diff --git a/Cargo.lock b/Cargo.lock index a5172ed..94230c7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -338,6 +338,7 @@ checksum = "4958ec1997b05011d5c786bf4093cd48578bd9be2737350ab38659694083ddde" name = "meadowcap" version = "0.1.0" dependencies = [ + "signature", "ufotofu", "willow-data-model", ] @@ -426,6 +427,12 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" + [[package]] name = "slab" version = "0.4.9" diff --git a/meadowcap/Cargo.toml b/meadowcap/Cargo.toml index 1a857cf..486e95f 100644 --- a/meadowcap/Cargo.toml +++ b/meadowcap/Cargo.toml @@ -4,6 +4,7 @@ version = "0.1.0" edition = "2021" [dependencies] +signature = "2.2.0" ufotofu = "0.3.0" [dependencies.willow-data-model] diff --git a/meadowcap/src/lib.rs b/meadowcap/src/lib.rs index c588446..63fe26d 100644 --- a/meadowcap/src/lib.rs +++ b/meadowcap/src/lib.rs @@ -1,3 +1,4 @@ +use signature::{Signer, Verifier}; use ufotofu::{local_nb::Consumer, sync::consumer::IntoVec}; use willow_data_model::{ encoding::{parameters::Encodable, relativity::RelativeEncodable}, @@ -5,17 +6,6 @@ use willow_data_model::{ parameters::{NamespaceId, SubspaceId}, }; -/// Can be used to sign a bytestring. -pub trait Signing { - fn corresponding_public_key(&self) -> PublicKey; - fn sign(&self, bytestring: &[u8]) -> Signature; -} - -/// Indicates that this is a verifiable signature. -pub trait Verifiable { - fn verify(&self, public_key: &PublicKey, bytestring: &[u8]) -> bool; -} - /// A delegation of access rights to a user for a given area. #[derive(Clone)] pub struct Delegation< @@ -121,8 +111,8 @@ pub struct CommunalCapability< UserSignature, > where NamespacePublicKey: NamespaceId + Encodable, - UserPublicKey: SubspaceId + Encodable, - UserSignature: Encodable + Verifiable, + UserPublicKey: SubspaceId + Encodable + Verifier, + UserSignature: Encodable, { access_mode: AccessMode, namespace_key: NamespacePublicKey, @@ -140,8 +130,8 @@ impl< > CommunalCapability where NamespacePublicKey: NamespaceId + Encodable, - UserPublicKey: SubspaceId + Encodable, - UserSignature: Encodable + Verifiable + Clone, + UserPublicKey: SubspaceId + Encodable + Verifier, + UserSignature: Encodable + Clone, { /// Create a new communal capability granting access to the [`SubspaceId`] corresponding to the given [`UserPublicKey`]. pub fn new( @@ -166,7 +156,7 @@ where new_area: Area, ) -> Result> where - UserSecretKey: Signing, + UserSecretKey: Signer, { let prev_area = self.granted_area(); @@ -179,13 +169,13 @@ where let prev_user = self.receiver(); - if &secret_key.corresponding_public_key() != prev_user { - return Err(FailedDelegationError::WrongSecretForUser(new_user)); - } - let handover = self.handover(&new_area, &new_user).await; let signature = secret_key.sign(&handover); + prev_user + .verify(&handover, &signature) + .map_err(|_| FailedDelegationError::WrongSecretForUser(new_user.clone()))?; + let mut new_delegations = self.delegations.clone(); new_delegations.push(Delegation::new(new_area, new_user, signature)); @@ -218,15 +208,13 @@ where let prev_receiver = self.receiver(); - let is_authentic = new_sig.verify(prev_receiver, &handover); - - if !is_authentic { - return Err(InvalidDelegationError::InvalidSignature { + prev_receiver.verify(&handover, new_sig).map_err(|_| { + InvalidDelegationError::InvalidSignature { claimed_receiver: new_user.clone(), expected_signatory: prev_receiver.clone(), signature: new_sig.clone(), - }); - } + } + })?; self.delegations.push(delegation);