const std = @import("std");
const ascii = std.ascii;
const base32 = @import("base32.zig");
const crc16 = @import("crc16.zig");
const crypto = std.crypto;
const Ed25519 = crypto.sign.Ed25519;
const mem = std.mem;
const testing = std.testing;
pub const InvalidPrefixByteError = error{InvalidPrefixByte};
pub const InvalidEncodingError = error{InvalidEncoding};
pub const InvalidSeedError = error{InvalidSeed};
pub const NoNkeySeedFoundError = error{NoNkeySeedFound};
pub const NoNkeyUserSeedFoundError = error{NoNkeyUserSeedFound};
pub const KeyTypePrefixByte = enum(u8) {
seed = 18 << 3, // S
private = 15 << 3, // P
unknown = 23 << 3, // U
};
pub const PublicPrefixByte = enum(u8) {
account = 0, // A
cluster = 2 << 3, // C
operator = 14 << 3, // O
server = 13 << 3, // N
user = 20 << 3, // U
fn fromU8(b: u8) error{InvalidPrefixByte}!PublicPrefixByte {
return switch (b) {
@enumToInt(PublicPrefixByte.server) => .server,
@enumToInt(PublicPrefixByte.cluster) => .cluster,
@enumToInt(PublicPrefixByte.operator) => .operator,
@enumToInt(PublicPrefixByte.account) => .account,
@enumToInt(PublicPrefixByte.user) => .user,
else => error.InvalidPrefixByte,
};
}
};
pub const SeedKeyPair = struct {
const Self = @This();
seed: text_seed,
pub fn generate(prefix: PublicPrefixByte) Self {
var raw_seed: [Ed25519.seed_length]u8 = undefined;
crypto.random.bytes(&raw_seed);
defer wipeBytes(&raw_seed);
return Self{ .seed = encodeSeed(prefix, &raw_seed) };
}
pub fn fromTextSeed(seed: *const text_seed) SeedDecodeError!Self {
var decoded = try decodeSeed(seed);
decoded.wipe();
return Self{ .seed = seed.* };
}
pub fn fromRawSeed(prefix: PublicPrefixByte, raw_seed: *const [Ed25519.seed_length]u8) Self {
return Self{ .seed = encodeSeed(prefix, raw_seed) };
}
fn rawSeed(self: *const Self) SeedDecodeError![Ed25519.seed_length]u8 {
return (try decodeSeed(&self.seed)).seed;
}
fn keys(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!Ed25519.KeyPair {
return Ed25519.KeyPair.create(try rawSeed(self));
}
pub fn privateKey(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!text_private {
var kp = try self.keys();
defer wipeKeyPair(&kp);
return encodePrivate(&kp.secret_key);
}
pub fn publicKey(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!text_public {
var decoded = try decodeSeed(&self.seed);
defer decoded.wipe();
var kp = try Ed25519.KeyPair.create(decoded.seed);
defer wipeKeyPair(&kp);
return encodePublic(decoded.prefix, &kp.public_key);
}
pub fn intoPublicKey(self: *const Self) (SeedDecodeError || crypto.errors.IdentityElementError)!PublicKey {
var decoded = try decodeSeed(&self.seed);
defer decoded.wipe();
var kp = try Ed25519.KeyPair.create(decoded.seed);
defer wipeKeyPair(&kp);
return PublicKey{
.prefix = decoded.prefix,
.key = kp.public_key,
};
}
pub const SignError = SeedDecodeError || crypto.errors.IdentityElementError || crypto.errors.WeakPublicKeyError;
pub fn sign(
self: *const Self,
msg: []const u8,
) SignError![Ed25519.signature_length]u8 {
var kp = try self.keys();
defer wipeKeyPair(&kp);
return Ed25519.sign(msg, kp, null) catch |e| switch (e) {
error.KeyMismatch => unreachable, // would mean that self.keys() has an incorrect implementation
error.WeakPublicKey => error.WeakPublicKey,
error.IdentityElement => error.IdentityElement,
};
}
pub fn verify(
self: *const Self,
msg: []const u8,
sig: [Ed25519.signature_length]u8,
) !void {
var kp = try self.keys();
defer wipeKeyPair(&kp);
Ed25519.verify(sig, msg, kp.public_key) catch return error.InvalidSignature;
}
pub fn wipe(self: *Self) void {
wipeBytes(&self.seed);
}
fn wipeKeyPair(kp: *Ed25519.KeyPair) void {
wipeBytes(&kp.secret_key);
}
};
fn wipeBytes(bs: []u8) void {
for (bs) |*b| b.* = 0;
}
pub const PublicKey = struct {
const Self = @This();
prefix: PublicPrefixByte,
key: [Ed25519.public_length]u8,
pub fn fromTextPublicKey(text: *const text_public) DecodeError!PublicKey {
var decoded = try decode(1, Ed25519.public_length, text);
defer decoded.wipe(); // gets copied
return PublicKey{
.prefix = try PublicPrefixByte.fromU8(decoded.prefix[0]),
.key = decoded.data,
};
}
pub fn publicKey(self: *const Self) text_public {
return encodePublic(self.prefix, &self.key);
}
pub fn verify(
self: *const Self,
msg: []const u8,
sig: [Ed25519.signature_length]u8,
) !void {
Ed25519.verify(sig, msg, self.key) catch return error.InvalidSignature;
}
pub fn wipe(self: *Self) void {
self.prefix = .account;
wipeBytes(&self.key);
}
};
// One prefix byte, two CRC bytes
const binary_private_size = 1 + Ed25519.secret_length + 2;
// One prefix byte, two CRC bytes
const binary_public_size = 1 + Ed25519.public_length + 2;
// Two prefix bytes, two CRC bytes
const binary_seed_size = 2 + Ed25519.seed_length + 2;
pub const text_private_len = base32.Encoder.calcSize(binary_private_size);
pub const text_public_len = base32.Encoder.calcSize(binary_public_size);
pub const text_seed_len = base32.Encoder.calcSize(binary_seed_size);
pub const text_private = [text_private_len]u8;
pub const text_public = [text_public_len]u8;
pub const text_seed = [text_seed_len]u8;
fn encodePublic(prefix: PublicPrefixByte, key: *const [Ed25519.public_length]u8) text_public {
return encode(1, key.len, &[_]u8{@enumToInt(prefix)}, key);
}
fn encodePrivate(key: *const [Ed25519.secret_length]u8) text_private {
return encode(1, key.len, &[_]u8{@enumToInt(KeyTypePrefixByte.private)}, key);
}
fn encoded_key(comptime prefix_len: usize, comptime data_len: usize) type {
return [base32.Encoder.calcSize(prefix_len + data_len + 2)]u8;
}
fn encode(
comptime prefix_len: usize,
comptime data_len: usize,
prefix: *const [prefix_len]u8,
data: *const [data_len]u8,
) encoded_key(prefix_len, data_len) {
var buf: [prefix_len + data_len + 2]u8 = undefined;
defer wipeBytes(&buf);
mem.copy(u8, &buf, prefix[0..]);
mem.copy(u8, buf[prefix_len..], data[0..]);
var off = prefix_len + data_len;
var checksum = crc16.make(buf[0..off]);
mem.writeIntLittle(u16, buf[buf.len - 2 .. buf.len], checksum);
var text: encoded_key(prefix_len, data_len) = undefined;
std.debug.assert(base32.Encoder.encode(&text, &buf).len == text.len);
return text;
}
pub fn encodeSeed(prefix: PublicPrefixByte, src: *const [Ed25519.seed_length]u8) text_seed {
const full_prefix = &[_]u8{
@enumToInt(KeyTypePrefixByte.seed) | (@enumToInt(prefix) >> 5),
(@enumToInt(prefix) & 0b00011111) << 3,
};
return encode(full_prefix.len, src.len, full_prefix, src);
}
pub const DecodeError = InvalidPrefixByteError || base32.DecodeError || crc16.InvalidChecksumError;
fn DecodedNkey(comptime prefix_len: usize, comptime data_len: usize) type {
return struct {
const Self = @This();
prefix: [prefix_len]u8,
data: [data_len]u8,
pub fn wipe(self: *Self) void {
self.prefix[0] = @enumToInt(PublicPrefixByte.account);
wipeBytes(&self.data);
}
};
}
fn decode(
comptime prefix_len: usize,
comptime data_len: usize,
text: *const [base32.Encoder.calcSize(prefix_len + data_len + 2)]u8,
) (base32.DecodeError || crc16.InvalidChecksumError)!DecodedNkey(prefix_len, data_len) {
var raw: [prefix_len + data_len + 2]u8 = undefined;
defer wipeBytes(&raw);
std.debug.assert((try base32.Decoder.decode(&raw, text[0..])).len == raw.len);
var checksum = mem.readIntLittle(u16, raw[raw.len - 2 .. raw.len]);
try crc16.validate(raw[0 .. raw.len - 2], checksum);
return DecodedNkey(prefix_len, data_len){
.prefix = raw[0..prefix_len].*,
.data = raw[prefix_len .. raw.len - 2].*,
};
}
pub const DecodedSeed = struct {
const Self = @This();
prefix: PublicPrefixByte,
seed: [Ed25519.seed_length]u8,
pub fn wipe(self: *Self) void {
self.prefix = .account;
wipeBytes(&self.seed);
}
};
pub const SeedDecodeError = DecodeError || InvalidSeedError;
pub fn decodeSeed(text: *const text_seed) SeedDecodeError!DecodedSeed {
var decoded = try decode(2, Ed25519.seed_length, text);
defer decoded.wipe(); // gets copied
var key_ty_prefix = decoded.prefix[0] & 0b11111000;
var entity_ty_prefix = (decoded.prefix[0] & 0b00000111) << 5 | ((decoded.prefix[1] & 0b11111000) >> 3);
if (key_ty_prefix != @enumToInt(KeyTypePrefixByte.seed))
return error.InvalidSeed;
return DecodedSeed{
.prefix = try PublicPrefixByte.fromU8(entity_ty_prefix),
.seed = decoded.data,
};
}
pub fn isValidEncoding(text: []const u8) bool {
if (text.len < 4) return false;
var made_crc: u16 = 0;
var dec = base32.Decoder.init(text);
var crc_buf: [2]u8 = undefined;
var crc_buf_len: u8 = 0;
var expect_len: usize = base32.Decoder.calcSize(text.len);
var wrote_n_total: usize = 0;
while (dec.next() catch return false) |b| {
wrote_n_total += 1;
if (crc_buf_len == 2) made_crc = crc16.update(made_crc, &.{crc_buf[0]});
crc_buf[0] = crc_buf[1];
crc_buf[1] = b;
if (crc_buf_len != 2) crc_buf_len += 1;
}
std.debug.assert(wrote_n_total == expect_len);
if (crc_buf_len != 2) unreachable;
var got_crc = mem.readIntLittle(u16, &crc_buf);
return made_crc == got_crc;
}
pub fn isValidSeed(text: *const text_seed) bool {
var res = decodeSeed(text) catch return false;
res.wipe();
return true;
}
pub fn isValidPublicKey(text: *const text_public, with_type: ?PublicPrefixByte) bool {
var res = decode(1, Ed25519.public_length, text) catch return false;
defer res.wipe();
const public = PublicPrefixByte.fromU8(res.data[0]) catch return false;
return if (with_type) |ty| public == ty else true;
}
// `line` must not contain CR or LF characters.
pub fn isKeySectionBarrier(line: []const u8) bool {
return line.len >= 6 and mem.startsWith(u8, line, "---") and mem.endsWith(u8, line, "---");
}
const allowed_creds_section_chars_table: [256]bool = allowed: {
var table = [_]bool{false} ** 256;
const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.=";
for (chars) |char| table[char] = true;
break :allowed table;
};
pub fn areKeySectionContentsValid(contents: []const u8) bool {
for (contents) |c| if (!allowed_creds_section_chars_table[c]) return false;
return true;
}
pub fn findKeySection(text: []const u8, line_it: *std.mem.SplitIterator) ?[]const u8 {
// TODO(rutgerbrf): There is a weird edge case in the github.com/nats-io/nkeys library,
// see https://regex101.com/r/pEaqcJ/1. It allows the opening barrier to start at an
// arbitrary point on the line, meaning that `asdf-----BEGIN USER NKEY SEED-----`
// is regarded as a valid opening barrier by the library.
// Should we accept a creds file formatted in such a manner?
while (true) {
const opening_line = line_it.next() orelse return null;
if (!isKeySectionBarrier(opening_line)) continue;
const contents_line = line_it.next() orelse return null;
if (!areKeySectionContentsValid(contents_line)) continue;
const closing_line = line_it.next() orelse return null;
if (!isKeySectionBarrier(closing_line)) continue;
return contents_line;
}
}
pub fn parseDecoratedJwt(contents: []const u8) []const u8 {
var line_it = mem.split(contents, "\n");
return findKeySection(contents, &line_it) orelse return contents;
}
fn validNkey(text: []const u8) bool {
const valid_prefix =
mem.startsWith(u8, text, "SO") or
mem.startsWith(u8, text, "SA") or
mem.startsWith(u8, text, "SU");
const valid_len = text.len >= text_seed_len;
return valid_prefix and valid_len;
}
fn findNkey(text: []const u8) ?[]const u8 {
var line_it = std.mem.split(text, "\n");
var current_off: usize = 0;
while (line_it.next()) |line| {
for (line) |c, i| {
if (!ascii.isSpace(c)) {
if (validNkey(line[i..])) return line[i..];
break;
}
}
}
return null;
}
pub fn parseDecoratedNkey(contents: []const u8) NoNkeySeedFoundError!SeedKeyPair {
var line_it = mem.split(contents, "\n");
var current_off: usize = 0;
var seed: ?[]const u8 = null;
if (findKeySection(contents, &line_it) != null)
seed = findKeySection(contents, &line_it);
if (seed == null)
seed = findNkey(contents) orelse return error.NoNkeySeedFound;
if (!validNkey(seed.?))
return error.NoNkeySeedFound;
return SeedKeyPair.fromTextSeed(seed.?[0..text_seed_len]) catch return error.NoNkeySeedFound;
}
pub fn parseDecoratedUserNkey(contents: []const u8) (NoNkeySeedFoundError || NoNkeyUserSeedFoundError)!SeedKeyPair {
var key = try parseDecoratedNkey(contents);
if (!mem.startsWith(u8, &key.seed, "SU")) return error.NoNkeyUserSeedFound;
defer key.wipe();
return key;
}
test {
testing.refAllDecls(@This());
testing.refAllDecls(SeedKeyPair);
testing.refAllDecls(PublicKey);
}
test {
var key_pair = SeedKeyPair.generate(PublicPrefixByte.server);
defer key_pair.wipe();
var decoded_seed = try decodeSeed(&key_pair.seed);
defer decoded_seed.wipe();
var encoded_second_time = encodeSeed(decoded_seed.prefix, &decoded_seed.seed);
defer wipeBytes(&encoded_second_time);
try testing.expectEqualSlices(u8, &key_pair.seed, &encoded_second_time);
try testing.expect(isValidEncoding(&key_pair.seed));
var pub_key_str_a = try key_pair.publicKey();
defer wipeBytes(&pub_key_str_a);
var priv_key_str = try key_pair.privateKey();
defer wipeBytes(&priv_key_str);
try testing.expect(pub_key_str_a.len != 0);
try testing.expect(priv_key_str.len != 0);
try testing.expect(isValidEncoding(&pub_key_str_a));
try testing.expect(isValidEncoding(&priv_key_str));
var pub_key = try key_pair.intoPublicKey();
defer pub_key.wipe();
var pub_key_str_b = pub_key.publicKey();
defer wipeBytes(&pub_key_str_b);
try testing.expectEqualSlices(u8, &pub_key_str_a, &pub_key_str_b);
}
test {
var creds_bytes = try std.fs.cwd().readFileAlloc(testing.allocator, "fixtures/test.creds", std.math.maxInt(usize));
defer testing.allocator.free(creds_bytes);
defer wipeBytes(creds_bytes);
// TODO(rutgerbrf): validate the contents of the results of these functions
_ = try parseDecoratedUserNkey(creds_bytes);
_ = parseDecoratedJwt(creds_bytes);
}