Add support for namespaces signature verification

Cargo.toml

@@ -11,8 +11,8 @@ resolver = "2"
 bincode = "2.0.0-rc.3"
 ed25519-dalek = { version = "2" }
 hex = { version = "0.4.3", features = ["serde"] }
-serde = { version = "1.0.192", features = ["derive"] }
-serde_json = "1.0.108"
+serde = "1.0.203"
+serde_json = "1.0.117"
 uuid = { version = "1.8.0", features = ["v4", "serde"] }
 
 

plexi_cli/Cargo.toml

@@ -16,7 +16,7 @@ name = "plexi"
 path = "src/main.rs"
 
 [dependencies]
-anyhow = "1.0.81"
+anyhow = "1.0.86"
 clap = { version = "4.5.4", features = ["derive"] }
 clap-verbosity-flag = "2.2.0"
 ed25519-dalek = { workspace = true }

plexi_cli/src/cli.rs

@@ -1,3 +1,5 @@
+use std::path::PathBuf;
+
 use clap::{Parser, Subcommand};
 
 /// 1. First interaction
@@ -20,22 +22,28 @@ pub struct Cli {
 pub enum Commands {
     #[command(verbatim_doc_comment)]
     Verify {
+        /// Namespace ID
+        # [arg(short, long)]
+        namespace: String,
         /// Ed25519 public key in hex format.
         #[arg(long)]
         publickey: String,
         /// Path to a file to read from.
-        input: Option<String>,
+        input: Option<PathBuf>,
     },
     #[command(verbatim_doc_comment)]
     Sign {
+        /// Namespace ID
+        # [arg(short, long)]
+        namespace: String,
         /// Ed25519 signing key in hex format.
         #[arg(long)]
         signingkey: String,
         /// Write the result to the file at path OUTPUT.
         #[arg(short, long)]
-        output: Option<String>,
+        output: Option<PathBuf>,
         /// Path to a file to read from.
-        input: Option<String>,
+        input: Option<PathBuf>,
     },
 }
 

plexi_cli/src/cmd.rs

@@ -1,10 +1,11 @@
-use std::{fs, io};
+use std::{fs, io, path::PathBuf};
 
+// TODO: consider color_eyre, and chaining with [.context](https://docs.rs/anyhow/latest/anyhow/trait.Context.html#tymethod.context)
 use anyhow::{anyhow, Result};
 use ed25519_dalek::{ed25519::signature::SignerMut, PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH};
 use plexi_core::{SignatureMessage, SignatureResponse};
 
-pub fn file_or_stdin(input: Option<String>) -> Result<Box<dyn io::Read>> {
+pub fn file_or_stdin(input: Option<PathBuf>) -> Result<Box<dyn io::Read>> {
     let reader: Box<dyn io::Read> = match input {
         Some(path) => Box::new(io::BufReader::new(
             fs::File::open(path).map_err(|_e| anyhow!("cannot read input file"))?,
@@ -14,7 +15,7 @@ pub fn file_or_stdin(input: Option<String>) -> Result<Box<dyn io::Read>> {
     Ok(reader)
 }
 
-pub fn file_or_stdout(output: Option<String>) -> Result<Box<dyn io::Write>> {
+pub fn file_or_stdout(output: Option<PathBuf>) -> Result<Box<dyn io::Write>> {
     let writer: Box<dyn io::Write> = match output {
         Some(path) => Box::new(io::BufWriter::new(
             fs::File::create(path).map_err(|_e| anyhow!("cannot create output file"))?,
@@ -24,7 +25,7 @@ pub fn file_or_stdout(output: Option<String>) -> Result<Box<dyn io::Write>> {
     Ok(writer)
 }
 
-pub fn sign(signingkey: &str, output: Option<String>, input: Option<String>) -> Result<String> {
+pub fn sign(namespace: &str, signingkey: &str, output: Option<PathBuf>, input: Option<PathBuf>) -> Result<String> {
     let src = file_or_stdin(input)?;
     let dst = file_or_stdout(output)?;
 
@@ -40,8 +41,9 @@ pub fn sign(signingkey: &str, output: Option<String>, input: Option<String>) ->
     let signature = secret_key.sign(&message.to_vec()?);
 
     let signature_response = SignatureResponse::new(
+        namespace.to_string(),
         message.timestamp(),
-        message.epoch(),
+        &message.epoch(),
         message.digest(),
         signature.to_vec(),
     );
@@ -51,24 +53,28 @@ pub fn sign(signingkey: &str, output: Option<String>, input: Option<String>) ->
     Ok("".to_string())
 }
 
-pub fn verify(publickey: &str, input: Option<String>) -> Result<String> {
+pub fn verify(namespace: &str, public_key: &str, input: Option<PathBuf>) -> Result<String> {
     let src = file_or_stdin(input)?;
 
     let signature_response: SignatureResponse = serde_json::from_reader(src)?;
 
-    let public_key: [u8; PUBLIC_KEY_LENGTH] = hex::decode(publickey)
+    if signature_response.namespace() != namespace {
+        return Err(anyhow!("namespace does not match"));
+    }
+
+    let public_key: [u8; PUBLIC_KEY_LENGTH] = hex::decode(public_key)
         .map_err(|_e| anyhow!("cannot decode public key"))?
         .as_slice()
         .try_into()
         .map_err(|_e| anyhow!("cannot convert public key"))?;
-    let publickey = ed25519_dalek::VerifyingKey::from_bytes(&public_key)
+    let public_key = ed25519_dalek::VerifyingKey::from_bytes(&public_key)
         .map_err(|_| anyhow!("cannot create public key"))?;
 
     let signature = ed25519_dalek::Signature::from_bytes(&signature_response.signature());
 
     let message: SignatureMessage = signature_response.into();
 
-    publickey
+    public_key
         .verify_strict(&message.to_vec()?, &signature)
         .map_err(|_e| anyhow!("cannot verify signature"))?;
 

plexi_cli/src/main.rs

@@ -11,12 +11,17 @@ fn main() {
         .init();
 
     let output = match cli.command {
-        cli::Commands::Verify { publickey, input } => cmd::verify(&publickey, input),
+        cli::Commands::Verify {
+            namespace,
+            publickey: public_key,
+            input,
+        } => cmd::verify(&namespace, &public_key, input),
         cli::Commands::Sign {
+            namespace,
             signingkey,
             output,
             input,
-        } => cmd::sign(&signingkey, output, input),
+        } => cmd::sign(&namespace, &signingkey, output, input),
     };
 
     match output {

plexi_core/Cargo.toml

@@ -12,10 +12,10 @@ categories = ["cryptography"]
 license = "Apache-2.0"
 
 [dependencies]
-anyhow = "1.0.81"
 bincode = { workspace = true }
 ed25519-dalek = { workspace = true }
 hex = { workspace = true, features = ["serde"] }
-serde = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
-uuid = { workspace = true, features = ["v4", "serde"] }
+thiserror = "1.0.61"
+uuid = { workspace = true, features = ["v4", "serde"] }