Skip to content

Commit

Permalink
Correct the robonode key generation and usage
Browse files Browse the repository at this point in the history
  • Loading branch information
MOZGIII committed May 6, 2024
1 parent 0e1c519 commit 032cffa
Show file tree
Hide file tree
Showing 8 changed files with 39 additions and 41 deletions.
20 changes: 10 additions & 10 deletions crates/devutil-auth-ticket/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

pub use hex::{decode, encode};
pub use primitives_auth_ticket::{AuthTicket, OpaqueAuthTicket};
use robonode_crypto::{ed25519_dalek::Signer, Keypair};
use robonode_crypto::ed25519_dalek::Signer;

/// The input required to generate an auth ticket.
pub struct Input {
/// The robonode keypair to use for authticket reponse signing.
pub robonode_keypair: Vec<u8>,
/// The robonode secret key to use for authticket reponse signing.
pub robonode_secret_key: Vec<u8>,
/// The auth ticket to sign.
pub auth_ticket: AuthTicket,
}
Expand All @@ -26,21 +26,21 @@ pub struct Output {
pub fn make(input: Input) -> Result<Output, anyhow::Error> {
let Input {
auth_ticket,
robonode_keypair,
robonode_secret_key,
} = input;

let mut robonode_keypair_buf = [0u8; 64];
robonode_keypair_buf.copy_from_slice(&robonode_keypair);
let mut robonode_secret_key_buf = robonode_crypto::SecretKey::default();
robonode_secret_key_buf.copy_from_slice(&robonode_secret_key);

let robonode_keypair = Keypair::from_keypair_bytes(&robonode_keypair_buf)?;
let robonode_singing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_buf);

let opaque_auth_ticket = OpaqueAuthTicket::from(&auth_ticket);

let robonode_signature = robonode_keypair
let robonode_signature = robonode_singing_key
.sign(opaque_auth_ticket.as_ref())
.to_bytes();

assert!(robonode_keypair
assert!(robonode_singing_key
.verify(
opaque_auth_ticket.as_ref(),
&robonode_crypto::Signature::try_from(&robonode_signature[..]).unwrap()
Expand All @@ -50,6 +50,6 @@ pub fn make(input: Input) -> Result<Output, anyhow::Error> {
Ok(Output {
auth_ticket: opaque_auth_ticket.into(),
robonode_signature: robonode_signature.into(),
robonode_public_key: robonode_keypair.as_ref().as_bytes()[..].into(),
robonode_public_key: robonode_singing_key.verifying_key().as_bytes().to_vec(),
})
}
4 changes: 2 additions & 2 deletions crates/devutil-auth-ticket/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ fn read_hex_env(key: &'static str) -> Vec<u8> {
}

fn main() {
let robonode_keypair = read_hex_env("ROBONODE_KEYPAIR");
let robonode_secret_key = read_hex_env("ROBONODE_SECRET_KEY");
let public_key = read_hex_env("AUTH_TICKET_PUBLIC_KEY");
let authentication_nonce = read_hex_env("AUTH_TICKET_AUTHENTICATION_NONCE");

Expand All @@ -19,7 +19,7 @@ fn main() {
};

let output = make(Input {
robonode_keypair,
robonode_secret_key,
auth_ticket,
})
.unwrap();
Expand Down
8 changes: 2 additions & 6 deletions crates/humanode-runtime/src/robonode.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,6 @@ impl pallet_bioauth::Verifier<Vec<u8>> for PublicKey {
mod benchmarks {
use super::*;

fn derive_keypair_from_secret_key(secret_key_bytes: [u8; 32]) -> robonode_crypto::Keypair {
robonode_crypto::Keypair::from_bytes(&secret_key_bytes)
}

impl pallet_bioauth::benchmarking::AuthTicketSigner for Runtime {
fn sign(
auth_ticket: &primitives_auth_ticket::OpaqueAuthTicket,
Expand All @@ -72,8 +68,8 @@ mod benchmarks {
const ROBONODE_SECRET_KEY: [u8; 32] = hex_literal::hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
);
let robonode_keypair = derive_keypair_from_secret_key(ROBONODE_SECRET_KEY);
robonode_keypair
let robonode_signing_key = robonode_crypto::SigningKey::from_bytes(ROBONODE_SECRET_KEY);
robonode_signing_key
.try_sign(auth_ticket.as_ref())
.unwrap_or(Signature::from_bytes(&[0; 64]))
.to_bytes()
Expand Down
17 changes: 9 additions & 8 deletions crates/robonode-crypto/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@

pub use ed25519_dalek::{self, Signer, Verifier};

/// Robonode keypair.
pub type Keypair = ed25519_dalek::SigningKey;
/// Robonode signing key.
pub type SigningKey = ed25519_dalek::SigningKey;

/// Robonode signature.
pub type Signature = ed25519_dalek::Signature;
Expand All @@ -18,6 +18,7 @@ pub type SecretKey = ed25519_dalek::SecretKey;

#[cfg(test)]
mod tests {
use ed25519_dalek::SigningKey;
use hex_literal::hex;
use rand::rngs::OsRng;

Expand All @@ -26,28 +27,28 @@ mod tests {
// Test vectors.
// See: https://ed25519.cr.yp.to/python/sign.py
// https://ed25519.cr.yp.to/python/sign.input
const SK: [u8; 64] = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a");
const SK: [u8; 32] = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60");
const PK: [u8; 32] = hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a");
const M: [u8; 0] = hex!("");
const SM: [u8; 64] = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");

#[test]
fn test_vectors() {
let pair = Keypair::from_keypair_bytes(&SK).unwrap();
let secret = SigningKey::from_bytes(&SK);
let public = PublicKey::from_bytes(&PK).unwrap();
assert_eq!(pair.verifying_key(), public);
assert_eq!(secret.verifying_key(), public);

let signature: Signature = SM.try_into().unwrap();

println!("{:#02X?}", pair.sign(&M[..]).to_bytes());
assert!(pair.sign(&M[..]) == signature);
println!("{:#02X?}", secret.sign(&M[..]).to_bytes());
assert!(secret.sign(&M[..]) == signature);
assert!(public.verify(&M[..], &signature).is_ok());
}

#[test]
fn generated_pair() {
let mut csprng = OsRng {};
let pair = Keypair::generate(&mut csprng);
let pair = SigningKey::generate(&mut csprng);

let message = b"Something important";
let signature = pair.sign(&message[..]);
Expand Down
4 changes: 2 additions & 2 deletions crates/robonode-keygen/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ publish = false
[dependencies]
robonode-crypto = { path = "../robonode-crypto" }

hex = { workspace = true }
rand = { workspace = true }
hex = { workspace = true, features = ["alloc"] }
rand = { workspace = true, features = ["std", "getrandom"] }
8 changes: 4 additions & 4 deletions crates/robonode-keygen/src/main.rs
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
//! A tiny utility for generating a robonode keypair.
//! Prints the keypair in HEX.
//! A tiny utility for generating a robonode key.
//! Prints the secret key in HEX.

use rand::rngs::OsRng;

fn main() {
let mut csprng = OsRng {};
let keypair = robonode_crypto::Keypair::generate(&mut csprng);
println!("{}", hex::encode(keypair.to_bytes()));
let signing_key = robonode_crypto::SigningKey::generate(&mut csprng);
println!("{}", hex::encode(signing_key.to_bytes()));
}
8 changes: 4 additions & 4 deletions crates/robonode-server/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,14 @@ pub fn init(
execution_id: uuid::Uuid,
facetec_api_client: facetec_api_client::Client<LoggingInspector>,
facetec_device_sdk_params: FacetecDeviceSdkParams,
robonode_keypair: robonode_crypto::Keypair,
robonode_signing_key: robonode_crypto::SigningKey,
) -> impl Filter<Extract = (impl warp::Reply,), Error = std::convert::Infallible> + Clone {
let logic = logic::Logic {
locked: Mutex::new(logic::Locked {
sequence: sequence::Sequence::new(0),
execution_id,
facetec: facetec_api_client,
signer: robonode_keypair,
signer: robonode_signing_key,
public_key_type: PhantomData::<validator_key::SubstratePublic<sp_core::sr25519::Public>>,
}),
facetec_device_sdk_params,
Expand All @@ -40,7 +40,7 @@ pub fn init(
}

#[async_trait::async_trait]
impl logic::Signer<Vec<u8>> for robonode_crypto::Keypair {
impl logic::Signer<Vec<u8>> for robonode_crypto::SigningKey {
type Error = Infallible;

async fn sign<'a, D>(&self, data: D) -> Result<Vec<u8>, Self::Error>
Expand All @@ -54,7 +54,7 @@ impl logic::Signer<Vec<u8>> for robonode_crypto::Keypair {
}

#[async_trait::async_trait]
impl logic::PublicKeyProvider for robonode_crypto::Keypair {
impl logic::PublicKeyProvider for robonode_crypto::SigningKey {
fn public_key(&self) -> &[u8] {
self.as_ref().as_ref()
}
Expand Down
11 changes: 6 additions & 5 deletions crates/robonode-server/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let facetec_device_key_identifier: String = env("FACETEC_DEVICE_KEY_IDENTIFIER")?;
let facetec_public_face_map_encryption_key = env("FACETEC_PUBLIC_FACE_MAP_ENCRYPTION_KEY")?;
let facetec_production_key: Option<String> = maybe_env("FACETEC_PRODUCTION_KEY")?;
let robonode_keypair_string: String = env("ROBONODE_KEYPAIR")?;
let mut robonode_keypair_bytes: [u8; 64] = [0; 64];
hex::decode_to_slice(robonode_keypair_string, &mut robonode_keypair_bytes)?;
let robonode_keypair = robonode_crypto::Keypair::from_keypair_bytes(&robonode_keypair_bytes)?;
let robonode_secret_key_string: String = env("ROBONODE_SECRET_KEY")?;

let mut robonode_secret_key_bytes = robonode_crypto::SecretKey::default();
hex::decode_to_slice(robonode_secret_key_string, &mut robonode_secret_key_bytes)?;
let robonode_signing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_bytes);

let facetec_api_client = facetec_api_client::Client {
base_url: facetec_server_url,
Expand All @@ -39,7 +40,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
execution_id,
facetec_api_client,
face_tec_device_sdk_params,
robonode_keypair,
robonode_signing_key,
);
let (addr, server) =
warp::serve(root_filter).bind_with_graceful_shutdown(addr, shutdown_signal());
Expand Down

0 comments on commit 032cffa

Please sign in to comment.