You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.3 KiB
120 lines
3.3 KiB
/// This module has wrappers for cryptography with RSA algorithms. |
|
/// Its main structs - `PublicKey` and `Keys` implement all functions for key generation, signatures and asymmetric encryption |
|
use alloc::vec::Vec; |
|
use serde::{Deserialize, Serialize}; |
|
use rsa::{RsaPublicKey, RsaPrivateKey, PaddingScheme, PublicKey as RPK}; |
|
use rsa::errors::Result as RsaRes; |
|
use rand::rngs::OsRng; |
|
|
|
static KEY_LENGTH: usize = 2048; |
|
|
|
|
|
/// Public key of a node |
|
#[derive(Debug, PartialEq, Serialize, Deserialize, Clone)] |
|
pub struct PublicKey { |
|
pub key: RsaPublicKey, |
|
} |
|
|
|
impl PublicKey { |
|
/// Check if the sign is valid for given data and key |
|
pub fn verify_sign(&self, data: &[u8], sign: &[u8]) -> bool { |
|
self.key.verify(PaddingScheme::PKCS1v15Sign { hash: None }, data, sign).is_ok() |
|
} |
|
|
|
/// Encrypt some data for a user with this public key |
|
pub fn encrypt_data(&self, data: &[u8]) -> RsaRes<Vec<u8>> { |
|
self.key.encrypt(&mut OsRng {}, PaddingScheme::PKCS1v15Encrypt, data) |
|
} |
|
|
|
pub fn to_vec(&self) -> serde_cbor::Result<Vec<u8>> { |
|
serde_cbor::to_vec(&self.key) |
|
} |
|
|
|
pub fn from_vec(data: Vec<u8>) -> serde_cbor::Result<Self> { |
|
serde_cbor::from_slice(data.as_slice()) |
|
} |
|
} |
|
|
|
impl PublicKey { |
|
fn hash(&self) -> Vec<u8> { |
|
self.to_vec().unwrap() |
|
} |
|
} |
|
|
|
/// Key pair (public and secret) for a node, should be stored locally |
|
#[derive(Debug, Serialize, Deserialize, Clone)] |
|
pub struct Keys { |
|
public_key: RsaPublicKey, |
|
private_key: RsaPrivateKey, |
|
} |
|
|
|
impl Keys { |
|
/// Generate new random key |
|
pub fn generate() -> Self { |
|
let mut rng = OsRng; |
|
let private_key = RsaPrivateKey::new(&mut rng, KEY_LENGTH).expect("failed to generate a key"); |
|
let public_key = RsaPublicKey::from(&private_key); |
|
Self { |
|
private_key, |
|
public_key, |
|
} |
|
} |
|
} |
|
|
|
impl Keys { |
|
/// Sign content using these keys |
|
pub fn sign(&self, content: &[u8]) -> RsaRes<Vec<u8>> { |
|
self.private_key.sign(PaddingScheme::PKCS1v15Sign { hash: None }, content) |
|
} |
|
|
|
/// Decrypt data |
|
pub fn decrypt_data(&self, data_encrypted: &[u8]) -> RsaRes<Vec<u8>> { |
|
self.private_key.decrypt(PaddingScheme::PKCS1v15Encrypt, data_encrypted) |
|
} |
|
|
|
/// Get public key |
|
pub fn get_public(&self) -> PublicKey { |
|
PublicKey { key: self.public_key.clone() } |
|
} |
|
} |
|
|
|
#[test] |
|
fn test_encrypt() { |
|
let data = vec![0, 5, 8, 135, 67]; |
|
let keys = Keys::generate(); |
|
assert_eq!( |
|
keys.decrypt_data(&keys.get_public().encrypt_data(&data).unwrap()).unwrap(), |
|
data |
|
); |
|
} |
|
|
|
#[cfg(test)] |
|
use alloc::vec; |
|
|
|
#[test] |
|
fn test_invalid_encrypt() { |
|
let data = vec![0, 5, 8, 135, 67]; |
|
let keys_1 = Keys::generate(); |
|
let keys_2 = Keys::generate(); |
|
assert!(keys_2.decrypt_data(&keys_1.get_public().encrypt_data(&data).unwrap()).is_err()); |
|
} |
|
|
|
#[test] |
|
fn test_signing() { |
|
let data = vec![0, 5, 8, 135, 67]; |
|
let keys = Keys::generate(); |
|
assert!(keys.get_public().verify_sign(&data, &keys.sign(&data).unwrap())); |
|
} |
|
|
|
#[test] |
|
fn test_invalid_signing() { |
|
let data = vec![0, 5, 8, 135, 67]; |
|
let keys_1 = Keys::generate(); |
|
let keys_2 = Keys::generate(); |
|
assert!(!keys_2.get_public().verify_sign(&data, &keys_1.sign(&data).unwrap())); |
|
} |
|
|
|
#[test] |
|
fn test_pkey_caching() { |
|
assert_ne!(Keys::generate().get_public().hash(), Keys::generate().get_public().hash()) |
|
}
|
|
|