chris/ruwuma
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Always use the term "public key" instead of "verify key."

Browse Source
This commit is contained in:
Jimmy Cuadra 2019-07-12 03:09:44 -07:00
parent 04004547da
commit 8da921cffa
2 changed files with 50 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
src/functions.rs
View File

@ -179,8 +179,10 @@ pub fn canonical_json(value: &Value) -> Result<String, Error> {
/// # Parameters /// # Parameters
/// ///
/// * verifier: A `Verifier` appropriate for the digital signature algorithm that was used. /// * verifier: A `Verifier` appropriate for the digital signature algorithm that was used.
/// * public_key: The public key of the key pair used to sign the JSON, as a series of bytes. /// * public_key_map: A map from entity identifiers to a map from key identifiers to public keys.
/// * signature: The `Signature` to verify. /// Generally, entity identifiers are server names—the host/IP/port of a homeserver (e.g.
/// "example.com") for which a signature must be verified. Key identifiers for each server (e.g.
/// "ed25519:1") then map to their respective public keys.
/// * value: The `serde_json::Value` (JSON value) that was signed. /// * value: The `serde_json::Value` (JSON value) that was signed.
/// ///
/// # Errors /// # Errors
@ -220,15 +222,15 @@ pub fn canonical_json(value: &Value) -> Result<String, Error> {
/// // Create the `SignatureMap` that will inform `verify_json` which signatures to verify. /// // Create the `SignatureMap` that will inform `verify_json` which signatures to verify.
/// let mut signature_set = HashMap::new(); /// let mut signature_set = HashMap::new();
/// signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); /// signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string());
/// let mut verify_key_map = HashMap::new(); /// let mut public_key_map = HashMap::new();
/// verify_key_map.insert("example.com".to_string(), signature_set); /// public_key_map.insert("example.com".to_string(), signature_set);
/// ///
/// // Verify at least one signature for each entity in `verify_key_map`. /// // Verify at least one signature for each entity in `public_key_map`.
/// assert!(ruma_signatures::verify_json(&verifier, &verify_key_map, &value).is_ok()); /// assert!(ruma_signatures::verify_json(&verifier, &public_key_map, &value).is_ok());
/// ``` /// ```
pub fn verify_json<V>( pub fn verify_json<V>(
verifier: &V, verifier: &V,
verify_key_map: &SignatureMap, public_key_map: &SignatureMap,
value: &Value, value: &Value,
) -> Result<(), Error> ) -> Result<(), Error>
where where
@ -247,7 +249,7 @@ where
None => return Err(Error::new("JSON object must contain a `signatures` field.")), None => return Err(Error::new("JSON object must contain a `signatures` field.")),
}; };
for (entity_id, verify_keys) in verify_key_map { for (entity_id, public_keys) in public_key_map {
let signature_set = match signature_map.get(entity_id) { let signature_set = match signature_map.get(entity_id) {
Some(set) => set, Some(set) => set,
None => { None => {
@ -259,12 +261,12 @@ where
}; };
let mut maybe_signature = None; let mut maybe_signature = None;
let mut maybe_verify_key = None; let mut maybe_public_key = None;
for (key_id, verify_key) in verify_keys { for (key_id, public_key) in public_keys {
if let Some(signature) = signature_set.get(key_id) { if let Some(signature) = signature_set.get(key_id) {
maybe_signature = Some(signature); maybe_signature = Some(signature);
maybe_verify_key = Some(verify_key); maybe_public_key = Some(public_key);
break; break;
} }
@ -274,25 +276,25 @@ where
Some(signature) => signature, Some(signature) => signature,
None => { None => {
return Err(Error::new( return Err(Error::new(
"event is not signed with any of the given verify keys", "event is not signed with any of the given public keys",
)) ))
} }
}; };
let verify_key = match maybe_verify_key { let public_key = match maybe_public_key {
Some(verify_key) => verify_key, Some(public_key) => public_key,
None => { None => {
return Err(Error::new( return Err(Error::new(
"event is not signed with any of the given verify keys", "event is not signed with any of the given public keys",
)) ))
} }
}; };
let signature_bytes = decode_config(signature, STANDARD_NO_PAD)?; let signature_bytes = decode_config(signature, STANDARD_NO_PAD)?;
let verify_key_bytes = decode_config(&verify_key, STANDARD_NO_PAD)?; let public_key_bytes = decode_config(&public_key, STANDARD_NO_PAD)?;
verify_json_with(verifier, &verify_key_bytes, &signature_bytes, value)?; verify_json_with(verifier, &public_key_bytes, &signature_bytes, value)?;
} }
Ok(()) Ok(())
@ -313,7 +315,7 @@ where
/// ///
/// * The provided JSON value is not a JSON object. /// * The provided JSON value is not a JSON object.
/// * Verification fails. /// * Verification fails.
pub fn verify_json_with<V>( fn verify_json_with<V>(
verifier: &V, verifier: &V,
public_key: &[u8], public_key: &[u8],
signature: &[u8], signature: &[u8],
@ -464,11 +466,7 @@ pub fn reference_hash(value: &Value) -> Result<String, Error> {
/// ``` /// ```
/// ///
/// Notice the addition of `hashes` and `signatures`. /// Notice the addition of `hashes` and `signatures`.
pub fn hash_and_sign_event<K>( pub fn hash_and_sign_event<K>(entity_id: &str, key_pair: &K, value: &mut Value) -> Result<(), Error>
entity_id: &str,
key_pair: &K,
value: &mut Value,
) -> Result<(), Error>
where where
K: KeyPair, K: KeyPair,
{ {
@ -517,7 +515,7 @@ where
/// # Parameters /// # Parameters
/// ///
/// * verifier: A `Verifier` appropriate for the digital signature algorithm that was used. /// * verifier: A `Verifier` appropriate for the digital signature algorithm that was used.
/// * verify_key_map: A map from entity identifiers to a map from key identifiers to public keys. /// * public_key_map: A map from entity identifiers to a map from key identifiers to public keys.
/// Generally, entity identifiers are server names—the host/IP/port of a homeserver (e.g. /// Generally, entity identifiers are server names—the host/IP/port of a homeserver (e.g.
/// "example.com") for which a signature must be verified. Key identifiers for each server (e.g. /// "example.com") for which a signature must be verified. Key identifiers for each server (e.g.
/// "ed25519:1") then map to their respective public keys. /// "ed25519:1") then map to their respective public keys.
@ -564,15 +562,15 @@ where
/// example_server_keys.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); /// example_server_keys.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string());
/// ///
/// // Insert the public keys into a map keyed by entity ID. /// // Insert the public keys into a map keyed by entity ID.
/// let mut verify_key_map = HashMap::new(); /// let mut public_key_map = HashMap::new();
/// verify_key_map.insert("domain".to_string(), example_server_keys); /// public_key_map.insert("domain".to_string(), example_server_keys);
/// ///
/// // Verify at least one signature for each entity in `verify_key_map`. /// // Verify at least one signature for each entity in `public_key_map`.
/// assert!(ruma_signatures::verify_event(&verifier, &verify_key_map, &value).is_ok()); /// assert!(ruma_signatures::verify_event(&verifier, &public_key_map, &value).is_ok());
/// ``` /// ```
pub fn verify_event<V>( pub fn verify_event<V>(
verifier: &V, verifier: &V,
verify_key_map: &SignatureMap, public_key_map: &SignatureMap,
value: &Value, value: &Value,
) -> Result<Verified, Error> ) -> Result<Verified, Error>
where where
@ -607,7 +605,7 @@ where
None => return Err(Error::new("JSON object must contain a `signatures` field.")), None => return Err(Error::new("JSON object must contain a `signatures` field.")),
}; };
for (entity_id, verify_keys) in verify_key_map { for (entity_id, public_keys) in public_key_map {
let signature_set = match signature_map.get(entity_id) { let signature_set = match signature_map.get(entity_id) {
Some(set) => set, Some(set) => set,
None => { None => {
@ -619,12 +617,12 @@ where
}; };
let mut maybe_signature = None; let mut maybe_signature = None;
let mut maybe_verify_key = None; let mut maybe_public_key = None;
for (key_id, verify_key) in verify_keys { for (key_id, public_key) in public_keys {
if let Some(signature) = signature_set.get(key_id) { if let Some(signature) = signature_set.get(key_id) {
maybe_signature = Some(signature); maybe_signature = Some(signature);
maybe_verify_key = Some(verify_key); maybe_public_key = Some(public_key);
break; break;
} }
@ -634,16 +632,16 @@ where
Some(signature) => signature, Some(signature) => signature,
None => { None => {
return Err(Error::new( return Err(Error::new(
"event is not signed with any of the given verify keys", "event is not signed with any of the given public keys",
)) ))
} }
}; };
let verify_key = match maybe_verify_key { let public_key = match maybe_public_key {
Some(verify_key) => verify_key, Some(public_key) => public_key,
None => { None => {
return Err(Error::new( return Err(Error::new(
"event is not signed with any of the given verify keys", "event is not signed with any of the given public keys",
)) ))
} }
}; };
@ -652,11 +650,11 @@ where
let signature_bytes = decode_config(signature, STANDARD_NO_PAD)?; let signature_bytes = decode_config(signature, STANDARD_NO_PAD)?;
let verify_key_bytes = decode_config(&verify_key, STANDARD_NO_PAD)?; let public_key_bytes = decode_config(&public_key, STANDARD_NO_PAD)?;
verify_json_with( verify_json_with(
verifier, verifier,
&verify_key_bytes, &public_key_bytes,
&signature_bytes, &signature_bytes,
&canonical_json, &canonical_json,
)?; )?;

26
src/lib.rs
View File

@ -322,10 +322,10 @@ mod test {
let mut signature_set = HashMap::new(); let mut signature_set = HashMap::new();
signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string());
let mut verify_key_map = HashMap::new(); let mut public_key_map = HashMap::new();
verify_key_map.insert("example.com".to_string(), signature_set); public_key_map.insert("example.com".to_string(), signature_set);
assert!(verify_json(&verifier, &verify_key_map, &value).is_ok()); assert!(verify_json(&verifier, &public_key_map, &value).is_ok());
} }
#[test] #[test]
@ -392,16 +392,16 @@ mod test {
let mut signature_set = HashMap::new(); let mut signature_set = HashMap::new();
signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string());
let mut verify_key_map = HashMap::new(); let mut public_key_map = HashMap::new();
verify_key_map.insert("example.com".to_string(), signature_set); public_key_map.insert("example.com".to_string(), signature_set);
assert!(verify_json(&verifier, &verify_key_map, &value).is_ok()); assert!(verify_json(&verifier, &public_key_map, &value).is_ok());
let reverse_value = from_str( let reverse_value = from_str(
r#"{"two":"Two","signatures":{"example.com":{"ed25519:1":"KqmLSbO39/Bzb0QIYE82zqLwsA+PDzYIpIRA2sRQ4sL53+sN6/fpNSoqE7BP7vBZhG6kYdD13EIMJpvhJI+6Bw"}},"one":1}"# r#"{"two":"Two","signatures":{"example.com":{"ed25519:1":"KqmLSbO39/Bzb0QIYE82zqLwsA+PDzYIpIRA2sRQ4sL53+sN6/fpNSoqE7BP7vBZhG6kYdD13EIMJpvhJI+6Bw"}},"one":1}"#
).unwrap(); ).unwrap();
assert!(verify_json(&verifier, &verify_key_map, &reverse_value).is_ok()); assert!(verify_json(&verifier, &public_key_map, &reverse_value).is_ok());
} }
#[test] #[test]
@ -413,10 +413,10 @@ mod test {
let mut signature_set = HashMap::new(); let mut signature_set = HashMap::new();
signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string());
let mut verify_key_map = HashMap::new(); let mut public_key_map = HashMap::new();
verify_key_map.insert("example.com".to_string(), signature_set); public_key_map.insert("example.com".to_string(), signature_set);
assert!(verify_json(&verifier, &verify_key_map, &value).is_err()); assert!(verify_json(&verifier, &public_key_map, &value).is_err());
} }
#[test] #[test]
@ -501,8 +501,8 @@ mod test {
let mut signature_set = HashMap::new(); let mut signature_set = HashMap::new();
signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string()); signature_set.insert("ed25519:1".to_string(), PUBLIC_KEY.to_string());
let mut verify_key_map = HashMap::new(); let mut public_key_map = HashMap::new();
verify_key_map.insert("domain".to_string(), signature_set); public_key_map.insert("domain".to_string(), signature_set);
let value = from_str( let value = from_str(
r#"{ r#"{
@ -531,6 +531,6 @@ mod test {
let verifier = Ed25519Verifier; let verifier = Ed25519Verifier;
assert!(verify_event(&verifier, &verify_key_map, &value).is_ok()); assert!(verify_event(&verifier, &public_key_map, &value).is_ok());
} }
} }