keri_core/prefix/
mod.rs

1use crate::{
2    database::redb::rkyv_adapter::said_wrapper::SaidValue,
3    event::sections::key_config::SignatureError,
4};
5
6use self::error::Error;
7use cesrox::primitives::codes::PrimitiveCode;
8pub use cesrox::primitives::CesrPrimitive;
9use core::str::FromStr;
10use said::SelfAddressingIdentifier;
11use serde::{Deserialize, Deserializer, Serialize, Serializer};
12use std::fmt::Display;
13
14pub mod attached_signature;
15pub mod basic;
16pub mod cesr_adapter;
17pub mod error;
18pub mod seed;
19pub mod self_signing;
20
21pub use attached_signature::IndexedSignature;
22pub use basic::BasicPrefix;
23pub use seed::SeedPrefix;
24pub use self_signing::SelfSigningPrefix;
25
26#[derive(Debug, PartialEq, Clone, Eq, Hash, rkyv::Archive, rkyv::Serialize, rkyv::Deserialize)]
27#[rkyv(derive(Debug))]
28pub enum IdentifierPrefix {
29    Basic(BasicPrefix),
30    SelfAddressing(SaidValue),
31    SelfSigning(SelfSigningPrefix),
32}
33
34impl IdentifierPrefix {
35    pub fn self_addressing(said: SelfAddressingIdentifier) -> Self {
36        IdentifierPrefix::SelfAddressing(said.into())
37    }
38
39    pub fn basic(bp: BasicPrefix) -> Self {
40        IdentifierPrefix::Basic(bp)
41    }
42
43    pub fn self_signing(self_signing: SelfSigningPrefix) -> Self {
44        IdentifierPrefix::SelfSigning(self_signing)
45    }
46}
47
48impl Display for IdentifierPrefix {
49    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
50        write!(f, "{}", self.to_str())
51    }
52}
53
54impl FromStr for IdentifierPrefix {
55    type Err = Error;
56    fn from_str(s: &str) -> Result<Self, Self::Err> {
57        match BasicPrefix::from_str(s) {
58            Ok(bp) => Ok(Self::Basic(bp)),
59            Err(_) => match SelfAddressingIdentifier::from_str(s) {
60                Ok(sa) => Ok(Self::SelfAddressing(sa.into())),
61                Err(_) => Ok(Self::SelfSigning(SelfSigningPrefix::from_str(s)?)),
62            },
63        }
64    }
65}
66
67impl CesrPrimitive for IdentifierPrefix {
68    fn derivative(&self) -> Vec<u8> {
69        match self {
70            Self::Basic(bp) => bp.derivative(),
71            Self::SelfAddressing(sap) => sap.said.derivative(),
72            Self::SelfSigning(ssp) => ssp.derivative(),
73        }
74    }
75    fn derivation_code(&self) -> PrimitiveCode {
76        match self {
77            Self::Basic(bp) => bp.derivation_code(),
78            Self::SelfAddressing(sap) => sap.said.derivation_code(),
79            Self::SelfSigning(ssp) => ssp.derivation_code(),
80        }
81    }
82}
83
84/// Serde compatible Serialize
85impl Serialize for IdentifierPrefix {
86    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
87    where
88        S: Serializer,
89    {
90        serializer.serialize_str(&self.to_str())
91    }
92}
93
94/// Serde compatible Deserialize
95impl<'de> Deserialize<'de> for IdentifierPrefix {
96    fn deserialize<D>(deserializer: D) -> Result<IdentifierPrefix, D::Error>
97    where
98        D: Deserializer<'de>,
99    {
100        let s = String::deserialize(deserializer)?;
101
102        IdentifierPrefix::from_str(&s).map_err(serde::de::Error::custom)
103    }
104}
105
106impl Default for IdentifierPrefix {
107    fn default() -> Self {
108        IdentifierPrefix::SelfAddressing(SelfAddressingIdentifier::default().into())
109    }
110}
111
112/// Verify
113///
114/// Uses a public key to verify a signature against some data, with
115/// the key and signature represented by Basic and Self-Signing Prefixes
116pub fn verify(
117    data: &[u8],
118    key: &BasicPrefix,
119    signature: &SelfSigningPrefix,
120) -> Result<bool, SignatureError> {
121    match key {
122        BasicPrefix::Ed25519(pk) | BasicPrefix::Ed25519NT(pk) => match signature {
123            SelfSigningPrefix::Ed25519Sha512(signature) => {
124                Ok(pk.verify_ed(data.as_ref(), signature))
125            }
126            _ => Err(SignatureError::WrongSignatureTypeError),
127        },
128        BasicPrefix::ECDSAsecp256k1(key) | BasicPrefix::ECDSAsecp256k1NT(key) => match signature {
129            SelfSigningPrefix::ECDSAsecp256k1Sha256(signature) => {
130                Ok(key.verify_ecdsa(data.as_ref(), signature))
131            }
132            _ => Err(SignatureError::WrongSignatureTypeError),
133        },
134        _ => Err(SignatureError::WrongKeyTypeError),
135    }
136}
137
138/// Derive
139///
140/// Derives the Basic Prefix corrosponding to the given Seed Prefix
141pub fn derive(seed: &SeedPrefix, transferable: bool) -> Result<BasicPrefix, Error> {
142    let (pk, _) = seed.derive_key_pair()?;
143    Ok(match seed {
144        SeedPrefix::RandomSeed256Ed25519(_) if transferable => BasicPrefix::Ed25519(pk),
145        SeedPrefix::RandomSeed256Ed25519(_) if !transferable => BasicPrefix::Ed25519NT(pk),
146        SeedPrefix::RandomSeed256ECDSAsecp256k1(_) if transferable => {
147            BasicPrefix::ECDSAsecp256k1(pk)
148        }
149        SeedPrefix::RandomSeed256ECDSAsecp256k1(_) if !transferable => {
150            BasicPrefix::ECDSAsecp256k1NT(pk)
151        }
152        _ => return Err(Error::WrongSeedTypeError),
153    })
154}
155
156#[cfg(test)]
157mod tests {
158    use super::*;
159    use crate::keys::{PrivateKey, PublicKey};
160    use ed25519_dalek::Keypair;
161    use rand::rngs::OsRng;
162    use said::derivation::{HashFunction, HashFunctionCode};
163
164    #[test]
165    fn simple_deserialize() -> Result<(), Error> {
166        let pref: IdentifierPrefix = "BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".parse()?;
167
168        assert_eq!(pref.derivation_code().to_str(), "B");
169
170        assert_eq!(pref.derivative().len(), 32);
171
172        assert_eq!(pref.derivative().to_vec(), vec![0u8; 32]);
173
174        Ok(())
175    }
176
177    #[test]
178    fn length() -> Result<(), Error> {
179        // correct
180        assert!(IdentifierPrefix::from_str("BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").is_ok());
181        assert!(IdentifierPrefix::from_str("CBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").is_ok());
182
183        // too short
184        assert!(!IdentifierPrefix::from_str("BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").is_ok());
185
186        // too long
187        assert!(
188            !IdentifierPrefix::from_str("BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").is_ok()
189        );
190
191        // not a real prefix
192        assert!(
193            !IdentifierPrefix::from_str("ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").is_ok()
194        );
195
196        // not base 64 URL
197        assert!(
198            !IdentifierPrefix::from_str("BAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAA").is_ok()
199        );
200
201        Ok(())
202    }
203
204    #[test]
205    fn simple_serialize() -> Result<(), Error> {
206        let pref = BasicPrefix::Ed25519NT(PublicKey::new(
207            ed25519_dalek::PublicKey::from_bytes(&[0; 32])?
208                .to_bytes()
209                .to_vec(),
210        ));
211
212        assert_eq!(
213            pref.to_str(),
214            "BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
215        );
216
217        Ok(())
218    }
219
220    #[test]
221    fn verify() -> Result<(), Error> {
222        let data_string = "hello there";
223
224        let kp = Keypair::generate(&mut OsRng);
225        let pub_key = PublicKey::new(kp.public.to_bytes().to_vec());
226        let priv_key = PrivateKey::new(kp.secret.to_bytes().to_vec());
227
228        let key_prefix = BasicPrefix::Ed25519NT(pub_key);
229
230        let sig = priv_key.sign_ed(&data_string.as_bytes()).unwrap();
231        let sig_prefix = SelfSigningPrefix::Ed25519Sha512(sig);
232
233        let check = key_prefix.verify(&data_string.as_bytes(), &sig_prefix);
234        assert!(check.is_ok());
235        assert!(check.unwrap());
236
237        Ok(())
238    }
239
240    #[test]
241    fn prefix_deserialization() -> Result<(), Error> {
242        /// Helper function that checks whether all codes fulfill the condition
243        /// given by predicate `pred`.
244        fn all_codes<F>(codes: Vec<(&str, usize)>, pred: F) -> Result<(), Error>
245        where
246            F: Fn(IdentifierPrefix) -> bool,
247        {
248            for (code, length) in codes {
249                let pref: IdentifierPrefix =
250                    [code.to_string(), "A".repeat(length)].join("").parse()?;
251                assert!(pred(pref.clone()));
252                assert_eq!(pref.derivation_code().to_str(), code);
253            }
254            Ok(())
255        }
256
257        // All codes that are mapped to `BasicPrefix`.
258        let basic_codes = vec!["B", "C", "D", "L", "1AAA", "1AAB", "1AAC", "1AAD"].into_iter();
259        // Allowed string lengths for respective basic codes.
260        let allowed_lengths = vec![43, 43, 43, 75, 44, 44, 76, 76].into_iter();
261        let is_basic = |identifier| matches!(&identifier, IdentifierPrefix::Basic(_));
262        all_codes(basic_codes.zip(allowed_lengths).collect(), is_basic)?;
263
264        // All codes that are mapped to `SelfAddressingIdentifier`.
265        let self_adressing_codes =
266            vec!["E", "F", "G", "H", "I", "0D", "0E", "0F", "0G"].into_iter();
267        // Allowed string lengths for respective self addressing codes.
268        let allowed_lengths = vec![43, 43, 43, 43, 43, 86, 86, 86, 86].into_iter();
269        let is_self_addresing =
270            |identifier| matches!(&identifier, IdentifierPrefix::SelfAddressing(_));
271        all_codes(
272            self_adressing_codes.zip(allowed_lengths).collect(),
273            is_self_addresing,
274        )?;
275
276        // All codes that are mapped to `SelfSigningPrefix`.
277        let is_self_signing = |identifier| matches!(&identifier, IdentifierPrefix::SelfSigning(_));
278        // Allowed string lengths for respective self signing codes.
279        let self_signing_codes = vec!["0B", "0C", "1AAE"].into_iter();
280        let allowed_lengths = vec![86, 86, 152].into_iter();
281        all_codes(
282            self_signing_codes.zip(allowed_lengths).collect(),
283            is_self_signing,
284        )?;
285
286        Ok(())
287    }
288
289    #[test]
290    fn prefix_serialization() -> Result<(), Error> {
291        // The lengths of respective vectors are choosen according to [0, Section 14.2]
292        // [0]: https://github.com/SmithSamuelM/Papers/raw/master/whitepapers/KERI_WP_2.x.web.pdf
293
294        // Test BasicPrefix serialization.
295        assert_eq!(
296            BasicPrefix::Ed25519NT(PublicKey::new(
297                ed25519_dalek::PublicKey::from_bytes(&[0; 32])?
298                    .to_bytes()
299                    .to_vec()
300            ))
301            .to_str(),
302            ["B".to_string(), "A".repeat(43)].join("")
303        );
304        assert_eq!(
305            BasicPrefix::X25519(PublicKey::new(
306                ed25519_dalek::PublicKey::from_bytes(&[0; 32])?
307                    .to_bytes()
308                    .to_vec()
309            ))
310            .to_str(),
311            ["C".to_string(), "A".repeat(43)].join("")
312        );
313        assert_eq!(
314            BasicPrefix::Ed25519(PublicKey::new(
315                ed25519_dalek::PublicKey::from_bytes(&[0; 32])?
316                    .to_bytes()
317                    .to_vec()
318            ))
319            .to_str(),
320            ["D".to_string(), "A".repeat(43)].join("")
321        );
322        assert_eq!(
323            BasicPrefix::X448(PublicKey::new([0; 56].to_vec())).to_str(),
324            ["L".to_string(), "A".repeat(75)].join("")
325        );
326        assert_eq!(
327            BasicPrefix::ECDSAsecp256k1NT(PublicKey::new([0; 33].to_vec())).to_str(),
328            ["1AAA".to_string(), "A".repeat(44)].join("")
329        );
330        assert_eq!(
331            BasicPrefix::ECDSAsecp256k1(PublicKey::new([0; 33].to_vec())).to_str(),
332            ["1AAB".to_string(), "A".repeat(44)].join("")
333        );
334        assert_eq!(
335            BasicPrefix::Ed448NT(PublicKey::new([0; 57].to_vec())).to_str(),
336            ["1AAC".to_string(), "A".repeat(76)].join("")
337        );
338        assert_eq!(
339            BasicPrefix::Ed448(PublicKey::new([0; 57].to_vec())).to_str(),
340            ["1AAD".to_string(), "A".repeat(76)].join("")
341        );
342
343        // Test SelfAddressingIdentifier serialization.
344        assert_eq!(
345            SelfAddressingIdentifier::new(HashFunctionCode::Blake3_256.into(), vec![0; 32])
346                .to_str(),
347            ["E".to_string(), "A".repeat(43)].join("")
348        );
349        assert_eq!(
350            SelfAddressingIdentifier::new(HashFunctionCode::Blake2B256(vec!()).into(), vec![0; 32])
351                .to_str(),
352            ["F".to_string(), "A".repeat(43)].join("")
353        );
354        assert_eq!(
355            SelfAddressingIdentifier::new(HashFunctionCode::Blake2S256(vec!()).into(), vec![0; 32])
356                .to_str(),
357            ["G".to_string(), "A".repeat(43)].join("")
358        );
359        assert_eq!(
360            SelfAddressingIdentifier::new(HashFunctionCode::SHA3_256.into(), vec![0; 32]).to_str(),
361            ["H".to_string(), "A".repeat(43)].join("")
362        );
363        assert_eq!(
364            SelfAddressingIdentifier::new(HashFunctionCode::SHA2_256.into(), vec![0; 32]).to_str(),
365            ["I".to_string(), "A".repeat(43)].join("")
366        );
367        assert_eq!(
368            SelfAddressingIdentifier::new(HashFunctionCode::Blake3_512.into(), vec![0; 64])
369                .to_str(),
370            ["0D".to_string(), "A".repeat(86)].join("")
371        );
372        assert_eq!(
373            SelfAddressingIdentifier::new(HashFunctionCode::SHA3_512.into(), vec![0; 64]).to_str(),
374            ["0E".to_string(), "A".repeat(86)].join("")
375        );
376        assert_eq!(
377            SelfAddressingIdentifier::new(HashFunctionCode::Blake2B512.into(), vec![0; 64])
378                .to_str(),
379            ["0F".to_string(), "A".repeat(86)].join("")
380        );
381        assert_eq!(
382            SelfAddressingIdentifier::new(HashFunctionCode::SHA2_512.into(), vec![0; 64]).to_str(),
383            ["0G".to_string(), "A".repeat(86)].join("")
384        );
385
386        // Test SelfSigningPrefix serialization.
387        assert_eq!(
388            SelfSigningPrefix::ECDSAsecp256k1Sha256(vec![0; 64]).to_str(),
389            ["0C".to_string(), "A".repeat(86)].join("")
390        );
391        assert_eq!(
392            SelfSigningPrefix::Ed25519Sha512(vec![0; 64]).to_str(),
393            ["0B".to_string(), "A".repeat(86)].join("")
394        );
395        assert_eq!(
396            SelfSigningPrefix::Ed448(vec![0; 114]).to_str(),
397            ["1AAE".to_string(), "A".repeat(152)].join("")
398        );
399
400        Ok(())
401    }
402
403    #[test]
404    pub fn test_identifier_encoding() {
405        use crate::keys::PublicKey;
406        use sodiumoxide::hex;
407        let pub_key = "694e894769e6c3267e8b477c2590284cd647dd42ef6007d254fce1cd2e9be423";
408        let key = hex::decode(pub_key).unwrap();
409        let bp = BasicPrefix::Ed25519NT(PublicKey::new(key));
410        let hash_function: HashFunction = HashFunctionCode::Blake3_256.into();
411        let expected_identifier = "BGlOiUdp5sMmfotHfCWQKEzWR91C72AH0lT84c0um-Qj";
412        assert_eq!(bp.to_str(), expected_identifier);
413
414        // Prefixes from keripy/tests/core/test_coring:test_diger
415        let to_digest = "abcdefghijklmnopqrstuvwxyz0123456789";
416        let dig = hash_function.derive(to_digest.as_bytes());
417        dig.verify_binding(to_digest.as_bytes());
418        assert_eq!(dig.to_str(), "ELC5L3iBVD77d_MYbYGGCUQgqQBju1o4x1Ud-z2sL-ux");
419
420        // Digest from: keripy/tests/core/test_coring:test_nexter
421        let to_digest = "BDjXHlcskwOzNj8rYbV8IQ6ox2TW_KkbA1K3-n0EU0un";
422        let dig = hash_function.derive(to_digest.as_bytes());
423        assert_eq!(dig.to_str(), "EP9XvFnpQP4vnaTNDNAMU2T7nxDPe1EZLUaiABcLRfS4");
424
425        // Prefixes from keripy/tests/core/test_coring:test_matter
426        let self_signing_b64 =
427        "mdI8OSQkMJ9r-xigjEByEjIua7LHH3AOJ22PQKqljMhuhcgh9nGRcKnsz5KvKd7K_H9-1298F4Id1DxvIoEmCQ==";
428        let self_signing_raw = base64::decode_config(self_signing_b64, base64::URL_SAFE).unwrap();
429
430        let ssp = SelfSigningPrefix::Ed25519Sha512(self_signing_raw);
431        assert_eq!(
432        ssp.to_str(),
433        "0BCZ0jw5JCQwn2v7GKCMQHISMi5rsscfcA4nbY9AqqWMyG6FyCH2cZFwqezPkq8p3sr8f37Xb3wXgh3UPG8igSYJ"
434    );
435    }
436}