adenosine-pds/src/crypto.rs | 61 |
1 files changed, 56 insertions, 5 deletions
diff --git a/adenosine-pds/src/crypto.rs b/adenosine-pds/src/crypto.rs index e94c34a..0720c07 100644 --- a/adenosine-pds/src/crypto.rs +++ b/adenosine-pds/src/crypto.rs @@ -1,9 +1,12 @@ +use crate::P256KeyMaterial; use anyhow::{anyhow, ensure, Result}; use k256; -use k256::ecdsa::signature::{Signer, Verifier}; use multibase; use p256; +use p256::ecdsa::signature::{Signer, Verifier}; use std::str::FromStr; +use ucan::builder::UcanBuilder; +use ucan::crypto::KeyMaterial; // Need to: // @@ -16,11 +19,13 @@ use std::str::FromStr; const MULTICODE_P256_BYTES: [u8; 2] = [0x80, 0x24]; const MULTICODE_K256_BYTES: [u8; 2] = [0xe7, 0x01]; +#[derive(Clone, PartialEq, Eq)] pub struct KeyPair { public: p256::ecdsa::VerifyingKey, secret: p256::ecdsa::SigningKey, } +#[derive(Clone, PartialEq, Eq)] pub enum PubKey { P256(p256::ecdsa::VerifyingKey), K256(k256::ecdsa::VerifyingKey), @@ -52,23 +57,55 @@ impl KeyPair { } pub fn sign_bytes(&self, data: &[u8]) -> String { - println!("BYTES: {:?}", data); let sig = self.secret.sign(data); data_encoding::BASE64URL_NOPAD.encode(&sig.to_vec()) } + + fn ucan_keymaterial(&self) -> P256KeyMaterial { + P256KeyMaterial(self.public, Some(self.secret.clone())) + } + + /// This is currently just an un-validated token; we don't actually verify these. + pub fn ucan(&self) -> Result<String> { + let key_material = self.ucan_keymaterial(); + let rt = tokio::runtime::Builder::new_current_thread() + .enable_all() + .build()?; + rt.block_on(build_ucan(key_material)) + } + + pub fn to_hex(&self) -> String { + data_encoding::HEXUPPER.encode(&self.to_bytes()) + } + + pub fn from_hex(hex: &str) -> Result<Self> { + Ok(Self::from_bytes( + &data_encoding::HEXUPPER.decode(&hex.as_bytes())?, + )?) + } +} + +async fn build_ucan(key_material: P256KeyMaterial) -> Result<String> { + let token_string = UcanBuilder::default() + .issued_by(&key_material) + .for_audience(key_material.get_did().await.unwrap().as_str()) + .with_nonce() + .with_lifetime(60 * 60 * 24 * 90) + .build()? + .sign() + .await? + .encode()?; + Ok(token_string) } impl PubKey { pub fn verify_bytes(&self, data: &[u8], sig: &str) -> Result<()> { - println!("BYTES: {:?}", data); let sig_bytes = data_encoding::BASE64URL_NOPAD.decode(sig.as_bytes())?; // TODO: better way other than this re-encoding? let sig_hex = data_encoding::HEXUPPER.encode(&sig_bytes); match self { PubKey::P256(key) => { - println!("pre-parse: {}", sig); let sig = p256::ecdsa::Signature::from_str(&sig_hex)?; - println!("parsed: {}", sig); Ok(key.verify(data, &sig)?) } PubKey::K256(key) => { @@ -137,6 +174,13 @@ impl PubKey { PubKey::K256(key) => key.to_bytes().to_vec(), } } + + pub fn ucan_keymaterial(&self) -> P256KeyMaterial { + match self { + PubKey::P256(key) => P256KeyMaterial(*key, None), + PubKey::K256(_key) => unimplemented!(), + } + } } impl std::fmt::Display for PubKey { @@ -215,3 +259,10 @@ fn test_signing() { let pubkey = PubKey::from_did_key(&did_key).unwrap(); pubkey.verify_bytes(msg, &sig_str).unwrap(); } + +#[test] +fn test_keypair_hex() { + let before = KeyPair::new_random(); + let after = KeyPair::from_hex(&before.to_hex()).unwrap(); + assert!(before == after); +} |