bc-envelope 0.43.0

Gordian Envelope for Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

#![cfg(feature = "ssh")]
use bc_components::SigningOptions;
use bc_envelope::prelude::*;
use indoc::indoc;
use ssh_key::{Algorithm as SSHAlgorithm, HashAlg};

mod common;
use crate::common::{check_encoding::*, test_data::*};

#[test]
fn test_ssh_signed_plaintext() {
    bc_components::register_tags();

    let alice_ssh_private_key = alice_private_key()
        .ssh_signing_private_key(SSHAlgorithm::Ed25519, "alice@example.com")
        .unwrap();
    let alice_ssh_public_key = alice_ssh_private_key.public_key().unwrap();

    // Alice sends a signed plaintext message to Bob.
    let options = SigningOptions::Ssh {
        namespace: "test".to_string(),
        hash_alg: HashAlg::Sha256,
    };
    let envelope = hello_envelope()
        .add_signature_opt(&alice_ssh_private_key, Some(options), None)
        .check_encoding()
        .unwrap();
    let ur = envelope.ur();

    // expected-text-output-rubric:
    #[rustfmt::skip]
    let expected_format = indoc! {r#"
        "Hello." [
            'signed': Signature(SshEd25519)
        ]
    "#}.trim();
    assert_actual_expected!(envelope.format(), expected_format);

    // Alice ➡️ ☁️ ➡️ Bob

    // Bob receives the envelope.
    let received_envelope =
        Envelope::from_ur(&ur).unwrap().check_encoding().unwrap();

    // Bob receives the message, validates Alice's signature, and reads the
    // message.
    let received_plaintext =
        received_envelope.verify_signature_from(&alice_ssh_public_key);
    let received_plaintext = received_plaintext
        .unwrap()
        .extract_subject::<String>()
        .unwrap();
    assert_eq!(received_plaintext, "Hello.");

    // Confirm that it wasn't signed by Carol.
    let carol_ssh_public_key = carol_private_key()
        .ssh_signing_private_key(SSHAlgorithm::Ed25519, "carol@example.com")
        .unwrap()
        .public_key()
        .unwrap();
    assert!(
        received_envelope
            .verify_signature_from(&carol_ssh_public_key)
            .is_err()
    );

    // Confirm that it was signed by Alice OR Carol.
    received_envelope
        .verify_signatures_from_threshold(
            &[&alice_ssh_public_key, &carol_ssh_public_key],
            Some(1),
        )
        .unwrap();

    // Confirm that it was not signed by Alice AND Carol.
    assert!(
        received_envelope
            .verify_signatures_from_threshold(
                &[&alice_ssh_public_key, &carol_ssh_public_key],
                Some(2)
            )
            .is_err()
    );
}