fluencelabs/trust-graph
1
0
Fork 0
mirror of https://github.com/fluencelabs/trust-graph synced 2025-07-04 17:11:41 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: fluencelabs:lean-keypair
Branches Tags
fluencelabs:master fluencelabs:renovate/rusqlite-0.x fluencelabs:renovate/built-0.x fluencelabs:renovate/all-github-actions fluencelabs:renovate/crate-ring-vulnerability fluencelabs:renovate/marine-sqlite-connector-0.x fluencelabs:renovate/marine-rs-sdk-test-0.x fluencelabs:renovate/nonempty-0.x fluencelabs:renovate/pin-dependencies fluencelabs:renovate/fluencelabs-aqua-lib-0.x fluencelabs:lean-keypair fluencelabs:renovate/marine-rs-sdk-0.x fluencelabs:fix/update-sqlite-wasm fluencelabs:lean-keypair-2 fluencelabs:libp2p_0.36 fluencelabs:compose-update
fluencelabs:distro-v0.4.11 fluencelabs:trust-graph-api-v0.4.11 fluencelabs:trust-graph-v0.4.11 fluencelabs:trust-graph-wasm-v0.4.11 fluencelabs:trust-graph-api-v0.4.10 fluencelabs:trust-graph-v0.4.10 fluencelabs:trust-graph-wasm-v0.4.10 fluencelabs:distro-v0.4.10 fluencelabs:distro-v0.4.9 fluencelabs:trust-graph-api-v0.4.9 fluencelabs:trust-graph-v0.4.9 fluencelabs:trust-graph-wasm-v0.4.9 fluencelabs:distro-v0.4.8 fluencelabs:trust-graph-api-v0.4.8 fluencelabs:trust-graph-wasm-v0.4.8 fluencelabs:keypair-v0.10.4 fluencelabs:trust-graph-v0.4.8 fluencelabs:fluence-keypair@0.10.4 fluencelabs:v0.10.4 fluencelabs:trust-graph@0.10.4 fluencelabs:trust-graph-distro@0.10.4 fluencelabs:trust-graph-v0.4.7 fluencelabs:trust-graph-api-v0.4.7 fluencelabs:distro-v0.4.7 fluencelabs:trust-graph-wasm-v0.4.7 fluencelabs:keypair-v0.10.3 fluencelabs:distro-v0.4.6 fluencelabs:trust-graph-api-v0.4.6 fluencelabs:keypair-v0.10.2 fluencelabs:trust-graph-wasm-v0.4.6 fluencelabs:trust-graph-v0.4.6 fluencelabs:trust-graph-v0.4.5 fluencelabs:trust-graph-api-v0.4.5 fluencelabs:trust-graph-wasm-v0.4.5 fluencelabs:trust-graph-v0.4.4 fluencelabs:trust-graph-wasm-v0.4.4 fluencelabs:trust-graph-api-v0.4.4 fluencelabs:trust-graph-v0.4.3 fluencelabs:trust-graph-wasm-v0.4.3 fluencelabs:trust-graph-api-v0.4.3 fluencelabs:trust-graph-wasm-v0.4.2 fluencelabs:keypair-v0.10.1 fluencelabs:trust-graph-v0.4.2 fluencelabs:trust-graph-wasm-v0.4.1 fluencelabs:trust-graph-v0.4.1 fluencelabs:trust-graph-api-v0.4.1 fluencelabs:trust-graph-wasm-v0.4.0 fluencelabs:trust-graph-v0.4.0 fluencelabs:trust-graph-api-v0.4.0 fluencelabs:keypair-v0.10.0 fluencelabs:v3.1.2 fluencelabs:v3.1.1 fluencelabs:v3.1.0 fluencelabs:fluence-keypair-v0.8.1 fluencelabs:trust-graph-v0.3.0 fluencelabs:v3.0.4 fluencelabs:v3.0.3 fluencelabs:v3.0.2 fluencelabs:v3.0.1 fluencelabs:v3.0.0 fluencelabs:v0.2.0 fluencelabs:v0.1.6-hl-api.0 fluencelabs:v0.1.5-hl-api.0 fluencelabs:v0.1.4-hl-api.0 fluencelabs:v0.1.3-hl-api.0 fluencelabs:v0.1.2-hl-api.0 fluencelabs:v0.1.1 fluencelabs:v0.0.1 fluencelabs:v0.1.0
..
compare: fluencelabs:v0.10.4
Branches Tags
fluencelabs:renovate/rusqlite-0.x fluencelabs:renovate/built-0.x fluencelabs:renovate/all-github-actions fluencelabs:renovate/crate-ring-vulnerability fluencelabs:renovate/marine-sqlite-connector-0.x fluencelabs:renovate/marine-rs-sdk-test-0.x fluencelabs:renovate/nonempty-0.x fluencelabs:renovate/pin-dependencies fluencelabs:renovate/fluencelabs-aqua-lib-0.x fluencelabs:lean-keypair fluencelabs:renovate/marine-rs-sdk-0.x fluencelabs:master fluencelabs:fix/update-sqlite-wasm fluencelabs:lean-keypair-2 fluencelabs:libp2p_0.36 fluencelabs:compose-update
fluencelabs:distro-v0.4.11 fluencelabs:trust-graph-api-v0.4.11 fluencelabs:trust-graph-v0.4.11 fluencelabs:trust-graph-wasm-v0.4.11 fluencelabs:trust-graph-api-v0.4.10 fluencelabs:trust-graph-v0.4.10 fluencelabs:trust-graph-wasm-v0.4.10 fluencelabs:distro-v0.4.10 fluencelabs:distro-v0.4.9 fluencelabs:trust-graph-api-v0.4.9 fluencelabs:trust-graph-v0.4.9 fluencelabs:trust-graph-wasm-v0.4.9 fluencelabs:distro-v0.4.8 fluencelabs:trust-graph-api-v0.4.8 fluencelabs:trust-graph-wasm-v0.4.8 fluencelabs:keypair-v0.10.4 fluencelabs:trust-graph-v0.4.8 fluencelabs:fluence-keypair@0.10.4 fluencelabs:v0.10.4 fluencelabs:trust-graph@0.10.4 fluencelabs:trust-graph-distro@0.10.4 fluencelabs:trust-graph-v0.4.7 fluencelabs:trust-graph-api-v0.4.7 fluencelabs:distro-v0.4.7 fluencelabs:trust-graph-wasm-v0.4.7 fluencelabs:keypair-v0.10.3 fluencelabs:distro-v0.4.6 fluencelabs:trust-graph-api-v0.4.6 fluencelabs:keypair-v0.10.2 fluencelabs:trust-graph-wasm-v0.4.6 fluencelabs:trust-graph-v0.4.6 fluencelabs:trust-graph-v0.4.5 fluencelabs:trust-graph-api-v0.4.5 fluencelabs:trust-graph-wasm-v0.4.5 fluencelabs:trust-graph-v0.4.4 fluencelabs:trust-graph-wasm-v0.4.4 fluencelabs:trust-graph-api-v0.4.4 fluencelabs:trust-graph-v0.4.3 fluencelabs:trust-graph-wasm-v0.4.3 fluencelabs:trust-graph-api-v0.4.3 fluencelabs:trust-graph-wasm-v0.4.2 fluencelabs:keypair-v0.10.1 fluencelabs:trust-graph-v0.4.2 fluencelabs:trust-graph-wasm-v0.4.1 fluencelabs:trust-graph-v0.4.1 fluencelabs:trust-graph-api-v0.4.1 fluencelabs:trust-graph-wasm-v0.4.0 fluencelabs:trust-graph-v0.4.0 fluencelabs:trust-graph-api-v0.4.0 fluencelabs:keypair-v0.10.0 fluencelabs:v3.1.2 fluencelabs:v3.1.1 fluencelabs:v3.1.0 fluencelabs:fluence-keypair-v0.8.1 fluencelabs:trust-graph-v0.3.0 fluencelabs:v3.0.4 fluencelabs:v3.0.3 fluencelabs:v3.0.2 fluencelabs:v3.0.1 fluencelabs:v3.0.0 fluencelabs:v0.2.0 fluencelabs:v0.1.6-hl-api.0 fluencelabs:v0.1.5-hl-api.0 fluencelabs:v0.1.4-hl-api.0 fluencelabs:v0.1.3-hl-api.0 fluencelabs:v0.1.2-hl-api.0 fluencelabs:v0.1.1 fluencelabs:v0.0.1 fluencelabs:v0.1.0

2 Commits
lean-keypa ... v0.10.4

Author SHA1 Message Date
Valery Antopol
11102a87e3 Release 0.10.4 
fluence-keypair@0.10.4
trust-graph@0.10.4
trust-graph-distro@0.10.4

Generated by cargo-workspaces
 2023-12-15 18:41:12 +04:00
Valery Antopol
5b372e7365 update marine and stuff 2023-12-15 17:55:46 +04:00
45 changed files with 17252 additions and 1224 deletions
Expand all files Collapse all files

10
.github/release-please/manifest.json vendored
View File

@ -1,7 +1,7 @@
{
"trust-graph": "0.4.11",
"aqua": "0.4.11",
"service": "0.4.11",
"keypair": "0.10.4",
"distro": "0.4.11"
"trust-graph": "0.4.7",
"aqua": "0.4.7",
"service": "0.4.7",
"keypair": "0.10.3",
"distro": "0.4.7"
}

6
.github/workflows/release.yml vendored
View File

@ -97,12 +97,6 @@ jobs:
- run: npm i
working-directory: aqua
- name: Setup fcli
uses: fluencelabs/setup-fluence@v1
with:
artifact: fcli
version: unstable
- run: npm run build
working-directory: aqua

11
.github/workflows/tests.yml vendored
View File

@ -2,11 +2,6 @@ name: Run tests with workflow_call
on:
workflow_call:
inputs:
fcli-version:
description: "@fluencelabs/cli version"
type: string
default: "main"
jobs:
trust-graph:
@ -56,12 +51,6 @@ jobs:
cache-dependency-path: "aqua/package-lock.json"
cache: "npm"
- name: Setup fcli
uses: fluencelabs/setup-fluence@v1
with:
artifact: fcli
version: ${{ inputs.fcli-version }}
- run: npm i
working-directory: aqua

1264
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
Cargo.toml
View File

@ -7,4 +7,4 @@ members = [
]
[workspace.dependencies]
libp2p-identity = { version = "0.2.7", default-features = false }
libp2p-identity = { version = "0.2.1", default-features = false }

8
admin/aqua/export.aqua
View File

@ -1,25 +1,19 @@
aqua Admin
export timestamp_sec, get_trust_bytes, issue_trust
import "@fluencelabs/trust-graph/trust-graph.aqua"
export get_trust_bytes, issue_trust
import "@fluencelabs/trust-graph/trust-graph.aqua"
import "@fluencelabs/aqua-lib/builtin.aqua"
func timestamp_sec(node: string) -> u64:
on node:
result <- Peer.timestamp_sec()
<- result
func get_trust_bytes(node: string, issued_for_peer_id: string, expires_at_sec: u64, issued_at_sec: u64) -> GetTrustBytesResult:
on node:
result <- TrustGraph.get_trust_bytes(issued_for_peer_id, expires_at_sec, issued_at_sec)
<- result
func issue_trust(node: string, issued_for_peer_id: string, expires_at_sec: u64, issued_at_sec: u64, trust_bytes: []u8) ->IssueTrustResult:
on node:
result <- TrustGraph.issue_trust(issued_for_peer_id, expires_at_sec, issued_at_sec, trust_bytes)
<- result

1267
admin/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

9
admin/package.json
View File

@ -4,7 +4,7 @@
"description": "A simple example of how to use trust-graph in TS",
"main": "index.js",
"scripts": {
"compile-aqua": "fluence aqua -i aqua -o generated",
"compile-aqua": "aqua -i aqua -o generated",
"prebuild": "npm run compile-aqua",
"build": "tsc",
"start": "node dist/index.js",
@ -13,11 +13,12 @@
"author": "Fluence Labs",
"license": "MIT",
"dependencies": {
"@fluencelabs/aqua-lib": "^0.9.0",
"@fluencelabs/aqua": "^0.10.0",
"@fluencelabs/aqua-lib": "^0.6.0",
"@fluencelabs/fluence": "^0.27.5",
"@fluencelabs/fluence-network-environment": "^1.1.2",
"@fluencelabs/fluence-network-environment": "^1.0.13",
"@fluencelabs/trust-graph": "file:../aqua",
"bs58": "^5.0.0"
"bs58": "^4.0.1"
},
"devDependencies": {
"typescript": "^4.4.3"

33
aqua/CHANGELOG.md
View File

@ -1,38 +1,5 @@
# Changelog
## [0.4.11](https://github.com/fluencelabs/trust-graph/compare/trust-graph-api-v0.4.10...trust-graph-api-v0.4.11) (2024-01-17)
### Miscellaneous Chores
* **trust-graph-api:** Synchronize trust-graph, wasm and api versions
## [0.4.10](https://github.com/fluencelabs/trust-graph/compare/trust-graph-api-v0.4.9...trust-graph-api-v0.4.10) (2024-01-03)
### Features
* **trust-graph:** Update aqua code ([#141](https://github.com/fluencelabs/trust-graph/issues/141)) ([175e51d](https://github.com/fluencelabs/trust-graph/commit/175e51d5db4d90dc6d884ce3113d68494da334a2))
### Bug Fixes
* **trust-graph:** Revert release 0.4.10 ([#153](https://github.com/fluencelabs/trust-graph/issues/153)) ([b263ce1](https://github.com/fluencelabs/trust-graph/commit/b263ce1fb13b937b629608ede35b6f436023dcac))
## [0.4.9](https://github.com/fluencelabs/trust-graph/compare/trust-graph-api-v0.4.8...trust-graph-api-v0.4.9) (2023-12-28)
### Miscellaneous Chores
* **trust-graph-api:** Synchronize trust-graph, wasm and api versions
## [0.4.8](https://github.com/fluencelabs/trust-graph/compare/trust-graph-api-v0.4.7...trust-graph-api-v0.4.8) (2023-12-20)
### Miscellaneous Chores
* **trust-graph-api:** Synchronize trust-graph, wasm and api versions
## [0.4.7](https://github.com/fluencelabs/trust-graph/compare/trust-graph-api-v0.4.6...trust-graph-api-v0.4.7) (2023-07-04)

9
aqua/labelling.aqua
View File

@ -1,7 +1,3 @@
aqua Labelling declares *
export isFluencePeer
import "misc.aqua"
import get_host_certs_from from "trust-graph-api.aqua"
@ -24,7 +20,7 @@ func isFluencePeer() -> ?bool, ?Error:
fluence_root_peer_id = "12D3KooWNbZKaPWRZ8wgjGvrxdJFz9Fq5uVwkR6ERV1f74HhPdyB"
label_peer_id = "12D3KooWM45u7AQxsb4MuQJNYT3NWHHMLU7JTbBV66RTfF3KSzdR"
result: *bool
result: ?bool
error: *Error
-- get all certs issued by `label_peer_id` to current host
certs_result <- get_host_certs_from(label_peer_id)
@ -36,9 +32,8 @@ func isFluencePeer() -> ?bool, ?Error:
if cert.chain!0.issued_for == fluence_root_peer_id:
if cert.chain!1.issued_for == label_peer_id:
result <<- true
if result == []:
if result == nil:
result <<- false
else:
error <<- certs_result.error
<- result, error

2
aqua/misc.aqua
View File

@ -1,5 +1,3 @@
aqua Misc declares *
import "trust-graph.aqua"
alias Error: string

14685
aqua/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

11
aqua/package.json
View File

@ -1,16 +1,16 @@
{
"name": "@fluencelabs/trust-graph",
"version": "0.4.11",
"version": "0.4.7",
"description": "Aqua Trust Graph API library",
"files": [
"*.aqua"
],
"dependencies": {
"@fluencelabs/aqua-lib": "^0.9.0"
"@fluencelabs/aqua-lib": "^0.7.0"
},
"scripts": {
"generate-aqua": "../service/build.sh",
"compile-aqua": "fluence aqua -i . -o ./target/typescript",
"compile-aqua": "aqua -i . -o ./target/typescript",
"build": "npm run compile-aqua"
},
"repository": {
@ -29,5 +29,8 @@
"bugs": {
"url": "https://github.com/fluencelabs/trust-graph/issues"
},
"homepage": "https://github.com/fluencelabs/trust-graph#readme"
"homepage": "https://github.com/fluencelabs/trust-graph#readme",
"devDependencies": {
"@fluencelabs/aqua": "^0.10.3"
}
}

30
aqua/trust-graph-api.aqua
View File

@ -1,12 +1,3 @@
aqua TrustGraphApi declares *
export set_root, issue_trust, import_trust
export add_trust, add_root_trust, verify_trust
export get_weight, get_weight_from, issue_revocation
export import_revocation, revoke, get_host_certs_from
export get_all_certs, get_all_certs_from, get_host_certs
export insert_cert
import Sig, Peer, PeerId from "@fluencelabs/aqua-lib/builtin.aqua"
import "misc.aqua"
import "trust-graph.aqua"
@ -33,7 +24,7 @@ func issue_trust(issuer: PeerId, issued_for: PeerId, expires_at_sec: u64) -> ?Tr
issued_at_sec <- Peer.timestamp_sec()
bytes <- TrustGraph.get_trust_bytes(issued_for, expires_at_sec, issued_at_sec)
result: *Trust
result: ?Trust
error: *Error
if bytes.success:
Sig issuer
@ -50,7 +41,6 @@ func issue_trust(issuer: PeerId, issued_for: PeerId, expires_at_sec: u64) -> ?Tr
error <<- sig_res.error!
else:
error <<- bytes.error
<- result, error
-- Call context: any node with registered `trust-graph` service
@ -61,9 +51,8 @@ func import_trust(trust: Trust, issuer: PeerId) -> ?Error:
error: *Error
timestamp_sec <- Peer.timestamp_sec()
add_result <- TrustGraph.add_trust(trust, issuer, timestamp_sec)
if !add_result.success:
if add_result.success != true:
error <<- add_result.error
<- error
-- Call context: %init_peer_id%
@ -81,7 +70,6 @@ func add_trust(node: PeerId, issuer: PeerId, issued_for: PeerId, expires_at_sec:
on node:
import_error <- import_trust(trust!, issuer)
append_error(error, import_error)
<- error
-- Call context: %init_peer_id%
@ -111,7 +99,6 @@ func add_root_trust(node: PeerId, peer_id: PeerId, max_chain_len: u32, expires_a
func verify_trust(trust: Trust, issuer: PeerId) -> VerifyTrustResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.verify_trust(trust, issuer, timestamp_sec)
<- result
-- Call context: any node with registered `trust-graph` service
@ -120,7 +107,6 @@ func verify_trust(trust: Trust, issuer: PeerId) -> VerifyTrustResult:
func get_weight(peer_id: PeerId) -> WeightResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.get_weight(peer_id, timestamp_sec)
<- result
-- Call context: any node with registered `trust-graph` service
@ -128,7 +114,6 @@ func get_weight(peer_id: PeerId) -> WeightResult:
func get_weight_from(peer_id: PeerId, issuer: PeerId) -> WeightResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.get_weight_from(peer_id, issuer, timestamp_sec)
<- result
-- Call context: %init_peer_id%
@ -142,7 +127,7 @@ func issue_revocation(revoked_by: PeerId, revoked: PeerId) -> ?Revocation, ?Erro
issued_at_sec <- Peer.timestamp_sec()
bytes <- TrustGraph.get_revocation_bytes(revoked, issued_at_sec)
result: *Revocation
result: ?Revocation
error: *Error
if bytes.success:
Sig revoked_by
@ -160,7 +145,6 @@ func issue_revocation(revoked_by: PeerId, revoked: PeerId) -> ?Revocation, ?Erro
error <<- sig_res.error!
else:
error <<- bytes.error
<- result, error
-- Call context: any node with registered `trust-graph` service
@ -171,7 +155,7 @@ func import_revocation(revocation: Revocation) -> ?Error:
error: *Error
timestamp_sec <- Peer.timestamp_sec()
add_result <- TrustGraph.revoke(revocation, timestamp_sec)
if !add_result.success:
if add_result.success != true:
error <<- add_result.error
<- error
@ -192,7 +176,6 @@ func revoke(node: PeerId, revoked_by: PeerId, revoked: PeerId) -> ?Error:
on node:
import_error <- import_revocation(revocation!)
append_error(error, import_error)
<- error
-- Call context: any node with registered `trust-graph` service
@ -200,7 +183,6 @@ func revoke(node: PeerId, revoked_by: PeerId, revoked: PeerId) -> ?Error:
func get_host_certs_from(issuer: PeerId) -> AllCertsResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.get_host_certs_from(issuer, timestamp_sec)
<- result
-- Call context: any node with registered `trust-graph` service
@ -208,7 +190,6 @@ func get_host_certs_from(issuer: PeerId) -> AllCertsResult:
func get_all_certs(issued_for: PeerId) -> AllCertsResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.get_all_certs(issued_for, timestamp_sec)
<- result
-- Call context: any node with registered `trust-graph` service
@ -216,7 +197,6 @@ func get_all_certs(issued_for: PeerId) -> AllCertsResult:
func get_all_certs_from(issued_for: PeerId, issuer: PeerId) -> AllCertsResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.get_all_certs_from(issued_for, issuer, timestamp_sec)
<- result
-- Call context: any node with registered `trust-graph` service
@ -224,7 +204,6 @@ func get_all_certs_from(issued_for: PeerId, issuer: PeerId) -> AllCertsResult:
func get_host_certs() -> AllCertsResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.get_host_certs(timestamp_sec)
<- result
-- Call context: any node with registered `trust-graph` service
@ -232,5 +211,4 @@ func get_host_certs() -> AllCertsResult:
func insert_cert(certificate: Certificate) -> InsertResult:
timestamp_sec <- Peer.timestamp_sec()
result <- TrustGraph.insert_cert(certificate, timestamp_sec)
<- result

2
aqua/trust-graph.aqua
View File

@ -1,4 +1,4 @@
aqua TrustGraph declares *
module TrustGraph declares *
data AddTrustResult:
success: bool

28
distro/CHANGELOG.md
View File

@ -1,33 +1,5 @@
# Changelog
## [0.4.11](https://github.com/fluencelabs/trust-graph/compare/distro-v0.4.10...distro-v0.4.11) (2024-01-17)
### Miscellaneous Chores
* **distro:** Synchronize trust-graph, wasm and api versions
## [0.4.10](https://github.com/fluencelabs/trust-graph/compare/distro-v0.4.9...distro-v0.4.10) (2024-01-03)
### Bug Fixes
* **trust-graph:** Revert release 0.4.10 ([#153](https://github.com/fluencelabs/trust-graph/issues/153)) ([b263ce1](https://github.com/fluencelabs/trust-graph/commit/b263ce1fb13b937b629608ede35b6f436023dcac))
## [0.4.9](https://github.com/fluencelabs/trust-graph/compare/distro-v0.4.8...distro-v0.4.9) (2023-12-28)
### Bug Fixes
* **deps:** update sqlite wasm ([#135](https://github.com/fluencelabs/trust-graph/issues/135)) ([c59451d](https://github.com/fluencelabs/trust-graph/commit/c59451de04ba79152fa8d600a7b456ab24766dd0))
## [0.4.8](https://github.com/fluencelabs/trust-graph/compare/distro-v0.4.7...distro-v0.4.8) (2023-12-20)
### Features
* update marine sdk's, configs and sqlite connector ([#129](https://github.com/fluencelabs/trust-graph/issues/129)) ([0b66f4e](https://github.com/fluencelabs/trust-graph/commit/0b66f4e0536633879de46f69ac8391c72ece7e77))
## [0.4.7](https://github.com/fluencelabs/trust-graph/compare/distro-v0.4.6...distro-v0.4.7) (2023-07-04)

4
distro/Cargo.toml
View File

@ -1,13 +1,13 @@
[package]
name = "trust-graph-distro"
version = "0.4.11"
version = "0.10.4"
edition = "2021"
build = "build.rs"
license = "Apache-2.0"
include = [ "/src", "build.rs", "Cargo.toml", "trust-graph-service"]
description = "Distribution package for the trust-graph service"
# See more keysand their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
maplit = "1.0.2"
serde = "1.0.160"

10
example/aqua/computation.aqua
View File

@ -1,4 +1,3 @@
aqua Computation
import "@fluencelabs/trust-graph/trust-graph-api.aqua"
import "@fluencelabs/trust-graph/trust-graph.aqua"
@ -13,21 +12,20 @@ service TrustedComputation("op"):
identity(s: u64) -> u64
func trusted_computation(node: string) -> ?u64, ?string:
result: *u64
error: *string
result: ?u64
error: ?string
-- on our trusted relay
on HOST_PEER_ID:
-- get all certificates issued for given node by our client's peer id
certs_result <- get_all_certs_from(node, INIT_PEER_ID)
certs_result <- get_all_certs_from(node, %init_peer_id%)
if certs_result.success:
len <- CertOp.array_length(certs_result.certificates)
-- if there is any certificate node is trusted and computation is possible
if len != 0:
if len != 0:
on node:
result <- TrustedComputation.identity(5)
else:
error <<- "there is no certs for this peer"
else:
error <<- certs_result.error
<- result, error

7
example/aqua/export.aqua
View File

@ -1,14 +1,11 @@
aqua Export
module Export
import add_root_trust, add_trust, revoke from "@fluencelabs/trust-graph/trust-graph-api.aqua"
import Peer from "@fluencelabs/aqua-lib/builtin.aqua"
export add_root_trust, add_trust, revoke, timestamp_sec
import Peer from "@fluencelabs/aqua-lib/builtin.aqua"
alias PeerId: string
func timestamp_sec() -> u64:
on HOST_PEER_ID:
result <- Peer.timestamp_sec()
<- result

139
example/package-lock.json generated
View File

@ -9,11 +9,11 @@
"version": "1.0.0",
"license": "MIT",
"dependencies": {
"@fluencelabs/aqua-lib": "^0.9.0",
"@fluencelabs/aqua-lib": "^0.6.0",
"@fluencelabs/fluence": "^0.23.0",
"@fluencelabs/fluence-network-environment": "^1.1.2",
"@fluencelabs/fluence-network-environment": "^1.0.10",
"@fluencelabs/trust-graph": "3.1.2",
"bs58": "^5.0.0"
"bs58": "^4.0.1"
},
"devDependencies": {
"@fluencelabs/aqua": "^0.10.0",
@ -752,16 +752,10 @@
"@fluencelabs/aqua-lib": "^0.5.2"
}
},
"node_modules/@fluencelabs/aqua-ipfs/node_modules/@fluencelabs/aqua-lib": {
"version": "0.5.2",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.5.2.tgz",
"integrity": "sha512-fmoFFE8myhLH9d+YR0+0ZPL2YIQyR6M1woAGu5d1xXI02Sjzn4id6dE4PpxHb8cSBPRie8AwsKobHCNqGxI8oA==",
"dev": true
},
"node_modules/@fluencelabs/aqua-lib": {
"version": "0.9.0",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.9.0.tgz",
"integrity": "sha512-V0xhc0UXBF6kjfL9Y/agWGQuW+ie2zckj37KWv8Dq4teYuo9N94O4Ynm7XULWHaaWtbWvzFcDcc6nc9qG7gxcQ=="
"version": "0.6.0",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.6.0.tgz",
"integrity": "sha512-ifjtCM93KO3LhzPkMxqmXhwLmrg/scjOiyTihEVg7ns5N+BVzaK1eWzdOdqGdl9ZVoah43pdlQUepEo7VdRmsw=="
},
"node_modules/@fluencelabs/aqua/node_modules/@fluencelabs/aqua-lib": {
"version": "0.6.0",
@ -809,12 +803,6 @@
"pnpm": ">=3"
}
},
"node_modules/@fluencelabs/aqua/node_modules/@fluencelabs/fluence-network-environment": {
"version": "1.0.13",
"resolved": "https://registry.npmjs.org/@fluencelabs/fluence-network-environment/-/fluence-network-environment-1.0.13.tgz",
"integrity": "sha512-2pci3T0sUHE08jwEs1r/vHKVT4XUh/A3j/QJ0eIhddsxyIjEksjdn05X7DF6STD14CF8GgBVOJEPgav8qaUMpA==",
"dev": true
},
"node_modules/@fluencelabs/aqua/node_modules/@fluencelabs/marine-js": {
"version": "0.3.37",
"resolved": "https://registry.npmjs.org/@fluencelabs/marine-js/-/marine-js-0.3.37.tgz",
@ -835,6 +823,21 @@
"integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
"dev": true
},
"node_modules/@fluencelabs/aqua/node_modules/base-x": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/base-x/-/base-x-4.0.0.tgz",
"integrity": "sha512-FuwxlW4H5kh37X/oW59pwTzzTKRzfrrQwhmyspRM7swOEZcHtDZSCt45U6oKgtuFE+WYPblePMVIPR4RZrh/hw==",
"dev": true
},
"node_modules/@fluencelabs/aqua/node_modules/bs58": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/bs58/-/bs58-5.0.0.tgz",
"integrity": "sha512-r+ihvQJvahgYT50JD05dyJNKlmmSlMoOGwn1lCcEzanPglg7TxYjioQUYehQ9mAR/+hOSd2jRc/Z2y5UxBymvQ==",
"dev": true,
"dependencies": {
"base-x": "^4.0.0"
}
},
"node_modules/@fluencelabs/aqua/node_modules/buffer": {
"version": "6.0.3",
"resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz",
@ -1325,17 +1328,9 @@
}
},
"node_modules/@fluencelabs/fluence-network-environment": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/@fluencelabs/fluence-network-environment/-/fluence-network-environment-1.1.2.tgz",
"integrity": "sha512-1Bp2gBy3oMEILMynFpOIFK/q2Pj792xpnb3AJs5QcTQAaHz9V2nrEI8OOPwBAFTmjmLBirXBqQQX63O+ePH7yg=="
},
"node_modules/@fluencelabs/fluence/node_modules/bs58": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/bs58/-/bs58-4.0.1.tgz",
"integrity": "sha512-Ok3Wdf5vOIlBrgCvTq96gBkJw+JUEzdBgyaza5HLtPm7yTHkjRy8+JzNyHF7BHa0bNWOQIp3m5YF0nnFcOIKLw==",
"dependencies": {
"base-x": "^3.0.2"
}
"version": "1.0.13",
"resolved": "https://registry.npmjs.org/@fluencelabs/fluence-network-environment/-/fluence-network-environment-1.0.13.tgz",
"integrity": "sha512-2pci3T0sUHE08jwEs1r/vHKVT4XUh/A3j/QJ0eIhddsxyIjEksjdn05X7DF6STD14CF8GgBVOJEPgav8qaUMpA=="
},
"node_modules/@fluencelabs/fluence/node_modules/buffer": {
"version": "6.0.3",
@ -1482,11 +1477,6 @@
"@fluencelabs/aqua-lib": "^0.5.2"
}
},
"node_modules/@fluencelabs/trust-graph/node_modules/@fluencelabs/aqua-lib": {
"version": "0.5.2",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.5.2.tgz",
"integrity": "sha512-fmoFFE8myhLH9d+YR0+0ZPL2YIQyR6M1woAGu5d1xXI02Sjzn4id6dE4PpxHb8cSBPRie8AwsKobHCNqGxI8oA=="
},
"node_modules/@istanbuljs/load-nyc-config": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz",
@ -2764,18 +2754,12 @@
}
},
"node_modules/bs58": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/bs58/-/bs58-5.0.0.tgz",
"integrity": "sha512-r+ihvQJvahgYT50JD05dyJNKlmmSlMoOGwn1lCcEzanPglg7TxYjioQUYehQ9mAR/+hOSd2jRc/Z2y5UxBymvQ==",
"version": "4.0.1",
"license": "MIT",
"dependencies": {
"base-x": "^4.0.0"
"base-x": "^3.0.2"
}
},
"node_modules/bs58/node_modules/base-x": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/base-x/-/base-x-4.0.0.tgz",
"integrity": "sha512-FuwxlW4H5kh37X/oW59pwTzzTKRzfrrQwhmyspRM7swOEZcHtDZSCt45U6oKgtuFE+WYPblePMVIPR4RZrh/hw=="
},
"node_modules/bser": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz",
@ -9607,12 +9591,6 @@
"uuid": "8.3.2"
}
},
"@fluencelabs/fluence-network-environment": {
"version": "1.0.13",
"resolved": "https://registry.npmjs.org/@fluencelabs/fluence-network-environment/-/fluence-network-environment-1.0.13.tgz",
"integrity": "sha512-2pci3T0sUHE08jwEs1r/vHKVT4XUh/A3j/QJ0eIhddsxyIjEksjdn05X7DF6STD14CF8GgBVOJEPgav8qaUMpA==",
"dev": true
},
"@fluencelabs/marine-js": {
"version": "0.3.37",
"resolved": "https://registry.npmjs.org/@fluencelabs/marine-js/-/marine-js-0.3.37.tgz",
@ -9633,6 +9611,21 @@
"integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
"dev": true
},
"base-x": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/base-x/-/base-x-4.0.0.tgz",
"integrity": "sha512-FuwxlW4H5kh37X/oW59pwTzzTKRzfrrQwhmyspRM7swOEZcHtDZSCt45U6oKgtuFE+WYPblePMVIPR4RZrh/hw==",
"dev": true
},
"bs58": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/bs58/-/bs58-5.0.0.tgz",
"integrity": "sha512-r+ihvQJvahgYT50JD05dyJNKlmmSlMoOGwn1lCcEzanPglg7TxYjioQUYehQ9mAR/+hOSd2jRc/Z2y5UxBymvQ==",
"dev": true,
"requires": {
"base-x": "^4.0.0"
}
},
"buffer": {
"version": "6.0.3",
"resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz",
@ -9764,20 +9757,12 @@
"dev": true,
"requires": {
"@fluencelabs/aqua-lib": "^0.5.2"
},
"dependencies": {
"@fluencelabs/aqua-lib": {
"version": "0.5.2",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.5.2.tgz",
"integrity": "sha512-fmoFFE8myhLH9d+YR0+0ZPL2YIQyR6M1woAGu5d1xXI02Sjzn4id6dE4PpxHb8cSBPRie8AwsKobHCNqGxI8oA==",
"dev": true
}
}
},
"@fluencelabs/aqua-lib": {
"version": "0.9.0",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.9.0.tgz",
"integrity": "sha512-V0xhc0UXBF6kjfL9Y/agWGQuW+ie2zckj37KWv8Dq4teYuo9N94O4Ynm7XULWHaaWtbWvzFcDcc6nc9qG7gxcQ=="
"version": "0.6.0",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.6.0.tgz",
"integrity": "sha512-ifjtCM93KO3LhzPkMxqmXhwLmrg/scjOiyTihEVg7ns5N+BVzaK1eWzdOdqGdl9ZVoah43pdlQUepEo7VdRmsw=="
},
"@fluencelabs/avm": {
"version": "0.24.2",
@ -10062,14 +10047,6 @@
"uuid": "8.3.0"
},
"dependencies": {
"bs58": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/bs58/-/bs58-4.0.1.tgz",
"integrity": "sha512-Ok3Wdf5vOIlBrgCvTq96gBkJw+JUEzdBgyaza5HLtPm7yTHkjRy8+JzNyHF7BHa0bNWOQIp3m5YF0nnFcOIKLw==",
"requires": {
"base-x": "^3.0.2"
}
},
"buffer": {
"version": "6.0.3",
"resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz",
@ -10082,9 +10059,9 @@
}
},
"@fluencelabs/fluence-network-environment": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/@fluencelabs/fluence-network-environment/-/fluence-network-environment-1.1.2.tgz",
"integrity": "sha512-1Bp2gBy3oMEILMynFpOIFK/q2Pj792xpnb3AJs5QcTQAaHz9V2nrEI8OOPwBAFTmjmLBirXBqQQX63O+ePH7yg=="
"version": "1.0.13",
"resolved": "https://registry.npmjs.org/@fluencelabs/fluence-network-environment/-/fluence-network-environment-1.0.13.tgz",
"integrity": "sha512-2pci3T0sUHE08jwEs1r/vHKVT4XUh/A3j/QJ0eIhddsxyIjEksjdn05X7DF6STD14CF8GgBVOJEPgav8qaUMpA=="
},
"@fluencelabs/interfaces": {
"version": "0.1.0",
@ -10179,13 +10156,6 @@
"integrity": "sha512-HpyHtiomh09wv6/83z+bhbkqVngIUdqNGEXRTIPg4sArVPMZ9UCXBrkQsHDRqdMUx0lBAcgB3IjlbdhkwHGaXA==",
"requires": {
"@fluencelabs/aqua-lib": "^0.5.2"
},
"dependencies": {
"@fluencelabs/aqua-lib": {
"version": "0.5.2",
"resolved": "https://registry.npmjs.org/@fluencelabs/aqua-lib/-/aqua-lib-0.5.2.tgz",
"integrity": "sha512-fmoFFE8myhLH9d+YR0+0ZPL2YIQyR6M1woAGu5d1xXI02Sjzn4id6dE4PpxHb8cSBPRie8AwsKobHCNqGxI8oA=="
}
}
},
"@istanbuljs/load-nyc-config": {
@ -11238,18 +11208,9 @@
}
},
"bs58": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/bs58/-/bs58-5.0.0.tgz",
"integrity": "sha512-r+ihvQJvahgYT50JD05dyJNKlmmSlMoOGwn1lCcEzanPglg7TxYjioQUYehQ9mAR/+hOSd2jRc/Z2y5UxBymvQ==",
"version": "4.0.1",
"requires": {
"base-x": "^4.0.0"
},
"dependencies": {
"base-x": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/base-x/-/base-x-4.0.0.tgz",
"integrity": "sha512-FuwxlW4H5kh37X/oW59pwTzzTKRzfrrQwhmyspRM7swOEZcHtDZSCt45U6oKgtuFE+WYPblePMVIPR4RZrh/hw=="
}
"base-x": "^3.0.2"
}
},
"bser": {

8
example/package.json
View File

@ -4,7 +4,7 @@
"description": "A simple example of how to use trust-graph in TS",
"main": "index.js",
"scripts": {
"compile-aqua": "fluence aqua -i aqua -o generated",
"compile-aqua": "aqua -i aqua -o generated",
"prebuild": "npm run compile-aqua",
"build": "tsc",
"start": "node dist/index.js",
@ -13,11 +13,11 @@
"author": "Fluence Labs",
"license": "MIT",
"dependencies": {
"@fluencelabs/aqua-lib": "^0.9.0",
"@fluencelabs/aqua-lib": "^0.6.0",
"@fluencelabs/fluence": "^0.23.0",
"@fluencelabs/fluence-network-environment": "^1.1.2",
"@fluencelabs/fluence-network-environment": "^1.0.10",
"@fluencelabs/trust-graph": "3.1.2",
"bs58": "^5.0.0"
"bs58": "^4.0.1"
},
"devDependencies": {
"typescript": "^4.5.2",

8
keypair/CHANGELOG.md
View File

@ -4,14 +4,6 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.10.4](https://github.com/fluencelabs/trust-graph/compare/keypair-v0.10.3...keypair-v0.10.4) (2023-12-20)
### Features
* **fluence-keypair:** bump ed25519-dalek to 0.2.0 ([#127](https://github.com/fluencelabs/trust-graph/issues/127)) ([ed5bd2c](https://github.com/fluencelabs/trust-graph/commit/ed5bd2c0ec50bef5ac7a12deacb73da491666912))
* update marine sdk's, configs and sqlite connector ([#129](https://github.com/fluencelabs/trust-graph/issues/129)) ([0b66f4e](https://github.com/fluencelabs/trust-graph/commit/0b66f4e0536633879de46f69ac8391c72ece7e77))
## [0.10.3](https://github.com/fluencelabs/trust-graph/compare/keypair-v0.10.2...keypair-v0.10.3) (2023-07-04)

14
keypair/Cargo.toml
View File

@ -10,21 +10,21 @@ repository = "https://github.com/fluencelabs/trust-graph"
[dependencies]
serde = { version = "1.0.118", features = ["derive"] }
bs58 = "0.5.0"
ed25519-dalek = { version = "2.0.0", features = ["serde", "std"] }
ed25519-dalek = { version = "2.0.0", features = ["serde", "std", "rand_core"] }
rand = "0.8.5"
thiserror = "1.0.23"
lazy_static = "1.4"
libsecp256k1 = "0.7.1"
asn1_der = "0.6.1"
sha2 = "0.10.6"
zeroize = "1"
serde_bytes = "0.11"
eyre = "0.6.5"
libp2p-identity = { workspace = true, default-features = false, features = ["peerid", "ed25519"] }
libp2p-identity = { workspace = true, default-features = false, features = ["peerid", "rsa", "ed25519", "secp256k1"] }
multihash = { version = "0.18.0", features = ["identity"] }
# rand fails to compile for restricted environments like NEAR contracts
rand = { version = "0.8.5", optional = true }
[features]
default = ["rand"]
rand = ["dep:rand", "ed25519-dalek/rand_core", "libp2p-identity/rand"]
[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
ring = { version = "0.16.9", features = ["alloc", "std"], default-features = false }
[dev-dependencies]
quickcheck = "1.0.3"

2
keypair/rust-toolchain.toml
View File

@ -1,3 +1,3 @@
[toolchain]
channel = "nightly-2023-12-06"
channel = "nightly-2022-08-30"
targets = [ "x86_64-apple-darwin", "x86_64-unknown-linux-gnu" ]

4
keypair/src/ed25519.rs
View File

@ -32,7 +32,6 @@ pub struct Keypair(ed25519::SigningKey);
impl Keypair {
/// Generate a new Ed25519 keypair.
#[cfg(feature = "rand")]
pub fn generate() -> Self {
Keypair::from(SecretKey::generate())
}
@ -156,7 +155,6 @@ impl fmt::Debug for SecretKey {
impl SecretKey {
/// Generate a new Ed25519 secret key.
#[cfg(feature = "rand")]
pub fn generate() -> Self {
let signing = ed25519::SigningKey::generate(&mut rand::rngs::OsRng);
SecretKey(signing.to_bytes())
@ -176,7 +174,7 @@ impl SecretKey {
#[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize)]
pub struct Signature(pub Vec<u8>);
#[cfg(all(test, feature = "rand"))]
#[cfg(test)]
mod tests {
use super::*;
use crate::KeyPair;

21
keypair/src/error.rs
View File

@ -39,6 +39,12 @@ pub enum DecodingError {
#[source]
ed25519_dalek::ed25519::Error,
),
#[error("Failed to decode with RSA")]
Rsa,
#[error("Failed to decode with secp256k1")]
Secp256k1,
#[error("RSA keypair decoding is not supported yet")]
KeypairDecodingIsNotSupported,
#[error("Invalid type prefix")]
InvalidTypeByte,
#[error("Cannot decode public key from base58 :{0}")]
@ -58,6 +64,14 @@ pub enum SigningError {
#[source]
ed25519_dalek::ed25519::Error,
),
#[error("Failed to sign with RSA")]
Rsa,
#[error("Failed to sign with secp256k1: {0}")]
Secp256k1(
#[from]
#[source]
libsecp256k1::Error,
),
}
/// An error during verification of a message.
@ -65,4 +79,11 @@ pub enum SigningError {
pub enum VerificationError {
#[error("Failed to verify signature {1} with {2} ed25519 public key: {0}")]
Ed25519(#[source] ed25519_dalek::ed25519::Error, String, String),
#[cfg(not(target_arch = "wasm32"))]
#[error("Failed to verify signature {1} with {2} RSA public key: {0}")]
Rsa(#[source] ring::error::Unspecified, String, String),
#[error("Failed to verify signature {1} with {2} secp256k1 public key: {0}")]
Secp256k1(#[source] libsecp256k1::Error, String, String),
}

106
keypair/src/key_pair.rs
View File

@ -22,6 +22,9 @@
use crate::ed25519;
use crate::error::{DecodingError, Error, SigningError, VerificationError};
use crate::public_key::PublicKey;
#[cfg(not(target_arch = "wasm32"))]
use crate::rsa;
use crate::secp256k1;
use crate::signature::Signature;
use libp2p_identity::{KeyType, Keypair, PeerId};
use std::convert::TryFrom;
@ -47,6 +50,9 @@ use std::str::FromStr;
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum KeyFormat {
Ed25519,
#[cfg(not(target_arch = "wasm32"))]
Rsa,
Secp256k1,
}
impl FromStr for KeyFormat {
@ -56,6 +62,9 @@ impl FromStr for KeyFormat {
fn from_str(s: &str) -> Result<Self, Self::Err> {
match s {
"ed25519" => Ok(KeyFormat::Ed25519),
"secp256k1" => Ok(KeyFormat::Secp256k1),
#[cfg(not(target_arch = "wasm32"))]
"rsa" => Ok(KeyFormat::Rsa),
_ => Err(Error::InvalidKeyFormat(s.to_string())),
}
}
@ -67,6 +76,9 @@ impl TryFrom<u8> for KeyFormat {
fn try_from(value: u8) -> Result<Self, Self::Error> {
match value {
0 => Ok(KeyFormat::Ed25519),
#[cfg(not(target_arch = "wasm32"))]
1 => Ok(KeyFormat::Rsa),
2 => Ok(KeyFormat::Secp256k1),
_ => Err(DecodingError::InvalidTypeByte),
}
}
@ -76,6 +88,9 @@ impl From<KeyFormat> for u8 {
fn from(kf: KeyFormat) -> Self {
match kf {
KeyFormat::Ed25519 => 0,
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => 1,
KeyFormat::Secp256k1 => 2,
}
}
}
@ -84,6 +99,9 @@ impl From<KeyFormat> for String {
fn from(kf: KeyFormat) -> Self {
match kf {
KeyFormat::Ed25519 => "ed25519".to_string(),
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => "rsa".to_string(),
KeyFormat::Secp256k1 => "secp256k1".to_string(),
}
}
}
@ -92,28 +110,62 @@ impl From<KeyFormat> for String {
pub enum KeyPair {
/// An Ed25519 keypair.
Ed25519(ed25519::Keypair),
#[cfg(not(target_arch = "wasm32"))]
/// An RSA keypair.
Rsa(rsa::Keypair),
/// A Secp256k1 keypair.
Secp256k1(secp256k1::Keypair),
}
impl KeyPair {
#[cfg(feature = "rand")]
pub fn generate(format: KeyFormat) -> KeyPair {
match format {
KeyFormat::Ed25519 => KeyPair::generate_ed25519(),
KeyFormat::Secp256k1 => KeyPair::generate_secp256k1(),
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => todo!("rsa generation is not supported yet!"),
}
}
/// Generate a new Ed25519 keypair.
#[cfg(feature = "rand")]
pub fn generate_ed25519() -> KeyPair {
KeyPair::Ed25519(ed25519::Keypair::generate())
}
/// Generate a new Secp256k1 keypair.
pub fn generate_secp256k1() -> KeyPair {
KeyPair::Secp256k1(secp256k1::Keypair::generate())
}
/// Decode an keypair from a DER-encoded secret key in PKCS#8 PrivateKeyInfo
/// format (i.e. unencrypted) as defined in [RFC5208].
///
/// [RFC5208]: https://tools.ietf.org/html/rfc5208#section-5
#[cfg(not(target_arch = "wasm32"))]
pub fn rsa_from_pkcs8(pkcs8_der: &mut [u8]) -> Result<KeyPair, DecodingError> {
rsa::Keypair::from_pkcs8(pkcs8_der).map(KeyPair::Rsa)
}
/// Decode a keypair from a DER-encoded Secp256k1 secret key in an ECPrivateKey
/// structure as defined in [RFC5915].
///
/// [RFC5915]: https://tools.ietf.org/html/rfc5915
pub fn secp256k1_from_der(der: &mut [u8]) -> Result<KeyPair, DecodingError> {
secp256k1::SecretKey::from_der(der)
.map(|sk| KeyPair::Secp256k1(secp256k1::Keypair::from(sk)))
}
/// Sign a message using the private key of this keypair, producing
/// a signature that can be verified using the corresponding public key.
pub fn sign(&self, msg: &[u8]) -> Result<Signature, SigningError> {
use KeyPair::*;
match self {
Ed25519(ref pair) => Ok(Signature::Ed25519(ed25519::Signature(pair.sign(msg)?))),
#[cfg(not(target_arch = "wasm32"))]
Rsa(ref pair) => Ok(Signature::Rsa(rsa::Signature(pair.sign(msg)?))),
Secp256k1(ref pair) => Ok(Signature::Secp256k1(secp256k1::Signature(
pair.secret().sign(msg)?,
))),
}
}
@ -123,6 +175,9 @@ impl KeyPair {
match self {
Ed25519(_) => KeyFormat::Ed25519,
#[cfg(not(target_arch = "wasm32"))]
Rsa(_) => KeyFormat::Rsa,
Secp256k1(_) => KeyFormat::Secp256k1,
}
}
@ -131,6 +186,9 @@ impl KeyPair {
use KeyPair::*;
match self {
Ed25519(pair) => PublicKey::Ed25519(pair.public()),
#[cfg(not(target_arch = "wasm32"))]
Rsa(pair) => PublicKey::Rsa(pair.public()),
Secp256k1(pair) => PublicKey::Secp256k1(pair.public().clone()),
}
}
@ -138,6 +196,9 @@ impl KeyPair {
use KeyPair::*;
match self {
Ed25519(pair) => Ok(pair.secret().0.to_vec()),
#[cfg(not(target_arch = "wasm32"))]
Rsa(_) => Err(eyre::eyre!("secret key is not available for RSA")),
Secp256k1(pair) => Ok(pair.secret().to_bytes().to_vec()),
}
}
@ -154,6 +215,9 @@ impl KeyPair {
use KeyPair::*;
match self {
Ed25519(kp) => kp.encode().to_vec(),
#[cfg(not(target_arch = "wasm32"))]
Rsa(_) => todo!("rsa encoding is not supported yet!"),
Secp256k1(kp) => kp.secret().to_bytes().to_vec(),
}
}
@ -162,6 +226,9 @@ impl KeyPair {
match format {
KeyFormat::Ed25519 => Ok(Ed25519(ed25519::Keypair::decode(&mut bytes)?)),
KeyFormat::Secp256k1 => Ok(Secp256k1(secp256k1::SecretKey::from_bytes(bytes)?.into())),
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => Err(DecodingError::KeypairDecodingIsNotSupported),
}
}
@ -170,6 +237,9 @@ impl KeyPair {
match format {
KeyFormat::Ed25519 => Ok(Ed25519(ed25519::SecretKey::from_bytes(bytes)?.into())),
KeyFormat::Secp256k1 => Ok(Secp256k1(secp256k1::SecretKey::from_bytes(bytes)?.into())),
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => Err(DecodingError::KeypairDecodingIsNotSupported),
}
}
@ -187,7 +257,20 @@ impl From<libp2p_identity::Keypair> for KeyPair {
let raw_kp = ed25519::Keypair::decode(&mut kp.to_bytes())?;
Ok(KeyPair::Ed25519(raw_kp))
}
_ => unimplemented!("key type not supported: {:?}", key.key_type()),
#[cfg(not(target_arch = "wasm32"))]
KeyType::RSA => {
let kp = key.try_into_rsa()?;
let raw_kp = unsafe {
std::mem::transmute::<libp2p_identity::rsa::Keypair, rsa::Keypair>(kp)
};
Ok(KeyPair::Rsa(raw_kp))
}
KeyType::Secp256k1 => {
let kp = key.try_into_secp256k1()?;
let raw_kp = secp256k1::SecretKey::from_bytes(kp.secret().to_bytes())?;
Ok(KeyPair::Secp256k1(secp256k1::Keypair::from(raw_kp)))
}
_ => unreachable!(),
}
}
@ -205,6 +288,23 @@ impl From<KeyPair> for libp2p_identity::Keypair {
let kp = libp2p_identity::Keypair::ed25519_from_bytes(secret_bytes)?;
Ok(kp)
}
#[cfg(not(target_arch = "wasm32"))]
// safety: these Keypair structures are identical
KeyPair::Rsa(kp) => {
let kp = unsafe {
std::mem::transmute::<rsa::Keypair, libp2p_identity::rsa::Keypair>(kp)
};
let kp = Keypair::from(kp);
Ok(kp)
}
KeyPair::Secp256k1(kp) => {
let sk = libp2p_identity::secp256k1::SecretKey::try_from_bytes(
kp.secret().to_bytes(),
)?;
let kp = libp2p_identity::secp256k1::Keypair::from(sk);
let kp = Keypair::from(kp);
Ok(kp)
}
}
}
convert_keypair(key).expect("Could not convert key pair")

3
keypair/src/lib.rs
View File

@ -30,6 +30,9 @@ mod ed25519;
pub mod error;
pub mod key_pair;
pub mod public_key;
#[cfg(not(target_arch = "wasm32"))]
mod rsa;
mod secp256k1;
pub mod signature;
pub use crate::public_key::PublicKey;

68
keypair/src/public_key.rs
View File

@ -15,6 +15,9 @@
*/
use crate::ed25519;
use crate::error::{DecodingError, VerificationError};
#[cfg(not(target_arch = "wasm32"))]
use crate::rsa;
use crate::secp256k1;
use crate::signature::Signature;
use crate::key_pair::KeyFormat;
@ -27,6 +30,11 @@ use std::convert::TryFrom;
pub enum PublicKey {
/// A public Ed25519 key.
Ed25519(ed25519::PublicKey),
#[cfg(not(target_arch = "wasm32"))]
/// A public RSA key.
Rsa(rsa::PublicKey),
/// A public Secp256k1 key.
Secp256k1(secp256k1::PublicKey),
}
impl PublicKey {
@ -39,6 +47,9 @@ impl PublicKey {
use PublicKey::*;
match self {
Ed25519(pk) => pk.verify(msg, sig.to_vec()),
#[cfg(not(target_arch = "wasm32"))]
Rsa(pk) => pk.verify(msg, sig.to_vec()),
Secp256k1(pk) => pk.verify(msg, sig.to_vec()),
}
}
@ -48,6 +59,9 @@ impl PublicKey {
match self {
Ed25519(pk) => result.extend(pk.encode().to_vec()),
#[cfg(not(target_arch = "wasm32"))]
Rsa(pk) => result.extend(pk.to_pkcs1()),
Secp256k1(pk) => result.extend(pk.encode().to_vec()),
};
result
@ -56,6 +70,13 @@ impl PublicKey {
pub fn decode(bytes: &[u8]) -> Result<PublicKey, DecodingError> {
match KeyFormat::try_from(bytes[0])? {
KeyFormat::Ed25519 => Ok(PublicKey::Ed25519(ed25519::PublicKey::decode(&bytes[1..])?)),
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => Ok(PublicKey::Rsa(rsa::PublicKey::from_pkcs1(
bytes[1..].to_owned(),
)?)),
KeyFormat::Secp256k1 => Ok(PublicKey::Secp256k1(secp256k1::PublicKey::decode(
&bytes[1..],
)?)),
}
}
@ -63,6 +84,9 @@ impl PublicKey {
use PublicKey::*;
match self {
Ed25519(_) => KeyFormat::Ed25519.into(),
#[cfg(not(target_arch = "wasm32"))]
Rsa(_) => KeyFormat::Rsa.into(),
Secp256k1(_) => KeyFormat::Secp256k1.into(),
}
}
@ -78,6 +102,9 @@ impl PublicKey {
match self {
Ed25519(pk) => pk.encode().to_vec(),
#[cfg(not(target_arch = "wasm32"))]
Rsa(pk) => pk.to_pkcs1().to_vec(),
Secp256k1(pk) => pk.encode().to_vec(),
}
}
@ -90,6 +117,9 @@ impl PublicKey {
match self {
Ed25519(_) => KeyFormat::Ed25519,
#[cfg(not(target_arch = "wasm32"))]
Rsa(_) => KeyFormat::Rsa,
Secp256k1(_) => KeyFormat::Secp256k1,
}
}
}
@ -103,7 +133,18 @@ impl From<libp2p_identity::PublicKey> for PublicKey {
let raw_pk = ed25519::PublicKey::decode(&pk.to_bytes())?;
Ok(PublicKey::Ed25519(raw_pk))
}
_ => unimplemented!("key not supported: {:?}", key.key_type()),
#[cfg(not(target_arch = "wasm32"))]
KeyType::RSA => {
let pk = key.try_into_rsa()?;
let raw_pk = rsa::PublicKey::from_pkcs1(pk.encode_pkcs1())?;
Ok(PublicKey::Rsa(raw_pk))
}
KeyType::Secp256k1 => {
let pk = key.try_into_secp256k1()?;
let raw_pk = secp256k1::PublicKey::decode(&pk.to_bytes())?;
Ok(PublicKey::Secp256k1(raw_pk))
}
_ => unreachable!(),
}
}
@ -121,6 +162,19 @@ impl From<PublicKey> for libp2p_identity::PublicKey {
let pk = libp2p_identity::PublicKey::from(raw_pk);
Ok(pk)
}
#[cfg(not(target_arch = "wasm32"))]
PublicKey::Rsa(key) => {
let raw_pk =
libp2p_identity::rsa::PublicKey::try_decode_x509(&key.encode_x509())?;
let pk = libp2p_identity::PublicKey::from(raw_pk);
Ok(pk)
}
PublicKey::Secp256k1(key) => {
let raw_pk =
libp2p_identity::secp256k1::PublicKey::try_from_bytes(&key.encode())?;
let pk = libp2p_identity::PublicKey::from(raw_pk);
Ok(pk)
}
}
}
convert_key(key).expect("Could not convert key")
@ -149,7 +203,7 @@ fn as_public_key(peer_id: &PeerId) -> Option<libp2p_identity::PublicKey> {
}
}
#[cfg(all(test, feature = "rand"))]
#[cfg(test)]
mod tests {
use super::*;
use crate::KeyPair;
@ -162,9 +216,17 @@ mod tests {
assert_eq!(pk, PublicKey::decode(&encoded_pk).unwrap());
}
#[test]
fn public_key_encode_decode_secp256k1() {
let kp = KeyPair::generate_secp256k1();
let pk = kp.public();
let encoded_pk = pk.encode();
assert_eq!(pk, PublicKey::decode(&encoded_pk).unwrap());
}
#[test]
fn public_key_peer_id_conversions() {
let kp = KeyPair::generate_ed25519();
let kp = KeyPair::generate_secp256k1();
let fluence_pk = kp.public();
let libp2p_pk: libp2p_identity::PublicKey = fluence_pk.clone().into();
let peer_id = PeerId::from_public_key(&libp2p_pk);

286
keypair/src/rsa.rs Normal file
View File

@ -0,0 +1,286 @@
// Copyright 2019 Parity Technologies (UK) Ltd.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the "Software"),
// to deal in the Software without restriction, including without limitation
// the rights to use, copy, modify, merge, publish, distribute, sublicense,
// and/or sell copies of the Software, and to permit persons to whom the
// Software is furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//! RSA keys.
use crate::error::{DecodingError, SigningError, VerificationError};
use asn1_der::{Asn1Der, Asn1DerError, DerObject, DerTag, DerValue, FromDerObject, IntoDerObject};
use lazy_static::lazy_static;
use ring::rand::SystemRandom;
use ring::signature::KeyPair;
use ring::signature::{self, RsaKeyPair, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_SHA256};
use serde::{Deserialize, Serialize};
use std::{
fmt::{self, Write},
sync::Arc,
};
use zeroize::Zeroize;
/// An RSA keypair.
#[derive(Clone)]
pub struct Keypair(Arc<RsaKeyPair>);
impl Keypair {
/// Decode an RSA keypair from a DER-encoded private key in PKCS#8 PrivateKeyInfo
/// format (i.e. unencrypted) as defined in [RFC5208].
///
/// [RFC5208]: https://tools.ietf.org/html/rfc5208#section-5
pub fn from_pkcs8(der: &mut [u8]) -> Result<Self, DecodingError> {
let kp = RsaKeyPair::from_pkcs8(der).map_err(|_| DecodingError::Rsa)?;
der.zeroize();
Ok(Keypair(Arc::new(kp)))
}
/// Get the public key from the keypair.
pub fn public(&self) -> PublicKey {
PublicKey(self.0.public_key().as_ref().to_vec())
}
/// Sign a message with this keypair.
pub fn sign(&self, data: &[u8]) -> Result<Vec<u8>, SigningError> {
let mut signature = vec![0; self.0.public_modulus_len()];
let rng = SystemRandom::new();
match self.0.sign(&RSA_PKCS1_SHA256, &rng, data, &mut signature) {
Ok(()) => Ok(signature),
Err(_) => Err(SigningError::Rsa),
}
}
}
/// An RSA public key.
#[derive(Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct PublicKey(Vec<u8>);
impl PublicKey {
/// Verify an RSA signature on a message using the public key.
pub fn verify(&self, msg: &[u8], sig: &[u8]) -> Result<(), VerificationError> {
let key = signature::UnparsedPublicKey::new(&RSA_PKCS1_2048_8192_SHA256, &self.0);
key.verify(msg, sig).map_err(|e| {
VerificationError::Rsa(
e,
bs58::encode(sig).into_string(),
bs58::encode(&self.0).into_string(),
)
})
}
/// Encode the RSA public key in DER as a PKCS#1 RSAPublicKey structure,
/// as defined in [RFC3447].
///
/// [RFC3447]: https://tools.ietf.org/html/rfc3447#appendix-A.1.1
pub fn to_pkcs1(&self) -> &[u8] {
// This is the encoding currently used in-memory, so it is trivial.
&self.0
}
pub fn from_pkcs1(pk: Vec<u8>) -> Result<Self, DecodingError> {
Ok(PublicKey(pk))
}
/// Encode the RSA public key in DER as a X.509 SubjectPublicKeyInfo structure,
/// as defined in [RFC5280].
///
/// [RFC5280]: https://tools.ietf.org/html/rfc5280#section-4.1
pub fn encode_x509(&self) -> Vec<u8> {
let spki = Asn1SubjectPublicKeyInfo {
algorithmIdentifier: Asn1RsaEncryption {
algorithm: Asn1OidRsaEncryption(),
parameters: (),
},
subjectPublicKey: Asn1SubjectPublicKey(self.clone()),
};
let mut buf = vec![0u8; spki.serialized_len()];
spki.serialize(buf.iter_mut())
.map(|_| buf)
.expect("RSA X.509 public key encoding failed.")
}
/// Decode an RSA public key from a DER-encoded X.509 SubjectPublicKeyInfo
/// structure. See also `encode_x509`.
pub fn decode_x509(pk: &[u8]) -> Result<Self, DecodingError> {
Asn1SubjectPublicKeyInfo::deserialize(pk.iter())
.map_err(|_| DecodingError::Rsa)
.map(|spki| spki.subjectPublicKey.0)
}
}
impl fmt::Debug for PublicKey {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
let bytes = &self.0;
let mut hex = String::with_capacity(bytes.len() * 2);
for byte in bytes {
write!(hex, "{byte:02x}").expect("Can't fail on writing to string");
}
f.debug_struct("PublicKey").field("pkcs1", &hex).finish()
}
}
//////////////////////////////////////////////////////////////////////////////
// DER encoding / decoding of public keys
//
// Primer: http://luca.ntop.org/Teaching/Appunti/asn1.html
// Playground: https://lapo.it/asn1js/
lazy_static! {
/// The DER encoding of the object identifier (OID) 'rsaEncryption' for
/// RSA public keys defined for X.509 in [RFC-3279] and used in
/// SubjectPublicKeyInfo structures defined in [RFC-5280].
///
/// [RFC-3279]: https://tools.ietf.org/html/rfc3279#section-2.3.1
/// [RFC-5280]: https://tools.ietf.org/html/rfc5280#section-4.1
static ref OID_RSA_ENCRYPTION_DER: DerObject =
DerObject {
tag: DerTag::x06,
value: DerValue {
data: vec![ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 ]
}
};
}
/// The ASN.1 OID for "rsaEncryption".
#[derive(Clone)]
struct Asn1OidRsaEncryption();
impl IntoDerObject for Asn1OidRsaEncryption {
fn into_der_object(self) -> DerObject {
OID_RSA_ENCRYPTION_DER.clone()
}
fn serialized_len(&self) -> usize {
OID_RSA_ENCRYPTION_DER.serialized_len()
}
}
impl FromDerObject for Asn1OidRsaEncryption {
fn from_der_object(o: DerObject) -> Result<Self, Asn1DerError> {
if o.tag != DerTag::x06 {
return Err(Asn1DerError::InvalidTag);
}
if o.value != OID_RSA_ENCRYPTION_DER.value {
return Err(Asn1DerError::InvalidEncoding);
}
Ok(Asn1OidRsaEncryption())
}
}
/// The ASN.1 AlgorithmIdentifier for "rsaEncryption".
#[derive(Asn1Der)]
struct Asn1RsaEncryption {
algorithm: Asn1OidRsaEncryption,
parameters: (),
}
/// The ASN.1 SubjectPublicKey inside a SubjectPublicKeyInfo,
/// i.e. encoded as a DER BIT STRING.
struct Asn1SubjectPublicKey(PublicKey);
impl IntoDerObject for Asn1SubjectPublicKey {
fn into_der_object(self) -> DerObject {
let pk_der = (self.0).0;
let mut bit_string = Vec::with_capacity(pk_der.len() + 1);
// The number of bits in pk_der is trivially always a multiple of 8,
// so there are always 0 "unused bits" signaled by the first byte.
bit_string.push(0u8);
bit_string.extend(pk_der);
DerObject::new(DerTag::x03, bit_string.into())
}
fn serialized_len(&self) -> usize {
DerObject::compute_serialized_len((self.0).0.len() + 1)
}
}
impl FromDerObject for Asn1SubjectPublicKey {
fn from_der_object(o: DerObject) -> Result<Self, Asn1DerError> {
if o.tag != DerTag::x03 {
return Err(Asn1DerError::InvalidTag);
}
let pk_der: Vec<u8> = o.value.data.into_iter().skip(1).collect();
// We don't parse pk_der further as an ASN.1 RsaPublicKey, since
// we only need the DER encoding for `verify`.
Ok(Asn1SubjectPublicKey(PublicKey(pk_der)))
}
}
/// ASN.1 SubjectPublicKeyInfo
#[derive(Asn1Der)]
#[allow(non_snake_case)]
struct Asn1SubjectPublicKeyInfo {
algorithmIdentifier: Asn1RsaEncryption,
subjectPublicKey: Asn1SubjectPublicKey,
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct Signature(pub Vec<u8>);
#[cfg(test)]
mod tests {
use super::*;
use quickcheck::*;
use std::fmt;
const KEY1: &'static [u8] = include_bytes!("test/rsa-2048.pk8");
const KEY2: &'static [u8] = include_bytes!("test/rsa-3072.pk8");
const KEY3: &'static [u8] = include_bytes!("test/rsa-4096.pk8");
#[derive(Clone)]
struct SomeKeypair(Keypair);
impl fmt::Debug for SomeKeypair {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(f, "SomeKeypair")
}
}
impl Arbitrary for SomeKeypair {
fn arbitrary(g: &mut Gen) -> SomeKeypair {
let mut key = g.choose(&[KEY1, KEY2, KEY3]).unwrap().to_vec();
SomeKeypair(Keypair::from_pkcs8(&mut key).unwrap())
}
}
#[test]
fn rsa_from_pkcs8() {
assert!(Keypair::from_pkcs8(&mut KEY1.to_vec()).is_ok());
assert!(Keypair::from_pkcs8(&mut KEY2.to_vec()).is_ok());
assert!(Keypair::from_pkcs8(&mut KEY3.to_vec()).is_ok());
}
#[test]
fn rsa_x509_encode_decode() {
fn prop(SomeKeypair(kp): SomeKeypair) -> Result<bool, String> {
let pk = kp.public();
PublicKey::decode_x509(&pk.encode_x509())
.map_err(|e| e.to_string())
.map(|pk2| pk2 == pk)
}
QuickCheck::new().tests(10).quickcheck(prop as fn(_) -> _);
}
#[test]
fn rsa_sign_verify() {
fn prop(SomeKeypair(kp): SomeKeypair, msg: Vec<u8>) -> Result<bool, SigningError> {
kp.sign(&msg).map(|s| kp.public().verify(&msg, &s).is_ok())
}
QuickCheck::new()
.tests(10)
.quickcheck(prop as fn(_, _) -> _);
}
}

259
keypair/src/secp256k1.rs Normal file
View File

@ -0,0 +1,259 @@
// Copyright 2019 Parity Technologies (UK) Ltd.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the "Software"),
// to deal in the Software without restriction, including without limitation
// the rights to use, copy, modify, merge, publish, distribute, sublicense,
// and/or sell copies of the Software, and to permit persons to whom the
// Software is furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//! Secp256k1 keys.
use crate::error::{DecodingError, SigningError, VerificationError};
use asn1_der::{DerObject, FromDerObject};
use core::fmt;
use libsecp256k1::Message;
use rand::RngCore;
use serde::de::Error as SerdeError;
use serde::{Deserialize, Deserializer, Serialize, Serializer};
use serde_bytes::{ByteBuf as SerdeByteBuf, Bytes as SerdeBytes};
use sha2::{Digest as ShaDigestTrait, Sha256};
use zeroize::Zeroize;
/// A Secp256k1 keypair.
#[derive(Clone)]
pub struct Keypair {
secret: SecretKey,
public: PublicKey,
}
impl Keypair {
/// Generate a new sec256k1 `Keypair`.
pub fn generate() -> Self {
Keypair::from(SecretKey::generate())
}
/// Get the public key of this keypair.
pub fn public(&self) -> &PublicKey {
&self.public
}
/// Get the secret key of this keypair.
pub fn secret(&self) -> &SecretKey {
&self.secret
}
}
impl fmt::Debug for Keypair {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("Keypair")
.field("public", &self.public)
.finish()
}
}
/// Promote a Secp256k1 secret key into a keypair.
impl From<SecretKey> for Keypair {
fn from(secret: SecretKey) -> Self {
let public = PublicKey(libsecp256k1::PublicKey::from_secret_key(&secret.0));
Keypair { secret, public }
}
}
/// Demote a Secp256k1 keypair into a secret key.
impl From<Keypair> for SecretKey {
fn from(kp: Keypair) -> Self {
kp.secret
}
}
/// A Secp256k1 secret key.
#[derive(Clone)]
pub struct SecretKey(libsecp256k1::SecretKey);
impl fmt::Debug for SecretKey {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(f, "SecretKey")
}
}
impl SecretKey {
/// Generate a new Secp256k1 secret key.
pub fn generate() -> Self {
let mut r = rand::thread_rng();
let mut b = [0; libsecp256k1::util::SECRET_KEY_SIZE];
// This is how it is done in `secp256k1::SecretKey::random` which
// we do not use here because it uses `rand::Rng` from rand-0.4.
loop {
r.fill_bytes(&mut b);
if let Ok(k) = libsecp256k1::SecretKey::parse(&b) {
return SecretKey(k);
}
}
}
/// Create a secret key from a byte slice, zeroing the slice on success.
/// If the bytes do not constitute a valid Secp256k1 secret key, an
/// error is returned.
pub fn from_bytes(mut sk: impl AsMut<[u8]>) -> Result<Self, DecodingError> {
let sk_bytes = sk.as_mut();
let secret = libsecp256k1::SecretKey::parse_slice(&*sk_bytes)
.map_err(|_| DecodingError::Secp256k1)?;
sk_bytes.zeroize();
Ok(SecretKey(secret))
}
/// Decode a DER-encoded Secp256k1 secret key in an ECPrivateKey
/// structure as defined in [RFC5915].
///
/// [RFC5915]: https://tools.ietf.org/html/rfc5915
pub fn from_der(mut der: impl AsMut<[u8]>) -> Result<SecretKey, DecodingError> {
// TODO: Stricter parsing.
let der_obj = der.as_mut();
let obj: Vec<DerObject> =
FromDerObject::deserialize((*der_obj).iter()).map_err(|_| DecodingError::Secp256k1)?;
der_obj.zeroize();
let sk_obj = obj.into_iter().nth(1).ok_or(DecodingError::Secp256k1)?;
let mut sk_bytes: Vec<u8> =
FromDerObject::from_der_object(sk_obj).map_err(|_| DecodingError::Secp256k1)?;
let sk = SecretKey::from_bytes(&mut sk_bytes)?;
sk_bytes.zeroize();
Ok(sk)
}
/// Sign a message with this secret key, producing a DER-encoded
/// ECDSA signature, as defined in [RFC3278].
///
/// [RFC3278]: https://tools.ietf.org/html/rfc3278#section-8.2
pub fn sign(&self, msg: &[u8]) -> Result<Vec<u8>, SigningError> {
self.sign_hashed(Sha256::digest(msg).as_ref())
}
/// Returns the raw bytes of the secret key.
pub fn to_bytes(&self) -> [u8; 32] {
self.0.serialize()
}
/// Sign a raw message of length 256 bits with this secret key, produces a DER-encoded
/// ECDSA signature.
pub fn sign_hashed(&self, msg: &[u8]) -> Result<Vec<u8>, SigningError> {
let m = Message::parse_slice(msg).map_err(SigningError::Secp256k1)?;
Ok(libsecp256k1::sign(&m, &self.0)
.0
.serialize_der()
.as_ref()
.into())
}
}
/// A Secp256k1 public key.
#[derive(PartialEq, Eq, Clone, Debug)]
pub struct PublicKey(libsecp256k1::PublicKey);
impl PublicKey {
/// Verify the Secp256k1 signature on a message using the public key.
pub fn verify(&self, msg: &[u8], sig: &[u8]) -> Result<(), VerificationError> {
self.verify_hashed(Sha256::digest(msg).as_ref(), sig)
}
/// Verify the Secp256k1 DER-encoded signature on a raw 256-bit message using the public key.
pub fn verify_hashed(&self, msg: &[u8], sig: &[u8]) -> Result<(), VerificationError> {
Message::parse_slice(msg)
.and_then(|m| {
libsecp256k1::Signature::parse_der(sig)
.map(|s| libsecp256k1::verify(&m, &s, &self.0))
})
.map_err(|e| {
VerificationError::Secp256k1(
e,
bs58::encode(sig).into_string(),
bs58::encode(self.0.serialize_compressed()).into_string(),
)
})
.map(|_| ())
}
/// Encode the public key in compressed form, i.e. with one coordinate
/// represented by a single bit.
pub fn encode(&self) -> [u8; 33] {
self.0.serialize_compressed()
}
/// Encode the public key in uncompressed form.
pub fn encode_uncompressed(&self) -> [u8; 65] {
self.0.serialize()
}
/// Decode a public key from a byte slice in the the format produced
/// by `encode`.
pub fn decode(bytes: &[u8]) -> Result<Self, DecodingError> {
libsecp256k1::PublicKey::parse_slice(bytes, Some(libsecp256k1::PublicKeyFormat::Compressed))
.map_err(|_| DecodingError::Secp256k1)
.map(PublicKey)
}
}
impl Serialize for PublicKey {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
SerdeBytes::new(self.encode().to_vec().as_slice()).serialize(serializer)
}
}
impl<'d> Deserialize<'d> for PublicKey {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'d>,
{
let bytes = <SerdeByteBuf>::deserialize(deserializer)?;
PublicKey::decode(bytes.as_slice()).map_err(SerdeError::custom)
}
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct Signature(pub Vec<u8>);
#[cfg(test)]
mod tests {
use super::*;
use crate::{key_pair, KeyFormat};
use quickcheck::QuickCheck;
fn eq_keypairs(kp1: key_pair::KeyPair, kp2: key_pair::KeyPair) -> bool {
kp1.public() == kp2.public() && kp1.secret().unwrap() == kp2.secret().unwrap()
}
#[test]
fn secp256k1_secret_from_bytes() {
let sk1 = SecretKey::generate();
let mut sk_bytes = [0; 32];
sk_bytes.copy_from_slice(&sk1.0.serialize()[..]);
let sk2 = SecretKey::from_bytes(&mut sk_bytes).unwrap();
assert_eq!(sk1.0.serialize(), sk2.0.serialize());
assert_eq!(sk_bytes, [0; 32]);
}
#[test]
fn secp256k1_keypair_encode_decode() {
fn prop() -> bool {
let kp1 = key_pair::KeyPair::generate(KeyFormat::Secp256k1);
let kp1_enc = libp2p_identity::Keypair::from(kp1.clone());
let kp2 = key_pair::KeyPair::from(kp1_enc);
eq_keypairs(kp1, kp2)
}
QuickCheck::new().tests(10).quickcheck(prop as fn() -> _);
}
}

35
keypair/src/signature.rs
View File

@ -16,12 +16,18 @@
use crate::ed25519;
use crate::error::DecodingError;
use crate::key_pair::KeyFormat;
#[cfg(not(target_arch = "wasm32"))]
use crate::rsa;
use crate::secp256k1;
use serde::{Deserialize, Serialize};
use std::convert::TryFrom;
#[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize)]
pub enum Signature {
Ed25519(ed25519::Signature),
#[cfg(not(target_arch = "wasm32"))]
Rsa(rsa::Signature),
Secp256k1(secp256k1::Signature),
}
pub struct RawSignature {
@ -34,6 +40,9 @@ impl Signature {
use Signature::*;
match self {
Ed25519(_) => KeyFormat::Ed25519.into(),
#[cfg(not(target_arch = "wasm32"))]
Rsa(_) => KeyFormat::Rsa.into(),
Secp256k1(_) => KeyFormat::Secp256k1.into(),
}
}
@ -45,6 +54,9 @@ impl Signature {
match self {
Ed25519(sig) => result.extend(sig.0.clone()),
#[cfg(not(target_arch = "wasm32"))]
Rsa(sig) => result.extend(sig.0.clone()),
Secp256k1(sig) => result.extend(sig.0.clone()),
}
result
@ -54,6 +66,11 @@ impl Signature {
pub fn decode(bytes: Vec<u8>) -> Result<Self, DecodingError> {
match KeyFormat::try_from(bytes[0])? {
KeyFormat::Ed25519 => Ok(Signature::Ed25519(ed25519::Signature(bytes[1..].to_vec()))),
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => Ok(Signature::Rsa(rsa::Signature(bytes[1..].to_vec()))),
KeyFormat::Secp256k1 => Ok(Signature::Secp256k1(secp256k1::Signature(
bytes[1..].to_vec(),
))),
}
}
@ -62,6 +79,9 @@ impl Signature {
match self {
Ed25519(sig) => &sig.0,
#[cfg(not(target_arch = "wasm32"))]
Rsa(sig) => &sig.0,
Secp256k1(sig) => &sig.0,
}
}
@ -70,6 +90,9 @@ impl Signature {
match self {
Ed25519(_) => KeyFormat::Ed25519,
#[cfg(not(target_arch = "wasm32"))]
Rsa(_) => KeyFormat::Rsa,
Secp256k1(_) => KeyFormat::Secp256k1,
}
}
@ -83,6 +106,9 @@ impl Signature {
pub fn from_bytes(key_format: KeyFormat, bytes: Vec<u8>) -> Self {
match key_format {
KeyFormat::Ed25519 => Signature::Ed25519(ed25519::Signature(bytes)),
#[cfg(not(target_arch = "wasm32"))]
KeyFormat::Rsa => Signature::Rsa(rsa::Signature(bytes)),
KeyFormat::Secp256k1 => Signature::Secp256k1(secp256k1::Signature(bytes)),
}
}
}
@ -95,10 +121,19 @@ mod tests {
fn signature_encode_decode() {
let bytes: Vec<u8> = (0..10).collect();
let ed25519_sig = Signature::Ed25519(crate::ed25519::Signature(bytes.clone()));
let secp256k1_sig = Signature::Secp256k1(crate::secp256k1::Signature(bytes.clone()));
#[cfg(not(target_arch = "wasm32"))]
let rsa_sig = Signature::Rsa(crate::rsa::Signature(bytes.clone()));
assert_eq!(
Signature::decode(ed25519_sig.encode()).unwrap(),
ed25519_sig
);
assert_eq!(
Signature::decode(secp256k1_sig.encode()).unwrap(),
secp256k1_sig
);
#[cfg(not(target_arch = "wasm32"))]
assert_eq!(Signature::decode(rsa_sig.encode()).unwrap(), rsa_sig);
}
}

BIN
keypair/src/test/rsa-2048.pk8 Normal file
View File

Binary file not shown.

BIN
keypair/src/test/rsa-3072.pk8 Normal file
View File

Binary file not shown.

BIN
keypair/src/test/rsa-4096.pk8 Normal file
View File

Binary file not shown.

2
rust-toolchain.toml
View File

@ -1,4 +1,4 @@
[toolchain]
channel = "nightly-2023-12-06"
channel = "nightly-2022-12-06"
targets = [ "x86_64-apple-darwin", "wasm32-wasi", "wasm32-unknown-unknown", "x86_64-unknown-linux-gnu" ]
components = [ "rustfmt", "clippy" ]

57
service/CHANGELOG.md
View File

@ -9,63 +9,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* trust-graph bumped from 0.4.1 to 0.4.2
* fluence-keypair bumped from 0.10.0 to 0.10.1
## [0.4.11](https://github.com/fluencelabs/trust-graph/compare/trust-graph-wasm-v0.4.10...trust-graph-wasm-v0.4.11) (2024-01-17)
### Bug Fixes
* **trust-graph:** Regenerate aqua bindings from wasm ([#155](https://github.com/fluencelabs/trust-graph/issues/155)) ([fd145c5](https://github.com/fluencelabs/trust-graph/commit/fd145c5fe1a115e87539ec5c9496d8b4c8bbc468))
### Dependencies
* The following workspace dependencies were updated
* dependencies
* trust-graph bumped from 0.4.10 to 0.4.11
## [0.4.10](https://github.com/fluencelabs/trust-graph/compare/trust-graph-wasm-v0.4.9...trust-graph-wasm-v0.4.10) (2024-01-03)
### Bug Fixes
* **trust-graph:** Revert release 0.4.10 ([#153](https://github.com/fluencelabs/trust-graph/issues/153)) ([b263ce1](https://github.com/fluencelabs/trust-graph/commit/b263ce1fb13b937b629608ede35b6f436023dcac))
### Dependencies
* The following workspace dependencies were updated
* dependencies
* trust-graph bumped from 0.4.9 to 0.4.10
## [0.4.9](https://github.com/fluencelabs/trust-graph/compare/trust-graph-wasm-v0.4.8...trust-graph-wasm-v0.4.9) (2023-12-28)
### Bug Fixes
* **deps:** update sqlite wasm ([#135](https://github.com/fluencelabs/trust-graph/issues/135)) ([c59451d](https://github.com/fluencelabs/trust-graph/commit/c59451de04ba79152fa8d600a7b456ab24766dd0))
### Dependencies
* The following workspace dependencies were updated
* dependencies
* trust-graph bumped from 0.4.8 to 0.4.9
## [0.4.8](https://github.com/fluencelabs/trust-graph/compare/trust-graph-wasm-v0.4.7...trust-graph-wasm-v0.4.8) (2023-12-20)
### Features
* update marine sdk's, configs and sqlite connector ([#129](https://github.com/fluencelabs/trust-graph/issues/129)) ([0b66f4e](https://github.com/fluencelabs/trust-graph/commit/0b66f4e0536633879de46f69ac8391c72ece7e77))
### Dependencies
* The following workspace dependencies were updated
* dependencies
* trust-graph bumped from 0.4.7 to 0.4.8
* fluence-keypair bumped from 0.10.3 to 0.10.4
## [0.4.7](https://github.com/fluencelabs/trust-graph/compare/trust-graph-wasm-v0.4.6...trust-graph-wasm-v0.4.7) (2023-07-04)

15
service/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "trust-graph-wasm"
version = "0.4.11"
version = "0.4.7"
authors = ["Fluence Labs"]
edition = "2021"
description = "trust graph wasm"
@ -12,16 +12,16 @@ name = "trust-graph"
path = "src/main.rs"
[dependencies]
trust-graph = { version = "0.4.11", path = "../trust-graph" }
fluence-keypair = { version = "0.10.4", path = "../keypair" }
trust-graph = { version = "0.10.4-alpha.0", path = "../trust-graph" }
fluence-keypair = { version = "0.10.4-alpha.0", path = "../keypair" }
marine-rs-sdk = { version = "0.10.2", features = ["logger"] }
marine-sqlite-connector = "0.9.2"
marine-sqlite-connector = "0.9.0"
libp2p-identity = { workspace = true }
log = "0.4.8"
anyhow = "1.0.31"
once_cell = "1.18.0"
once_cell = "1.4.1"
serde_json = "1.0"
bs58 = "0.4.0"
rmp-serde = "1.1.1"
@ -29,9 +29,8 @@ bincode = "1.3.1"
thiserror = "1.0.23"
[dev-dependencies]
marine-rs-sdk-test = "0.12.1"
marine-rs-sdk-test = "0.9.1"
rusqlite = "0.28.0"
fluence-keypair = { version = "0.10.3", path = "../keypair", features = ["rand"] }
[build-dependencies]
marine-rs-sdk-test = "0.12.1"
marine-rs-sdk-test = "0.9.1"

4
service/build.sh
View File

@ -1,7 +1,5 @@
#!/usr/bin/env bash
set -o errexit -o nounset -o pipefail
set -x
# set current working directory to script directory to run script from everywhere
cd "$(dirname "$0")"
@ -15,7 +13,7 @@ mkdir -p artifacts
cp ../target/wasm32-wasi/release/trust-graph.wasm artifacts/
# download SQLite 3 to use in tests
curl -sS -L https://github.com/fluencelabs/sqlite/releases/download/sqlite-wasm-v0.18.2/sqlite3.wasm -o artifacts/sqlite3.wasm
curl -sS -L https://github.com/fluencelabs/sqlite/releases/download/sqlite-wasm-v0.18.1/sqlite3.wasm -o artifacts/sqlite3.wasm
# generate Aqua bindings
marine aqua artifacts/trust-graph.wasm -s TrustGraph -i trust-graph > ../aqua/trust-graph.aqua

2
service/rust-toolchain.toml
View File

@ -1,3 +1,3 @@
[toolchain]
channel = "nightly-2023-12-06"
channel = "nightly-2022-12-06"
targets = [ "x86_64-apple-darwin", "wasm32-wasi", "wasm32-unknown-unknown", "x86_64-unknown-linux-gnu" ]

2
service/src/misc.rs
View File

@ -37,7 +37,7 @@ pub(crate) fn check_timestamp_tetraplets(
.get(arg_number)
.ok_or_else(|| InvalidTimestampTetraplet(format!("{:?}", call_parameters.tetraplets)))?;
let tetraplet = tetraplets
.first()
.get(0)
.ok_or_else(|| InvalidTimestampTetraplet(format!("{:?}", call_parameters.tetraplets)))?;
(TRUSTED_TIMESTAMP.eq(&(&tetraplet.service_id, &tetraplet.function_name))
&& tetraplet.peer_pk == call_parameters.host_id)

35
trust-graph/CHANGELOG.md
View File

@ -4,41 +4,6 @@
* dependencies
* fluence-keypair bumped from 0.10.0 to 0.10.1
## [0.4.11](https://github.com/fluencelabs/trust-graph/compare/trust-graph-v0.4.10...trust-graph-v0.4.11) (2024-01-17)
### Miscellaneous Chores
* **trust-graph:** Synchronize trust-graph, wasm and api versions
## [0.4.10](https://github.com/fluencelabs/trust-graph/compare/trust-graph-v0.4.9...trust-graph-v0.4.10) (2024-01-03)
### Bug Fixes
* **trust-graph:** Revert release 0.4.10 ([#153](https://github.com/fluencelabs/trust-graph/issues/153)) ([b263ce1](https://github.com/fluencelabs/trust-graph/commit/b263ce1fb13b937b629608ede35b6f436023dcac))
## [0.4.9](https://github.com/fluencelabs/trust-graph/compare/trust-graph-v0.4.8...trust-graph-v0.4.9) (2023-12-28)
### Miscellaneous Chores
* **trust-graph:** Synchronize trust-graph, wasm and api versions
## [0.4.8](https://github.com/fluencelabs/trust-graph/compare/trust-graph-v0.4.7...trust-graph-v0.4.8) (2023-12-20)
### Features
* update marine sdk's, configs and sqlite connector ([#129](https://github.com/fluencelabs/trust-graph/issues/129)) ([0b66f4e](https://github.com/fluencelabs/trust-graph/commit/0b66f4e0536633879de46f69ac8391c72ece7e77))
### Dependencies
* The following workspace dependencies were updated
* dependencies
* fluence-keypair bumped from 0.10.3 to 0.10.4
## [0.4.7](https://github.com/fluencelabs/trust-graph/compare/trust-graph-v0.4.6...trust-graph-v0.4.7) (2023-07-04)

4
trust-graph/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "trust-graph"
version = "0.4.11"
version = "0.10.4"
authors = ["Fluence Labs"]
edition = "2021"
description = "trust graph"
@ -10,7 +10,7 @@ repository = "https://github.com/fluencelabs/trust-graph"
[dependencies]
serde = { version = "1.0.118", features = ["derive"] }
fluence-keypair = { path = "../keypair", version = "0.10.4" }
fluence-keypair = { path = "../keypair", version = "0.10.4-alpha.0" }
bs58 = "0.4.0"
failure = "0.1.6"
log = "0.4.11"

2
trust-graph/src/public_key_hashable.rs
View File

@ -29,7 +29,7 @@ use std::{
#[repr(transparent)]
pub struct PublicKeyHashable(PublicKey);
#[allow(clippy::derived_hash_with_manual_eq)]
#[allow(clippy::derive_hash_xor_eq)]
impl Hash for PublicKeyHashable {
fn hash<H: Hasher>(&self, state: &mut H) {
state.write(&self.0.encode());

2
trust-graph/src/trust_graph.rs
View File

@ -154,7 +154,7 @@ where
C: Borrow<Certificate>,
{
let chain = &cert.borrow().chain;
let mut issued_by = chain.first().ok_or(EmptyChain)?.issued_for.clone();
let mut issued_by = chain.get(0).ok_or(EmptyChain)?.issued_for.clone();
// TODO: optimize to check only root weight
for trust in chain {