harness_core/

pack_sig.rs

// SPDX-License-Identifier: Apache-2.0 OR MIT
//! Signature verification for remotely-fetched policy packs.
//!
//! EMPIRICAL DISCOVERY (2026-05-25, against
//! https://aiegis.ie/v1/harness/policy-packs/):
//!
//!   - `<pack>/<ver>.tar.gz`  — gzip'd tar containing `manifest.json` plus the
//!     `<name>.rego` file(s) named in the manifest's `rego_files` array.
//!   - `<pack>/<ver>.sig`     — exactly 64 raw bytes, the Ed25519 signature
//!     over `sha256(tarball_bytes)` (NOT over the tarball directly, NOT over
//!     a canonicalised manifest). Confirmed against
//!     `/opt/aegis/aegis-registry/src/policy_packs.py::_sign_tarball_sha`
//!     which calls `priv.sign(hashlib.sha256(tarball).digest())`.
//!   - The issuer key is Ed25519, raw 32-byte public key
//!     `e2eec1ad61e7f02051124dca8c53208b5f5524be47f5e813da86caea98433737`,
//!     loaded by the publisher at runtime from
//!     `/opt/aegis/config/aiegis_v1_issuer.key` (env
//!     `AIEGIS_V1_ISSUER_KEY_PATH`).
//!
//! GAP (needs-iteration): the publisher's docstring states the key SHOULD be
//! discoverable at `/.well-known/did.json`, but the live `did.json` resolves
//! to a *different* (P-256) key handled by a separate pages handler. There
//! is no `aiegis.ie/v1/harness/policy-packs/.well-known/issuer-key.json`.
//! Until Nel publishes a stable discovery endpoint for the harness issuer
//! key, the daemon pins the value via `--issuer-pubkey-hex` with a built-in
//! default that matches the live key. The verify path itself is real
//! Ed25519 — no stub, no skip.

use ed25519_dalek::{Signature, Verifier, VerifyingKey};
use sha2::{Digest, Sha256};

/// Default issuer pubkey discovered empirically on 2026-05-25.
///
/// Tracked separately so callers can override via CLI for staging /
/// federation deploys without recompiling.
pub const DEFAULT_PACK_ISSUER_PUBKEY_HEX: &str =
    "e2eec1ad61e7f02051124dca8c53208b5f5524be47f5e813da86caea98433737";

#[derive(Debug)]
pub enum SigError {
    PubkeyHexInvalid(String),
    PubkeyWrongLength(usize),
    SigWrongLength(usize),
    SignatureRejected(String),
}

impl std::fmt::Display for SigError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            SigError::PubkeyHexInvalid(s) => write!(f, "pack_sig_pubkey_hex_invalid:{s}"),
            SigError::PubkeyWrongLength(n) => {
                write!(f, "pack_sig_pubkey_wrong_length: got {n} want 32")
            }
            SigError::SigWrongLength(n) => {
                write!(f, "pack_sig_signature_wrong_length: got {n} want 64")
            }
            SigError::SignatureRejected(s) => write!(f, "pack_sig_rejected:{s}"),
        }
    }
}

impl std::error::Error for SigError {}

/// Verify a policy-pack tarball signature using the empirically-discovered
/// scheme: Ed25519 over sha256(tarball_bytes).
///
/// `pubkey_hex` is the issuer's raw 32-byte Ed25519 public key, hex-encoded
/// (64 chars). `tarball_bytes` is the verbatim `.tar.gz` contents. `sig_bytes`
/// is the 64-byte raw signature read from `<ver>.sig`.
pub fn verify_pack_tarball(
    pubkey_hex: &str,
    tarball_bytes: &[u8],
    sig_bytes: &[u8],
) -> Result<(), SigError> {
    let pk_bytes = hex::decode(pubkey_hex.trim())
        .map_err(|e| SigError::PubkeyHexInvalid(format!("{e}")))?;
    if pk_bytes.len() != 32 {
        return Err(SigError::PubkeyWrongLength(pk_bytes.len()));
    }
    let mut pk_arr = [0u8; 32];
    pk_arr.copy_from_slice(&pk_bytes);
    let vk = VerifyingKey::from_bytes(&pk_arr)
        .map_err(|e| SigError::PubkeyHexInvalid(format!("{e}")))?;

    if sig_bytes.len() != 64 {
        return Err(SigError::SigWrongLength(sig_bytes.len()));
    }
    let mut sig_arr = [0u8; 64];
    sig_arr.copy_from_slice(sig_bytes);
    let sig = Signature::from_bytes(&sig_arr);

    let mut hasher = Sha256::new();
    hasher.update(tarball_bytes);
    let digest = hasher.finalize();

    vk.verify(&digest, &sig)
        .map_err(|e| SigError::SignatureRejected(format!("{e}")))
}

#[cfg(test)]
mod tests {
    use super::*;

    /// Negative test: a bad signature rejects.
    #[test]
    fn rejects_bad_signature() {
        let pk_hex = DEFAULT_PACK_ISSUER_PUBKEY_HEX;
        let tar = b"some bytes";
        let bad_sig = [0u8; 64];
        let err = verify_pack_tarball(pk_hex, tar, &bad_sig);
        assert!(err.is_err());
    }

    /// Length sanity: a too-short sig is rejected with the right error
    /// before crypto is touched.
    #[test]
    fn rejects_short_signature() {
        let err = verify_pack_tarball(DEFAULT_PACK_ISSUER_PUBKEY_HEX, b"x", &[0u8; 32]);
        match err {
            Err(SigError::SigWrongLength(32)) => {}
            other => panic!("unexpected: {other:?}"),
        }
    }

    #[test]
    fn pubkey_format_validated() {
        let err = verify_pack_tarball("not-hex", b"x", &[0u8; 64]);
        match err {
            Err(SigError::PubkeyHexInvalid(_)) => {}
            other => panic!("unexpected: {other:?}"),
        }
    }
}