//! The `signature` module provides functionality for public, and private keys. use crate::pubkey::Pubkey; use bs58; use ed25519_dalek; use generic_array::{typenum::U64, GenericArray}; use rand::rngs::OsRng; use serde_json; use std::{ borrow::{Borrow, Cow}, error, fmt, fs::{self, File, OpenOptions}, io::{Read, Write}, mem, path::Path, str::FromStr, }; pub type Keypair = ed25519_dalek::Keypair; #[repr(transparent)] #[derive(Serialize, Deserialize, Clone, Copy, Default, Eq, PartialEq, Ord, PartialOrd, Hash)] pub struct Signature(GenericArray); impl Signature { pub fn new(signature_slice: &[u8]) -> Self { Self(GenericArray::clone_from_slice(&signature_slice)) } pub fn verify(&self, pubkey_bytes: &[u8], message_bytes: &[u8]) -> bool { let pubkey = ed25519_dalek::PublicKey::from_bytes(pubkey_bytes); let signature = ed25519_dalek::Signature::from_bytes(self.0.as_slice()); if pubkey.is_err() || signature.is_err() { return false; } pubkey .unwrap() .verify(message_bytes, &signature.unwrap()) .is_ok() } } pub trait Signable { fn sign(&mut self, keypair: &Keypair) { let signature = keypair.sign_message(self.signable_data().borrow()); self.set_signature(signature); } fn verify(&self) -> bool { self.get_signature() .verify(&self.pubkey().as_ref(), self.signable_data().borrow()) } fn pubkey(&self) -> Pubkey; fn signable_data(&self) -> Cow<[u8]>; fn get_signature(&self) -> Signature; fn set_signature(&mut self, signature: Signature); } impl AsRef<[u8]> for Signature { fn as_ref(&self) -> &[u8] { &self.0[..] } } impl fmt::Debug for Signature { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { write!(f, "{}", bs58::encode(self.0).into_string()) } } impl fmt::Display for Signature { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { write!(f, "{}", bs58::encode(self.0).into_string()) } } impl Into<[u8; 64]> for Signature { fn into(self) -> [u8; 64] { as Into<[u8; 64]>>::into(self.0) } } #[derive(Debug, Clone, PartialEq, Eq)] pub enum ParseSignatureError { WrongSize, Invalid, } impl FromStr for Signature { type Err = ParseSignatureError; fn from_str(s: &str) -> Result { let bytes = bs58::decode(s) .into_vec() .map_err(|_| ParseSignatureError::Invalid)?; if bytes.len() != mem::size_of::() { Err(ParseSignatureError::WrongSize) } else { Ok(Signature::new(&bytes)) } } } pub trait KeypairUtil { fn new() -> Self; fn pubkey(&self) -> Pubkey; fn sign_message(&self, message: &[u8]) -> Signature; } impl KeypairUtil for Keypair { /// Return a new ED25519 keypair fn new() -> Self { let mut rng = OsRng::new().unwrap(); Keypair::generate(&mut rng) } /// Return the public key for the given keypair fn pubkey(&self) -> Pubkey { Pubkey::new(self.public.as_ref()) } fn sign_message(&self, message: &[u8]) -> Signature { Signature::new(&self.sign(message).to_bytes()) } } pub fn read_keypair(reader: &mut R) -> Result> { let bytes: Vec = serde_json::from_reader(reader)?; let keypair = Keypair::from_bytes(&bytes) .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?; Ok(keypair) } pub fn read_keypair_file(path: &str) -> Result> { assert!(path != "-"); let mut file = File::open(path.to_string())?; read_keypair(&mut file) } pub fn write_keypair( keypair: &Keypair, writer: &mut W, ) -> Result> { let keypair_bytes = keypair.to_bytes(); let serialized = serde_json::to_string(&keypair_bytes.to_vec())?; writer.write_all(&serialized.clone().into_bytes())?; Ok(serialized) } pub fn write_keypair_file( keypair: &Keypair, outfile: &str, ) -> Result> { assert!(outfile != "-"); if let Some(outdir) = Path::new(outfile).parent() { fs::create_dir_all(outdir)?; } let mut f = { #[cfg(not(unix))] { OpenOptions::new() } #[cfg(unix)] { use std::os::unix::fs::OpenOptionsExt; OpenOptions::new().mode(0o600) } } .write(true) .truncate(true) .create(true) .open(outfile)?; write_keypair(keypair, &mut f) } pub fn keypair_from_seed(seed: &[u8]) -> Result> { if seed.len() < ed25519_dalek::SECRET_KEY_LENGTH { return Err("Seed is too short".into()); } let secret = ed25519_dalek::SecretKey::from_bytes(&seed[..ed25519_dalek::SECRET_KEY_LENGTH]) .map_err(|e| e.to_string())?; let public = ed25519_dalek::PublicKey::from(&secret); let keypair = Keypair { secret, public }; Ok(keypair) } #[cfg(test)] mod tests { use super::*; use std::mem; fn tmp_file_path(name: &str) -> String { use std::env; let out_dir = env::var("FARF_DIR").unwrap_or_else(|_| "farf".to_string()); let keypair = Keypair::new(); format!("{}/tmp/{}-{}", out_dir, name, keypair.pubkey()).to_string() } #[test] fn test_write_keypair_file() { let outfile = tmp_file_path("test_write_keypair_file.json"); let serialized_keypair = write_keypair_file(&Keypair::new(), &outfile).unwrap(); let keypair_vec: Vec = serde_json::from_str(&serialized_keypair).unwrap(); assert!(Path::new(&outfile).exists()); assert_eq!( keypair_vec, read_keypair_file(&outfile).unwrap().to_bytes().to_vec() ); #[cfg(unix)] { use std::os::unix::fs::PermissionsExt; assert_eq!( File::open(&outfile) .expect("open") .metadata() .expect("metadata") .permissions() .mode() & 0o777, 0o600 ); } assert_eq!( read_keypair_file(&outfile).unwrap().pubkey().as_ref().len(), mem::size_of::() ); fs::remove_file(&outfile).unwrap(); assert!(!Path::new(&outfile).exists()); } #[test] fn test_write_keypair_file_overwrite_ok() { let outfile = tmp_file_path("test_write_keypair_file_overwrite_ok.json"); write_keypair_file(&Keypair::new(), &outfile).unwrap(); write_keypair_file(&Keypair::new(), &outfile).unwrap(); } #[test] fn test_write_keypair_file_truncate() { let outfile = tmp_file_path("test_write_keypair_file_truncate.json"); write_keypair_file(&Keypair::new(), &outfile).unwrap(); read_keypair_file(&outfile).unwrap(); // Ensure outfile is truncated { let mut f = File::create(&outfile).unwrap(); f.write_all(String::from_utf8([b'a'; 2048].to_vec()).unwrap().as_bytes()) .unwrap(); } write_keypair_file(&Keypair::new(), &outfile).unwrap(); read_keypair_file(&outfile).unwrap(); } #[test] fn test_keypair_from_seed() { let good_seed = vec![0; 32]; assert!(keypair_from_seed(&good_seed).is_ok()); let too_short_seed = vec![0; 31]; assert!(keypair_from_seed(&too_short_seed).is_err()); } #[test] fn test_signature_fromstr() { let signature = Keypair::new().sign_message(&[0u8]); let mut signature_base58_str = bs58::encode(signature).into_string(); assert_eq!(signature_base58_str.parse::(), Ok(signature)); signature_base58_str.push_str(&bs58::encode(signature.0).into_string()); assert_eq!( signature_base58_str.parse::(), Err(ParseSignatureError::WrongSize) ); signature_base58_str.truncate(signature_base58_str.len() / 2); assert_eq!(signature_base58_str.parse::(), Ok(signature)); signature_base58_str.truncate(signature_base58_str.len() / 2); assert_eq!( signature_base58_str.parse::(), Err(ParseSignatureError::WrongSize) ); let mut signature_base58_str = bs58::encode(signature.0).into_string(); assert_eq!(signature_base58_str.parse::(), Ok(signature)); // throw some non-base58 stuff in there signature_base58_str.replace_range(..1, "I"); assert_eq!( signature_base58_str.parse::(), Err(ParseSignatureError::Invalid) ); } }