const std = @import("std"); const ascii = std.ascii; const base32 = @import("base32.zig"); const crc16 = @import("crc16.zig"); const crypto = std.crypto; const Ed25519 = crypto.sign.Ed25519; const mem = std.mem; const testing = std.testing; const Error = error{ InvalidPrefixByte, InvalidEncoding, InvalidSeed, NoNKeySeedFound, NoNKeyUserSeedFound, }; pub fn fromText(text: []const u8) !Key { if (!isValidEncoding(text)) return error.InvalidEncoding; switch (text[0]) { 'S' => { // It's a seed. if (text.len != text_seed_len) return error.InvalidSeed; return Key{ .seed_key_pair = try fromSeed(text[0..text_seed_len]) }; }, 'P' => return error.InvalidEncoding, // unsupported for now else => { if (text.len != text_public_len) return error.InvalidEncoding; return Key{ .public_key = try fromPublicKey(text[0..text_public_len]) }; }, } } pub const Key = union(enum) { seed_key_pair: SeedKeyPair, public_key: PublicKey, const Self = @This(); pub fn publicKey(self: *const Self) !text_public { return switch (self.*) { .seed_key_pair => |*kp| try kp.publicKey(), .public_key => |*pk| try pk.publicKey(), }; } pub fn intoPublicKey(self: *const Self) !PublicKey { return switch (self.*) { .seed_key_pair => |*kp| try kp.intoPublicKey(), .public_key => |pk| pk, }; } pub fn verify( self: *const Self, msg: []const u8, sig: [Ed25519.signature_length]u8, ) !void { return switch (self.*) { .seed_key_pair => |*kp| try kp.verify(msg, sig), .public_key => |*pk| try pk.verify(msg, sig), }; } pub fn wipe(self: *Self) void { return switch (self.*) { .seed_key_pair => |*kp| kp.wipe(), .public_key => |*pk| pk.wipe(), }; } }; pub const KeyTypePrefixByte = enum(u8) { seed = 18 << 3, // S private = 15 << 3, // P unknown = 23 << 3, // U }; pub const PublicPrefixByte = enum(u8) { account = 0, // A cluster = 2 << 3, // C operator = 14 << 3, // O server = 13 << 3, // N user = 20 << 3, // U fn fromU8(b: u8) !PublicPrefixByte { return switch (b) { @enumToInt(PublicPrefixByte.server) => .server, @enumToInt(PublicPrefixByte.cluster) => .cluster, @enumToInt(PublicPrefixByte.operator) => .operator, @enumToInt(PublicPrefixByte.account) => .account, @enumToInt(PublicPrefixByte.user) => .user, else => error.InvalidPrefixByte, }; } }; pub const SeedKeyPair = struct { const Self = @This(); seed: text_seed, pub fn init(prefix: PublicPrefixByte) !Self { var raw_seed: [Ed25519.seed_length]u8 = undefined; crypto.random.bytes(&raw_seed); defer wipeBytes(&raw_seed); var seed = try encodeSeed(prefix, &raw_seed); return Self{ .seed = seed }; } pub fn initFromSeed(seed: *const text_seed) !Self { var decoded = try decodeSeed(seed); defer decoded.wipe(); return Self{ .seed = seed.* }; } fn rawSeed(self: *const Self) ![Ed25519.seed_length]u8 { return (try decodeSeed(&self.seed)).seed; } fn keys(self: *const Self) !Ed25519.KeyPair { return Ed25519.KeyPair.create(try rawSeed(self)); } pub fn privateKey(self: *const Self) !text_private { var kp = try self.keys(); defer wipeKeyPair(&kp); return try encodePrivate(&kp.secret_key); } pub fn publicKey(self: *const Self) !text_public { var decoded = try decodeSeed(&self.seed); defer decoded.wipe(); var kp = try Ed25519.KeyPair.create(decoded.seed); defer wipeKeyPair(&kp); return try encodePublic(decoded.prefix, &kp.public_key); } pub fn intoPublicKey(self: *const Self) !PublicKey { var decoded = try decodeSeed(&self.seed); var kp = try Ed25519.KeyPair.create(decoded.seed); defer wipeKeyPair(&kp); return PublicKey{ .prefix = decoded.prefix, .key = kp.public_key, }; } pub fn sign( self: *const Self, msg: []const u8, ) ![Ed25519.signature_length]u8 { var kp = try self.keys(); defer wipeKeyPair(&kp); return try Ed25519.sign(msg, kp, null); } pub fn verify( self: *const Self, msg: []const u8, sig: [Ed25519.signature_length]u8, ) !void { var kp = try self.keys(); defer wipeKeyPair(&kp); try Ed25519.verify(sig, msg, kp.public_key); } pub fn wipe(self: *Self) void { wipeBytes(&self.seed); } fn wipeKeyPair(kp: *Ed25519.KeyPair) void { wipeBytes(&kp.secret_key); } }; fn wipeBytes(bs: []u8) void { for (bs) |*b| b.* = 0; } pub const PublicKey = struct { const Self = @This(); prefix: PublicPrefixByte, key: [Ed25519.public_length]u8, pub fn publicKey(self: *const Self) !text_public { return try encodePublic(self.prefix, &self.key); } pub fn verify( self: *const Self, msg: []const u8, sig: [Ed25519.signature_length]u8, ) !void { try Ed25519.verify(sig, msg, self.key); } pub fn wipe(self: *Self) void { self.prefix = .user; std.crypto.random.bytes(&self.key); } }; // One prefix byte, two CRC bytes const binary_private_size = 1 + Ed25519.secret_length + 2; // One prefix byte, two CRC bytes const binary_public_size = 1 + Ed25519.public_length + 2; // Two prefix bytes, two CRC bytes const binary_seed_size = 2 + Ed25519.seed_length + 2; pub const text_private_len = base32.Encoder.calcSize(binary_private_size); pub const text_public_len = base32.Encoder.calcSize(binary_public_size); pub const text_seed_len = base32.Encoder.calcSize(binary_seed_size); pub const text_private = [text_private_len]u8; pub const text_public = [text_public_len]u8; pub const text_seed = [text_seed_len]u8; pub fn encodePublic(prefix: PublicPrefixByte, key: *const [Ed25519.public_length]u8) !text_public { return encode(1, key.len, &[_]u8{@enumToInt(prefix)}, key); } pub fn encodePrivate(key: *const [Ed25519.secret_length]u8) !text_private { return encode(1, key.len, &[_]u8{@enumToInt(KeyTypePrefixByte.private)}, key); } fn encoded_key(comptime prefix_len: usize, comptime data_len: usize) type { return [base32.Encoder.calcSize(prefix_len + data_len + 2)]u8; } fn encode( comptime prefix_len: usize, comptime data_len: usize, prefix: *const [prefix_len]u8, data: *const [data_len]u8, ) !encoded_key(prefix_len, data_len) { var buf: [prefix_len + data_len + 2]u8 = undefined; defer wipeBytes(&buf); mem.copy(u8, &buf, prefix[0..]); mem.copy(u8, buf[prefix_len..], data[0..]); var off = prefix_len + data_len; var checksum = crc16.make(buf[0..off]); mem.writeIntLittle(u16, buf[buf.len - 2 .. buf.len], checksum); var text: encoded_key(prefix_len, data_len) = undefined; _ = base32.Encoder.encode(&text, &buf); return text; } pub fn encodeSeed(prefix: PublicPrefixByte, src: *const [Ed25519.seed_length]u8) !text_seed { var full_prefix = [_]u8{ @enumToInt(KeyTypePrefixByte.seed) | (@enumToInt(prefix) >> 5), (@enumToInt(prefix) & 0b00011111) << 3, }; return encode(full_prefix.len, src.len, &full_prefix, src); } pub fn decodePrivate(text: *const text_private) ![Ed25519.secret_length]u8 { var decoded = try decode(1, Ed25519.secret_length, text); defer wipeBytes(&decoded.data); if (decoded.prefix[0] != @enumToInt(KeyTypePrefixByte.private)) return error.InvalidPrefixByte; return decoded.data; } pub fn decodePublic(prefix: PublicPrefixByte, text: *const text_public) ![Ed25519.public_length]u8 { var decoded = try decode(1, Ed25519.public_length, text); if (decoded.data[0] != @enumToInt(prefix)) return error.InvalidPrefixByte; return decoded.data; } fn DecodedNKey(comptime prefix_len: usize, comptime data_len: usize) type { return struct { prefix: [prefix_len]u8, data: [data_len]u8, }; } fn decode( comptime prefix_len: usize, comptime data_len: usize, text: *const [base32.Encoder.calcSize(prefix_len + data_len + 2)]u8, ) !DecodedNKey(prefix_len, data_len) { var raw: [prefix_len + data_len + 2]u8 = undefined; defer wipeBytes(&raw); std.debug.assert((try base32.decode(text[0..], &raw)) == raw.len); var checksum = mem.readIntLittle(u16, raw[raw.len - 2 .. raw.len]); try crc16.validate(raw[0 .. raw.len - 2], checksum); return DecodedNKey(prefix_len, data_len){ .prefix = raw[0..prefix_len].*, .data = raw[prefix_len .. raw.len - 2].*, }; } pub const DecodedSeed = struct { const Self = @This(); prefix: PublicPrefixByte, seed: [Ed25519.seed_length]u8, pub fn wipe(self: *Self) void { self.prefix = .account; wipeBytes(&self.seed); } }; pub fn decodeSeed(text: *const text_seed) !DecodedSeed { var decoded = try decode(2, Ed25519.seed_length, text); defer wipeBytes(&decoded.data); // gets copied var key_ty_prefix = decoded.prefix[0] & 0b11111000; var entity_ty_prefix = (decoded.prefix[0] & 0b00000111) << 5 | ((decoded.prefix[1] & 0b11111000) >> 3); if (key_ty_prefix != @enumToInt(KeyTypePrefixByte.seed)) return error.InvalidSeed; return DecodedSeed{ .prefix = try PublicPrefixByte.fromU8(entity_ty_prefix), .seed = decoded.data, }; } pub fn fromPublicKey(text: *const text_public) !PublicKey { var decoded = try decode(1, Ed25519.public_length, text); defer wipeBytes(&decoded.data); // gets copied return PublicKey{ .prefix = try PublicPrefixByte.fromU8(decoded.prefix[0]), .key = decoded.data, }; } pub fn fromSeed(text: *const text_seed) !SeedKeyPair { var res = try decodeSeed(text); wipeBytes(&res.seed); return SeedKeyPair{ .seed = text.* }; } pub fn isValidEncoding(text: []const u8) bool { if (text.len < 4) return false; var made_crc: u16 = 0; var dec = base32.Decoder{}; var crc_buf: [2]u8 = undefined; var crc_buf_len: u8 = 0; var expect_len: usize = base32.decodedLen(text.len); var wrote_n_total: usize = 0; for (text) |c, i| { var b = (dec.read(c) catch return false) orelse continue; wrote_n_total += 1; if (crc_buf_len == 2) made_crc = crc16.update(made_crc, &.{crc_buf[0]}); crc_buf[0] = crc_buf[1]; crc_buf[1] = b; if (crc_buf_len != 2) crc_buf_len += 1; } if (dec.out_off != 0 and wrote_n_total < expect_len) { if (crc_buf_len == 2) made_crc = crc16.update(made_crc, &.{crc_buf[0]}); crc_buf[0] = crc_buf[1]; crc_buf[1] = dec.buf; if (crc_buf_len != 2) crc_buf_len += 1; } if (crc_buf_len != 2) unreachable; var got_crc = mem.readIntLittle(u16, &crc_buf); return made_crc == got_crc; } pub fn isValidSeed(text: *const text_seed) bool { var res = decodeSeed(text) catch return false; wipeBytes(&res.seed); return true; } pub fn isValidPublicKey(text: *const text_public, with_type: ?PublicPrefixByte) bool { var res = decode(1, Ed25519.public_length, text) catch return false; var public = PublicPrefixByte.fromU8(res.data[0]) catch return false; return if (with_type) |ty| public == ty else true; } pub fn fromRawSeed(prefix: PublicPrefixByte, raw_seed: *const [Ed25519.seed_length]u8) !SeedKeyPair { return SeedKeyPair{ .seed = try encodeSeed(prefix, raw_seed) }; } pub fn getNextLine(text: []const u8, off: *usize) ?[]const u8 { if (off.* >= text.len) return null; var newline_pos = mem.indexOfPos(u8, text, off.*, "\n") orelse return null; var start = off.*; var end = newline_pos; if (newline_pos > 0 and text[newline_pos - 1] == '\r') end -= 1; off.* = newline_pos + 1; return text[start..end]; } // `line` must not contain CR or LF characters. pub fn isKeySectionBarrier(line: []const u8) bool { return line.len >= 6 and mem.startsWith(u8, line, "---") and mem.endsWith(u8, line, "---"); } pub fn areKeySectionContentsValid(contents: []const u8) bool { const allowed_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.="; for (contents) |c| { var is_c_allowed = false; for (allowed_chars) |allowed_c| { if (c == allowed_c) { is_c_allowed = true; break; } } if (!is_c_allowed) return false; } return true; } pub fn findKeySection(text: []const u8, off: *usize) ?[]const u8 { // Skip all space // Lines end with \n, but \r\n is also fine // Contents of the key may consist of abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.= // However, if a line seems to be in the form of ---stuff---, the section is ended. // A newline must be present at the end of the key footer // See https://regex101.com/r/pEaqcJ/1 for a weird edge case in the github.com/nats-io/nkeys library // Another weird edge case: https://regex101.com/r/Xmqj1h/1 // TODO(rutgerbrf): switch to std.mem.SplitIterator while (true) { var opening_line = getNextLine(text, off) orelse return null; if (!isKeySectionBarrier(opening_line)) continue; var contents_line = getNextLine(text, off) orelse return null; if (!areKeySectionContentsValid(contents_line)) continue; var closing_line = getNextLine(text, off) orelse return null; if (!isKeySectionBarrier(closing_line)) continue; return contents_line; } } pub fn parseDecoratedJwt(contents: []const u8) ![]const u8 { var current_off: usize = 0; return findKeySection(contents, ¤t_off) orelse return contents; } fn validNKey(text: []const u8) bool { var valid_prefix = mem.startsWith(u8, text, "SO") or mem.startsWith(u8, text, "SA") or mem.startsWith(u8, text, "SU"); var valid_len = text.len >= text_seed_len; return valid_prefix and valid_len; } fn findNKey(text: []const u8) ?[]const u8 { var current_off: usize = 0; while (true) { var line = getNextLine(text, ¤t_off) orelse return null; for (line) |c, i| { if (!ascii.isSpace(c)) { if (validNKey(line[i..])) return line[i..]; break; } } } } pub fn parseDecoratedNKey(contents: []const u8) !SeedKeyPair { var current_off: usize = 0; var seed: ?[]const u8 = null; if (findKeySection(contents, ¤t_off) != null) seed = findKeySection(contents, ¤t_off); if (seed == null) seed = findNKey(contents) orelse return error.NoNKeySeedFound; if (!validNKey(seed.?)) return error.NoNKeySeedFound; return fromSeed(seed.?[0..text_seed_len]); } pub fn parseDecoratedUserNKey(contents: []const u8) !SeedKeyPair { var key = try parseDecoratedNKey(contents); if (!mem.startsWith(u8, &key.seed, "SU")) return error.NoNKeyUserSeedFound; defer key.wipe(); return key; } test { testing.refAllDecls(@This()); testing.refAllDecls(Key); testing.refAllDecls(SeedKeyPair); testing.refAllDecls(PublicKey); } test { var key_pair = try SeedKeyPair.init(PublicPrefixByte.server); defer key_pair.wipe(); var decoded_seed = try decodeSeed(&key_pair.seed); var encoded_second_time = try encodeSeed(decoded_seed.prefix, &decoded_seed.seed); try testing.expectEqualSlices(u8, &key_pair.seed, &encoded_second_time); try testing.expect(isValidEncoding(&key_pair.seed)); var pub_key_str_a = try key_pair.publicKey(); var priv_key_str = try key_pair.privateKey(); try testing.expect(pub_key_str_a.len != 0); try testing.expect(priv_key_str.len != 0); try testing.expect(isValidEncoding(&pub_key_str_a)); try testing.expect(isValidEncoding(&priv_key_str)); wipeBytes(&priv_key_str); var pub_key = try key_pair.intoPublicKey(); var pub_key_str_b = try pub_key.publicKey(); try testing.expectEqualSlices(u8, &pub_key_str_a, &pub_key_str_b); } test { var creds_bytes = try std.fs.cwd().readFileAlloc(testing.allocator, "fixtures/test.creds", std.math.maxInt(usize)); defer testing.allocator.free(creds_bytes); // TODO(rutgerbrf): validate the contents of the results of these functions _ = try parseDecoratedUserNKey(creds_bytes); _ = try parseDecoratedJwt(creds_bytes); }