shadow_crypto/

signature.rs

use ed25519_dalek::{Signature, Signer, SigningKey as Ed25519SigningKey, Verifier, VerifyingKey as Ed25519VerifyingKey};
use serde::{Deserialize, Serialize};
use anyhow::{Result, Context};
use zeroize::Zeroize;

/// Ed25519 signing key
#[derive(Clone)]
pub struct SigningKey(Ed25519SigningKey);

impl SigningKey {
    /// Generate new signing key
    pub fn generate() -> Self {
        let secret = Ed25519SigningKey::from_bytes(&rand::random::<[u8; 32]>());
        Self(secret)
    }

    /// Create from seed bytes
    pub fn from_bytes(bytes: &[u8; 32]) -> Self {
        let secret = Ed25519SigningKey::from_bytes(bytes);
        Self(secret)
    }

    /// Get corresponding verification key
    pub fn verify_key(&self) -> VerifyKey {
        VerifyKey(self.0.verifying_key())
    }

    /// Sign message
    pub fn sign(&self, message: &[u8]) -> [u8; 64] {
        self.0.sign(message).to_bytes()
    }
}

impl std::fmt::Debug for SigningKey {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "SigningKey([REDACTED])")
    }
}

/// Ed25519 verification key
#[derive(Debug, Clone, Copy)]
pub struct VerifyKey(Ed25519VerifyingKey);

impl Serialize for VerifyKey {
    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        serializer.serialize_bytes(&self.0.to_bytes())
    }
}

impl<'de> Deserialize<'de> for VerifyKey {
    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        let bytes: Vec<u8> = Deserialize::deserialize(deserializer)?;
        if bytes.len() != 32 {
            return Err(serde::de::Error::custom("Invalid key length"));
        }
        let mut array = [0u8; 32];
        array.copy_from_slice(&bytes);
        Ed25519VerifyingKey::from_bytes(&array)
            .map(VerifyKey)
            .map_err(serde::de::Error::custom)
    }
}

impl VerifyKey {
    /// Create from bytes
    pub fn from_bytes(bytes: &[u8; 32]) -> Result<Self> {
        let key = Ed25519VerifyingKey::from_bytes(bytes)
            .context("Invalid verification key bytes")?;
        Ok(Self(key))
    }

    /// Get key as bytes
    pub fn as_bytes(&self) -> [u8; 32] {
        self.0.to_bytes()
    }

    /// Verify signature
    pub fn verify(&self, message: &[u8], signature: &[u8; 64]) -> Result<()> {
        let sig = Signature::from_bytes(signature);
        self.0.verify(message, &sig)
            .context("Signature verification failed")?;
        Ok(())
    }
}

/// Sign a message
pub fn sign(signing_key: &SigningKey, message: &[u8]) -> [u8; 64] {
    signing_key.sign(message)
}

/// Verify a signature
pub fn verify(verify_key: &VerifyKey, message: &[u8], signature: &[u8; 64]) -> Result<()> {
    verify_key.verify(message, signature)
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sign_verify() {
        let signing_key = SigningKey::generate();
        let verify_key = signing_key.verify_key();
        
        let message = b"Test message";
        let signature = sign(&signing_key, message);
        
        assert!(verify(&verify_key, message, &signature).is_ok());
    }

    #[test]
    fn test_wrong_message_fails() {
        let signing_key = SigningKey::generate();
        let verify_key = signing_key.verify_key();
        
        let message = b"Test message";
        let signature = sign(&signing_key, message);
        
        let wrong_message = b"Wrong message";
        assert!(verify(&verify_key, wrong_message, &signature).is_err());
    }

    #[test]
    fn test_wrong_key_fails() {
        let signing_key1 = SigningKey::generate();
        let signing_key2 = SigningKey::generate();
        let verify_key2 = signing_key2.verify_key();
        
        let message = b"Test message";
        let signature = sign(&signing_key1, message);
        
        assert!(verify(&verify_key2, message, &signature).is_err());
    }
}