1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements.  See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.  The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License.  You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

use std::vec;

use ring::{rand, signature};

use std::convert::TryFrom;
use teaclave_types::{FunctionArguments, FunctionRuntime};

const IN_DATA: &str = "rsa_key";

#[derive(serde::Deserialize)]
struct RsaSignArguments {
    data: String,
}

impl TryFrom<FunctionArguments> for RsaSignArguments {
    type Error = anyhow::Error;

    fn try_from(arguments: FunctionArguments) -> Result<Self, Self::Error> {
        use anyhow::Context;
        serde_json::from_str(&arguments.into_string()).context("Cannot deserialize arguments")
    }
}

#[derive(Default)]
pub struct RsaSign;

impl RsaSign {
    pub const NAME: &'static str = "builtin-rsa-sign";

    pub fn new() -> Self {
        Default::default()
    }

    pub fn run(
        &self,
        arguments: FunctionArguments,
        runtime: FunctionRuntime,
    ) -> anyhow::Result<String> {
        let args = RsaSignArguments::try_from(arguments)?;

        let mut key = Vec::new();
        let mut f = runtime.open_input(IN_DATA)?;
        f.read_to_end(&mut key)?;
        let key_pair =
            signature::RsaKeyPair::from_der(&key).map_err(|e| anyhow::anyhow!(e.to_string()))?;
        let mut sig = vec![0; key_pair.public_modulus_len()];
        let rng = rand::SystemRandom::new();
        key_pair
            .sign(
                &signature::RSA_PKCS1_SHA256,
                &rng,
                args.data.as_bytes(),
                &mut sig,
            )
            .map_err(|e| anyhow::anyhow!(e.to_string()))?;

        let output_base64 = base64::encode(&sig);
        Ok(output_base64)
    }
}

#[cfg(feature = "enclave_unit_test")]
pub mod tests {
    use super::*;
    use serde_json::json;
    use std::untrusted::fs;
    use teaclave_crypto::*;
    use teaclave_runtime::*;
    use teaclave_test_utils::*;
    use teaclave_types::*;

    pub fn run_tests() -> bool {
        run_tests!(test_rsa_sign)
    }

    fn test_rsa_sign() {
        let arguments = FunctionArguments::from_json(json!({
            "data": "test data",
        }))
        .unwrap();

        let plain_input = "fixtures/functions/rsa_sign/key.der";
        let expected_output = "fixtures/functions/rsa_sign/expected_rsasign.txt";

        let input_files = StagedFiles::new(hashmap!(
            IN_DATA =>
            StagedFileInfo::new(plain_input, TeaclaveFile128Key::random(), FileAuthTag::mock())
        ));

        let output_files = StagedFiles::default();
        let runtime = Box::new(RawIoRuntime::new(input_files, output_files));

        let summary = RsaSign::new().run(arguments, runtime).unwrap();
        let mut expected_string = fs::read_to_string(expected_output).unwrap();
        expected_string = expected_string.replace('\n', "");
        assert_eq!(summary, expected_string);
    }
}