diff --git a/crates/devutil-auth-ticket/src/lib.rs b/crates/devutil-auth-ticket/src/lib.rs index 80dc28be1..e81ed3d94 100644 --- a/crates/devutil-auth-ticket/src/lib.rs +++ b/crates/devutil-auth-ticket/src/lib.rs @@ -2,12 +2,12 @@ pub use hex::{decode, encode}; pub use primitives_auth_ticket::{AuthTicket, OpaqueAuthTicket}; -use robonode_crypto::{ed25519_dalek::Signer, Keypair}; +use robonode_crypto::ed25519_dalek::Signer; /// The input required to generate an auth ticket. pub struct Input { - /// The robonode keypair to use for authticket reponse signing. - pub robonode_keypair: Vec, + /// The robonode secret key to use for authticket reponse signing. + pub robonode_secret_key: Vec, /// The auth ticket to sign. pub auth_ticket: AuthTicket, } @@ -26,21 +26,21 @@ pub struct Output { pub fn make(input: Input) -> Result { let Input { auth_ticket, - robonode_keypair, + robonode_secret_key, } = input; - let mut robonode_keypair_buf = [0u8; 64]; - robonode_keypair_buf.copy_from_slice(&robonode_keypair); + let mut robonode_secret_key_buf = robonode_crypto::SecretKey::default(); + robonode_secret_key_buf.copy_from_slice(&robonode_secret_key); - let robonode_keypair = Keypair::from_keypair_bytes(&robonode_keypair_buf)?; + let robonode_singing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_buf); let opaque_auth_ticket = OpaqueAuthTicket::from(&auth_ticket); - let robonode_signature = robonode_keypair + let robonode_signature = robonode_singing_key .sign(opaque_auth_ticket.as_ref()) .to_bytes(); - assert!(robonode_keypair + assert!(robonode_singing_key .verify( opaque_auth_ticket.as_ref(), &robonode_crypto::Signature::try_from(&robonode_signature[..]).unwrap() @@ -50,6 +50,6 @@ pub fn make(input: Input) -> Result { Ok(Output { auth_ticket: opaque_auth_ticket.into(), robonode_signature: robonode_signature.into(), - robonode_public_key: robonode_keypair.as_ref().as_bytes()[..].into(), + robonode_public_key: robonode_singing_key.verifying_key().as_bytes().to_vec(), }) } diff --git a/crates/devutil-auth-ticket/src/main.rs b/crates/devutil-auth-ticket/src/main.rs index 3ec6dc2fa..d3a79ea46 100644 --- a/crates/devutil-auth-ticket/src/main.rs +++ b/crates/devutil-auth-ticket/src/main.rs @@ -9,7 +9,7 @@ fn read_hex_env(key: &'static str) -> Vec { } fn main() { - let robonode_keypair = read_hex_env("ROBONODE_KEYPAIR"); + let robonode_secret_key = read_hex_env("ROBONODE_SECRET_KEY"); let public_key = read_hex_env("AUTH_TICKET_PUBLIC_KEY"); let authentication_nonce = read_hex_env("AUTH_TICKET_AUTHENTICATION_NONCE"); @@ -19,7 +19,7 @@ fn main() { }; let output = make(Input { - robonode_keypair, + robonode_secret_key, auth_ticket, }) .unwrap(); diff --git a/crates/humanode-runtime/src/robonode.rs b/crates/humanode-runtime/src/robonode.rs index 80f98aa85..ba3b7149b 100644 --- a/crates/humanode-runtime/src/robonode.rs +++ b/crates/humanode-runtime/src/robonode.rs @@ -57,10 +57,6 @@ impl pallet_bioauth::Verifier> for PublicKey { mod benchmarks { use super::*; - fn derive_keypair_from_secret_key(secret_key_bytes: [u8; 32]) -> robonode_crypto::Keypair { - robonode_crypto::Keypair::from_bytes(&secret_key_bytes) - } - impl pallet_bioauth::benchmarking::AuthTicketSigner for Runtime { fn sign( auth_ticket: &primitives_auth_ticket::OpaqueAuthTicket, @@ -69,11 +65,12 @@ mod benchmarks { // This secret key is taken from the first entry in https://ed25519.cr.yp.to/python/sign.input. // Must be compatible with public key provided in benchmark_config() function in // crates/humanode-peer/src/chain_spec.rs - const ROBONODE_SECRET_KEY: [u8; 32] = hex_literal::hex!( + const ROBONODE_SECRET_KEY: robonode_crypto::SecretKey = hex_literal::hex!( "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60" ); - let robonode_keypair = derive_keypair_from_secret_key(ROBONODE_SECRET_KEY); - robonode_keypair + let robonode_signing_key = + robonode_crypto::SigningKey::from_bytes(&ROBONODE_SECRET_KEY); + robonode_signing_key .try_sign(auth_ticket.as_ref()) .unwrap_or(Signature::from_bytes(&[0; 64])) .to_bytes() diff --git a/crates/robonode-crypto/src/lib.rs b/crates/robonode-crypto/src/lib.rs index baaa96c09..98834d5ec 100644 --- a/crates/robonode-crypto/src/lib.rs +++ b/crates/robonode-crypto/src/lib.rs @@ -4,8 +4,8 @@ pub use ed25519_dalek::{self, Signer, Verifier}; -/// Robonode keypair. -pub type Keypair = ed25519_dalek::SigningKey; +/// Robonode signing key. +pub type SigningKey = ed25519_dalek::SigningKey; /// Robonode signature. pub type Signature = ed25519_dalek::Signature; @@ -18,6 +18,7 @@ pub type SecretKey = ed25519_dalek::SecretKey; #[cfg(test)] mod tests { + use ed25519_dalek::SigningKey; use hex_literal::hex; use rand::rngs::OsRng; @@ -26,28 +27,28 @@ mod tests { // Test vectors. // See: https://ed25519.cr.yp.to/python/sign.py // https://ed25519.cr.yp.to/python/sign.input - const SK: [u8; 64] = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"); + const SK: [u8; 32] = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"); const PK: [u8; 32] = hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"); const M: [u8; 0] = hex!(""); const SM: [u8; 64] = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"); #[test] fn test_vectors() { - let pair = Keypair::from_keypair_bytes(&SK).unwrap(); + let secret = SigningKey::from_bytes(&SK); let public = PublicKey::from_bytes(&PK).unwrap(); - assert_eq!(pair.verifying_key(), public); + assert_eq!(secret.verifying_key(), public); let signature: Signature = SM.try_into().unwrap(); - println!("{:#02X?}", pair.sign(&M[..]).to_bytes()); - assert!(pair.sign(&M[..]) == signature); + println!("{:#02X?}", secret.sign(&M[..]).to_bytes()); + assert!(secret.sign(&M[..]) == signature); assert!(public.verify(&M[..], &signature).is_ok()); } #[test] fn generated_pair() { let mut csprng = OsRng {}; - let pair = Keypair::generate(&mut csprng); + let pair = SigningKey::generate(&mut csprng); let message = b"Something important"; let signature = pair.sign(&message[..]); diff --git a/crates/robonode-keygen/Cargo.toml b/crates/robonode-keygen/Cargo.toml index 06515154d..b35e09a1f 100644 --- a/crates/robonode-keygen/Cargo.toml +++ b/crates/robonode-keygen/Cargo.toml @@ -7,5 +7,5 @@ publish = false [dependencies] robonode-crypto = { path = "../robonode-crypto" } -hex = { workspace = true } -rand = { workspace = true } +hex = { workspace = true, features = ["alloc"] } +rand = { workspace = true, features = ["std", "getrandom"] } diff --git a/crates/robonode-keygen/src/main.rs b/crates/robonode-keygen/src/main.rs index 42d2ccd1c..4291d8ef6 100644 --- a/crates/robonode-keygen/src/main.rs +++ b/crates/robonode-keygen/src/main.rs @@ -1,10 +1,10 @@ -//! A tiny utility for generating a robonode keypair. -//! Prints the keypair in HEX. +//! A tiny utility for generating a robonode key. +//! Prints the secret key in HEX. use rand::rngs::OsRng; fn main() { let mut csprng = OsRng {}; - let keypair = robonode_crypto::Keypair::generate(&mut csprng); - println!("{}", hex::encode(keypair.to_bytes())); + let signing_key = robonode_crypto::SigningKey::generate(&mut csprng); + println!("{}", hex::encode(signing_key.to_bytes())); } diff --git a/crates/robonode-server/src/lib.rs b/crates/robonode-server/src/lib.rs index 303896212..338fd1067 100644 --- a/crates/robonode-server/src/lib.rs +++ b/crates/robonode-server/src/lib.rs @@ -21,14 +21,14 @@ pub fn init( execution_id: uuid::Uuid, facetec_api_client: facetec_api_client::Client, facetec_device_sdk_params: FacetecDeviceSdkParams, - robonode_keypair: robonode_crypto::Keypair, + robonode_signing_key: robonode_crypto::SigningKey, ) -> impl Filter + Clone { let logic = logic::Logic { locked: Mutex::new(logic::Locked { sequence: sequence::Sequence::new(0), execution_id, facetec: facetec_api_client, - signer: robonode_keypair, + signer: robonode_signing_key, public_key_type: PhantomData::>, }), facetec_device_sdk_params, @@ -40,7 +40,7 @@ pub fn init( } #[async_trait::async_trait] -impl logic::Signer> for robonode_crypto::Keypair { +impl logic::Signer> for robonode_crypto::SigningKey { type Error = Infallible; async fn sign<'a, D>(&self, data: D) -> Result, Self::Error> @@ -54,7 +54,7 @@ impl logic::Signer> for robonode_crypto::Keypair { } #[async_trait::async_trait] -impl logic::PublicKeyProvider for robonode_crypto::Keypair { +impl logic::PublicKeyProvider for robonode_crypto::SigningKey { fn public_key(&self) -> &[u8] { self.as_ref().as_ref() } diff --git a/crates/robonode-server/src/main.rs b/crates/robonode-server/src/main.rs index 5898468a6..b21ebabd8 100644 --- a/crates/robonode-server/src/main.rs +++ b/crates/robonode-server/src/main.rs @@ -15,10 +15,11 @@ async fn main() -> Result<(), Box> { let facetec_device_key_identifier: String = env("FACETEC_DEVICE_KEY_IDENTIFIER")?; let facetec_public_face_map_encryption_key = env("FACETEC_PUBLIC_FACE_MAP_ENCRYPTION_KEY")?; let facetec_production_key: Option = maybe_env("FACETEC_PRODUCTION_KEY")?; - let robonode_keypair_string: String = env("ROBONODE_KEYPAIR")?; - let mut robonode_keypair_bytes: [u8; 64] = [0; 64]; - hex::decode_to_slice(robonode_keypair_string, &mut robonode_keypair_bytes)?; - let robonode_keypair = robonode_crypto::Keypair::from_keypair_bytes(&robonode_keypair_bytes)?; + let robonode_secret_key_string: String = env("ROBONODE_SECRET_KEY")?; + + let mut robonode_secret_key_bytes = robonode_crypto::SecretKey::default(); + hex::decode_to_slice(robonode_secret_key_string, &mut robonode_secret_key_bytes)?; + let robonode_signing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_bytes); let facetec_api_client = facetec_api_client::Client { base_url: facetec_server_url, @@ -39,7 +40,7 @@ async fn main() -> Result<(), Box> { execution_id, facetec_api_client, face_tec_device_sdk_params, - robonode_keypair, + robonode_signing_key, ); let (addr, server) = warp::serve(root_filter).bind_with_graceful_shutdown(addr, shutdown_signal());