Radish alpha
h
heartwood
Radicle Heartwood Protocol & Stack
Radicle
Git (anonymous pull)
Log in to clone via SSH
Commits
crypto: Add ECDH trait and `MemorySigner` impl
Alexis Sellier committed 3 years ago
commit 96d1ce5da665ee88cacbc73f35f871d8231255e2
parent 66d76d7ab26a69b176f7c8ce5788a53c106e0491
2 files changed +21 -1
modified radicle-crypto/src/lib.rs
@@ -26,6 +26,9 @@ pub struct Verified;
#[derive(Debug, Copy, Clone, PartialEq, Eq)]

pub struct Unverified;
+ 
/// Output of a Diffie-Hellman key exchange.
+ 
pub type SharedSecret = [u8; 32];
+ 


/// Error returned if signing fails, eg. due to an HSM or KMS.

#[derive(Debug, Error)]

#[error(transparent)]
@@ -69,6 +72,13 @@ where
    }

}
+ 
/// A signer that can perform Elliptic-curve Diffie–Hellman.
+ 
pub trait Ecdh: Signer {
+ 
    /// Perform an ECDH key exchange. Takes the counter-party's public key,
+ 
    /// and returns a computed shared secret.
+ 
    fn ecdh(&self, other: &PublicKey) -> Result<SharedSecret, Error>;
+ 
}
+ 


/// Cryptographic signature.

#[derive(PartialEq, Eq, Hash, Copy, Clone, Serialize, Deserialize)]

#[serde(into = "String", try_from = "String")]
modified radicle-crypto/src/ssh/keystore.rs
@@ -5,7 +5,7 @@ use std::{fs, io};
use thiserror::Error;

use zeroize::Zeroizing;
- 
use crate::{keypair, PublicKey, SecretKey, Signature, Signer, SignerError};
+ 
use crate::{keypair, Ecdh, PublicKey, SecretKey, SharedSecret, Signature, Signer, SignerError};



/// A secret key passphrase.

pub type Passphrase = Zeroizing<String>;
@@ -139,6 +139,16 @@ impl Signer for MemorySigner {
    }

}
+ 
impl Ecdh for MemorySigner {
+ 
    fn ecdh(&self, other: &PublicKey) -> Result<SharedSecret, ed25519_compact::Error> {
+ 
        let pk = ed25519_compact::x25519::PublicKey::from_ed25519(other)?;
+ 
        let sk = ed25519_compact::x25519::SecretKey::from_ed25519(&self.secret)?;
+ 
        let ss = pk.dh(&sk)?;
+
+ 
        Ok(*ss)
+ 
    }
+ 
}
+ 


impl MemorySigner {

    /// Load this signer from a keystore, given a secret key passphrase.

    pub fn load(keystore: &Keystore, passphrase: Passphrase) -> Result<Self, MemorySignerError> {