Add PGP signature scheme (#196)

Author: casey

Cargo.lock

@@ -45,6 +45,11 @@ pretty_assertions = "1.4.1"
 ssh-key = "0.6.0"
 tempfile = "3.24.0"
 
+[dev-dependencies.sequoia-openpgp]
+version = "2.1.0"
+default-features = false
+features = ["allow-experimental-crypto", "allow-variable-time-crypto", "crypto-rust"]
+
 [lints.clippy]
 all = { level = "deny", priority = -1 }
 arbitrary-source-item-ordering = "deny"

Cargo.toml

@@ -6,7 +6,9 @@ pub(crate) trait Bech32m<const PREFIX: usize, const DATA: usize> {
   const HRP: Hrp;
   const TYPE: &'static str;
 
-  fn decode_bech32m(s: &str) -> Result<([Fe32; PREFIX], [u8; DATA]), Bech32mError> {
+  type Suffix: Bech32mSuffix;
+
+  fn decode_bech32m(s: &str) -> Result<Bech32mPayload<PREFIX, DATA, Self::Suffix>, Bech32mError> {
     let hrp_string = CheckedHrpstring::new::<bech32::Bech32m>(s)
       .context(bech32m_error::Decode { ty: Self::TYPE })?;
 
@@ -28,8 +30,6 @@ pub(crate) trait Bech32m<const PREFIX: usize, const DATA: usize> {
       bech32m_error::UnsupportedVersion { ty: Self::TYPE, version },
     }
 
-    Self::validate_padding(&hrp_string).context(bech32m_error::Padding { ty: Self::TYPE })?;
-
     let mut prefix = [Fe32::Q; PREFIX];
 
     for (actual, fe32) in prefix.iter_mut().enumerate() {
@@ -42,38 +42,46 @@ pub(crate) trait Bech32m<const PREFIX: usize, const DATA: usize> {
 
     let mut data = [0; DATA];
 
-    {
-      let mut bytes = fe32s.fes_to_bytes();
-
-      let mut actual = 0;
-      for byte in &mut data {
-        *byte = bytes.next().context(bech32m_error::DataLength {
-          actual,
-          expected: DATA,
-          ty: Self::TYPE,
-        })?;
-        actual += 1;
-      }
-
-      actual += bytes.count();
-
-      ensure! {
-        actual == DATA,
-        bech32m_error::DataLength {
-          actual,
-          expected: DATA,
-          ty: Self::TYPE,
-        },
-      }
+    let mut bytes = fe32s.fes_to_bytes();
+
+    for (actual, byte) in data.iter_mut().enumerate() {
+      *byte = bytes.next().context(bech32m_error::DataLength {
+        actual,
+        expected: DATA,
+        ty: Self::TYPE,
+      })?;
     }
 
-    Ok((prefix, data))
+    let suffix = Self::Suffix::from_bytes(Self::TYPE, bytes)?;
+
+    Self::validate_padding(&hrp_string).context(bech32m_error::Padding { ty: Self::TYPE })?;
+
+    Ok(Bech32mPayload {
+      data,
+      prefix,
+      suffix,
+    })
   }
 
-  fn encode_bech32m(f: &mut Formatter, prefix: [Fe32; PREFIX], data: [u8; DATA]) -> fmt::Result {
+  fn encode_bech32m(
+    f: &mut Formatter,
+    payload: Bech32mPayload<PREFIX, DATA, Self::Suffix>,
+  ) -> fmt::Result {
+    let Bech32mPayload {
+      data,
+      prefix,
+      suffix,
+    } = payload;
+
     let chars = prefix
       .into_iter()
-      .chain(data.iter().copied().bytes_to_fes())
+      .chain(
+        data
+          .iter()
+          .copied()
+          .chain(suffix.into_bytes())
+          .bytes_to_fes(),
+      )
       .with_checksum::<bech32::Bech32m>(&Self::HRP)
       .with_witness_version(VERSION)
       .chars();
@@ -90,6 +98,10 @@ pub(crate) trait Bech32m<const PREFIX: usize, const DATA: usize> {
 
     fe32s.next().unwrap();
 
+    for _ in 0..PREFIX {
+      fe32s.next().unwrap();
+    }
+
     let Some((i, last)) = fe32s.enumerate().last() else {
       return Ok(());
     };
@@ -117,11 +129,12 @@ mod tests {
   impl Bech32m<0, 0> for EmptyPublicKey {
     const HRP: Hrp = Hrp::parse_unchecked("public");
     const TYPE: &'static str = "public key";
+    type Suffix = ();
   }
 
   impl Display for EmptyPublicKey {
     fn fmt(&self, f: &mut Formatter) -> fmt::Result {
-      Self::encode_bech32m(f, [], [])
+      Self::encode_bech32m(f, Bech32mPayload::from_data([]))
     }
   }
 
@@ -130,11 +143,12 @@ mod tests {
   impl Bech32m<0, 33> for LongPublicKey {
     const HRP: Hrp = Hrp::parse_unchecked("public");
     const TYPE: &'static str = "public key";
+    type Suffix = ();
   }
 
   impl Display for LongPublicKey {
     fn fmt(&self, f: &mut Formatter) -> fmt::Result {
-      Self::encode_bech32m(f, [], [0; 33])
+      Self::encode_bech32m(f, Bech32mPayload::from_data([0; 33]))
     }
   }
 
@@ -189,7 +203,7 @@ mod tests {
 
     case(
       &LongPublicKey.to_string(),
-      "expected bech32m public key to have 32 data bytes but found 33",
+      "expected bech32m public key to have 0 suffix bytes but found 1",
     );
 
     let public_key = test::PUBLIC_KEY.parse::<PublicKey>().unwrap();
@@ -241,6 +255,7 @@ mod tests {
     impl Bech32m<2, 0> for PrefixedType {
       const HRP: Hrp = Hrp::parse_unchecked("test");
       const TYPE: &'static str = "test";
+      type Suffix = ();
     }
 
     let bech32m = []

src/bech32m.rs

@@ -38,6 +38,15 @@ pub enum Bech32mError {
     actual: usize,
     ty: &'static str,
   },
+  #[snafu(display(
+    "expected bech32m {ty} to have {} but found {actual}",
+    Count(*expected, "suffix byte"),
+  ))]
+  SuffixLength {
+    expected: usize,
+    actual: usize,
+    ty: &'static str,
+  },
   #[snafu(display("bech32m {ty} version `{version}` is not supported"))]
   UnsupportedVersion {
     ty: &'static str,

src/bech32m_error.rs

@@ -0,0 +1,22 @@
+use super::*;
+
+#[derive(Debug)]
+pub(crate) struct Bech32mPayload<const PREFIX: usize, const DATA: usize, T> {
+  pub(crate) data: [u8; DATA],
+  pub(crate) prefix: [Fe32; PREFIX],
+  pub(crate) suffix: T,
+}
+
+impl<const DATA: usize> Bech32mPayload<0, DATA, ()> {
+  pub(crate) fn from_data(data: [u8; DATA]) -> Self {
+    Self {
+      data,
+      prefix: [],
+      suffix: (),
+    }
+  }
+
+  pub(crate) fn into_data(self) -> [u8; DATA] {
+    self.data
+  }
+}

src/bech32m_payload.rs

@@ -0,0 +1,40 @@
+use super::*;
+
+type Bytes<'a> = FesToBytes<AsciiToFe32Iter<'a>>;
+
+pub(crate) trait Bech32mSuffix: Sized {
+  fn from_bytes(ty: &'static str, bytes: Bytes) -> Result<Self, Bech32mError>;
+
+  fn into_bytes(self) -> Vec<u8>;
+}
+
+impl Bech32mSuffix for () {
+  fn from_bytes(ty: &'static str, bytes: Bytes) -> Result<Self, Bech32mError> {
+    let actual = bytes.count();
+
+    ensure! {
+      actual == 0,
+      bech32m_error::SuffixLength {
+        actual,
+        expected: 0usize,
+        ty,
+      },
+    }
+
+    Ok(())
+  }
+
+  fn into_bytes(self) -> Vec<u8> {
+    Vec::new()
+  }
+}
+
+impl Bech32mSuffix for Vec<u8> {
+  fn from_bytes(_ty: &'static str, bytes: Bytes) -> Result<Self, Bech32mError> {
+    Ok(bytes.collect())
+  }
+
+  fn into_bytes(self) -> Vec<u8> {
+    self
+  }
+}

src/bech32m_suffix.rs

@@ -4,6 +4,6 @@ pub(crate) struct DisplaySecret(pub(crate) PrivateKey);
 
 impl Display for DisplaySecret {
   fn fmt(&self, f: &mut Formatter) -> fmt::Result {
-    PrivateKey::encode_bech32m(f, [], self.0.as_secret_bytes())
+    PrivateKey::encode_bech32m(f, Bech32mPayload::from_data(self.0.as_secret_bytes()))
   }
 }

src/display_secret.rs

@@ -15,19 +15,19 @@ impl Fingerprint {
 impl Bech32m<0, { Fingerprint::LEN }> for Fingerprint {
   const HRP: Hrp = Hrp::parse_unchecked("package");
   const TYPE: &'static str = "package fingerprint";
+  type Suffix = ();
 }
 
 impl Display for Fingerprint {
   fn fmt(&self, f: &mut Formatter) -> fmt::Result {
-    Self::encode_bech32m(f, [], *self.as_bytes())
+    Self::encode_bech32m(f, Bech32mPayload::from_data(*self.as_bytes()))
   }
 }
 
 impl FromStr for Fingerprint {
   type Err = Bech32mError;
 
   fn from_str(s: &str) -> Result<Self, Self::Err> {
-    let ([], data) = Self::decode_bech32m(s)?;
-    Ok(Self(data.into()))
+    Ok(Self(Self::decode_bech32m(s)?.into_data().into()))
   }
 }

src/fingerprint.rs

@@ -21,6 +21,8 @@ use {
     arguments::Arguments,
     bech32m::Bech32m,
     bech32m_error::Bech32mError,
+    bech32m_payload::Bech32mPayload,
+    bech32m_suffix::Bech32mSuffix,
     component::Component,
     component_error::ComponentError,
     count::Count,
@@ -63,7 +65,10 @@ use {
   },
   bech32::{
     ByteIterExt, Fe32, Fe32IterExt, Hrp,
-    primitives::decode::{CheckedHrpstring, CheckedHrpstringError, PaddingError},
+    primitives::{
+      decode::{AsciiToFe32Iter, CheckedHrpstring, CheckedHrpstringError, PaddingError},
+      iter::FesToBytes,
+    },
   },
   blake3::Hasher,
   camino::{Utf8Component, Utf8Path, Utf8PathBuf},
@@ -133,6 +138,8 @@ macro_rules! assert_matches {
 mod arguments;
 mod bech32m;
 mod bech32m_error;
+mod bech32m_payload;
+mod bech32m_suffix;
 mod component;
 mod component_error;
 mod count;
@@ -189,6 +196,8 @@ mod tag;
 mod ticked;
 mod utf8_path_ext;
 
+#[cfg(test)]
+mod pgp;
 #[cfg(test)]
 mod ssh;
 #[cfg(test)]