did-simple: added ed25519 pubkey type (#104)

Includes validation logic for the pubkey. Disclaimer, I consulted with a friend who is a security researcher on how to validate the pubkey. But any additional feedback is appreciated.
NexusSocial · May 22, 2024 · 2d50b49 · 2d50b49
1 parent 988ebac
commit 2d50b49
Show file tree

Hide file tree

Showing 5 changed files with 191 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/did-simple/Cargo.toml b/crates/did-simple/Cargo.toml
@@ -9,7 +9,11 @@ description = "Dead simple DIDs"
 publish = true
 
 [features]
-default = []
+default = ["ed25519"]
+ed25519 = [
+	"dep:curve25519-dalek",
+	"dep:ed25519-dalek",
+]
 
 # Only applications should enable this! If you use did-simple as a dependency,
 # don't enable this feature - let applications set it instead.
@@ -20,6 +24,8 @@ allow-unsafe = []
 bs58 = "0.5.1"
 bytes = "1.6.0"
 thiserror = "1.0.60"
+ed25519-dalek = { version = "2.1.1", optional = true }
+curve25519-dalek = { version = "4.1.2", optional = true }
 
 [dev-dependencies]
 eyre = "0.6.12"

diff --git a/crates/did-simple/src/crypto/ed25519.rs b/crates/did-simple/src/crypto/ed25519.rs
@@ -0,0 +1,50 @@
+use curve25519_dalek::edwards::CompressedEdwardsY;
+use ed25519_dalek::VerifyingKey;
+
+use crate::key_algos::StaticKeyAlgo as _;
+
+/// An ed25519 public key.
+#[allow(dead_code)]
+pub struct PubKey(VerifyingKey);
+
+impl PubKey {
+	pub const LEN: usize = Self::key_len();
+
+	/// Instantiates `PubKey` from some bytes. Performs all necessary validation
+	/// that the key is valid and of sufficient strength.
+	///
+	/// Note that we will reject any keys that are too weak (aka low order).
+	pub fn try_from(bytes: &[u8; Self::LEN]) -> Result<Self, TryFromBytesError> {
+		let compressed_edwards = CompressedEdwardsY(bytes.to_owned());
+		let Some(edwards) = compressed_edwards.decompress() else {
+			return Err(TryFromBytesError::NotOnCurve);
+		};
+		let key = VerifyingKey::from(edwards);
+		if key.is_weak() {
+			return Err(TryFromBytesError::WeakKey);
+		}
+		Ok(Self(key))
+	}
+
+	// TODO: Turn this into inline const when that feature stabilizes
+	const fn key_len() -> usize {
+		let len = crate::key_algos::Ed25519::PUB_KEY_LEN;
+		assert!(len == ed25519_dalek::PUBLIC_KEY_LENGTH);
+		len
+	}
+}
+
+#[derive(thiserror::Error, Debug)]
+pub enum TryFromBytesError {
+	#[error(
+		"the provided bytes was not the y coordinate of a valid point on the curve"
+	)]
+	NotOnCurve,
+	#[error("public key has a low order and is too weak, which would allow the key to generate signatures that work for almost any message. To prevent this, we reject weak keys.")]
+	WeakKey,
+}
+
+/// Errors which may occur while processing signatures and keypairs.
+#[derive(thiserror::Error, Debug)]
+#[error("invalid signature")]
+pub struct SignatureError(#[from] ed25519_dalek::SignatureError);
diff --git a/crates/did-simple/src/crypto/mod.rs b/crates/did-simple/src/crypto/mod.rs
@@ -0,0 +1,4 @@
+//! Implementations of cryptographic operations
+
+#[cfg(feature = "ed25519")]
+pub mod ed25519;
diff --git a/crates/did-simple/src/lib.rs b/crates/did-simple/src/lib.rs
@@ -24,6 +24,7 @@
 
 use std::str::FromStr;
 
+pub mod crypto;
 pub(crate) mod key_algos;
 pub mod methods;
 pub mod url;