bc_components/

sskr_mod.rs

use bc_rand::{ RandomNumberGenerator, SecureRandomNumberGenerator };
use bc_ur::prelude::*;
use sskr::SSKRError;
use anyhow::Result;
use crate::tags;

/// Re-export of the `Spec` type from the `sskr` crate.
///
/// Describes the configuration for a Sharded Secret Key Reconstruction (SSKR) split,
/// including the group threshold and specifications for each group.
pub use sskr::{ Spec as SSKRSpec, GroupSpec as SSKRGroupSpec, Secret as SSKRSecret };

/// A share of a secret split using Sharded Secret Key Reconstruction (SSKR).
///
/// SSKR is a protocol for splitting a secret into multiple shares across one or more
/// groups, such that the secret can be reconstructed only when a threshold number of
/// shares from a threshold number of groups are combined.
///
/// Each SSKR share contains:
/// - A unique identifier for the split
/// - Metadata about the group structure (thresholds, counts, indices)
/// - A portion of the secret data
///
/// SSKR shares follow a specific binary format that includes a 5-byte metadata header
/// followed by the share value. The metadata encodes information about group thresholds,
/// member thresholds, and the position of this share within the overall structure.
#[derive(Debug, PartialEq, Eq, Clone, Hash)]
pub struct SSKRShare(Vec<u8>);

impl SSKRShare {
    /// Creates a new `SSKRShare` from raw binary data.
    ///
    /// # Parameters
    ///
    /// * `data` - The raw binary data of the SSKR share, including both metadata (5 bytes)
    ///   and share value.
    ///
    /// # Returns
    ///
    /// A new `SSKRShare` instance containing the provided data.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// // Raw SSKR share data (typically from sskr_generate function)
    /// let data = vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]; // Example data
    /// let share = SSKRShare::from_data(data);
    /// ```
    pub fn from_data(data: impl Into<Vec<u8>>) -> Self {
        Self(data.into())
    }

    /// Returns a reference to the raw binary data of this share.
    ///
    /// # Returns
    ///
    /// A reference to the byte vector containing the SSKR share data.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let data = vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]; // Example data
    /// let share = SSKRShare::from_data(data.clone());
    /// assert_eq!(share.data(), &data);
    /// ```
    pub fn data(&self) -> &Vec<u8> {
        &self.0
    }

    /// Creates a new `SSKRShare` from a hexadecimal string.
    ///
    /// # Parameters
    ///
    /// * `hex` - A hexadecimal string representing the SSKR share data.
    ///
    /// # Returns
    ///
    /// A new `SSKRShare` instance created from the decoded hex data.
    ///
    /// # Panics
    ///
    /// Panics if the hex string is invalid and cannot be decoded.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_hex("1234213101aabbcc");
    /// assert_eq!(share.hex(), "1234213101aabbcc");
    /// ```
    pub fn from_hex(hex: impl AsRef<str>) -> Self {
        Self::from_data(hex::decode(hex.as_ref()).unwrap())
    }

    /// Returns the data of this `SSKRShare` as a hexadecimal string.
    ///
    /// # Returns
    ///
    /// A hex-encoded string representing the SSKR share data.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// assert_eq!(share.hex(), "1234213101aabbcc");
    /// ```
    pub fn hex(&self) -> String {
        hex::encode(self.data())
    }

    /// Returns the unique identifier of the split to which this share belongs.
    ///
    /// The identifier is a 16-bit value that is the same for all shares in a split
    /// and is used to verify that shares belong together when combining them.
    ///
    /// # Returns
    ///
    /// A 16-bit integer representing the unique identifier of the split.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// assert_eq!(share.identifier(), 0x1234);
    /// ```
    pub fn identifier(&self) -> u16 {
        (u16::from(self.0[0]) << 8) | u16::from(self.0[1])
    }

    /// Returns the unique identifier of the split as a hexadecimal string.
    ///
    /// # Returns
    ///
    /// A hexadecimal string representing the 16-bit identifier.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// assert_eq!(share.identifier_hex(), "1234");
    /// ```
    pub fn identifier_hex(&self) -> String {
        hex::encode(&self.0[0..=1])
    }

    /// Returns the minimum number of groups whose quorum must be met to
    /// reconstruct the secret.
    ///
    /// This value is encoded as GroupThreshold - 1 in the metadata, so the actual
    /// threshold value is one more than the encoded value.
    ///
    /// # Returns
    ///
    /// The group threshold value (minimum number of groups required).
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// // The encoded value 0x2 in the third byte's high nibble represents a threshold of 3
    /// assert_eq!(share.group_threshold(), 3);
    /// ```
    pub fn group_threshold(&self) -> usize {
        usize::from(self.0[2] >> 4) + 1
    }

    /// Returns the total number of groups in the split.
    ///
    /// This value is encoded as GroupCount - 1 in the metadata, so the actual
    /// count is one more than the encoded value.
    ///
    /// # Returns
    ///
    /// The total number of groups in the split.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// // The encoded value 0x1 in the third byte's low nibble represents a count of 2
    /// assert_eq!(share.group_count(), 2);
    /// ```
    pub fn group_count(&self) -> usize {
        usize::from(self.0[2] & 0xf) + 1
    }

    /// Returns the index of the group to which this share belongs.
    ///
    /// This is a zero-based index identifying which group in the split this
    /// share is part of.
    ///
    /// # Returns
    ///
    /// The group index (0-based).
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// // The encoded value 0x3 in the fourth byte's high nibble represents group index 3
    /// assert_eq!(share.group_index(), 3);
    /// ```
    pub fn group_index(&self) -> usize {
        usize::from(self.0[3] >> 4)
    }

    /// Returns the minimum number of shares within the group to which this share
    /// belongs that must be combined to meet the group threshold.
    ///
    /// This value is encoded as MemberThreshold - 1 in the metadata, so the actual
    /// threshold value is one more than the encoded value.
    ///
    /// # Returns
    ///
    /// The member threshold value (minimum number of shares required within this group).
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// // The encoded value 0x1 in the fourth byte's low nibble represents a threshold of 2
    /// assert_eq!(share.member_threshold(), 2);
    /// ```
    pub fn member_threshold(&self) -> usize {
        usize::from(self.0[3] & 0xf) + 1
    }

    /// Returns the index of this share within the group to which it belongs.
    ///
    /// This is a zero-based index identifying which share within the group
    /// this specific share is.
    ///
    /// # Returns
    ///
    /// The member index (0-based) within the group.
    ///
    /// # Example
    ///
    /// ```
    /// use bc_components::SSKRShare;
    ///
    /// let share = SSKRShare::from_data(vec![0x12, 0x34, 0x21, 0x31, 0x01, 0xAA, 0xBB, 0xCC]);
    /// // The encoded value 0x1 in the fifth byte's low nibble represents member index 1
    /// assert_eq!(share.member_index(), 1);
    /// ```
    pub fn member_index(&self) -> usize {
        usize::from(self.0[4] & 0xf)
    }
}

/// Implementation of the CBOR Tagged trait for SSKRShare.
///
/// This allows SSKR shares to be serialized with specific CBOR tags that
/// identify them as SSKR shares.
impl CBORTagged for SSKRShare {
    fn cbor_tags() -> Vec<Tag> {
        tags_for_values(&[tags::TAG_SSKR_SHARE, tags::TAG_SSKR_SHARE_V1])
    }
}

/// Conversion from SSKRShare to CBOR for serialization.
impl From<SSKRShare> for CBOR {
    fn from(value: SSKRShare) -> Self {
        value.tagged_cbor()
    }
}

/// Implementation of CBOR encoding for SSKRShare.
impl CBORTaggedEncodable for SSKRShare {
    fn untagged_cbor(&self) -> CBOR {
        CBOR::to_byte_string(&self.0)
    }
}

/// Conversion from CBOR to SSKRShare for deserialization.
impl TryFrom<CBOR> for SSKRShare {
    type Error = dcbor::Error;

    fn try_from(cbor: CBOR) -> dcbor::Result<Self> {
        Self::from_tagged_cbor(cbor)
    }
}

/// Implementation of CBOR decoding for SSKRShare.
impl CBORTaggedDecodable for SSKRShare {
    fn from_untagged_cbor(cbor: CBOR) -> dcbor::Result<Self> {
        let data = CBOR::try_into_byte_string(cbor)?;
        Ok(Self::from_data(data))
    }
}

/// Generates SSKR shares for the given `Spec` and `Secret`.
///
/// This function splits a master secret into multiple shares according to the
/// specified group and member thresholds, using a secure random number generator.
///
/// # Parameters
///
/// * `spec` - The `SSKRSpec` instance that defines the group threshold, number of groups,
///   and the member thresholds for each group.
/// * `master_secret` - The `SSKRSecret` instance to be split into shares.
///
/// # Returns
///
/// A result containing a nested vector of `SSKRShare` instances if successful,
/// or an `SSKRError` if the operation fails. The outer vector contains one vector
/// per group, and each inner vector contains the shares for that group.
///
/// # Errors
///
/// Returns an error if:
/// - The secret is too short or too long
/// - The group threshold is invalid
/// - The member thresholds are invalid
/// - Any other error in the underlying SSKR implementation
///
/// # Example
///
/// ```
/// use bc_components::{SSKRSecret, SSKRSpec, SSKRGroupSpec, sskr_generate};
///
/// // Create a master secret from a byte array (must be exactly 16 or 32 bytes)
/// let master_secret = SSKRSecret::new(b"0123456789abcdef").unwrap(); // Exactly 16 bytes
///
/// // Configure a split with 2 groups, requiring both groups (threshold = 2)
/// // First group: 2 of 3 shares needed
/// // Second group: 3 of 5 shares needed
/// let group1 = SSKRGroupSpec::new(2, 3).unwrap();
/// let group2 = SSKRGroupSpec::new(3, 5).unwrap();
/// let spec = SSKRSpec::new(2, vec![group1, group2]).unwrap();
///
/// // Generate the shares
/// let shares = sskr_generate(&spec, &master_secret).unwrap();
///
/// // Verify the structure matches our specification
/// assert_eq!(shares.len(), 2);           // 2 groups
/// assert_eq!(shares[0].len(), 3);        // 3 shares in first group
/// assert_eq!(shares[1].len(), 5);        // 5 shares in second group
/// ```
pub fn sskr_generate(
    spec: &SSKRSpec,
    master_secret: &SSKRSecret
) -> Result<Vec<Vec<SSKRShare>>, SSKRError> {
    let mut rng = SecureRandomNumberGenerator;
    sskr_generate_using(spec, master_secret, &mut rng)
}

/// Generates SSKR shares using a custom random number generator.
///
/// This function is similar to `sskr_generate`, but allows specifying a custom
/// random number generator for deterministic testing or other specialized needs.
///
/// # Parameters
///
/// * `spec` - The `SSKRSpec` instance that defines the group threshold, number of groups,
///   and the member thresholds for each group.
/// * `master_secret` - The `SSKRSecret` instance to be split into shares.
/// * `rng` - The random number generator to use for generating shares.
///
/// # Returns
///
/// A result containing a nested vector of `SSKRShare` instances if successful,
/// or an `SSKRError` if the operation fails. The outer vector contains one vector
/// per group, and each inner vector contains the shares for that group.
///
/// # Errors
///
/// Returns an error if:
/// - The secret is too short or too long
/// - The group threshold is invalid
/// - The member thresholds are invalid
/// - Any other error in the underlying SSKR implementation
///
/// # Example
///
/// ```
/// use bc_components::{SSKRSecret, SSKRSpec, SSKRGroupSpec, sskr_generate_using};
/// use bc_rand::SecureRandomNumberGenerator;
///
/// // Create a master secret from a byte array (must be exactly 16 or 32 bytes)
/// let master_secret = SSKRSecret::new(b"0123456789abcdef").unwrap(); // Exactly 16 bytes
///
/// // Configure a split with 2 groups, requiring both groups (threshold = 2)
/// let group1 = SSKRGroupSpec::new(2, 3).unwrap();
/// let group2 = SSKRGroupSpec::new(3, 5).unwrap();
/// let spec = SSKRSpec::new(2, vec![group1, group2]).unwrap();
///
/// // Generate the shares with a custom RNG
/// let mut rng = SecureRandomNumberGenerator;
/// let shares = sskr_generate_using(&spec, &master_secret, &mut rng).unwrap();
///
/// // Verify the structure
/// assert_eq!(shares.len(), 2);
/// assert_eq!(shares[0].len(), 3);
/// assert_eq!(shares[1].len(), 5);
/// ```
pub fn sskr_generate_using(
    spec: &SSKRSpec,
    master_secret: &SSKRSecret,
    rng: &mut impl RandomNumberGenerator
) -> Result<Vec<Vec<SSKRShare>>, SSKRError> {
    let shares = sskr::sskr_generate_using(spec, master_secret, rng)?;
    let shares = shares
        .into_iter()
        .map(|group| {
            group
                .into_iter()
                .map(|share| { SSKRShare::from_data(share) })
                .collect()
        })
        .collect();
    Ok(shares)
}

/// Combines SSKR shares to reconstruct the original secret.
///
/// This function takes a collection of shares and attempts to reconstruct the
/// original secret. The shares must meet the group and member thresholds specified
/// when the shares were generated.
///
/// # Parameters
///
/// * `shares` - A slice of `SSKRShare` instances to be combined.
///
/// # Returns
///
/// A result containing the reconstructed `SSKRSecret` if successful,
/// or an `SSKRError` if the shares cannot be combined.
///
/// # Errors
///
/// Returns an error if:
/// - The shares don't all belong to the same split (different identifiers)
/// - There are insufficient shares to meet the group threshold
/// - There are insufficient shares within each group to meet their member thresholds
/// - The shares are malformed or corrupted
///
/// # Example
///
/// ```
/// use bc_components::{SSKRSecret, SSKRSpec, SSKRGroupSpec, SSKRShare, sskr_generate, sskr_combine};
///
/// // Create a master secret (must be exactly 16 or 32 bytes)
/// let master_secret = SSKRSecret::new(b"0123456789abcdef").unwrap(); // Exactly 16 bytes
///
/// // Configure a split with 2 groups, requiring both groups (threshold = 2)
/// let group1 = SSKRGroupSpec::new(2, 3).unwrap();
/// let group2 = SSKRGroupSpec::new(3, 5).unwrap();
/// let spec = SSKRSpec::new(2, vec![group1, group2]).unwrap();
///
/// // Generate the shares
/// let shares = sskr_generate(&spec, &master_secret).unwrap();
///
/// // Collect shares that meet the threshold requirements
/// let recovery_shares = vec![
///     // Two shares from group 1 (meets threshold of 2)
///     shares[0][0].clone(),
///     shares[0][1].clone(),
///
///     // Three shares from group 2 (meets threshold of 3)
///     shares[1][0].clone(),
///     shares[1][1].clone(),
///     shares[1][2].clone(),
/// ];
///
/// // Recover the original secret
/// let recovered_secret = sskr_combine(&recovery_shares).unwrap();
/// assert_eq!(recovered_secret, master_secret);
/// ```
pub fn sskr_combine(shares: &[SSKRShare]) -> Result<SSKRSecret, SSKRError> {
    let shares: Vec<Vec<u8>> = shares
        .iter()
        .map(|share| share.data().to_vec())
        .collect();
    sskr::sskr_combine(&shares)
}