oxihuman-core 0.1.2

Core data structures, algorithms, and asset management for OxiHuman
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421

// Copyright (C) 2026 COOLJAPAN OU (Team KitaSan)
// SPDX-License-Identifier: Apache-2.0

//! HMAC-like asset pack signing using SHA-256 double-hash construction.
//!
//! Signing scheme: `SHA256(key || SHA256(message))` — length-extension resistant.

#![allow(dead_code)]

use anyhow::{bail, Context, Result};
use sha2::{Digest, Sha256};
use std::path::Path;

// ── Public structs ────────────────────────────────────────────────────────────

/// Signature metadata for a signed pack.
pub struct PackSignature {
    /// Format version — currently 1.
    pub version: u32,
    /// Algorithm identifier, e.g. "sha256-chain".
    pub algorithm: String,
    /// Raw 32-byte signature.
    pub signature: Vec<u8>,
    /// Unix timestamp in seconds (0 for deterministic tests).
    pub timestamp: u64,
    /// Identifies who signed the pack.
    pub signer_id: String,
}

/// A manifest hash paired with its signature.
pub struct SignedPack {
    /// SHA-256 of sorted manifest content.
    pub manifest_hash: Vec<u8>,
    /// The signature covering `manifest_hash`.
    pub signature: PackSignature,
}

// ── Core crypto primitive ─────────────────────────────────────────────────────

/// `SHA256(key || SHA256(message))` — length-extension resistant double-hash.
pub fn double_hash_sign(key: &[u8], message: &[u8]) -> Vec<u8> {
    // Inner hash: SHA256(message)
    let mut inner = Sha256::new();
    inner.update(message);
    let inner_hash = inner.finalize();

    // Outer hash: SHA256(key || inner_hash)
    let mut outer = Sha256::new();
    outer.update(key);
    outer.update(inner_hash);
    outer.finalize().to_vec()
}

// ── Manifest hash ─────────────────────────────────────────────────────────────

/// Compute SHA-256 over sorted `"path:sha256hex"` lines for all files in `dir`.
pub fn pack_manifest_hash(dir: &Path) -> Result<Vec<u8>> {
    let mut entries: Vec<(String, String)> = Vec::new();
    collect_manifest_entries(dir, dir, &mut entries)?;
    entries.sort_by(|a, b| a.0.cmp(&b.0));

    let mut hasher = Sha256::new();
    for (rel_path, sha_hex) in &entries {
        let line = format!("{}:{}\n", rel_path, sha_hex);
        hasher.update(line.as_bytes());
    }
    Ok(hasher.finalize().to_vec())
}

fn collect_manifest_entries(
    root: &Path,
    current: &Path,
    out: &mut Vec<(String, String)>,
) -> Result<()> {
    for entry in
        std::fs::read_dir(current).with_context(|| format!("reading dir {}", current.display()))?
    {
        let entry = entry.with_context(|| "dir entry error")?;
        let path = entry.path();
        if path.is_dir() {
            collect_manifest_entries(root, &path, out)?;
        } else {
            let data =
                std::fs::read(&path).with_context(|| format!("reading {}", path.display()))?;
            let sha_hex = sha256_hex(&data);
            let rel = path
                .strip_prefix(root)
                .with_context(|| "strip prefix")?
                .to_string_lossy()
                .replace('\\', "/");
            out.push((rel, sha_hex));
        }
    }
    Ok(())
}

fn sha256_hex(data: &[u8]) -> String {
    let mut h = Sha256::new();
    h.update(data);
    hex::encode(h.finalize())
}

// ── Sign / verify ─────────────────────────────────────────────────────────────

/// Sign all files in `dir` and return a `SignedPack`.
pub fn sign_pack_dir(dir: &Path, key: &[u8], signer_id: &str) -> Result<SignedPack> {
    let manifest_hash = pack_manifest_hash(dir)?;
    let signature_bytes = double_hash_sign(key, &manifest_hash);

    Ok(SignedPack {
        manifest_hash: manifest_hash.clone(),
        signature: PackSignature {
            version: 1,
            algorithm: "sha256-chain".to_string(),
            signature: signature_bytes,
            timestamp: 0,
            signer_id: signer_id.to_string(),
        },
    })
}

/// Verify a `SignedPack` against the current state of `dir` using `key`.
pub fn verify_pack_signature(dir: &Path, signed: &SignedPack, key: &[u8]) -> bool {
    let current_hash = match pack_manifest_hash(dir) {
        Ok(h) => h,
        Err(_) => return false,
    };
    if current_hash != signed.manifest_hash {
        return false;
    }
    let expected_sig = double_hash_sign(key, &current_hash);
    expected_sig == signed.signature.signature
}

// ── Hex encoding ──────────────────────────────────────────────────────────────

/// Hex-encode the signature bytes.
pub fn signature_to_hex(sig: &PackSignature) -> String {
    hex::encode(&sig.signature)
}

/// Decode a hex signature string back into a `PackSignature`.
pub fn signature_from_hex(
    hex_str: &str,
    version: u32,
    algorithm: &str,
    timestamp: u64,
    signer_id: &str,
) -> Result<PackSignature> {
    let bytes = hex::decode(hex_str).with_context(|| "hex decode failed")?;
    if bytes.len() != 32 {
        bail!("signature must be exactly 32 bytes, got {}", bytes.len());
    }
    Ok(PackSignature {
        version,
        algorithm: algorithm.to_string(),
        signature: bytes,
        timestamp,
        signer_id: signer_id.to_string(),
    })
}

// ── File I/O ──────────────────────────────────────────────────────────────────

/// Write a `SignedPack` to a text file in simple key=value format.
pub fn write_signature_file(signed: &SignedPack, path: &Path) -> Result<()> {
    let sig = &signed.signature;
    let content = format!(
        "version={}\nalgorithm={}\ntimestamp={}\nsigner_id={}\nmanifest_hash={}\nsignature={}\n",
        sig.version,
        sig.algorithm,
        sig.timestamp,
        sig.signer_id,
        hex::encode(&signed.manifest_hash),
        signature_to_hex(sig),
    );
    std::fs::write(path, content)
        .with_context(|| format!("writing signature file {}", path.display()))?;
    Ok(())
}

/// Read a `SignedPack` from a text file written by `write_signature_file`.
pub fn read_signature_file(path: &Path) -> Result<SignedPack> {
    let content = std::fs::read_to_string(path)
        .with_context(|| format!("reading signature file {}", path.display()))?;

    let mut version: Option<u32> = None;
    let mut algorithm: Option<String> = None;
    let mut timestamp: Option<u64> = None;
    let mut signer_id: Option<String> = None;
    let mut manifest_hash_hex: Option<String> = None;
    let mut signature_hex: Option<String> = None;

    for line in content.lines() {
        let line = line.trim();
        if line.is_empty() {
            continue;
        }
        let (k, v) = line
            .split_once('=')
            .with_context(|| format!("malformed line: {}", line))?;
        match k {
            "version" => version = Some(v.parse().with_context(|| "parsing version")?),
            "algorithm" => algorithm = Some(v.to_string()),
            "timestamp" => timestamp = Some(v.parse().with_context(|| "parsing timestamp")?),
            "signer_id" => signer_id = Some(v.to_string()),
            "manifest_hash" => manifest_hash_hex = Some(v.to_string()),
            "signature" => signature_hex = Some(v.to_string()),
            _ => bail!("unknown key: {}", k),
        }
    }

    let version = version.with_context(|| "missing version")?;
    let algorithm = algorithm.with_context(|| "missing algorithm")?;
    let timestamp = timestamp.with_context(|| "missing timestamp")?;
    let signer_id = signer_id.with_context(|| "missing signer_id")?;
    let manifest_hash_hex = manifest_hash_hex.with_context(|| "missing manifest_hash")?;
    let signature_hex = signature_hex.with_context(|| "missing signature")?;

    let manifest_hash =
        hex::decode(&manifest_hash_hex).with_context(|| "hex decode manifest_hash")?;
    let signature_bytes = hex::decode(&signature_hex).with_context(|| "hex decode signature")?;

    Ok(SignedPack {
        manifest_hash,
        signature: PackSignature {
            version,
            algorithm,
            signature: signature_bytes,
            timestamp,
            signer_id,
        },
    })
}

// ── Tests ─────────────────────────────────────────────────────────────────────

#[cfg(test)]
mod tests {
    use super::*;
    use std::io::Write;

    fn tempdir(suffix: &str) -> std::path::PathBuf {
        use std::time::{SystemTime, UNIX_EPOCH};
        let nanos = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .expect("should succeed")
            .subsec_nanos();
        let path =
            std::path::PathBuf::from(format!("/tmp/oxihuman_pack_sign_{}_{}", suffix, nanos));
        std::fs::create_dir_all(&path).expect("should succeed");
        path
    }

    fn write_file(dir: &std::path::Path, name: &str, data: &[u8]) {
        let mut f = std::fs::File::create(dir.join(name)).expect("should succeed");
        f.write_all(data).expect("should succeed");
    }

    // 1. double_hash_sign is deterministic
    #[test]
    fn double_hash_sign_is_deterministic() {
        let key = b"secret-key";
        let msg = b"hello world";
        let a = double_hash_sign(key, msg);
        let b = double_hash_sign(key, msg);
        assert_eq!(a, b);
    }

    // 2. double_hash_sign produces 32 bytes
    #[test]
    fn double_hash_sign_is_32_bytes() {
        let sig = double_hash_sign(b"key", b"msg");
        assert_eq!(sig.len(), 32);
    }

    // 3. Different keys produce different signatures
    #[test]
    fn different_keys_produce_different_sigs() {
        let msg = b"same message";
        let s1 = double_hash_sign(b"key-one", msg);
        let s2 = double_hash_sign(b"key-two", msg);
        assert_ne!(s1, s2);
    }

    // 4. Different messages produce different signatures
    #[test]
    fn different_messages_produce_different_sigs() {
        let key = b"same-key";
        let s1 = double_hash_sign(key, b"message-a");
        let s2 = double_hash_sign(key, b"message-b");
        assert_ne!(s1, s2);
    }

    // 5. Empty message is handled
    #[test]
    fn empty_message_does_not_panic() {
        let sig = double_hash_sign(b"key", b"");
        assert_eq!(sig.len(), 32);
    }

    // 6. Empty key is handled
    #[test]
    fn empty_key_does_not_panic() {
        let sig = double_hash_sign(b"", b"message");
        assert_eq!(sig.len(), 32);
    }

    // 7. signature_to_hex / signature_from_hex round-trip
    #[test]
    fn signature_hex_roundtrip() {
        let raw = double_hash_sign(b"k", b"m");
        let sig = PackSignature {
            version: 1,
            algorithm: "sha256-chain".to_string(),
            signature: raw.clone(),
            timestamp: 42,
            signer_id: "tester".to_string(),
        };
        let hex_str = signature_to_hex(&sig);
        let recovered = signature_from_hex(
            &hex_str,
            sig.version,
            &sig.algorithm,
            sig.timestamp,
            &sig.signer_id,
        )
        .expect("should succeed");
        assert_eq!(recovered.signature, raw);
        assert_eq!(recovered.version, 1);
        assert_eq!(recovered.algorithm, "sha256-chain");
        assert_eq!(recovered.timestamp, 42);
        assert_eq!(recovered.signer_id, "tester");
    }

    // 8. signature_from_hex rejects bad length
    #[test]
    fn signature_from_hex_rejects_wrong_length() {
        let bad_hex = hex::encode(b"tooshort");
        let result = signature_from_hex(&bad_hex, 1, "sha256-chain", 0, "tester");
        assert!(result.is_err());
    }

    // 9. write_signature_file / read_signature_file round-trip
    #[test]
    fn write_read_signature_file_roundtrip() {
        let tmp = tempdir("roundtrip");
        let sig_path = tmp.join("sig.txt");

        // Build a signed pack with known data
        let raw_sig = double_hash_sign(b"roundtrip-key", b"roundtrip-data");
        let signed = SignedPack {
            manifest_hash: double_hash_sign(b"", b"manifest"),
            signature: PackSignature {
                version: 1,
                algorithm: "sha256-chain".to_string(),
                signature: raw_sig.clone(),
                timestamp: 0,
                signer_id: "ci-bot".to_string(),
            },
        };

        write_signature_file(&signed, &sig_path).expect("should succeed");
        let recovered = read_signature_file(&sig_path).expect("should succeed");

        assert_eq!(recovered.manifest_hash, signed.manifest_hash);
        assert_eq!(recovered.signature.signature, raw_sig);
        assert_eq!(recovered.signature.version, 1);
        assert_eq!(recovered.signature.signer_id, "ci-bot");
    }

    // 10. verify_pack_signature succeeds on consistent data
    #[test]
    fn verify_pack_signature_succeeds_on_valid_data() {
        let tmp = tempdir("verify_ok");
        write_file(&tmp, "a.bin", b"alpha");
        write_file(&tmp, "b.bin", b"beta");

        let key = b"correct-key";
        let signed = sign_pack_dir(&tmp, key, "test-signer").expect("should succeed");
        assert!(verify_pack_signature(&tmp, &signed, key));
    }

    // 11. Wrong key fails verification
    #[test]
    fn verify_pack_signature_fails_wrong_key() {
        let tmp = tempdir("verify_wrong_key");
        write_file(&tmp, "x.bin", b"data");

        let signed = sign_pack_dir(&tmp, b"correct-key", "signer").expect("should succeed");
        assert!(!verify_pack_signature(&tmp, &signed, b"wrong-key"));
    }

    // 12. Tampered file fails verification
    #[test]
    fn verify_pack_signature_fails_tampered_file() {
        let tmp = tempdir("verify_tampered");
        write_file(&tmp, "file.bin", b"original");

        let key = b"tamper-key";
        let signed = sign_pack_dir(&tmp, key, "signer").expect("should succeed");

        // Tamper after signing
        write_file(&tmp, "file.bin", b"tampered!");

        assert!(!verify_pack_signature(&tmp, &signed, key));
    }

    // 13. pack_manifest_hash is stable
    #[test]
    fn pack_manifest_hash_is_stable() {
        let tmp = tempdir("manifest_stable");
        write_file(&tmp, "c.bin", b"gamma");
        write_file(&tmp, "a.bin", b"alpha");
        write_file(&tmp, "b.bin", b"beta");

        let h1 = pack_manifest_hash(&tmp).expect("should succeed");
        let h2 = pack_manifest_hash(&tmp).expect("should succeed");
        assert_eq!(h1, h2);
    }
}