From c7fdb4d997cde2a9b66fd8a6509fd76c00b3f5c0 Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Mon, 6 May 2024 15:53:08 -0300 Subject: [PATCH] Correct the robonode key generation and usage --- crates/devutil-auth-ticket/src/lib.rs | 20 ++++++++++---------- crates/devutil-auth-ticket/src/main.rs | 4 ++-- crates/robonode-crypto/src/lib.rs | 4 ++-- crates/robonode-keygen/Cargo.toml | 4 ++-- crates/robonode-keygen/src/main.rs | 4 ++-- crates/robonode-server/src/lib.rs | 8 ++++---- crates/robonode-server/src/main.rs | 11 ++++++----- 7 files changed, 28 insertions(+), 27 deletions(-) diff --git a/crates/devutil-auth-ticket/src/lib.rs b/crates/devutil-auth-ticket/src/lib.rs index 80dc28be1..e81ed3d94 100644 --- a/crates/devutil-auth-ticket/src/lib.rs +++ b/crates/devutil-auth-ticket/src/lib.rs @@ -2,12 +2,12 @@ pub use hex::{decode, encode}; pub use primitives_auth_ticket::{AuthTicket, OpaqueAuthTicket}; -use robonode_crypto::{ed25519_dalek::Signer, Keypair}; +use robonode_crypto::ed25519_dalek::Signer; /// The input required to generate an auth ticket. pub struct Input { - /// The robonode keypair to use for authticket reponse signing. - pub robonode_keypair: Vec, + /// The robonode secret key to use for authticket reponse signing. + pub robonode_secret_key: Vec, /// The auth ticket to sign. pub auth_ticket: AuthTicket, } @@ -26,21 +26,21 @@ pub struct Output { pub fn make(input: Input) -> Result { let Input { auth_ticket, - robonode_keypair, + robonode_secret_key, } = input; - let mut robonode_keypair_buf = [0u8; 64]; - robonode_keypair_buf.copy_from_slice(&robonode_keypair); + let mut robonode_secret_key_buf = robonode_crypto::SecretKey::default(); + robonode_secret_key_buf.copy_from_slice(&robonode_secret_key); - let robonode_keypair = Keypair::from_keypair_bytes(&robonode_keypair_buf)?; + let robonode_singing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_buf); let opaque_auth_ticket = OpaqueAuthTicket::from(&auth_ticket); - let robonode_signature = robonode_keypair + let robonode_signature = robonode_singing_key .sign(opaque_auth_ticket.as_ref()) .to_bytes(); - assert!(robonode_keypair + assert!(robonode_singing_key .verify( opaque_auth_ticket.as_ref(), &robonode_crypto::Signature::try_from(&robonode_signature[..]).unwrap() @@ -50,6 +50,6 @@ pub fn make(input: Input) -> Result { Ok(Output { auth_ticket: opaque_auth_ticket.into(), robonode_signature: robonode_signature.into(), - robonode_public_key: robonode_keypair.as_ref().as_bytes()[..].into(), + robonode_public_key: robonode_singing_key.verifying_key().as_bytes().to_vec(), }) } diff --git a/crates/devutil-auth-ticket/src/main.rs b/crates/devutil-auth-ticket/src/main.rs index 3ec6dc2fa..d3a79ea46 100644 --- a/crates/devutil-auth-ticket/src/main.rs +++ b/crates/devutil-auth-ticket/src/main.rs @@ -9,7 +9,7 @@ fn read_hex_env(key: &'static str) -> Vec { } fn main() { - let robonode_keypair = read_hex_env("ROBONODE_KEYPAIR"); + let robonode_secret_key = read_hex_env("ROBONODE_SECRET_KEY"); let public_key = read_hex_env("AUTH_TICKET_PUBLIC_KEY"); let authentication_nonce = read_hex_env("AUTH_TICKET_AUTHENTICATION_NONCE"); @@ -19,7 +19,7 @@ fn main() { }; let output = make(Input { - robonode_keypair, + robonode_secret_key, auth_ticket, }) .unwrap(); diff --git a/crates/robonode-crypto/src/lib.rs b/crates/robonode-crypto/src/lib.rs index baaa96c09..7bb551e1a 100644 --- a/crates/robonode-crypto/src/lib.rs +++ b/crates/robonode-crypto/src/lib.rs @@ -4,8 +4,8 @@ pub use ed25519_dalek::{self, Signer, Verifier}; -/// Robonode keypair. -pub type Keypair = ed25519_dalek::SigningKey; +/// Robonode signing key. +pub type SigningKey = ed25519_dalek::SigningKey; /// Robonode signature. pub type Signature = ed25519_dalek::Signature; diff --git a/crates/robonode-keygen/Cargo.toml b/crates/robonode-keygen/Cargo.toml index 06515154d..b35e09a1f 100644 --- a/crates/robonode-keygen/Cargo.toml +++ b/crates/robonode-keygen/Cargo.toml @@ -7,5 +7,5 @@ publish = false [dependencies] robonode-crypto = { path = "../robonode-crypto" } -hex = { workspace = true } -rand = { workspace = true } +hex = { workspace = true, features = ["alloc"] } +rand = { workspace = true, features = ["std", "getrandom"] } diff --git a/crates/robonode-keygen/src/main.rs b/crates/robonode-keygen/src/main.rs index 42d2ccd1c..530035e90 100644 --- a/crates/robonode-keygen/src/main.rs +++ b/crates/robonode-keygen/src/main.rs @@ -5,6 +5,6 @@ use rand::rngs::OsRng; fn main() { let mut csprng = OsRng {}; - let keypair = robonode_crypto::Keypair::generate(&mut csprng); - println!("{}", hex::encode(keypair.to_bytes())); + let signing_key = robonode_crypto::SigningKey::generate(&mut csprng); + println!("{}", hex::encode(signing_key.to_bytes())); } diff --git a/crates/robonode-server/src/lib.rs b/crates/robonode-server/src/lib.rs index 303896212..338fd1067 100644 --- a/crates/robonode-server/src/lib.rs +++ b/crates/robonode-server/src/lib.rs @@ -21,14 +21,14 @@ pub fn init( execution_id: uuid::Uuid, facetec_api_client: facetec_api_client::Client, facetec_device_sdk_params: FacetecDeviceSdkParams, - robonode_keypair: robonode_crypto::Keypair, + robonode_signing_key: robonode_crypto::SigningKey, ) -> impl Filter + Clone { let logic = logic::Logic { locked: Mutex::new(logic::Locked { sequence: sequence::Sequence::new(0), execution_id, facetec: facetec_api_client, - signer: robonode_keypair, + signer: robonode_signing_key, public_key_type: PhantomData::>, }), facetec_device_sdk_params, @@ -40,7 +40,7 @@ pub fn init( } #[async_trait::async_trait] -impl logic::Signer> for robonode_crypto::Keypair { +impl logic::Signer> for robonode_crypto::SigningKey { type Error = Infallible; async fn sign<'a, D>(&self, data: D) -> Result, Self::Error> @@ -54,7 +54,7 @@ impl logic::Signer> for robonode_crypto::Keypair { } #[async_trait::async_trait] -impl logic::PublicKeyProvider for robonode_crypto::Keypair { +impl logic::PublicKeyProvider for robonode_crypto::SigningKey { fn public_key(&self) -> &[u8] { self.as_ref().as_ref() } diff --git a/crates/robonode-server/src/main.rs b/crates/robonode-server/src/main.rs index 5898468a6..b21ebabd8 100644 --- a/crates/robonode-server/src/main.rs +++ b/crates/robonode-server/src/main.rs @@ -15,10 +15,11 @@ async fn main() -> Result<(), Box> { let facetec_device_key_identifier: String = env("FACETEC_DEVICE_KEY_IDENTIFIER")?; let facetec_public_face_map_encryption_key = env("FACETEC_PUBLIC_FACE_MAP_ENCRYPTION_KEY")?; let facetec_production_key: Option = maybe_env("FACETEC_PRODUCTION_KEY")?; - let robonode_keypair_string: String = env("ROBONODE_KEYPAIR")?; - let mut robonode_keypair_bytes: [u8; 64] = [0; 64]; - hex::decode_to_slice(robonode_keypair_string, &mut robonode_keypair_bytes)?; - let robonode_keypair = robonode_crypto::Keypair::from_keypair_bytes(&robonode_keypair_bytes)?; + let robonode_secret_key_string: String = env("ROBONODE_SECRET_KEY")?; + + let mut robonode_secret_key_bytes = robonode_crypto::SecretKey::default(); + hex::decode_to_slice(robonode_secret_key_string, &mut robonode_secret_key_bytes)?; + let robonode_signing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_bytes); let facetec_api_client = facetec_api_client::Client { base_url: facetec_server_url, @@ -39,7 +40,7 @@ async fn main() -> Result<(), Box> { execution_id, facetec_api_client, face_tec_device_sdk_params, - robonode_keypair, + robonode_signing_key, ); let (addr, server) = warp::serve(root_filter).bind_with_graceful_shutdown(addr, shutdown_signal());