Merge pull request #12 from cryptidtech/ml/traits

Add Bs traits

Author: dhuseby

Cargo.toml

@@ -4,6 +4,7 @@ default-members = ["crates/bs"]
 members = [
   "cli",
   "crates/bs",
+  "crates/bs-traits",
   "crates/bsp2p",
   "crates/content-addressable",
   "crates/multibase",
@@ -36,6 +37,7 @@ unexpected_cfgs = { level = "warn", check-cfg = [
 [workspace.dependencies]
 # Crate ependencies
 bs = { path = "crates/bs" }
+bs-traits = { path = "crates/bs-traits" }
 multibase = { path = "crates/multibase" }
 multicid = { path = "crates/multicid" }
 multicodec = { path = "crates/multicodec" }

crates/bs-traits/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "bs-traits"
+version.workspace = true
+edition.workspace = true
+authors.workspace = true
+description.workspace = true
+readme = "README.md"
+license = "Functional Source License 1.1"
+
+[dependencies]
+thiserror.workspace = true
+
+[lints]
+workspace = true

crates/bs-traits/README.md

@@ -0,0 +1,6 @@
+[![](https://img.shields.io/badge/made%20by-Cryptid%20Technologies-gold.svg?style=flat-square)][CRYPTID]
+[![](https://img.shields.io/badge/project-provenance-purple.svg?style=flat-square)][PROVENANCE]
+
+# BS-Traits
+
+The traits used by Better Sign

crates/bs-traits/src/error.rs

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: FSL-1.1
+
+/// Error type for the crates
+#[derive(Debug, thiserror::Error)]
+#[non_exhaustive]
+pub enum Error {
+    /// Signing operation failed
+    #[error("signing operation failed")]
+    SignError,
+
+    /// Verification operation failed
+    #[error("verification operation failed")]
+    VerifyError,
+
+    /// Encryption operation failed
+    #[error("encryption operation failed")]
+    EncryptError,
+
+    /// Decryption operation failed
+    #[error("decryption operation failed")]
+    DecryptError,
+
+    /// Key retrieval operation failed
+    #[error("key retrieval operation failed")]
+    KeyError,
+}

crates/bs-traits/src/lib.rs

@@ -0,0 +1,151 @@
+// SPDX-License-Identifier: FSL-1.1
+
+mod error;
+pub use error::Error;
+
+use core::num::NonZeroUsize;
+
+/// Trait for types that can sign data
+pub trait Signer {
+    /// The type of key used to sign
+    type Key;
+    /// The type of signature
+    type Signature;
+
+    /// Attempt to sign the data
+    fn try_sign(&self, key: &Self::Key, data: &[u8]) -> Result<Self::Signature, Error>;
+
+    /// Sign the data and return the signature
+    fn sign(&self, key: &Self::Key, data: &[u8]) -> Self::Signature {
+        self.try_sign(key, data).expect("signing operation failed")
+    }
+}
+
+/// Trait for types that can verify signatures
+pub trait Verifier {
+    /// The type of key used to verify
+    type Key;
+    /// The type of signature
+    type Signature;
+
+    /// Verify that the provided signature for the given data is authentic
+    fn verify(
+        &self,
+        key: &Self::Key,
+        data: &[u8],
+        signature: &Self::Signature,
+    ) -> Result<(), Error>;
+}
+
+/// Trait for types that can encrypt data
+pub trait Encryptor {
+    /// The type of key used to encrypt
+    type Key;
+    /// The type of ciphertext
+    type Ciphertext;
+    /// The type of plaintext, might include the nonce, and additional authenticated data
+    type Plaintext;
+
+    /// Attempt to encrypt the plaintext
+    fn try_encrypt(
+        &self,
+        key: &Self::Key,
+        plaintext: &Self::Plaintext,
+    ) -> Result<Self::Ciphertext, Error>;
+
+    /// Encrypt the plaintext
+    fn encrypt(&self, key: &Self::Key, plaintext: &Self::Plaintext) -> Self::Ciphertext {
+        self.try_encrypt(key, plaintext)
+            .expect("encryption operation failed")
+    }
+}
+
+/// Trait for types that can decrypt data
+pub trait Decryptor {
+    /// The type of key used to decrypt
+    type Key;
+    /// The type of ciphertext
+    type Ciphertext;
+    /// The type of plaintext
+    type Plaintext;
+
+    /// Attempt to decrypt the ciphertext
+    fn decrypt(
+        &self,
+        key: &Self::Key,
+        ciphertext: &Self::Ciphertext,
+    ) -> Result<Self::Plaintext, Error>;
+}
+
+/// Trait for types that can split a secret into shares
+pub trait SecretSplitter {
+    /// The type of secret to split
+    type Secret;
+    /// The type of identifier for the shares
+    type Identifier;
+    /// The output from splitting the secret.
+    /// Might include the threshold and limit used to split the secret,
+    /// the shares, and the verifiers, identifiers,
+    /// or any other information needed to reconstruct the secret
+    /// and verify the shares.
+    type Output;
+
+    /// Split the secret into shares.
+    ///
+    /// Conditions for `split` to succeed:
+    /// - Threshold must be less than or equal to limit.
+    /// - Threshold must be greater than or equal to 2.
+    fn split(
+        &self,
+        secret: &Self::Secret,
+        threshold: NonZeroUsize,
+        limit: NonZeroUsize,
+    ) -> Result<Self::Output, Error>;
+
+    /// Split the secret into shares with the given identifiers.
+    /// The number of shares will be equal to the number of identifiers i.e. the `limit`.
+    ///
+    /// Conditions for `split_with_identifiers` to succeed:
+    /// - Threshold must be less than or equal to the number of identifiers.
+    /// - Threshold must be greater than or equal to 2.
+    /// - Identifiers must be unique.
+    /// - Identifiers must not be empty.
+    fn split_with_identifiers(
+        &self,
+        secret: &Self::Secret,
+        threshold: NonZeroUsize,
+        identifiers: &[Self::Identifier],
+    ) -> Result<Self::Output, Error>;
+}
+
+/// Trait for types that can combine shares into a secret
+pub trait SecretCombiner {
+    /// The type of secret to combine
+    type Secret;
+    /// The type of identifier for the shares
+    type Identifier;
+    /// The type of shares to combine
+    type Shares;
+
+    /// Combine the shares into a secret
+    fn combine(&self, shares: &[(Self::Identifier, Self::Shares)]) -> Result<Self::Secret, Error>;
+}
+
+/// Trait for types that can retrieve a key
+pub trait GetKey {
+    /// The type of key
+    type Key;
+    /// The type of key path
+    type KeyPath;
+    /// The type of codec
+    type Codec;
+
+    /// Get the key
+    fn get_key(
+        &self,
+        key_path: &Self::KeyPath,
+        codec: &Self::Codec,
+        threshold: usize,
+        limit: usize,
+    ) -> Result<Self::Key, Error>;
+}

crates/bs/Cargo.toml

@@ -8,6 +8,7 @@ readme = "README.md"
 license = "Functional Source License 1.1"
 
 [dependencies]
+bs-traits.workspace = true
 best-practices.workspace = true
 multicid.workspace = true
 multicodec.workspace = true

crates/bs/src/error.rs

@@ -10,6 +10,10 @@ pub enum Error {
     #[error(transparent)]
     Update(#[from] UpdateError),
 
+    /// Traits error
+    #[error(transparent)]
+    Traits(#[from] bs_traits::Error),
+
     /// BestPractices error
     #[error(transparent)]
     BestPractices(#[from] best_practices::error::Error),

crates/bs/src/ops/open/mod.rs

@@ -9,6 +9,7 @@ use crate::{
     update::{op, script, OpParams},
     Error,
 };
+use bs_traits::{GetKey, Signer};
 use multicid::{cid, vlad, Cid};
 use multicodec::Codec;
 use multihash::mh;
@@ -19,10 +20,10 @@ use std::{fs::read, path::Path};
 use tracing::debug;
 
 /// open a new provenance log based on the config
-pub fn open_plog<F1, F2>(config: Config, get_key: F1, sign_entry: F2) -> Result<Log, Error>
+pub fn open_plog<G, S>(config: Config, get_key: &G, sign_entry: &S) -> Result<Log, Error>
 where
-    F1: Fn(&Key, Codec, usize, usize) -> Result<Multikey, Error>,
-    F2: Fn(&Multikey, &[u8]) -> Result<Multisig, Error>,
+    G: GetKey<Key = Multikey, KeyPath = Key, Codec = Codec>,
+    S: Signer<Key = Multikey, Signature = Multisig>,
 {
     // 0. Set up the list of ops we're going to add
     let mut op_params = Vec::default();
@@ -35,7 +36,7 @@ where
         .try_for_each(|params| -> Result<(), Error> {
             match params {
                 p @ OpParams::KeyGen { .. } => {
-                    let _ = load_key(&mut op_params, p, &get_key)?;
+                    let _ = load_key(&mut op_params, p, get_key)?;
                 }
                 p @ OpParams::CidGen { .. } => {
                     let _ = load_cid(&mut op_params, p, |path| -> Result<Vec<u8>, Error> {
@@ -54,7 +55,7 @@ where
         .vlad_params
         .ok_or::<Error>(OpenError::InvalidVladParams.into())?;
     // get the vlad signing key
-    let vlad_mk = load_key(&mut op_params, &vlad_key_params, &get_key)?;
+    let vlad_mk = load_key(&mut op_params, &vlad_key_params, get_key)?;
     // get the cid for the first lock script
     let mut first_lock_script: Option<Script> = None;
     let cid = load_cid(
@@ -82,15 +83,15 @@ where
         .ok_or::<Error>(OpenError::InvalidKeyParams.into())?;
 
     // get the entry signing key
-    let entry_mk = load_key(&mut op_params, &entrykey_params, &get_key)?;
+    let entry_mk = load_key(&mut op_params, &entrykey_params, get_key)?;
 
     // get the params for the pubkey
     let pubkey_params = config
         .pubkey_params
         .ok_or::<Error>(OpenError::InvalidKeyParams.into())?;
 
     // get the pubkey
-    let _ = load_key(&mut op_params, &pubkey_params, &get_key)?;
+    let _ = load_key(&mut op_params, &pubkey_params, get_key)?;
 
     // load the entry lock script
     let lock_script = {
@@ -162,7 +163,8 @@ where
         // get the serialzied version of the entry with an empty "proof" field
         let ev: Vec<u8> = e.clone().into();
         // call the call back to have the caller sign the data
-        let ms = sign_entry(&entry_mk, &ev)
+        let ms = sign_entry
+            .try_sign(&entry_mk, &ev)
             .map_err(|e| PlogError::from(EntryError::SignFailed(e.to_string())))?;
         // store the signature as proof
         Ok(ms.into())
@@ -179,13 +181,9 @@ where
     Ok(log)
 }
 
-fn load_key<F>(
-    ops: &mut Vec<OpParams>,
-    params: &OpParams,
-    mut get_key: F,
-) -> Result<Multikey, Error>
+fn load_key<G>(ops: &mut Vec<OpParams>, params: &OpParams, get_key: &G) -> Result<Multikey, Error>
 where
-    F: FnMut(&Key, Codec, usize, usize) -> Result<Multikey, Error>,
+    G: GetKey<Key = Multikey, KeyPath = Key, Codec = Codec>,
 {
     debug!("load_key: {:?}", params);
     match params {
@@ -197,7 +195,7 @@ where
             revoke,
         } => {
             // call back to generate the key
-            let mk = get_key(key, *codec, *threshold, *limit)?;
+            let mk = get_key.get_key(key, codec, *threshold, *limit)?;
 
             // get the public key
             let pk = mk.conv_view()?.to_public_key()?;