isle/go/nebula/signed.go

package nebula

import (
	"crypto"
	"crypto/ed25519"
	"crypto/rand"
	"encoding/json"
	"errors"
	"fmt"

	"github.com/slackhq/nebula/cert"
)

// ErrInvalidSignature is returned from functions when a signature validation
// fails.
var ErrInvalidSignature = errors.New("invalid signature")

func signCert(c *cert.NebulaCertificate, k SigningPrivateKey) error {
	return c.Sign(ed25519.PrivateKey(k))
}

// Signed wraps an arbitrary value with a signature which was generated using a
// SigningPrivateKey. It can be JSON (un)marshaled while preserving all of its
// properties.
type Signed[T any] json.RawMessage

type signed[T any] struct {
	Signature []byte
	Body      json.RawMessage
}

// Sign will generate a Signed of the given value by first JSON marshaling it,
// and then signing the resulting bytes.
func Sign[T any](v T, k SigningPrivateKey) (Signed[T], error) {
	var res Signed[T]

	b, err := json.Marshal(v)
	if err != nil {
		return res, fmt.Errorf("json marshaling: %w", err)
	}

	sig, err := ed25519.PrivateKey(k).Sign(rand.Reader, b, crypto.Hash(0))
	if err != nil {
		return res, fmt.Errorf("generating signature: %w", err)
	}

	return json.Marshal(signed[T]{Signature: sig, Body: json.RawMessage(b)})
}

// MarshalJSON implements the json.Marshaler interface.
func (s Signed[T]) MarshalJSON() ([]byte, error) {
	return []byte(s), nil
}

// UnmarshalJSON implements the json.Unmarshaler interface.
func (s *Signed[T]) UnmarshalJSON(b []byte) error {
	*s = b
	return nil
}

// Unwrap produces the original value which Sign was called on, or returns
// ErrInvalidSignature if the signature is not valid for the value and public
// key.
func (s Signed[T]) Unwrap(pubK SigningPublicKey) (T, error) {
	var (
		res  T
		into signed[T]
	)

	if err := json.Unmarshal(s, &into); err != nil {
		return res, fmt.Errorf("json unmarshaling outer Signed: %w", err)
	}

	if !ed25519.Verify(
		ed25519.PublicKey(pubK), []byte(into.Body), into.Signature,
	) {
		return res, ErrInvalidSignature
	}

	if err := json.Unmarshal(into.Body, &res); err != nil {
		return res, fmt.Errorf("json unmarshaling: %w", err)
	}

	return res, nil
}

// UnwrapUnsafe is like Unwrap, but it will not check the signature.
func (s Signed[T]) UnwrapUnsafe() (T, error) {
	var (
		res  T
		into signed[T]
	)

	if err := json.Unmarshal(s, &into); err != nil {
		return res, fmt.Errorf("json unmarshaling outer Signed: %w", err)
	}

	if err := json.Unmarshal(into.Body, &res); err != nil {
		return res, fmt.Errorf("json unmarshaling: %w", err)
	}

	return res, nil
}
Refactor how host data is signed, now it's simpler and probably more secure 2024-06-10 20:31:29 +00:00			`package nebula`

			`import (`
			`"crypto"`
			`"crypto/ed25519"`
			`"crypto/rand"`
			`"encoding/json"`
			`"errors"`
			`"fmt"`

			`"github.com/slackhq/nebula/cert"`
			`)`

			`// ErrInvalidSignature is returned from functions when a signature validation`
			`// fails.`
			`var ErrInvalidSignature = errors.New("invalid signature")`

			`func signCert(c *cert.NebulaCertificate, k SigningPrivateKey) error {`
			`return c.Sign(ed25519.PrivateKey(k))`
			`}`

			`// Signed wraps an arbitrary value with a signature which was generated using a`
			`// SigningPrivateKey. It can be JSON (un)marshaled while preserving all of its`
			`// properties.`
			`type Signed[T any] json.RawMessage`

			`type signed[T any] struct {`
			`Signature []byte`
			`Body json.RawMessage`
			`}`

			`// Sign will generate a Signed of the given value by first JSON marshaling it,`
			`// and then signing the resulting bytes.`
			`func Sign[T any](v T, k SigningPrivateKey) (Signed[T], error) {`
			`var res Signed[T]`

			`b, err := json.Marshal(v)`
			`if err != nil {`
			`return res, fmt.Errorf("json marshaling: %w", err)`
			`}`

			`sig, err := ed25519.PrivateKey(k).Sign(rand.Reader, b, crypto.Hash(0))`
			`if err != nil {`
			`return res, fmt.Errorf("generating signature: %w", err)`
			`}`

			`return json.Marshal(signed[T]{Signature: sig, Body: json.RawMessage(b)})`
			`}`

			`// MarshalJSON implements the json.Marshaler interface.`
			`func (s Signed[T]) MarshalJSON() ([]byte, error) {`
			`return []byte(s), nil`
			`}`

			`// UnmarshalJSON implements the json.Unmarshaler interface.`
			`func (s *Signed[T]) UnmarshalJSON(b []byte) error {`
			`*s = b`
			`return nil`
			`}`

			`// Unwrap produces the original value which Sign was called on, or returns`
			`// ErrInvalidSignature if the signature is not valid for the value and public`
			`// key.`
			`func (s Signed[T]) Unwrap(pubK SigningPublicKey) (T, error) {`
			`var (`
			`res T`
			`into signed[T]`
			`)`

			`if err := json.Unmarshal(s, &into); err != nil {`
			`return res, fmt.Errorf("json unmarshaling outer Signed: %w", err)`
			`}`

			`if !ed25519.Verify(`
			`ed25519.PublicKey(pubK), []byte(into.Body), into.Signature,`
			`) {`
			`return res, ErrInvalidSignature`
			`}`

			`if err := json.Unmarshal(into.Body, &res); err != nil {`
			`return res, fmt.Errorf("json unmarshaling: %w", err)`
			`}`

			`return res, nil`
			`}`

			`// UnwrapUnsafe is like Unwrap, but it will not check the signature.`
			`func (s Signed[T]) UnwrapUnsafe() (T, error) {`
			`var (`
			`res T`
			`into signed[T]`
			`)`

			`if err := json.Unmarshal(s, &into); err != nil {`
			`return res, fmt.Errorf("json unmarshaling outer Signed: %w", err)`
			`}`

			`if err := json.Unmarshal(into.Body, &res); err != nil {`
			`return res, fmt.Errorf("json unmarshaling: %w", err)`
			`}`

			`return res, nil`
			`}`