From 5d8398c8b8b51ee7363e7d45acc560f489783e34 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 2 Jun 2020 19:24:53 +0200
Subject: Add E2EE API (#13820)

---
 app/validators/ed25519_key_validator.rb       | 19 ++++++++++++++++++
 app/validators/ed25519_signature_validator.rb | 29 +++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 app/validators/ed25519_key_validator.rb
 create mode 100644 app/validators/ed25519_signature_validator.rb

(limited to 'app/validators')

diff --git a/app/validators/ed25519_key_validator.rb b/app/validators/ed25519_key_validator.rb
new file mode 100644
index 000000000..00a448d5a
--- /dev/null
+++ b/app/validators/ed25519_key_validator.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Ed25519KeyValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if value.blank?
+
+    key = Base64.decode64(value)
+
+    record.errors[attribute] << I18n.t('crypto.errors.invalid_key') unless verified?(key)
+  end
+
+  private
+
+  def verified?(key)
+    Ed25519.validate_key_bytes(key)
+  rescue ArgumentError
+    false
+  end
+end
diff --git a/app/validators/ed25519_signature_validator.rb b/app/validators/ed25519_signature_validator.rb
new file mode 100644
index 000000000..77a21b837
--- /dev/null
+++ b/app/validators/ed25519_signature_validator.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class Ed25519SignatureValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if value.blank?
+
+    verify_key = Ed25519::VerifyKey.new(Base64.decode64(option_to_value(record, :verify_key)))
+    signature  = Base64.decode64(value)
+    message    = option_to_value(record, :message)
+
+    record.errors[attribute] << I18n.t('crypto.errors.invalid_signature') unless verified?(verify_key, signature, message)
+  end
+
+  private
+
+  def verified?(verify_key, signature, message)
+    verify_key.verify(signature, message)
+  rescue Ed25519::VerifyError, ArgumentError
+    false
+  end
+
+  def option_to_value(record, key)
+    if options[key].is_a?(Proc)
+      options[key].call(record)
+    else
+      record.public_send(options[key])
+    end
+  end
+end
-- 
cgit