2018-03-30 10:43:38 -07:00
|
|
|
//! The `signature` module provides functionality for public, and private keys.
|
2018-03-06 11:48:26 -08:00
|
|
|
|
2018-05-11 11:49:22 -07:00
|
|
|
use generic_array::GenericArray;
|
2018-05-10 13:01:42 -07:00
|
|
|
use generic_array::typenum::{U32, U64};
|
2018-05-08 21:03:05 -07:00
|
|
|
use rand::{ChaChaRng, Rng, SeedableRng};
|
2018-05-12 12:42:27 -07:00
|
|
|
use rayon::prelude::*;
|
2018-05-08 21:03:05 -07:00
|
|
|
use ring::error::Unspecified;
|
|
|
|
|
use ring::rand::SecureRandom;
|
2018-03-06 11:48:26 -08:00
|
|
|
use ring::signature::Ed25519KeyPair;
|
|
|
|
|
use ring::{rand, signature};
|
2018-05-11 11:07:41 -07:00
|
|
|
use std::cell::RefCell;
|
2018-05-08 21:03:05 -07:00
|
|
|
use std::mem;
|
2018-03-06 11:48:26 -08:00
|
|
|
use untrusted;
|
|
|
|
|
|
2018-03-07 10:05:06 -08:00
|
|
|
pub type KeyPair = Ed25519KeyPair;
|
2018-03-06 11:48:26 -08:00
|
|
|
pub type PublicKey = GenericArray<u8, U32>;
|
|
|
|
|
pub type Signature = GenericArray<u8, U64>;
|
|
|
|
|
|
2018-03-07 14:32:22 -08:00
|
|
|
pub trait KeyPairUtil {
|
|
|
|
|
fn new() -> Self;
|
|
|
|
|
fn pubkey(&self) -> PublicKey;
|
2018-03-06 11:48:26 -08:00
|
|
|
}
|
|
|
|
|
|
2018-03-07 14:32:22 -08:00
|
|
|
impl KeyPairUtil for Ed25519KeyPair {
|
|
|
|
|
/// Return a new ED25519 keypair
|
|
|
|
|
fn new() -> Self {
|
|
|
|
|
let rng = rand::SystemRandom::new();
|
2018-05-11 11:38:52 -07:00
|
|
|
let pkcs8_bytes = signature::Ed25519KeyPair::generate_pkcs8(&rng)
|
|
|
|
|
.expect("generate_pkcs8 in signature pb fn new");
|
|
|
|
|
signature::Ed25519KeyPair::from_pkcs8(untrusted::Input::from(&pkcs8_bytes))
|
|
|
|
|
.expect("from_pcks8 in signature pb fn new")
|
2018-03-07 14:32:22 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Return the public key for the given keypair
|
|
|
|
|
fn pubkey(&self) -> PublicKey {
|
|
|
|
|
GenericArray::clone_from_slice(self.public_key_bytes())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub trait SignatureUtil {
|
|
|
|
|
fn verify(&self, peer_public_key_bytes: &[u8], msg_bytes: &[u8]) -> bool;
|
2018-03-06 11:48:26 -08:00
|
|
|
}
|
|
|
|
|
|
2018-03-07 14:32:22 -08:00
|
|
|
impl SignatureUtil for GenericArray<u8, U64> {
|
|
|
|
|
fn verify(&self, peer_public_key_bytes: &[u8], msg_bytes: &[u8]) -> bool {
|
|
|
|
|
let peer_public_key = untrusted::Input::from(peer_public_key_bytes);
|
|
|
|
|
let msg = untrusted::Input::from(msg_bytes);
|
|
|
|
|
let sig = untrusted::Input::from(self);
|
|
|
|
|
signature::verify(&signature::ED25519, peer_public_key, msg, sig).is_ok()
|
|
|
|
|
}
|
2018-03-06 11:48:26 -08:00
|
|
|
}
|
2018-05-08 21:03:05 -07:00
|
|
|
|
|
|
|
|
pub struct GenKeys {
|
2018-05-11 11:07:41 -07:00
|
|
|
// This is necessary because the rng needs to mutate its state to remain
|
|
|
|
|
// deterministic, and the fill trait requires an immuatble reference to self
|
|
|
|
|
generator: RefCell<ChaChaRng>,
|
2018-05-08 21:03:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl GenKeys {
|
|
|
|
|
pub fn new(seed_values: &[u8]) -> GenKeys {
|
|
|
|
|
let seed: &[u8] = &seed_values[..];
|
|
|
|
|
let rng: ChaChaRng = SeedableRng::from_seed(unsafe { mem::transmute(seed) });
|
|
|
|
|
GenKeys {
|
2018-05-11 11:07:41 -07:00
|
|
|
generator: RefCell::new(rng),
|
2018-05-08 21:03:05 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn new_key(&self) -> Vec<u8> {
|
|
|
|
|
KeyPair::generate_pkcs8(self).unwrap().to_vec()
|
|
|
|
|
}
|
2018-05-11 09:55:05 -07:00
|
|
|
|
2018-05-12 15:08:08 -07:00
|
|
|
pub fn gen_n_keys(&self, n_keys: i64, tokens_per_user: i64) -> Vec<(Vec<u8>, i64)> {
|
|
|
|
|
let users: Vec<_> = (0..n_keys)
|
|
|
|
|
.into_iter()
|
|
|
|
|
.map(|_| {
|
|
|
|
|
let pkcs8 = self.new_key();
|
|
|
|
|
(pkcs8, tokens_per_user)
|
|
|
|
|
})
|
|
|
|
|
.collect();
|
|
|
|
|
users
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl SecureRandom for GenKeys {
|
|
|
|
|
fn fill(&self, dest: &mut [u8]) -> Result<(), Unspecified> {
|
|
|
|
|
let mut rng = self.generator.borrow_mut();
|
|
|
|
|
rng.fill_bytes(dest);
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub struct GenKeys2 {
|
|
|
|
|
// This is necessary because the rng needs to mutate its state to remain
|
|
|
|
|
// deterministic, and the fill trait requires an immuatble reference to self
|
|
|
|
|
generator: RefCell<ChaChaRng>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl GenKeys2 {
|
|
|
|
|
pub fn new(seed_values: &[u8]) -> GenKeys2 {
|
|
|
|
|
let seed: &[u8] = &seed_values[..];
|
|
|
|
|
let rng: ChaChaRng = SeedableRng::from_seed(unsafe { mem::transmute(seed) });
|
|
|
|
|
GenKeys2 {
|
|
|
|
|
generator: RefCell::new(rng),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn new_key(&self) -> Vec<u8> {
|
|
|
|
|
KeyPair::generate_pkcs8(self).unwrap().to_vec()
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-12 12:42:27 -07:00
|
|
|
pub fn gen_n_seeds(&self, n_seeds: i64) -> Vec<[u8; 16]> {
|
|
|
|
|
let mut rng = self.generator.borrow_mut();
|
|
|
|
|
|
|
|
|
|
let seeds = (0..n_seeds)
|
2018-05-11 11:07:41 -07:00
|
|
|
.into_iter()
|
2018-05-11 09:55:05 -07:00
|
|
|
.map(|_| {
|
2018-05-12 12:42:27 -07:00
|
|
|
let seed: [u8; 16] = rng.gen();
|
|
|
|
|
seed
|
|
|
|
|
})
|
|
|
|
|
.collect();
|
|
|
|
|
seeds
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn gen_n_keys(&self, n_keys: i64, tokens_per_user: i64) -> Vec<(Vec<u8>, i64)> {
|
|
|
|
|
let keys = self.gen_n_seeds(n_keys);
|
|
|
|
|
|
2018-05-12 16:27:15 -07:00
|
|
|
let users: Vec<_> = keys.into_par_iter()
|
2018-05-12 12:42:27 -07:00
|
|
|
.map(|seed| {
|
2018-05-12 15:08:08 -07:00
|
|
|
let new: GenKeys2 = GenKeys2::new(&seed[..]);
|
2018-05-12 12:42:27 -07:00
|
|
|
let pkcs8 = KeyPair::generate_pkcs8(&new).unwrap().to_vec();
|
2018-05-11 09:55:05 -07:00
|
|
|
(pkcs8, tokens_per_user)
|
|
|
|
|
})
|
|
|
|
|
.collect();
|
|
|
|
|
users
|
|
|
|
|
}
|
2018-05-08 21:03:05 -07:00
|
|
|
}
|
|
|
|
|
|
2018-05-12 15:08:08 -07:00
|
|
|
impl SecureRandom for GenKeys2 {
|
2018-05-08 21:03:05 -07:00
|
|
|
fn fill(&self, dest: &mut [u8]) -> Result<(), Unspecified> {
|
2018-05-11 11:07:41 -07:00
|
|
|
let mut rng = self.generator.borrow_mut();
|
2018-05-08 21:03:05 -07:00
|
|
|
rng.fill_bytes(dest);
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-05-11 09:55:05 -07:00
|
|
|
|
2018-05-12 15:08:08 -07:00
|
|
|
#[cfg(all(feature = "unstable", test))]
|
2018-05-11 09:55:05 -07:00
|
|
|
mod tests {
|
2018-05-12 15:08:08 -07:00
|
|
|
extern crate test;
|
|
|
|
|
|
|
|
|
|
use self::test::Bencher;
|
2018-05-11 09:55:05 -07:00
|
|
|
use super::*;
|
|
|
|
|
use std::collections::HashSet;
|
|
|
|
|
use std::iter::FromIterator;
|
|
|
|
|
|
2018-05-12 15:08:08 -07:00
|
|
|
#[bench]
|
|
|
|
|
fn bench_gen_keys(b: &mut Bencher) {
|
|
|
|
|
let seed: &[_] = &[1, 2, 3, 4];
|
|
|
|
|
let rnd = GenKeys::new(seed);
|
2018-05-12 15:18:18 -07:00
|
|
|
b.iter(|| rnd.gen_n_keys(1000, 1));
|
2018-05-12 15:08:08 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[bench]
|
|
|
|
|
fn bench_gen_keys2(b: &mut Bencher) {
|
|
|
|
|
let seed: &[_] = &[1, 2, 3, 4];
|
|
|
|
|
let rnd = GenKeys2::new(seed);
|
2018-05-12 15:18:18 -07:00
|
|
|
b.iter(|| rnd.gen_n_keys(1000, 1));
|
2018-05-12 15:08:08 -07:00
|
|
|
}
|
|
|
|
|
|
2018-05-11 09:55:05 -07:00
|
|
|
#[test]
|
|
|
|
|
fn test_new_key_is_redundant() {
|
|
|
|
|
let seed: &[_] = &[1, 2, 3, 4];
|
|
|
|
|
let rnd = GenKeys::new(seed);
|
|
|
|
|
let rnd2 = GenKeys::new(seed);
|
|
|
|
|
|
|
|
|
|
for _ in 0..100 {
|
|
|
|
|
assert_eq!(rnd.new_key(), rnd2.new_key());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_gen_n_keys() {
|
|
|
|
|
let seed: &[_] = &[1, 2, 3, 4];
|
|
|
|
|
let rnd = GenKeys::new(seed);
|
|
|
|
|
let rnd2 = GenKeys::new(seed);
|
|
|
|
|
|
|
|
|
|
let users1 = rnd.gen_n_keys(50, 1);
|
|
|
|
|
let users2 = rnd2.gen_n_keys(50, 1);
|
|
|
|
|
|
|
|
|
|
let users1_set: HashSet<(Vec<u8>, i64)> = HashSet::from_iter(users1.iter().cloned());
|
|
|
|
|
let users2_set: HashSet<(Vec<u8>, i64)> = HashSet::from_iter(users2.iter().cloned());
|
|
|
|
|
assert_eq!(users1_set, users2_set);
|
|
|
|
|
}
|
|
|
|
|
}
|
