feat: Create verify
instance function for the Signature
Signed-off-by: Awiteb <a@4rs.nl>
This commit is contained in:
parent
f4b2514e75
commit
77858ac8f4
2 changed files with 16 additions and 10 deletions
|
@ -107,7 +107,7 @@ impl K256Secret {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Sign a data with the shared secret.
|
/// Sign a data with the shared secret.
|
||||||
///
|
///
|
||||||
/// The signature is exiplained in the OTMP specification.
|
/// The signature is exiplained in the OTMP specification.
|
||||||
pub fn sign_with_shared_secret(data: &[u8], shared_secret: &[u8; 32]) -> CoreSignature {
|
pub fn sign_with_shared_secret(data: &[u8], shared_secret: &[u8; 32]) -> CoreSignature {
|
||||||
let mut time_and_nonce = [0u8; 24];
|
let mut time_and_nonce = [0u8; 24];
|
||||||
|
@ -209,22 +209,18 @@ impl K256Secret {
|
||||||
Self::sign_with_shared_secret(data, &self.shared_secret(sign_to))
|
Self::sign_with_shared_secret(data, &self.shared_secret(sign_to))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Verify a signature with the shared secret.
|
/// Verify the given signature with the signer.
|
||||||
///
|
///
|
||||||
/// Note:
|
/// Note:
|
||||||
/// The time and the nonce will not be checked here
|
/// The time and the nonce will not be checked here
|
||||||
#[logcall]
|
#[logcall]
|
||||||
pub fn verify(&self, data: &[u8], signature: &CoreSignature, signer: &CorePublicKey) -> bool {
|
pub fn verify(&self, data: &[u8], signature: &CoreSignature, signer: &CorePublicKey) -> bool {
|
||||||
let mut hmac_secret = [0u8; 56];
|
signature.verify(data, &self.shared_secret(signer))
|
||||||
hmac_secret[0..=31].copy_from_slice(&self.shared_secret(signer));
|
|
||||||
hmac_secret[32..=39].copy_from_slice(signature.timestamp());
|
|
||||||
hmac_secret[40..=55].copy_from_slice(signature.nonce());
|
|
||||||
|
|
||||||
&hmac_sha256(data, &hmac_secret) == signature.hmac_output()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn hmac_sha256(data: &[u8], secret: &[u8]) -> [u8; 32] {
|
/// Compute the HMAC-SHA256 of the given data with the given secret.
|
||||||
|
pub(crate) fn hmac_sha256(data: &[u8], secret: &[u8]) -> [u8; 32] {
|
||||||
let mut mac = HmacSha256::new_from_slice(secret).expect("HMAC can take key of any size");
|
let mut mac = HmacSha256::new_from_slice(secret).expect("HMAC can take key of any size");
|
||||||
mac.update(data);
|
mac.update(data);
|
||||||
mac.finalize().into_bytes().into()
|
mac.finalize().into_bytes().into()
|
||||||
|
|
|
@ -31,7 +31,7 @@ use salvo_oapi::{
|
||||||
ToSchema,
|
ToSchema,
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::cipher::CipherError;
|
use crate::cipher::{hmac_sha256, CipherError};
|
||||||
|
|
||||||
/// Correct length except message
|
/// Correct length except message
|
||||||
const CORRECT_LENGTH: &str = "The length is correct";
|
const CORRECT_LENGTH: &str = "The length is correct";
|
||||||
|
@ -90,6 +90,16 @@ impl Signature {
|
||||||
sig[40..=55].copy_from_slice(&self.nonce);
|
sig[40..=55].copy_from_slice(&self.nonce);
|
||||||
sig
|
sig
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Verify the signature with the given shared secret.
|
||||||
|
pub fn verify(&self, data: &[u8], shared_secret: &[u8; 32]) -> bool {
|
||||||
|
let mut hmac_secret = [0u8; 56];
|
||||||
|
hmac_secret[0..=31].copy_from_slice(shared_secret);
|
||||||
|
hmac_secret[32..=39].copy_from_slice(self.timestamp());
|
||||||
|
hmac_secret[40..=55].copy_from_slice(self.nonce());
|
||||||
|
|
||||||
|
&hmac_sha256(data, &hmac_secret) == self.hmac_output()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Public key to base58 string
|
/// Public key to base58 string
|
||||||
|
|
Loading…
Reference in a new issue