solid-pod-rs-didkey 0.4.0-alpha.4

did:key (Ed25519 / P-256 / secp256k1) self-signed JWT verifier for solid-pod-rs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

//! Public-key representation for `did:key`.
//!
//! Each variant is tagged with the W3C multicodec code used in the
//! `did:key:z…` form (after varint encoding):
//!
//! | Variant    | Codec   | Serialised pubkey size |
//! |------------|---------|------------------------|
//! | Ed25519    | `0xed`  | 32 bytes (raw)         |
//! | P-256      | `0x1200`| 33 bytes (SEC1 compressed) |
//! | Secp256k1  | `0xe7`  | 33 bytes (SEC1 compressed) |
//!
//! Reference:
//! <https://github.com/multiformats/multicodec/blob/master/table.csv>

use crate::error::DidKeyError;

/// Multicodec code for Ed25519 public keys.
pub const CODEC_ED25519: u64 = 0xed;

/// Multicodec code for secp256k1 public keys (SEC1 compressed).
pub const CODEC_SECP256K1: u64 = 0xe7;

/// Multicodec code for NIST P-256 public keys (SEC1 compressed).
pub const CODEC_P256: u64 = 0x1200;

/// Length of an Ed25519 raw public key.
pub const ED25519_LEN: usize = 32;

/// Length of a SEC1-compressed P-256 / secp256k1 public key.
pub const SEC1_COMPRESSED_LEN: usize = 33;

/// W3C `did:key` public-key payload.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum DidKeyPubkey {
    /// 32-byte raw Ed25519 public key (RFC 8032).
    Ed25519([u8; ED25519_LEN]),

    /// 33-byte SEC1-compressed NIST P-256 public key.
    P256(Vec<u8>),

    /// 33-byte SEC1-compressed secp256k1 public key.
    Secp256k1(Vec<u8>),
}

impl DidKeyPubkey {
    /// Human-readable name for diagnostics.
    pub fn codec_name(&self) -> &'static str {
        match self {
            DidKeyPubkey::Ed25519(_) => "ed25519",
            DidKeyPubkey::P256(_) => "p-256",
            DidKeyPubkey::Secp256k1(_) => "secp256k1",
        }
    }

    /// Multicodec integer code corresponding to this variant.
    pub fn codec_code(&self) -> u64 {
        match self {
            DidKeyPubkey::Ed25519(_) => CODEC_ED25519,
            DidKeyPubkey::P256(_) => CODEC_P256,
            DidKeyPubkey::Secp256k1(_) => CODEC_SECP256K1,
        }
    }

    /// JWS `alg` value required for a signature produced by the paired
    /// private key, per RFC 8037 (EdDSA) / RFC 7518 §3.4 (ES256 /
    /// ES256K).
    pub fn jws_alg(&self) -> &'static str {
        match self {
            DidKeyPubkey::Ed25519(_) => "EdDSA",
            DidKeyPubkey::P256(_) => "ES256",
            DidKeyPubkey::Secp256k1(_) => "ES256K",
        }
    }

    /// Raw key bytes (no multicodec prefix).
    pub fn as_bytes(&self) -> &[u8] {
        match self {
            DidKeyPubkey::Ed25519(b) => b.as_slice(),
            DidKeyPubkey::P256(v) => v.as_slice(),
            DidKeyPubkey::Secp256k1(v) => v.as_slice(),
        }
    }

    /// Multicodec payload: `varint(codec) || key_bytes`. Used by the
    /// `did:key` encoder and by callers that want a raw identifier
    /// (e.g. CBOR identity tokens).
    pub fn to_multicodec_bytes(&self) -> Vec<u8> {
        let mut buf = [0u8; 10]; // unsigned-varint max for u64 is 10.
        let varint = unsigned_varint::encode::u64(self.codec_code(), &mut buf);
        let mut out = Vec::with_capacity(varint.len() + self.as_bytes().len());
        out.extend_from_slice(varint);
        out.extend_from_slice(self.as_bytes());
        out
    }

    /// Parse a multicodec payload into a [`DidKeyPubkey`]. Returns an
    /// error for unknown codecs or length mismatches.
    pub fn from_multicodec_bytes(bytes: &[u8]) -> Result<Self, DidKeyError> {
        let (code, rest) = unsigned_varint::decode::u64(bytes)
            .map_err(|e| DidKeyError::InvalidMultibase(format!("varint: {e}")))?;
        match code {
            CODEC_ED25519 => {
                if rest.len() != ED25519_LEN {
                    return Err(DidKeyError::InvalidKeyLength {
                        codec: "ed25519",
                        expected: ED25519_LEN,
                        actual: rest.len(),
                    });
                }
                let mut arr = [0u8; ED25519_LEN];
                arr.copy_from_slice(rest);
                Ok(DidKeyPubkey::Ed25519(arr))
            }
            CODEC_P256 => {
                if rest.len() != SEC1_COMPRESSED_LEN {
                    return Err(DidKeyError::InvalidKeyLength {
                        codec: "p-256",
                        expected: SEC1_COMPRESSED_LEN,
                        actual: rest.len(),
                    });
                }
                Ok(DidKeyPubkey::P256(rest.to_vec()))
            }
            CODEC_SECP256K1 => {
                if rest.len() != SEC1_COMPRESSED_LEN {
                    return Err(DidKeyError::InvalidKeyLength {
                        codec: "secp256k1",
                        expected: SEC1_COMPRESSED_LEN,
                        actual: rest.len(),
                    });
                }
                Ok(DidKeyPubkey::Secp256k1(rest.to_vec()))
            }
            other => Err(DidKeyError::UnknownCodec(other)),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn ed25519_roundtrip_multicodec() {
        let k = DidKeyPubkey::Ed25519([7u8; ED25519_LEN]);
        let bytes = k.to_multicodec_bytes();
        let out = DidKeyPubkey::from_multicodec_bytes(&bytes).unwrap();
        assert_eq!(k, out);
        assert_eq!(k.jws_alg(), "EdDSA");
    }

    #[test]
    fn p256_roundtrip_multicodec() {
        let mut sec1 = vec![0x02; SEC1_COMPRESSED_LEN];
        sec1[0] = 0x02; // compressed prefix
        let k = DidKeyPubkey::P256(sec1);
        let bytes = k.to_multicodec_bytes();
        let out = DidKeyPubkey::from_multicodec_bytes(&bytes).unwrap();
        assert_eq!(k, out);
        assert_eq!(k.jws_alg(), "ES256");
    }

    #[test]
    fn secp256k1_roundtrip_multicodec() {
        let mut sec1 = vec![0x02; SEC1_COMPRESSED_LEN];
        sec1[0] = 0x03;
        let k = DidKeyPubkey::Secp256k1(sec1);
        let bytes = k.to_multicodec_bytes();
        let out = DidKeyPubkey::from_multicodec_bytes(&bytes).unwrap();
        assert_eq!(k, out);
        assert_eq!(k.jws_alg(), "ES256K");
    }

    #[test]
    fn rejects_unknown_codec() {
        // 0xFFFF unused in the multicodec table as of 2026-04.
        let payload = vec![0xff, 0xff, 0x03, 1, 2, 3];
        let err = DidKeyPubkey::from_multicodec_bytes(&payload).unwrap_err();
        assert!(matches!(err, DidKeyError::UnknownCodec(_)));
    }

    #[test]
    fn rejects_wrong_ed25519_length() {
        let mut buf = [0u8; 10];
        let varint = unsigned_varint::encode::u64(CODEC_ED25519, &mut buf);
        let mut payload = varint.to_vec();
        payload.extend_from_slice(&[0u8; 16]); // wrong length
        let err = DidKeyPubkey::from_multicodec_bytes(&payload).unwrap_err();
        assert!(matches!(err, DidKeyError::InvalidKeyLength { .. }));
    }
}