1use std::io::Read;
2
3use bytes::{Buf, BufMut, Bytes, BytesMut};
4use derive_more::{AsMut, AsRef, Constructor, Display, From, Into};
5use ndn_tlv::{NonNegativeInteger, Tlv, TlvDecode, TlvEncode, TlvError, VarNum};
6
7use rand::SeedableRng;
8use rsa::{
9 pkcs1v15::{Signature, SigningKey},
10 signature::{RandomizedSigner, SignatureEncoding},
11 Pkcs1v15Sign,
12};
13use sha2::{Digest, Sha256};
14use time::{OffsetDateTime, UtcOffset};
15
16use crate::{
17 certificate::ToCertificate, Certificate, ContentType, Data, MetaInfo, Name, RsaCertificate,
18};
19
20use self::signature_type::get_signature_type;
21
22pub mod signature_type {
23 use ndn_tlv::TlvEncode;
24
25 use crate::Data;
26
27 pub const DIGEST_SHA256: usize = 0;
28 pub const SIGNATURE_SHA256_WITH_RSA: usize = 1;
29 pub const SIGNATURE_SHA256_WITH_ECDSA: usize = 3;
30 pub const SIGNATRUE_HMAC_WITH_SHA256: usize = 4;
31 pub const SIGNATURE_ED25519: usize = 5;
32
33 pub(super) fn get_signature_type<T: TlvEncode>(data: &Data<T>) -> Option<usize> {
34 Some(
35 data.signature_info()
36 .as_ref()?
37 .signature_type
38 .signature_type
39 .into(),
40 )
41 }
42
43 pub(super) fn ensure_signature_type<T: TlvEncode>(data: &Data<T>, typ: usize) -> Option<()> {
44 if get_signature_type(data)? != typ {
45 return None;
46 }
47 Some(())
48 }
49}
50
51#[derive(
52 Debug, Tlv, PartialEq, Eq, Clone, Hash, From, Into, AsRef, AsMut, Display, Constructor,
53)]
54#[tlv(27)]
55pub struct SignatureType {
56 signature_type: VarNum,
57}
58
59#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, From, Into, AsRef, AsMut, Constructor)]
60#[tlv(29)]
61pub struct KeyDigest {
62 data: Bytes,
63}
64
65#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash)]
66pub enum KeyLocatorData {
67 Name(Name),
68 KeyDigest(KeyDigest),
69}
70
71impl KeyLocatorData {
72 pub fn as_name(&self) -> Option<&Name> {
73 if let Self::Name(v) = self {
74 Some(v)
75 } else {
76 None
77 }
78 }
79
80 pub fn as_key_digest(&self) -> Option<&KeyDigest> {
81 if let Self::KeyDigest(v) = self {
82 Some(v)
83 } else {
84 None
85 }
86 }
87}
88
89#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, AsRef, AsMut, Constructor, From, Into)]
90#[tlv(28)]
91pub struct KeyLocator {
92 locator: KeyLocatorData,
93}
94
95impl KeyLocator {
96 pub fn locator(&self) -> &KeyLocatorData {
97 &self.locator
98 }
99}
100
101#[derive(Debug, PartialEq, Eq, Clone, Hash, Constructor)]
102pub struct Timestamp {
103 date: [u8; 8],
104 time: [u8; 6],
105}
106
107impl From<OffsetDateTime> for Timestamp {
108 fn from(value: OffsetDateTime) -> Self {
109 let datetime = value.to_offset(UtcOffset::UTC);
110 let date = format!(
111 "{:02}{:02}{:04}",
112 datetime.day(),
113 datetime.month() as u8,
114 datetime.year()
115 );
116
117 let mut date_buf = [0; 8];
118 date_buf.copy_from_slice(&date.as_bytes());
119
120 let time = format!(
121 "{:02}{:02}{:02}",
122 datetime.hour(),
123 datetime.minute(),
124 datetime.second()
125 );
126
127 let mut time_buf = [0; 6];
128 time_buf.copy_from_slice(&time.as_bytes());
129 Timestamp {
130 date: date_buf,
131 time: time_buf,
132 }
133 }
134}
135
136impl TlvEncode for Timestamp {
137 fn encode(&self) -> Bytes {
138 let mut bytes = BytesMut::with_capacity(self.size());
139 bytes.put(&self.date[..]);
140 bytes.put_u8(b'T');
141 bytes.put(&self.time[..]);
142 bytes.freeze()
143 }
144
145 fn size(&self) -> usize {
146 15
147 }
148}
149
150impl TlvDecode for Timestamp {
151 fn decode(bytes: &mut Bytes) -> ndn_tlv::Result<Self> {
152 if bytes.remaining() < 15 {
153 return Err(TlvError::UnexpectedEndOfStream);
154 }
155 let mut date = [0; 8];
156 let mut t = [0];
157 let mut time = [0; 6];
158
159 let mut reader = bytes.reader();
160 reader
161 .read_exact(&mut date)
162 .map_err(|_| TlvError::FormatError)?;
163 reader
164 .read_exact(&mut t)
165 .map_err(|_| TlvError::FormatError)?;
166 reader
167 .read_exact(&mut time)
168 .map_err(|_| TlvError::FormatError)?;
169
170 Ok(Self { date, time })
171 }
172}
173
174#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, Constructor)]
175#[tlv(254)]
176pub struct NotBefore {
177 pub not_before: Timestamp,
178}
179
180#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, Constructor)]
181#[tlv(255)]
182pub struct NotAfter {
183 pub not_after: Timestamp,
184}
185
186#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, Constructor)]
187#[tlv(253)]
188pub struct ValidityPeriod {
189 pub not_before: NotBefore,
190 pub not_after: NotAfter,
191}
192
193#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, Constructor)]
194#[tlv(22)]
195pub struct SignatureInfo {
196 signature_type: SignatureType,
197 key_locator: Option<KeyLocator>,
198 validity_period: Option<ValidityPeriod>,
199}
200
201impl SignatureInfo {
202 pub fn signature_type(&self) -> VarNum {
203 self.signature_type.signature_type
204 }
205
206 pub fn key_locator(&self) -> Option<&KeyLocatorData> {
207 self.key_locator.as_ref().map(|x| &x.locator)
208 }
209}
210
211#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, AsRef, AsMut, Constructor, From, Into)]
212#[tlv(23)]
213pub struct SignatureValue {
214 data: Bytes,
215}
216
217#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, AsRef, AsMut, Constructor, From, Into)]
218#[tlv(38)]
219pub struct SignatureNonce {
220 data: Bytes,
221}
222
223#[derive(
224 Debug,
225 Tlv,
226 PartialEq,
227 Eq,
228 Clone,
229 Hash,
230 AsRef,
231 AsMut,
232 Constructor,
233 From,
234 Into,
235 Display,
236 PartialOrd,
237 Ord,
238)]
239#[tlv(40)]
240pub struct SignatureTime {
241 data: NonNegativeInteger,
242}
243
244#[derive(
245 Debug,
246 Tlv,
247 PartialEq,
248 Eq,
249 Clone,
250 Hash,
251 From,
252 Into,
253 AsRef,
254 AsMut,
255 Constructor,
256 PartialOrd,
257 Ord,
258 Display,
259)]
260#[tlv(42)]
261pub struct SignatureSeqNum {
262 data: NonNegativeInteger,
263}
264
265#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, Constructor)]
266#[tlv(44)]
267pub struct InterestSignatureInfo {
268 pub(crate) signature_type: SignatureType,
269 pub(crate) key_locator: Option<KeyLocator>,
270 pub(crate) nonce: Option<SignatureNonce>,
271 pub(crate) time: Option<SignatureTime>,
272 pub(crate) seq_num: Option<SignatureSeqNum>,
273}
274
275impl InterestSignatureInfo {
276 pub fn signature_type(&self) -> VarNum {
277 self.signature_type.signature_type
278 }
279
280 pub fn key_locator(&self) -> Option<&KeyLocatorData> {
281 self.key_locator.as_ref().map(|x| &x.locator)
282 }
283
284 pub fn nonce(&self) -> Option<&Bytes> {
285 self.nonce.as_ref().map(|x| &x.data)
286 }
287
288 pub fn time(&self) -> Option<NonNegativeInteger> {
289 self.time.as_ref().map(|x| x.data)
290 }
291
292 pub fn seq_num(&self) -> Option<NonNegativeInteger> {
293 self.seq_num.as_ref().map(|x| x.data)
294 }
295}
296
297#[derive(Debug, Tlv, PartialEq, Eq, Clone, Hash, From, Into, AsRef, AsMut, Constructor)]
298#[tlv(46)]
299pub struct InterestSignatureValue {
300 data: Bytes,
301}
302
303pub trait SignMethod {
304 fn signature_type(&self) -> u64;
305
306 fn next_seq_num(&mut self) -> u64;
307
308 fn certificate(&self) -> Option<Certificate>;
309
310 fn sign(&self, data: &[u8]) -> Bytes;
311
312 fn time(&self) -> SignatureTime {
313 SignatureTime {
314 data: NonNegativeInteger::from(
315 std::time::SystemTime::now()
316 .duration_since(std::time::UNIX_EPOCH)
317 .unwrap()
318 .as_millis() as u64,
319 ),
320 }
321 }
322}
323
324pub trait SignMethodType {
325 const SIGNATURE_TYPE: u64;
326}
327
328impl<T: SignMethod> SignMethod for &mut T {
329 fn signature_type(&self) -> u64 {
330 (**self).signature_type()
331 }
332
333 fn next_seq_num(&mut self) -> u64 {
334 (**self).next_seq_num()
335 }
336
337 fn certificate(&self) -> Option<Certificate> {
338 (**self).certificate()
339 }
340
341 fn sign(&self, data: &[u8]) -> Bytes {
342 (**self).sign(data)
343 }
344}
345
346impl<T: SignMethod + ?Sized> SignMethod for Box<T> {
347 fn signature_type(&self) -> u64 {
348 (**self).signature_type()
349 }
350
351 fn next_seq_num(&mut self) -> u64 {
352 (**self).next_seq_num()
353 }
354
355 fn certificate(&self) -> Option<Certificate> {
356 (**self).certificate()
357 }
358
359 fn sign(&self, data: &[u8]) -> Bytes {
360 (**self).sign(data)
361 }
362}
363
364#[derive(Debug, Clone, Copy, Hash, PartialEq, Eq)]
365pub struct KnownSigners;
366
367pub trait ToSigner {
368 fn from_data(&self, data: Data<Bytes>) -> Option<Box<dyn SignMethod + Send + Sync>>;
369}
370impl ToSigner for KnownSigners {
371 fn from_data(&self, data: Data<Bytes>) -> Option<Box<dyn SignMethod + Send + Sync>> {
372 match get_signature_type(&data)? {
373 signature_type::DIGEST_SHA256 => Some(Box::new(DigestSha256::from_data(data)?)),
374 signature_type::SIGNATURE_SHA256_WITH_RSA => {
375 Some(Box::new(SignatureSha256WithRsa::from_data(data)?))
376 }
377 _ => None,
378 }
379 }
380}
381
382#[derive(Debug, Clone, Copy, Hash, PartialEq, Eq)]
383pub struct KnownVerifiers;
384
385pub trait ToVerifier {
386 fn from_data(&self, data: Data<Bytes>) -> Option<Box<dyn SignatureVerifier + Send + Sync>>;
387}
388
389impl ToVerifier for KnownVerifiers {
390 fn from_data(&self, data: Data<Bytes>) -> Option<Box<dyn SignatureVerifier + Send + Sync>> {
391 match get_signature_type(&data)? {
392 signature_type::DIGEST_SHA256 => Some(Box::new(DigestSha256::from_data(data)?)),
393 signature_type::SIGNATURE_SHA256_WITH_RSA => {
394 Some(Box::new(SignatureSha256WithRsa::from_data(data)?))
395 }
396 _ => None,
397 }
398 }
399}
400
401pub trait SignatureVerifier {
402 fn verify(&self, data: &[u8], signature: &[u8]) -> bool;
403
404 fn certificate(&self) -> Option<Certificate>;
405
406 fn from_data(data: Data<Bytes>) -> Option<Self>
407 where
408 Self: Sized;
409}
410
411impl<T> SignatureVerifier for &T
412where
413 T: SignatureVerifier,
414{
415 fn verify(&self, data: &[u8], signature: &[u8]) -> bool {
416 (**self).verify(data, signature)
417 }
418
419 fn certificate(&self) -> Option<Certificate> {
420 (**self).certificate()
421 }
422
423 fn from_data(_data: Data<Bytes>) -> Option<Self>
424 where
425 Self: Sized,
426 {
427 None
428 }
429}
430
431#[derive(Clone, Copy, Debug)]
432pub struct DigestSha256 {
433 seq_num: u64,
434}
435
436impl DigestSha256 {
437 pub const fn new() -> Self {
438 DigestSha256 { seq_num: 0 }
439 }
440
441 pub fn certificate() -> Certificate {
442 let mut data = Data::new(Name::empty(), Bytes::new());
443 data.set_meta_info(Some(MetaInfo {
444 content_type: Some(ContentType {
445 content_type: NonNegativeInteger::new(signature_type::DIGEST_SHA256 as u64),
446 }),
447 freshness_period: None,
448 final_block_id: None,
449 }));
450 Certificate(data)
451 }
452}
453
454impl SignMethodType for DigestSha256 {
455 const SIGNATURE_TYPE: u64 = 0;
456}
457
458impl SignMethod for DigestSha256 {
459 fn signature_type(&self) -> u64 {
460 Self::SIGNATURE_TYPE
461 }
462
463 fn next_seq_num(&mut self) -> u64 {
464 let seq_num = self.seq_num;
465 self.seq_num += 1;
466 seq_num
467 }
468
469 fn sign(&self, data: &[u8]) -> Bytes {
470 let mut hasher = Sha256::new();
471 hasher.update(data);
472
473 Bytes::copy_from_slice(&hasher.finalize())
474 }
475
476 fn certificate(&self) -> Option<Certificate> {
477 None
478 }
479}
480
481impl SignatureVerifier for DigestSha256 {
482 fn verify(&self, data: &[u8], signature: &[u8]) -> bool {
483 let hashed = self.sign(data);
484 hashed == signature
485 }
486
487 fn certificate(&self) -> Option<Certificate> {
488 None
489 }
490
491 fn from_data(_data: Data<Bytes>) -> Option<Self>
492 where
493 Self: Sized,
494 {
495 Some(DigestSha256::new())
496 }
497}
498
499#[derive(Clone, Debug)]
500pub struct SignatureSha256WithRsaVerifier(pub RsaCertificate);
501
502#[derive(Clone, Debug)]
503pub struct SignatureSha256WithRsa {
504 cert: RsaCertificate,
505 seq_num: u64,
506}
507
508impl SignatureSha256WithRsa {
509 pub fn new(cert: RsaCertificate) -> Self {
510 Self { cert, seq_num: 0 }
511 }
512}
513
514impl SignMethodType for SignatureSha256WithRsa {
515 const SIGNATURE_TYPE: u64 = 1;
516}
517
518impl SignMethod for SignatureSha256WithRsa {
519 fn signature_type(&self) -> u64 {
520 Self::SIGNATURE_TYPE
521 }
522
523 fn next_seq_num(&mut self) -> u64 {
524 let seq_num = self.seq_num;
525 self.seq_num += 1;
526 seq_num
527 }
528
529 fn sign(&self, data: &[u8]) -> Bytes {
530 let private_key = self.cert.private_key().unwrap(); let signing_key = SigningKey::<Sha256>::new(private_key.clone());
532 let mut rng = rand::rngs::StdRng::from_entropy();
533
534 let output: Signature = signing_key.sign_with_rng(&mut rng, &data);
535 let outputvec = output.to_vec();
536 Bytes::from(outputvec)
537 }
538
539 fn certificate(&self) -> Option<Certificate> {
540 Some(self.cert.to_certificate())
541 }
542}
543
544impl SignatureVerifier for SignatureSha256WithRsa {
545 fn verify(&self, data: &[u8], signature: &[u8]) -> bool {
546 SignatureSha256WithRsaVerifier(self.cert.clone()).verify(data, signature)
547 }
548
549 fn certificate(&self) -> Option<Certificate> {
550 Some(self.cert.to_certificate())
551 }
552
553 fn from_data(data: Data<Bytes>) -> Option<Self>
554 where
555 Self: Sized,
556 {
557 signature_type::ensure_signature_type(&data, signature_type::SIGNATURE_SHA256_WITH_RSA)?;
558 Some(Self::new(RsaCertificate::new(Certificate(data))?))
559 }
560}
561
562impl SignatureVerifier for SignatureSha256WithRsaVerifier {
563 fn verify(&self, data: &[u8], signature: &[u8]) -> bool {
564 let mut hasher: Sha256 = Sha256::new();
565 hasher.update(data);
566 let hashed = hasher.finalize();
567
568 self.0
569 .public_key()
570 .verify(Pkcs1v15Sign::new::<Sha256>(), &hashed, &signature)
571 .is_ok()
572 }
573
574 fn certificate(&self) -> Option<Certificate> {
575 Some(self.0.to_certificate())
576 }
577
578 fn from_data(data: Data<Bytes>) -> Option<Self>
579 where
580 Self: Sized,
581 {
582 signature_type::ensure_signature_type(&data, signature_type::SIGNATURE_SHA256_WITH_RSA)?;
583 Some(Self(RsaCertificate::new(Certificate(data))?))
584 }
585}