ruma_signatures/keys/
compat.rs

1use subslice::SubsliceExt as _;
2
3#[derive(Debug)]
4pub(super) enum CompatibleDocument<'a> {
5    WellFormed(&'a [u8]),
6    CleanedFromRing(Vec<u8>),
7}
8
9impl<'a> CompatibleDocument<'a> {
10    pub(super) fn from_bytes(bytes: &'a [u8]) -> Self {
11        if is_ring(bytes) {
12            Self::CleanedFromRing(fix_ring_doc(bytes.to_vec()))
13        } else {
14            Self::WellFormed(bytes)
15        }
16    }
17}
18
19// Ring uses a very specific template to generate its documents,
20// and so this is essentially a sentinel value of that.
21//
22// It corresponds to CONTEXT-SPECIFIC[1](35) { BIT-STRING(32) {...} } in ASN.1
23//
24// A well-formed bit would look like just CONTEXT-SPECIFIC[1](32) { ... }
25//
26// Note: this is purely a sentinel value, don't take these bytes out of context
27// to detect or fiddle with the document.
28const RING_TEMPLATE_CONTEXT_SPECIFIC: &[u8] = &[0xA1, 0x23, 0x03, 0x21];
29
30// A checked well-formed context-specific[1] prefix.
31const WELL_FORMED_CONTEXT_ONE_PREFIX: &[u8] = &[0x81, 0x21];
32
33// If present, removes a malfunctioning pubkey suffix and adjusts the length at the start.
34fn fix_ring_doc(mut doc: Vec<u8>) -> Vec<u8> {
35    assert!(!doc.is_empty());
36    // Check if first tag is ASN.1 SEQUENCE
37    assert_eq!(doc[0], 0x30);
38    // Second byte asserts the length for the rest of the document
39    assert_eq!(doc[1] as usize, doc.len() - 2);
40
41    let idx = doc
42        .find(RING_TEMPLATE_CONTEXT_SPECIFIC)
43        .expect("Expected to find ring template in doc, but found none.");
44
45    // Snip off the malformed bit.
46    let suffix = doc.split_off(idx);
47
48    // Feed back an actual well-formed prefix.
49    doc.extend(WELL_FORMED_CONTEXT_ONE_PREFIX);
50
51    // Then give it the actual public key.
52    doc.extend(&suffix[4..]);
53
54    doc[1] = doc.len() as u8 - 2;
55
56    doc
57}
58
59fn is_ring(bytes: &[u8]) -> bool {
60    bytes.find(RING_TEMPLATE_CONTEXT_SPECIFIC).is_some()
61}