From 77858ac8f48a2f433f76612166ed720587adce13 Mon Sep 17 00:00:00 2001
From: Awiteb <a@4rs.nl>
Date: Thu, 4 Jul 2024 16:08:11 +0300
Subject: [PATCH] feat: Create `verify` instance function for the `Signature`

Signed-off-by: Awiteb <a@4rs.nl>
---
 crates/oxidetalis_core/src/cipher.rs       | 14 +++++---------
 crates/oxidetalis_core/src/types/cipher.rs | 12 +++++++++++-
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/crates/oxidetalis_core/src/cipher.rs b/crates/oxidetalis_core/src/cipher.rs
index 9fefd47..2c7067b 100644
--- a/crates/oxidetalis_core/src/cipher.rs
+++ b/crates/oxidetalis_core/src/cipher.rs
@@ -107,7 +107,7 @@ impl K256Secret {
     }
 
     /// Sign a data with the shared secret.
-    /// 
+    ///
     /// The signature is exiplained in the OTMP specification.
     pub fn sign_with_shared_secret(data: &[u8], shared_secret: &[u8; 32]) -> CoreSignature {
         let mut time_and_nonce = [0u8; 24];
@@ -209,22 +209,18 @@ impl K256Secret {
         Self::sign_with_shared_secret(data, &self.shared_secret(sign_to))
     }
 
-    /// Verify a signature with the shared secret.
+    /// Verify the given signature with the signer.
     ///
     /// Note:
     /// The time and the nonce will not be checked here
     #[logcall]
     pub fn verify(&self, data: &[u8], signature: &CoreSignature, signer: &CorePublicKey) -> bool {
-        let mut hmac_secret = [0u8; 56];
-        hmac_secret[0..=31].copy_from_slice(&self.shared_secret(signer));
-        hmac_secret[32..=39].copy_from_slice(signature.timestamp());
-        hmac_secret[40..=55].copy_from_slice(signature.nonce());
-
-        &hmac_sha256(data, &hmac_secret) == signature.hmac_output()
+        signature.verify(data, &self.shared_secret(signer))
     }
 }
 
-fn hmac_sha256(data: &[u8], secret: &[u8]) -> [u8; 32] {
+/// Compute the HMAC-SHA256 of the given data with the given secret.
+pub(crate) fn hmac_sha256(data: &[u8], secret: &[u8]) -> [u8; 32] {
     let mut mac = HmacSha256::new_from_slice(secret).expect("HMAC can take key of any size");
     mac.update(data);
     mac.finalize().into_bytes().into()
diff --git a/crates/oxidetalis_core/src/types/cipher.rs b/crates/oxidetalis_core/src/types/cipher.rs
index 7f9019e..fffd4e3 100644
--- a/crates/oxidetalis_core/src/types/cipher.rs
+++ b/crates/oxidetalis_core/src/types/cipher.rs
@@ -31,7 +31,7 @@ use salvo_oapi::{
     ToSchema,
 };
 
-use crate::cipher::CipherError;
+use crate::cipher::{hmac_sha256, CipherError};
 
 /// Correct length except message
 const CORRECT_LENGTH: &str = "The length is correct";
@@ -90,6 +90,16 @@ impl Signature {
         sig[40..=55].copy_from_slice(&self.nonce);
         sig
     }
+
+    /// Verify the signature with the given shared secret.
+    pub fn verify(&self, data: &[u8], shared_secret: &[u8; 32]) -> bool {
+        let mut hmac_secret = [0u8; 56];
+        hmac_secret[0..=31].copy_from_slice(shared_secret);
+        hmac_secret[32..=39].copy_from_slice(self.timestamp());
+        hmac_secret[40..=55].copy_from_slice(self.nonce());
+
+        &hmac_sha256(data, &hmac_secret) == self.hmac_output()
+    }
 }
 
 /// Public key to base58 string