diff options
author | Rutger Broekhoff | 2021-05-24 22:44:21 +0200 |
---|---|---|
committer | Rutger Broekhoff | 2021-05-24 22:44:21 +0200 |
commit | f3232a9022b67db164b901272f4a8e47f46a74b3 (patch) | |
tree | 58f32f210024b32939053e5c8e13a7a52ddcb6fe /src/nkeys.zig | |
parent | 862fed7c251b331ac953e8e7ef5cdfe3da7772e8 (diff) | |
download | zig-nkeys-f3232a9022b67db164b901272f4a8e47f46a74b3.tar.gz zig-nkeys-f3232a9022b67db164b901272f4a8e47f46a74b3.zip |
Add PrivateKey, use Ed25519.KeyPair in SeedKeyPair
Diffstat (limited to 'src/nkeys.zig')
-rw-r--r-- | src/nkeys.zig | 271 |
1 files changed, 148 insertions, 123 deletions
diff --git a/src/nkeys.zig b/src/nkeys.zig index 8493941..aac326c 100644 --- a/src/nkeys.zig +++ b/src/nkeys.zig | |||
@@ -9,9 +9,15 @@ const testing = std.testing; | |||
9 | 9 | ||
10 | pub const InvalidPrefixByteError = error{InvalidPrefixByte}; | 10 | pub const InvalidPrefixByteError = error{InvalidPrefixByte}; |
11 | pub const InvalidEncodingError = error{InvalidEncoding}; | 11 | pub const InvalidEncodingError = error{InvalidEncoding}; |
12 | pub const InvalidPrivateKeyError = error{InvalidPrivateKey}; | ||
12 | pub const InvalidSeedError = error{InvalidSeed}; | 13 | pub const InvalidSeedError = error{InvalidSeed}; |
14 | pub const InvalidSignatureError = error{InvalidSignature}; | ||
13 | pub const NoNkeySeedFoundError = error{NoNkeySeedFound}; | 15 | pub const NoNkeySeedFoundError = error{NoNkeySeedFound}; |
14 | pub const NoNkeyUserSeedFoundError = error{NoNkeyUserSeedFound}; | 16 | pub const NoNkeyUserSeedFoundError = error{NoNkeyUserSeedFound}; |
17 | pub const DecodeError = InvalidPrefixByteError || base32.DecodeError || crc16.InvalidChecksumError; | ||
18 | pub const SeedDecodeError = DecodeError || InvalidSeedError || crypto.errors.IdentityElementError; | ||
19 | pub const PrivateKeyDecodeError = DecodeError || InvalidPrivateKeyError || crypto.errors.IdentityElementError; | ||
20 | pub const SignError = crypto.errors.IdentityElementError || crypto.errors.WeakPublicKeyError || crypto.errors.KeyMismatchError; | ||
15 | 21 | ||
16 | pub const KeyTypePrefixByte = enum(u8) { | 22 | pub const KeyTypePrefixByte = enum(u8) { |
17 | seed = 18 << 3, // S | 23 | seed = 18 << 3, // S |
@@ -41,93 +47,93 @@ pub const PublicPrefixByte = enum(u8) { | |||
41 | pub const SeedKeyPair = struct { | 47 | pub const SeedKeyPair = struct { |
42 | const Self = @This(); | 48 | const Self = @This(); |
43 | 49 | ||
44 | seed: text_seed, | 50 | prefix: PublicPrefixByte, |
51 | kp: Ed25519.KeyPair, | ||
45 | 52 | ||
46 | pub fn generate(prefix: PublicPrefixByte) Self { | 53 | pub fn generate(prefix: PublicPrefixByte) crypto.errors.IdentityElementError!Self { |
47 | var raw_seed: [Ed25519.seed_length]u8 = undefined; | 54 | var raw_seed: [Ed25519.seed_length]u8 = undefined; |
48 | crypto.random.bytes(&raw_seed); | 55 | crypto.random.bytes(&raw_seed); |
49 | defer wipeBytes(&raw_seed); | 56 | defer wipeBytes(&raw_seed); |
50 | 57 | return Self{ .prefix = prefix, .kp = try Ed25519.KeyPair.create(raw_seed) }; | |
51 | return Self{ .seed = encodeSeed(prefix, &raw_seed) }; | ||
52 | } | ||
53 | |||
54 | pub fn fromTextSeed(seed: *const text_seed) SeedDecodeError!Self { | ||
55 | var decoded = try decodeSeed(seed); | ||
56 | decoded.wipe(); | ||
57 | return Self{ .seed = seed.* }; | ||
58 | } | ||
59 | |||
60 | pub fn fromRawSeed(prefix: PublicPrefixByte, raw_seed: *const [Ed25519.seed_length]u8) Self { | ||
61 | return Self{ .seed = encodeSeed(prefix, raw_seed) }; | ||
62 | } | 58 | } |
63 | 59 | ||
64 | fn rawSeed(self: *const Self) SeedDecodeError![Ed25519.seed_length]u8 { | 60 | pub fn fromTextSeed(text: *const text_seed) SeedDecodeError!Self { |
65 | return (try decodeSeed(&self.seed)).seed; | 61 | var decoded = try decode(2, Ed25519.seed_length, text); |
66 | } | 62 | defer decoded.wipe(); // gets copied |
67 | |||
68 | fn keys(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!Ed25519.KeyPair { | ||
69 | return Ed25519.KeyPair.create(try rawSeed(self)); | ||
70 | } | ||
71 | 63 | ||
72 | pub fn privateKey(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!text_private { | 64 | var key_ty_prefix = decoded.prefix[0] & 0b11111000; |
73 | var kp = try self.keys(); | 65 | var entity_ty_prefix = (decoded.prefix[0] << 5) | (decoded.prefix[1] >> 3); |
74 | defer wipeKeyPair(&kp); | ||
75 | return encodePrivate(&kp.secret_key); | ||
76 | } | ||
77 | 66 | ||
78 | pub fn publicKey(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!text_public { | 67 | if (key_ty_prefix != @enumToInt(KeyTypePrefixByte.seed)) |
79 | var decoded = try decodeSeed(&self.seed); | 68 | return error.InvalidSeed; |
80 | defer decoded.wipe(); | ||
81 | var kp = try Ed25519.KeyPair.create(decoded.seed); | ||
82 | defer wipeKeyPair(&kp); | ||
83 | return encodePublic(decoded.prefix, &kp.public_key); | ||
84 | } | ||
85 | 69 | ||
86 | pub fn intoPublicKey(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!PublicKey { | 70 | return Self{ |
87 | var decoded = try decodeSeed(&self.seed); | 71 | .prefix = try PublicPrefixByte.fromU8(entity_ty_prefix), |
88 | defer decoded.wipe(); | 72 | .kp = try Ed25519.KeyPair.create(decoded.data), |
89 | var kp = try Ed25519.KeyPair.create(decoded.seed); | ||
90 | defer wipeKeyPair(&kp); | ||
91 | return PublicKey{ | ||
92 | .prefix = decoded.prefix, | ||
93 | .key = kp.public_key, | ||
94 | }; | 73 | }; |
95 | } | 74 | } |
96 | 75 | ||
97 | pub const SignError = SeedDecodeError || crypto.errors.IdentityElementError || crypto.errors.WeakPublicKeyError; | 76 | pub fn fromRawSeed( |
77 | prefix: PublicPrefixByte, | ||
78 | raw_seed: *const [Ed25519.seed_length]u8, | ||
79 | ) crypto.errors.IdentityElementError!Self { | ||
80 | return Self{ .prefix = prefix, .kp = try Ed25519.KeyPair.create(raw_seed.*) }; | ||
81 | } | ||
98 | 82 | ||
99 | pub fn sign( | 83 | pub fn sign( |
100 | self: *const Self, | 84 | self: *const Self, |
101 | msg: []const u8, | 85 | msg: []const u8, |
102 | ) SignError![Ed25519.signature_length]u8 { | 86 | ) SignError![Ed25519.signature_length]u8 { |
103 | var kp = try self.keys(); | 87 | return Ed25519.sign(msg, self.kp, null); |
104 | defer wipeKeyPair(&kp); | ||
105 | return Ed25519.sign(msg, kp, null) catch |e| switch (e) { | ||
106 | error.KeyMismatch => unreachable, // would mean that self.keys() has an incorrect implementation | ||
107 | error.WeakPublicKey => error.WeakPublicKey, | ||
108 | error.IdentityElement => error.IdentityElement, | ||
109 | }; | ||
110 | } | 88 | } |
111 | 89 | ||
112 | pub fn verify( | 90 | pub fn verify( |
113 | self: *const Self, | 91 | self: *const Self, |
114 | msg: []const u8, | 92 | msg: []const u8, |
115 | sig: [Ed25519.signature_length]u8, | 93 | sig: [Ed25519.signature_length]u8, |
116 | ) !void { | 94 | ) InvalidSignatureError!void { |
117 | var kp = try self.keys(); | 95 | Ed25519.verify(sig, msg, self.kp.public_key) catch return error.InvalidSignature; |
118 | defer wipeKeyPair(&kp); | ||
119 | Ed25519.verify(sig, msg, kp.public_key) catch return error.InvalidSignature; | ||
120 | } | 96 | } |
121 | 97 | ||
122 | pub fn wipe(self: *Self) void { | 98 | pub fn asTextSeed(self: *const Self) text_seed { |
123 | wipeBytes(&self.seed); | 99 | const full_prefix = &[_]u8{ |
100 | @enumToInt(KeyTypePrefixByte.seed) | (@enumToInt(self.prefix) >> 5), | ||
101 | (@enumToInt(self.prefix) & 0b00011111) << 3, | ||
102 | }; | ||
103 | const seed = self.kp.secret_key[0..Ed25519.seed_length]; | ||
104 | return encode(full_prefix.len, seed.len, full_prefix, seed); | ||
105 | } | ||
106 | |||
107 | pub fn asTextPrivateKey(self: *const Self) text_private { | ||
108 | return encode(1, self.kp.secret_key.len, &[_]u8{@enumToInt(KeyTypePrefixByte.private)}, &self.kp.secret_key); | ||
109 | } | ||
110 | |||
111 | pub fn asTextPublicKey(self: *const Self) text_public { | ||
112 | return encode(1, self.kp.public_key.len, &[_]u8{@enumToInt(self.prefix)}, &self.kp.public_key); | ||
124 | } | 113 | } |
125 | 114 | ||
126 | fn wipeKeyPair(kp: *Ed25519.KeyPair) void { | 115 | pub fn asPublicKey(self: *const Self) PublicKey { |
127 | wipeBytes(&kp.secret_key); | 116 | return PublicKey{ |
117 | .prefix = self.prefix, | ||
118 | .key = self.kp.public_key, | ||
119 | }; | ||
120 | } | ||
121 | |||
122 | pub fn asPrivateKey(self: *const Self) PrivateKey { | ||
123 | return PrivateKey{ .kp = self.kp }; | ||
124 | } | ||
125 | |||
126 | pub fn wipe(self: *Self) void { | ||
127 | self.prefix = .account; | ||
128 | wipeKeyPair(&self.kp); | ||
128 | } | 129 | } |
129 | }; | 130 | }; |
130 | 131 | ||
132 | fn wipeKeyPair(kp: *Ed25519.KeyPair) void { | ||
133 | wipeBytes(&kp.public_key); | ||
134 | wipeBytes(&kp.secret_key); | ||
135 | } | ||
136 | |||
131 | fn wipeBytes(bs: []u8) void { | 137 | fn wipeBytes(bs: []u8) void { |
132 | for (bs) |*b| b.* = 0; | 138 | for (bs) |*b| b.* = 0; |
133 | } | 139 | } |
@@ -138,7 +144,7 @@ pub const PublicKey = struct { | |||
138 | prefix: PublicPrefixByte, | 144 | prefix: PublicPrefixByte, |
139 | key: [Ed25519.public_length]u8, | 145 | key: [Ed25519.public_length]u8, |
140 | 146 | ||
141 | pub fn fromTextPublicKey(text: *const text_public) DecodeError!PublicKey { | 147 | pub fn fromTextPublicKey(text: *const text_public) DecodeError!Self { |
142 | var decoded = try decode(1, Ed25519.public_length, text); | 148 | var decoded = try decode(1, Ed25519.public_length, text); |
143 | defer decoded.wipe(); // gets copied | 149 | defer decoded.wipe(); // gets copied |
144 | return PublicKey{ | 150 | return PublicKey{ |
@@ -147,15 +153,15 @@ pub const PublicKey = struct { | |||
147 | }; | 153 | }; |
148 | } | 154 | } |
149 | 155 | ||
150 | pub fn publicKey(self: *const Self) text_public { | 156 | pub fn asTextPublicKey(self: *const Self) text_public { |
151 | return encodePublic(self.prefix, &self.key); | 157 | return encode(1, self.key.len, &[_]u8{@enumToInt(self.prefix)}, &self.key); |
152 | } | 158 | } |
153 | 159 | ||
154 | pub fn verify( | 160 | pub fn verify( |
155 | self: *const Self, | 161 | self: *const Self, |
156 | msg: []const u8, | 162 | msg: []const u8, |
157 | sig: [Ed25519.signature_length]u8, | 163 | sig: [Ed25519.signature_length]u8, |
158 | ) !void { | 164 | ) InvalidSignatureError!void { |
159 | Ed25519.verify(sig, msg, self.key) catch return error.InvalidSignature; | 165 | Ed25519.verify(sig, msg, self.key) catch return error.InvalidSignature; |
160 | } | 166 | } |
161 | 167 | ||
@@ -165,6 +171,57 @@ pub const PublicKey = struct { | |||
165 | } | 171 | } |
166 | }; | 172 | }; |
167 | 173 | ||
174 | pub const PrivateKey = struct { | ||
175 | const Self = @This(); | ||
176 | |||
177 | kp: Ed25519.KeyPair, | ||
178 | |||
179 | pub fn fromTextPrivateKey(text: *const text_private) PrivateKeyDecodeError!Self { | ||
180 | var decoded = try decode(1, Ed25519.secret_length, text); | ||
181 | defer decoded.wipe(); // gets copied | ||
182 | if (decoded.prefix[0] != @enumToInt(KeyTypePrefixByte.private)) | ||
183 | return error.InvalidPrivateKey; | ||
184 | return PrivateKey{ .kp = Ed25519.KeyPair.fromSecretKey(decoded.data) }; | ||
185 | } | ||
186 | |||
187 | pub fn asSeedKeyPair(self: *const Self, prefix: PublicPrefixByte) SeedKeyPair { | ||
188 | return SeedKeyPair{ | ||
189 | .prefix = prefix, | ||
190 | .kp = self.kp, | ||
191 | }; | ||
192 | } | ||
193 | |||
194 | pub fn asPublicKey(self: *const Self, prefix: PublicPrefixByte) PublicKey { | ||
195 | return PublicKey{ | ||
196 | .prefix = prefix, | ||
197 | .key = self.kp.public_key, | ||
198 | }; | ||
199 | } | ||
200 | |||
201 | pub fn asTextPrivateKey(self: *const Self) text_private { | ||
202 | return encode(1, self.kp.secret_key.len, &[_]u8{@enumToInt(KeyTypePrefixByte.private)}, &self.kp.secret_key); | ||
203 | } | ||
204 | |||
205 | pub fn sign( | ||
206 | self: *const Self, | ||
207 | msg: []const u8, | ||
208 | ) SignError![Ed25519.signature_length]u8 { | ||
209 | return Ed25519.sign(msg, self.kp, null); | ||
210 | } | ||
211 | |||
212 | pub fn verify( | ||
213 | self: *const Self, | ||
214 | msg: []const u8, | ||
215 | sig: [Ed25519.signature_length]u8, | ||
216 | ) InvalidSignatureError!void { | ||
217 | Ed25519.verify(sig, msg, self.kp.public_key) catch return error.InvalidSignature; | ||
218 | } | ||
219 | |||
220 | pub fn wipe(self: *Self) void { | ||
221 | wipeKeyPair(&self.kp); | ||
222 | } | ||
223 | }; | ||
224 | |||
168 | // One prefix byte, two CRC bytes | 225 | // One prefix byte, two CRC bytes |
169 | const binary_private_size = 1 + Ed25519.secret_length + 2; | 226 | const binary_private_size = 1 + Ed25519.secret_length + 2; |
170 | // One prefix byte, two CRC bytes | 227 | // One prefix byte, two CRC bytes |
@@ -180,14 +237,6 @@ pub const text_private = [text_private_len]u8; | |||
180 | pub const text_public = [text_public_len]u8; | 237 | pub const text_public = [text_public_len]u8; |
181 | pub const text_seed = [text_seed_len]u8; | 238 | pub const text_seed = [text_seed_len]u8; |
182 | 239 | ||
183 | fn encodePublic(prefix: PublicPrefixByte, key: *const [Ed25519.public_length]u8) text_public { | ||
184 | return encode(1, key.len, &[_]u8{@enumToInt(prefix)}, key); | ||
185 | } | ||
186 | |||
187 | fn encodePrivate(key: *const [Ed25519.secret_length]u8) text_private { | ||
188 | return encode(1, key.len, &[_]u8{@enumToInt(KeyTypePrefixByte.private)}, key); | ||
189 | } | ||
190 | |||
191 | fn encoded_key(comptime prefix_len: usize, comptime data_len: usize) type { | 240 | fn encoded_key(comptime prefix_len: usize, comptime data_len: usize) type { |
192 | return [base32.Encoder.calcSize(prefix_len + data_len + 2)]u8; | 241 | return [base32.Encoder.calcSize(prefix_len + data_len + 2)]u8; |
193 | } | 242 | } |
@@ -213,16 +262,6 @@ fn encode( | |||
213 | return text; | 262 | return text; |
214 | } | 263 | } |
215 | 264 | ||
216 | pub fn encodeSeed(prefix: PublicPrefixByte, src: *const [Ed25519.seed_length]u8) text_seed { | ||
217 | const full_prefix = &[_]u8{ | ||
218 | @enumToInt(KeyTypePrefixByte.seed) | (@enumToInt(prefix) >> 5), | ||
219 | (@enumToInt(prefix) & 0b00011111) << 3, | ||
220 | }; | ||
221 | return encode(full_prefix.len, src.len, full_prefix, src); | ||
222 | } | ||
223 | |||
224 | pub const DecodeError = InvalidPrefixByteError || base32.DecodeError || crc16.InvalidChecksumError; | ||
225 | |||
226 | fn DecodedNkey(comptime prefix_len: usize, comptime data_len: usize) type { | 265 | fn DecodedNkey(comptime prefix_len: usize, comptime data_len: usize) type { |
227 | return struct { | 266 | return struct { |
228 | const Self = @This(); | 267 | const Self = @This(); |
@@ -255,36 +294,6 @@ fn decode( | |||
255 | }; | 294 | }; |
256 | } | 295 | } |
257 | 296 | ||
258 | pub const DecodedSeed = struct { | ||
259 | const Self = @This(); | ||
260 | |||
261 | prefix: PublicPrefixByte, | ||
262 | seed: [Ed25519.seed_length]u8, | ||
263 | |||
264 | pub fn wipe(self: *Self) void { | ||
265 | self.prefix = .account; | ||
266 | wipeBytes(&self.seed); | ||
267 | } | ||
268 | }; | ||
269 | |||
270 | pub const SeedDecodeError = DecodeError || InvalidSeedError; | ||
271 | |||
272 | pub fn decodeSeed(text: *const text_seed) SeedDecodeError!DecodedSeed { | ||
273 | var decoded = try decode(2, Ed25519.seed_length, text); | ||
274 | defer decoded.wipe(); // gets copied | ||
275 | |||
276 | var key_ty_prefix = decoded.prefix[0] & 0b11111000; | ||
277 | var entity_ty_prefix = (decoded.prefix[0] << 5) | (decoded.prefix[1] >> 3); | ||
278 | |||
279 | if (key_ty_prefix != @enumToInt(KeyTypePrefixByte.seed)) | ||
280 | return error.InvalidSeed; | ||
281 | |||
282 | return DecodedSeed{ | ||
283 | .prefix = try PublicPrefixByte.fromU8(entity_ty_prefix), | ||
284 | .seed = decoded.data, | ||
285 | }; | ||
286 | } | ||
287 | |||
288 | pub fn isValidEncoding(text: []const u8) bool { | 297 | pub fn isValidEncoding(text: []const u8) bool { |
289 | if (text.len < 4) return false; | 298 | if (text.len < 4) return false; |
290 | var made_crc: u16 = 0; | 299 | var made_crc: u16 = 0; |
@@ -307,7 +316,7 @@ pub fn isValidEncoding(text: []const u8) bool { | |||
307 | } | 316 | } |
308 | 317 | ||
309 | pub fn isValidSeed(text: *const text_seed) bool { | 318 | pub fn isValidSeed(text: *const text_seed) bool { |
310 | var res = decodeSeed(text) catch return false; | 319 | var res = SeedKeyPair.fromTextSeed(text) catch return false; |
311 | res.wipe(); | 320 | res.wipe(); |
312 | return true; | 321 | return true; |
313 | } | 322 | } |
@@ -400,7 +409,7 @@ pub fn parseDecoratedNkey(contents: []const u8) NoNkeySeedFoundError!SeedKeyPair | |||
400 | 409 | ||
401 | pub fn parseDecoratedUserNkey(contents: []const u8) (NoNkeySeedFoundError || NoNkeyUserSeedFoundError)!SeedKeyPair { | 410 | pub fn parseDecoratedUserNkey(contents: []const u8) (NoNkeySeedFoundError || NoNkeyUserSeedFoundError)!SeedKeyPair { |
402 | var key = try parseDecoratedNkey(contents); | 411 | var key = try parseDecoratedNkey(contents); |
403 | if (!mem.startsWith(u8, &key.seed, "SU")) return error.NoNkeyUserSeedFound; | 412 | if (!mem.startsWith(u8, &key.asTextSeed(), "SU")) return error.NoNkeyUserSeedFound; |
404 | defer key.wipe(); | 413 | defer key.wipe(); |
405 | return key; | 414 | return key; |
406 | } | 415 | } |
@@ -409,36 +418,49 @@ test { | |||
409 | testing.refAllDecls(@This()); | 418 | testing.refAllDecls(@This()); |
410 | testing.refAllDecls(SeedKeyPair); | 419 | testing.refAllDecls(SeedKeyPair); |
411 | testing.refAllDecls(PublicKey); | 420 | testing.refAllDecls(PublicKey); |
421 | testing.refAllDecls(PrivateKey); | ||
412 | } | 422 | } |
413 | 423 | ||
414 | test { | 424 | test { |
415 | var key_pair = SeedKeyPair.generate(PublicPrefixByte.server); | 425 | var key_pair = try SeedKeyPair.generate(PublicPrefixByte.server); |
416 | defer key_pair.wipe(); | 426 | defer key_pair.wipe(); |
417 | 427 | ||
418 | var decoded_seed = try decodeSeed(&key_pair.seed); | 428 | var decoded_seed = try SeedKeyPair.fromTextSeed(&key_pair.asTextSeed()); |
419 | defer decoded_seed.wipe(); | 429 | defer decoded_seed.wipe(); |
420 | var encoded_second_time = encodeSeed(decoded_seed.prefix, &decoded_seed.seed); | 430 | try testing.expect(isValidEncoding(&decoded_seed.asTextSeed())); |
421 | defer wipeBytes(&encoded_second_time); | ||
422 | try testing.expectEqualSlices(u8, &key_pair.seed, &encoded_second_time); | ||
423 | try testing.expect(isValidEncoding(&key_pair.seed)); | ||
424 | 431 | ||
425 | var pub_key_str_a = try key_pair.publicKey(); | 432 | var pub_key_str_a = key_pair.asTextPublicKey(); |
426 | defer wipeBytes(&pub_key_str_a); | 433 | defer wipeBytes(&pub_key_str_a); |
427 | var priv_key_str = try key_pair.privateKey(); | 434 | var priv_key_str = key_pair.asTextPrivateKey(); |
428 | defer wipeBytes(&priv_key_str); | 435 | defer wipeBytes(&priv_key_str); |
429 | try testing.expect(pub_key_str_a.len != 0); | 436 | try testing.expect(pub_key_str_a.len != 0); |
430 | try testing.expect(priv_key_str.len != 0); | 437 | try testing.expect(priv_key_str.len != 0); |
431 | try testing.expect(isValidEncoding(&pub_key_str_a)); | 438 | try testing.expect(isValidEncoding(&pub_key_str_a)); |
432 | try testing.expect(isValidEncoding(&priv_key_str)); | 439 | try testing.expect(isValidEncoding(&priv_key_str)); |
433 | 440 | ||
434 | var pub_key = try key_pair.intoPublicKey(); | 441 | var pub_key = key_pair.asPublicKey(); |
435 | defer pub_key.wipe(); | 442 | defer pub_key.wipe(); |
436 | var pub_key_str_b = pub_key.publicKey(); | 443 | var pub_key_str_b = pub_key.asTextPublicKey(); |
437 | defer wipeBytes(&pub_key_str_b); | 444 | defer wipeBytes(&pub_key_str_b); |
438 | try testing.expectEqualSlices(u8, &pub_key_str_a, &pub_key_str_b); | 445 | try testing.expectEqualSlices(u8, &pub_key_str_a, &pub_key_str_b); |
439 | } | 446 | } |
440 | 447 | ||
441 | test { | 448 | test "encode" { |
449 | var raw_key: [32]u8 = undefined; | ||
450 | crypto.random.bytes(&raw_key); | ||
451 | |||
452 | // encode( | ||
453 | } | ||
454 | |||
455 | test "parse decorated JWT (bad)" { | ||
456 | try testing.expectEqualStrings("foo", parseDecoratedJwt("foo")); | ||
457 | } | ||
458 | |||
459 | test "parse decorated seed (bad)" { | ||
460 | try testing.expectError(error.NoNkeySeedFound, parseDecoratedNkey("foo")); | ||
461 | } | ||
462 | |||
463 | test "parse decorated seed and JWT" { | ||
442 | const creds = | 464 | const creds = |
443 | \\-----BEGIN NATS USER JWT----- | 465 | \\-----BEGIN NATS USER JWT----- |
444 | \\eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJUWEg1TUxDNTdPTUJUQURYNUJNU0RLWkhSQUtXUFM0TkdHRFFPVlJXRzUyRFdaUlFFVERBIiwiaWF0IjoxNjIxNTgyOTU1LCJpc3MiOiJBQ1ZUQVZMQlFKTklQRjdNWFZWSlpZUFhaTkdFQUZMWVpTUjJSNVRZNk9ESjNSTTRYV0FDNUVFRiIsIm5hbWUiOiJ0ZXN0Iiwic3ViIjoiVUJHSlhLRkVWUlFEM05LM0lDRVc1Q0lDSzM1NkdESVZORkhaRUU0SzdMMkRYWTdORVNQVlFVNEwiLCJuYXRzIjp7InB1YiI6e30sInN1YiI6e30sInN1YnMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsInR5cGUiOiJ1c2VyIiwidmVyc2lvbiI6Mn19.OhPLDZflyJ_keg2xBRDHZZhG5x_Qf_Yb61k9eHLs9zLRf0_ETwMd0PNZI_isuBhXYevobXHVoYA3oxvMVGlDCQ | 466 | \\eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJUWEg1TUxDNTdPTUJUQURYNUJNU0RLWkhSQUtXUFM0TkdHRFFPVlJXRzUyRFdaUlFFVERBIiwiaWF0IjoxNjIxNTgyOTU1LCJpc3MiOiJBQ1ZUQVZMQlFKTklQRjdNWFZWSlpZUFhaTkdFQUZMWVpTUjJSNVRZNk9ESjNSTTRYV0FDNUVFRiIsIm5hbWUiOiJ0ZXN0Iiwic3ViIjoiVUJHSlhLRkVWUlFEM05LM0lDRVc1Q0lDSzM1NkdESVZORkhaRUU0SzdMMkRYWTdORVNQVlFVNEwiLCJuYXRzIjp7InB1YiI6e30sInN1YiI6e30sInN1YnMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsInR5cGUiOiJ1c2VyIiwidmVyc2lvbiI6Mn19.OhPLDZflyJ_keg2xBRDHZZhG5x_Qf_Yb61k9eHLs9zLRf0_ETwMd0PNZI_isuBhXYevobXHVoYA3oxvMVGlDCQ |
@@ -458,7 +480,10 @@ test { | |||
458 | const seed = "SUAGIEYODKBBTUMOB666Z5KA4FCWAZV7HWSGRHOD7MK6UM5IYLWLACH7DQ"; | 480 | const seed = "SUAGIEYODKBBTUMOB666Z5KA4FCWAZV7HWSGRHOD7MK6UM5IYLWLACH7DQ"; |
459 | 481 | ||
460 | var got_kp = try parseDecoratedUserNkey(creds); | 482 | var got_kp = try parseDecoratedUserNkey(creds); |
461 | try testing.expectEqualStrings(seed, &got_kp.seed); | 483 | try testing.expectEqualStrings(seed, &got_kp.asTextSeed()); |
484 | |||
485 | got_kp = try parseDecoratedNkey(creds); | ||
486 | try testing.expectEqualStrings(seed, &got_kp.asTextSeed()); | ||
462 | 487 | ||
463 | var got_jwt = parseDecoratedJwt(creds); | 488 | var got_jwt = parseDecoratedJwt(creds); |
464 | try testing.expectEqualStrings(jwt, got_jwt); | 489 | try testing.expectEqualStrings(jwt, got_jwt); |