1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

use crate::vault::Vault;
use crate::VaultError;
use ockam_core::vault::{
    PublicKey, SecretType, Signature, Verifier, CURVE25519_PUBLIC_LENGTH_USIZE,
};
use ockam_core::{async_trait, compat::boxed::Box, Result};

#[async_trait]
impl Verifier for Vault {
    /// Verify signature
    async fn verify(
        &self,
        signature: &Signature,
        public_key: &PublicKey,
        data: &[u8],
    ) -> Result<bool> {
        match public_key.stype() {
            SecretType::X25519 => {
                if public_key.data().len() != CURVE25519_PUBLIC_LENGTH_USIZE
                    || signature.as_ref().len() != 64
                {
                    return Err(VaultError::InvalidPublicKey.into());
                }

                use crate::xeddsa::XEddsaVerifier;
                use arrayref::array_ref;

                let signature_array = array_ref!(signature.as_ref(), 0, 64);
                let public_key = x25519_dalek::PublicKey::from(*array_ref!(
                    public_key.data(),
                    0,
                    CURVE25519_PUBLIC_LENGTH_USIZE
                ));
                Ok(public_key.xeddsa_verify(data.as_ref(), signature_array))
            }
            SecretType::Ed25519 => {
                if public_key.data().len() != CURVE25519_PUBLIC_LENGTH_USIZE
                    || signature.as_ref().len() != 64
                {
                    return Err(VaultError::InvalidPublicKey.into());
                }
                use ed25519_dalek::Verifier;

                let signature = ed25519_dalek::Signature::from_bytes(signature.as_ref()).unwrap();
                let public_key = ed25519_dalek::PublicKey::from_bytes(public_key.data()).unwrap();
                Ok(public_key.verify(data.as_ref(), &signature).is_ok())
            }
            #[cfg(feature = "bls")]
            SecretType::Bls => {
                if public_key.data().len() != 96 && signature.as_ref().len() != 112 {
                    return Err(VaultError::InvalidPublicKey.into());
                }

                use arrayref::array_ref;
                use signature_bbs_plus::MessageGenerators;
                use signature_bbs_plus::Signature as BBSSignature;
                use signature_core::lib::Message;

                let bls_public_key =
                    ::signature_bls::PublicKey::from_bytes(array_ref!(public_key.as_ref(), 0, 96))
                        .unwrap();
                let generators = MessageGenerators::from_public_key(bls_public_key, 1);
                let messages = [Message::hash(data.as_ref())];
                let signature_array = array_ref!(signature.as_ref(), 0, 112);
                let signature_bbs = BBSSignature::from_bytes(signature_array).unwrap();
                let res = signature_bbs.verify(&bls_public_key, &generators, messages.as_ref());
                Ok(res.unwrap_u8() == 1)
            }
            SecretType::Buffer | SecretType::Aes => Err(VaultError::InvalidPublicKey.into()),
        }
    }
}