1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
#pragma once
#include "storage.h"
#include <openssl/evp.h>
using std::nullopt;
using std::optional;
using std::shared_ptr;
namespace erebos {
template<typename T> class Signed;
class PublicKey
{
PublicKey(EVP_PKEY * key):
key(key, EVP_PKEY_free) {}
friend class SecretKey;
public:
static optional<PublicKey> load(const Ref &);
Ref store(const Storage &) const;
const shared_ptr<EVP_PKEY> key;
};
class SecretKey
{
SecretKey(EVP_PKEY * key, const Stored<PublicKey> & pub):
key(key, EVP_PKEY_free), pub_(pub) {}
SecretKey(shared_ptr<EVP_PKEY> && key, const Stored<PublicKey> & pub):
key(key), pub_(pub) {}
public:
static SecretKey generate(const Storage & st);
static optional<SecretKey> load(const Stored<PublicKey> & st);
Stored<PublicKey> pub() const { return pub_; }
template<class T>
Stored<Signed<T>> sign(const Stored<T> &) const;
private:
vector<uint8_t> sign(const Digest &) const;
const shared_ptr<EVP_PKEY> key;
Stored<PublicKey> pub_;
};
class Signature
{
public:
static optional<Signature> load(const Ref &);
Ref store(const Storage &) const;
bool verify(const Ref &) const;
Stored<PublicKey> key;
vector<uint8_t> sig;
private:
friend class SecretKey;
Signature(const Stored<PublicKey> & key, const vector<uint8_t> & sig):
key(key), sig(sig) {}
};
template<typename T>
class Signed
{
public:
static optional<Signed<T>> load(const Ref &);
Ref store(const Storage &) const;
bool isSignedBy(const Stored<PublicKey> &) const;
const Stored<T> data;
const vector<Stored<Signature>> sigs;
private:
friend class SecretKey;
Signed(const Stored<T> & data, const vector<Stored<Signature>> & sigs):
data(data), sigs(sigs) {}
};
template<class T>
Stored<Signed<T>> SecretKey::sign(const Stored<T> & val) const
{
auto st = val.ref.storage();
auto sig = st.store(Signature(pub(), sign(val.ref.digest())));
return st.store(Signed(val, { sig }));
}
template<typename T>
optional<Signed<T>> Signed<T>::load(const Ref & ref)
{
auto rec = ref->asRecord();
if (!rec)
return nullopt;
auto data = rec->item("SDATA").as<T>();
if (!data)
return nullopt;
vector<Stored<Signature>> sigs;
for (auto item : rec->items("sig"))
if (auto sig = item.as<Signature>())
if (sig.value()->verify(data.value().ref))
sigs.push_back(sig.value());
return Signed {
.data = data.value(),
.sigs = sigs,
};
}
template<typename T>
Ref Signed<T>::store(const Storage & st) const
{
vector<Record::Item> items;
items.emplace_back("SDATA", data);
for (const auto & sig : sigs)
items.emplace_back("sig", sig);
return st.storeObject(Record(std::move(items)));
}
template<typename T>
bool Signed<T>::isSignedBy(const Stored<PublicKey> & key) const
{
for (const auto & sig : sigs)
if (sig->key == key)
return true;
return false;
}
}
|