mur_core/constitution/

signing.rs

//! Ed25519 signing and SHA-256 checksum verification for the constitution.
//!
//! The constitution is tamper-proof: any modification to the TOML file will
//! invalidate both the checksum and the Ed25519 signature. Users must re-sign
//! the constitution after any intentional modification.

use base64::engine::general_purpose::STANDARD as BASE64;
use base64::Engine;
use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
use sha2::{Digest, Sha256};
use std::path::Path;

use super::ConstitutionError;

/// An Ed25519 keypair for constitution signing.
#[derive(Debug)]
pub struct ConstitutionKeypair {
    signing_key: SigningKey,
}

/// Result of signing a constitution file.
#[derive(Debug, Clone)]
pub struct SignatureResult {
    /// SHA-256 hex digest of the constitution content.
    pub checksum: String,
    /// Base64-encoded Ed25519 signature of the checksum.
    pub signature: String,
    /// Base64-encoded public key for verification.
    pub public_key: String,
}

/// Result of verifying a constitution file.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum VerifyResult {
    /// The constitution is valid and untampered.
    Valid,
    /// The checksum doesn't match — file was modified.
    ChecksumMismatch {
        expected: String,
        actual: String,
    },
    /// The signature is invalid — possibly tampered.
    SignatureInvalid,
    /// Missing required fields (checksum/signature/public_key).
    MissingFields(String),
}

impl ConstitutionKeypair {
    /// Generate a new random Ed25519 keypair.
    pub fn generate() -> Self {
        let mut rng = rand::thread_rng();
        let signing_key = SigningKey::generate(&mut rng);
        Self { signing_key }
    }

    /// Load a keypair from a base64-encoded private key.
    pub fn from_base64(key_b64: &str) -> Result<Self, ConstitutionError> {
        let bytes = BASE64.decode(key_b64).map_err(|e| {
            ConstitutionError::SigningError(format!("Invalid base64 key: {}", e))
        })?;
        let key_bytes: [u8; 32] = bytes.try_into().map_err(|_| {
            ConstitutionError::SigningError("Key must be exactly 32 bytes".into())
        })?;
        Ok(Self {
            signing_key: SigningKey::from_bytes(&key_bytes),
        })
    }

    /// Export the private key as base64.
    pub fn private_key_base64(&self) -> String {
        BASE64.encode(self.signing_key.to_bytes())
    }

    /// Export the public key as base64.
    pub fn public_key_base64(&self) -> String {
        BASE64.encode(self.signing_key.verifying_key().to_bytes())
    }

    /// Sign a constitution file. Returns the checksum and signature.
    ///
    /// The signing process:
    /// 1. Read the file content
    /// 2. Extract the signable content (everything except identity checksum/signature fields)
    /// 3. Compute SHA-256 of the signable content
    /// 4. Sign the checksum with Ed25519
    pub fn sign_file(&self, path: &Path) -> Result<SignatureResult, ConstitutionError> {
        let content = std::fs::read_to_string(path)?;
        self.sign_content(&content)
    }

    /// Sign constitution content directly (useful for testing).
    pub fn sign_content(&self, content: &str) -> Result<SignatureResult, ConstitutionError> {
        let signable = extract_signable_content(content);
        let checksum = compute_sha256(&signable);
        let checksum_bytes = hex::decode(&checksum).map_err(|e| {
            ConstitutionError::SigningError(format!("Hex decode error: {}", e))
        })?;
        let signature = self.signing_key.sign(&checksum_bytes);

        Ok(SignatureResult {
            checksum,
            signature: BASE64.encode(signature.to_bytes()),
            public_key: self.public_key_base64(),
        })
    }
}

/// Verify a constitution file's integrity.
///
/// Checks:
/// 1. The stored checksum matches the actual content hash
/// 2. The Ed25519 signature is valid for that checksum
pub fn verify_constitution(
    content: &str,
    stored_checksum: &str,
    stored_signature_b64: &str,
    public_key_b64: &str,
) -> VerifyResult {
    // Check for missing fields
    if stored_checksum.is_empty() || stored_signature_b64.is_empty() || public_key_b64.is_empty() {
        return VerifyResult::MissingFields(
            "Constitution must have checksum, signature, and public key".into(),
        );
    }

    // 1. Recompute checksum from file content
    let signable = extract_signable_content(content);
    let actual_checksum = compute_sha256(&signable);

    // 2. Compare checksums
    if actual_checksum != stored_checksum {
        return VerifyResult::ChecksumMismatch {
            expected: stored_checksum.to_string(),
            actual: actual_checksum,
        };
    }

    // 3. Verify Ed25519 signature
    let sig_bytes = match BASE64.decode(stored_signature_b64) {
        Ok(b) => b,
        Err(_) => return VerifyResult::SignatureInvalid,
    };

    let signature = match Signature::from_slice(&sig_bytes) {
        Ok(s) => s,
        Err(_) => return VerifyResult::SignatureInvalid,
    };

    let pk_bytes = match BASE64.decode(public_key_b64) {
        Ok(b) => b,
        Err(_) => return VerifyResult::SignatureInvalid,
    };

    let pk_array: [u8; 32] = match pk_bytes.try_into() {
        Ok(a) => a,
        Err(_) => return VerifyResult::SignatureInvalid,
    };

    let verifying_key = match VerifyingKey::from_bytes(&pk_array) {
        Ok(k) => k,
        Err(_) => return VerifyResult::SignatureInvalid,
    };

    let checksum_bytes = match hex::decode(&actual_checksum) {
        Ok(b) => b,
        Err(_) => return VerifyResult::SignatureInvalid,
    };

    match verifying_key.verify(&checksum_bytes, &signature) {
        Ok(()) => VerifyResult::Valid,
        Err(_) => VerifyResult::SignatureInvalid,
    }
}

/// Compute SHA-256 hex digest of the given content.
pub fn compute_sha256(content: &str) -> String {
    let mut hasher = Sha256::new();
    hasher.update(content.as_bytes());
    let result = hasher.finalize();
    hex::encode(result)
}

/// Extract the "signable" portion of a constitution TOML.
///
/// This removes the mutable identity fields (checksum, signature, signed_by)
/// so that signing doesn't create a circular dependency. The signable content
/// is everything in [boundaries], [resource_limits], and [model_permissions].
fn extract_signable_content(content: &str) -> String {
    let mut signable_lines = Vec::new();
    let mut in_identity = false;

    for line in content.lines() {
        let trimmed = line.trim();

        // Track which section we're in
        if trimmed.starts_with('[') && !trimmed.starts_with("[[") {
            in_identity = trimmed == "[identity]";
        }

        // Skip identity section fields (they change during signing)
        if in_identity {
            continue;
        }

        signable_lines.push(line);
    }

    signable_lines.join("\n")
}

/// Hex encoding/decoding helpers (inline to avoid adding another dep).
mod hex {
    pub fn encode(bytes: impl AsRef<[u8]>) -> String {
        bytes
            .as_ref()
            .iter()
            .map(|b| format!("{:02x}", b))
            .collect()
    }

    pub fn decode(s: &str) -> Result<Vec<u8>, String> {
        if !s.len().is_multiple_of(2) {
            return Err("Hex string must have even length".into());
        }
        (0..s.len())
            .step_by(2)
            .map(|i| {
                u8::from_str_radix(&s[i..i + 2], 16)
                    .map_err(|e| format!("Invalid hex at position {}: {}", i, e))
            })
            .collect()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    const SAMPLE_CONSTITUTION: &str = r#"
[identity]
version = "1.0.0"
checksum = ""
signed_by = ""
signature = ""

[boundaries]
forbidden = ["rm -rf /", "DROP DATABASE"]
requires_approval = ["git push", "deploy *"]
auto_allowed = ["git status", "run tests"]

[resource_limits]
max_api_cost_per_run = 5.0
max_api_cost_per_day = 50.0
max_execution_time = 3600
max_concurrent_workflows = 3
max_file_write_size = "10MB"
allowed_directories = ["~/Projects"]
blocked_directories = ["/etc"]

[model_permissions]
thinking_model = { can_execute = false, can_read = true }
coding_model = { can_execute = true, can_read = true, sandbox_only = true }
task_model = { can_execute = true, can_read = true }
"#;

    #[test]
    fn test_generate_keypair() {
        let kp = ConstitutionKeypair::generate();
        let pk = kp.public_key_base64();
        let sk = kp.private_key_base64();
        assert!(!pk.is_empty());
        assert!(!sk.is_empty());
        // Keys should be different
        assert_ne!(pk, sk);
    }

    #[test]
    fn test_keypair_roundtrip() {
        let kp = ConstitutionKeypair::generate();
        let sk_b64 = kp.private_key_base64();
        let pk_b64 = kp.public_key_base64();

        let kp2 = ConstitutionKeypair::from_base64(&sk_b64).unwrap();
        assert_eq!(kp2.public_key_base64(), pk_b64);
    }

    #[test]
    fn test_sign_and_verify() {
        let kp = ConstitutionKeypair::generate();
        let result = kp.sign_content(SAMPLE_CONSTITUTION).unwrap();

        assert!(!result.checksum.is_empty());
        assert!(!result.signature.is_empty());

        let verify = verify_constitution(
            SAMPLE_CONSTITUTION,
            &result.checksum,
            &result.signature,
            &result.public_key,
        );
        assert_eq!(verify, VerifyResult::Valid);
    }

    #[test]
    fn test_tamper_detection_content_modified() {
        let kp = ConstitutionKeypair::generate();
        let result = kp.sign_content(SAMPLE_CONSTITUTION).unwrap();

        // Tamper with the content
        let tampered = SAMPLE_CONSTITUTION.replace("rm -rf /", "rm -rf /home");

        let verify = verify_constitution(
            &tampered,
            &result.checksum,
            &result.signature,
            &result.public_key,
        );
        assert!(matches!(verify, VerifyResult::ChecksumMismatch { .. }));
    }

    #[test]
    fn test_tamper_detection_signature_modified() {
        let kp = ConstitutionKeypair::generate();
        let result = kp.sign_content(SAMPLE_CONSTITUTION).unwrap();

        // Use a different keypair's signature
        let kp2 = ConstitutionKeypair::generate();
        let result2 = kp2.sign_content(SAMPLE_CONSTITUTION).unwrap();

        let verify = verify_constitution(
            SAMPLE_CONSTITUTION,
            &result.checksum,
            &result2.signature, // Wrong signature!
            &result.public_key,
        );
        assert_eq!(verify, VerifyResult::SignatureInvalid);
    }

    #[test]
    fn test_tamper_detection_wrong_public_key() {
        let kp = ConstitutionKeypair::generate();
        let result = kp.sign_content(SAMPLE_CONSTITUTION).unwrap();

        // Use a different public key
        let kp2 = ConstitutionKeypair::generate();

        let verify = verify_constitution(
            SAMPLE_CONSTITUTION,
            &result.checksum,
            &result.signature,
            &kp2.public_key_base64(), // Wrong key!
        );
        assert_eq!(verify, VerifyResult::SignatureInvalid);
    }

    #[test]
    fn test_missing_fields() {
        let verify = verify_constitution(SAMPLE_CONSTITUTION, "", "sig", "pk");
        assert!(matches!(verify, VerifyResult::MissingFields(_)));

        let verify = verify_constitution(SAMPLE_CONSTITUTION, "checksum", "", "pk");
        assert!(matches!(verify, VerifyResult::MissingFields(_)));
    }

    #[test]
    fn test_sha256_deterministic() {
        let hash1 = compute_sha256("hello world");
        let hash2 = compute_sha256("hello world");
        assert_eq!(hash1, hash2);
        assert_eq!(hash1.len(), 64); // 256 bits = 64 hex chars
    }

    #[test]
    fn test_sha256_different_inputs() {
        let hash1 = compute_sha256("hello");
        let hash2 = compute_sha256("world");
        assert_ne!(hash1, hash2);
    }

    #[test]
    fn test_extract_signable_content_excludes_identity() {
        let signable = extract_signable_content(SAMPLE_CONSTITUTION);
        assert!(!signable.contains("[identity]"));
        assert!(!signable.contains("checksum"));
        assert!(!signable.contains("signed_by"));
        // But should contain other sections
        assert!(signable.contains("[boundaries]"));
        assert!(signable.contains("[resource_limits]"));
    }

    #[test]
    fn test_identity_changes_dont_affect_checksum() {
        // Changing identity fields should NOT change the signable content
        let content1 = SAMPLE_CONSTITUTION;
        let content2 = SAMPLE_CONSTITUTION.replace(
            "checksum = \"\"",
            "checksum = \"abc123\"",
        );

        let signable1 = extract_signable_content(content1);
        let signable2 = extract_signable_content(&content2);

        assert_eq!(
            compute_sha256(&signable1),
            compute_sha256(&signable2),
        );
    }

    #[test]
    fn test_hex_roundtrip() {
        let original = vec![0u8, 1, 255, 128, 64];
        let encoded = hex::encode(&original);
        let decoded = hex::decode(&encoded).unwrap();
        assert_eq!(original, decoded);
    }
}