From 264687948d7466eb7ee43df9938649a77321ad17 Mon Sep 17 00:00:00 2001 From: Mr-Leshiy Date: Fri, 28 Nov 2025 17:14:07 +0700 Subject: [PATCH] process regular ed25519 secret keys --- rust/signed_doc/bins/mk_signed_doc.rs | 62 ++++++++++++++++++++------- 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/rust/signed_doc/bins/mk_signed_doc.rs b/rust/signed_doc/bins/mk_signed_doc.rs index 9caee7cefc..6ebd94327f 100644 --- a/rust/signed_doc/bins/mk_signed_doc.rs +++ b/rust/signed_doc/bins/mk_signed_doc.rs @@ -11,6 +11,7 @@ use std::{ use anyhow::Context; use catalyst_signed_doc::{Builder, CatalystId, CatalystSignedDocument}; use clap::Parser; +use ed25519_dalek::ed25519::signature::Signer; fn main() { if let Err(err) = Cli::parse().exec() { @@ -36,10 +37,13 @@ enum Cli { /// Path to the formed (could be empty, without any signatures) COSE document /// This exact file would be modified and new signature would be added doc: PathBuf, - /// Bip32 extended secret key hex bytes (includes `chain_code`) + /// secret key hex bytes sk_hex: String, /// Signer kid kid: CatalystId, + /// provided `sk_hex` key type + #[clap(default_value_t)] + key_type: KeyType, }, /// Inspects Catalyst Signed Document Inspect { @@ -53,6 +57,17 @@ enum Cli { }, } +/// Type of the ed25519 private signing key +#[derive(clap::ValueEnum, Default, Clone, strum::Display)] +#[strum(serialize_all = "kebab-case")] +enum KeyType { + /// A regular ed25519 + #[default] + Regular, + /// A BIP32 extended ed25519 + Bip32Extended, +} + impl Cli { fn exec(self) -> anyhow::Result<()> { match self { @@ -71,18 +86,39 @@ impl Cli { println!("report {:?}", &signed_doc.problem_report()); save_signed_doc(signed_doc, &output)?; }, - Self::Sign { doc, sk_hex, kid } => { - let sk = load_secret_key(&sk_hex)?; + Self::Sign { + doc, + sk_hex, + kid, + key_type, + } => { + let sk_bytes = hex::decode(sk_hex)?; let cose_bytes = read_bytes_from_file(&doc)?; let signed_doc = signed_doc_from_bytes(cose_bytes.as_slice())?; - let new_signed_doc = signed_doc - .into_builder()? - .add_signature( - |message| sk.sign::<()>(&message).to_bytes().to_vec(), - kid.clone(), - )? - .build()?; + let builder = signed_doc.into_builder()?; + + let builder = match key_type { + KeyType::Regular => { + let sk = + ed25519_dalek::SigningKey::from_bytes(&sk_bytes.try_into().map_err( + |_| anyhow::anyhow!("Provided secret key must be 32 bytes long"), + )?); + builder.add_signature( + |message| sk.sign(&message).to_bytes().to_vec(), + kid.clone(), + )? + }, + KeyType::Bip32Extended => { + let sk = ed25519_bip32::XPrv::from_slice_verified(&sk_bytes)?; + builder.add_signature( + |message| sk.sign::<()>(&message).to_bytes().to_vec(), + kid.clone(), + )? + }, + }; + + let new_signed_doc = builder.build()?; save_signed_doc(new_signed_doc, &doc)?; }, Self::Inspect { path } => { @@ -147,9 +183,3 @@ fn write_bytes_to_file( .write_all(bytes) .context(format!("Failed to write to file {}", output.display())) } - -fn load_secret_key(sk_hex: &str) -> anyhow::Result { - let sk_bytes = hex::decode(sk_hex)?; - let sk = ed25519_bip32::XPrv::from_slice_verified(&sk_bytes)?; - Ok(sk) -}