1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
use crate::software_vault::SoftwareVault;
use crate::xeddsa::XEddsaSigner;
use crate::VaultError;
use arrayref::array_ref;
use ockam_vault_core::{Secret, SecretType, Signer, CURVE25519_SECRET_LENGTH};
use rand::{thread_rng, RngCore};
impl Signer for SoftwareVault {
fn sign(&mut self, secret_key: &Secret, data: &[u8]) -> ockam_core::Result<[u8; 64]> {
let entry = self.get_entry(secret_key)?;
let key = entry.key().as_ref();
match entry.key_attributes().stype() {
SecretType::Curve25519 if key.len() == CURVE25519_SECRET_LENGTH => {
let mut rng = thread_rng();
let mut nonce = [0u8; 64];
rng.fill_bytes(&mut nonce);
let sig =
x25519_dalek::StaticSecret::from(*array_ref!(key, 0, CURVE25519_SECRET_LENGTH))
.sign(data.as_ref(), &nonce);
Ok(sig)
}
_ => Err(VaultError::InvalidKeyType.into()),
}
}
}
#[cfg(test)]
mod tests {
use crate::SoftwareVault;
use ockam_vault_core::{
SecretAttributes, SecretPersistence, SecretType, SecretVault, Signer, Verifier,
CURVE25519_SECRET_LENGTH,
};
#[test]
fn sign() {
let mut vault = SoftwareVault::default();
let secret = vault
.secret_generate(SecretAttributes::new(
SecretType::Curve25519,
SecretPersistence::Ephemeral,
CURVE25519_SECRET_LENGTH,
))
.unwrap();
let res = vault.sign(&secret, b"hello world!");
assert!(res.is_ok());
let pubkey = vault.secret_public_key_get(&secret).unwrap();
let signature = res.unwrap();
let res = vault.verify(&signature, pubkey.as_ref(), b"hello world!");
assert!(res.is_ok());
}
}