-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathkeychain.rs
More file actions
177 lines (156 loc) · 5.48 KB
/
keychain.rs
File metadata and controls
177 lines (156 loc) · 5.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
// SPDX-License-Identifier: FSL-1.1
use crate::Error;
use core::{convert::TryFrom, fmt};
use multicodec::Codec;
use multihash::EncodedMultihash;
use multikey::{Multikey, Views};
use multisig::Multisig;
use multiutil::{prelude::Base, CodecInfo};
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
/// A key entry in the keychain
#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize)]
pub struct KeyEntry {
/// the fingerprint of the public key; used as the identifier of the key
pub fingerprint: Option<EncodedMultihash>,
/// the public key
pub pubkey: Multikey,
/// for non-threshold keys, this is 1, for threshold keys this is the threshold value
pub threshold: usize,
/// the list of generated secret keys. if the key is a threshold key then this list contains
/// all of the secreet key shares. there should be `limit` number of them.
pub secret_keys: Vec<Multikey>,
}
impl fmt::Display for KeyEntry {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
let kh = match self.fingerprint.clone() {
Some(kh) => kh,
None => {
let fv = self.pubkey.fingerprint_view().unwrap();
EncodedMultihash::new(Base::Base32Lower, fv.fingerprint(Codec::Sha3256).unwrap())
}
};
let mut msg = String::default();
if self.secret_keys.len() > 1 {
msg.push_str(&format!("╭──── pubkey {}\n", kh));
msg.push_str(&format!("├───── codec {}\n", self.pubkey.codec()));
msg.push_str(&format!("├─── comment {}\n", self.pubkey.comment));
msg.push_str(&format!(
"├─ threshold {} of {}\n",
self.threshold,
self.secret_keys.len()
));
msg.push_str("╰─┬── shares\n");
for i in (0..self.secret_keys.len()).rev() {
let skh = {
let cv = self.secret_keys[i].conv_view().unwrap();
let pk = cv.to_public_key().unwrap();
let fv = pk.fingerprint_view().unwrap();
EncodedMultihash::new(
Base::Base32Lower,
fv.fingerprint(Codec::Sha3256).unwrap(),
)
};
let key = format!(
"{} / {} {}",
(self.secret_keys.len() - i),
self.secret_keys.len(),
skh
);
if i == 0 {
msg.push_str(&format!(" ╰─── {}\n", key));
} else {
msg.push_str(&format!(" ├─── {}\n", key));
}
}
} else {
msg.push_str(&format!("╭──── pubkey {}\n", kh));
msg.push_str(&format!("├───── codec {}\n", self.pubkey.codec()));
msg.push_str(&format!("╰─── comment {}\n", self.pubkey.comment));
}
write!(f, "{}", msg)
}
}
/// Interface to the keychain
pub trait Keychain {
/// list the available keys
fn list(&self) -> Result<Vec<KeyEntry>, Error>;
/// get a key by name
fn get(&self, fingerprint: &EncodedMultihash) -> Result<KeyEntry, Error>;
/// add a key
fn add(&mut self, key: &KeyEntry) -> Result<(), Error>;
/// sign a message with a key
fn sign(
&mut self,
key: &Multikey, // the key to sign with
combined: bool,
msg_encoding: Codec, // the encoding for the message (e.g. cbor, json)
msg: &[u8], // the canonicalized and serialzied message to sign
) -> Result<Multisig, Error>;
}
/// Keychain config
#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
pub struct KeychainConfig {
/// Default key name
pub default_key: Option<EncodedMultihash>,
/// Optional file for storing keys if storage is "file"
pub keyfile: Option<PathBuf>,
/// Optional env var if storage is "sshagent"
pub sshagent: Option<String>,
/// Keychain
pub storage: Backend,
}
impl KeychainConfig {
/// Creates a new keychain config
pub fn new(keyfile: Option<PathBuf>, sshagent: bool, sshagentenv: String) -> Self {
let storage = {
if sshagent {
Backend::SshAgent
} else {
Backend::LocalFile
}
};
Self {
default_key: None,
keyfile,
sshagent: Some(sshagentenv),
storage,
}
}
}
/// The keychain backend
#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
#[serde(into = "String", try_from = "String")]
pub enum Backend {
/// The keychain is a local file
LocalFile,
/// The keychain is an ssh agent
SshAgent,
}
impl TryFrom<String> for Backend {
type Error = Error;
fn try_from(s: String) -> Result<Self, Self::Error> {
match s.to_lowercase().as_str() {
"file" => Ok(Backend::LocalFile),
"ssh-agent" => Ok(Backend::SshAgent),
_ => Err(Error::InvalidBackendType(s)),
}
}
}
impl fmt::Display for Backend {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(
f,
"{}",
match self {
Backend::LocalFile => "file".to_string(),
Backend::SshAgent => "ssh-agent".to_string(),
}
)
}
}
impl From<Backend> for String {
fn from(val: Backend) -> Self {
val.to_string()
}
}