feat(rust): improve Identity CBOR structures

build-trust · Oct 3, 2023 · 0866787 · 0866787
1 parent aef1a8d
commit 0866787
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 62 deletions.
diff --git a/implementations/rust/ockam/ockam_identity/src/identity/history_comparison.rs b/implementations/rust/ockam/ockam_identity/src/identity/history_comparison.rs
@@ -1,17 +1,13 @@
-use minicbor::{Decode, Encode};
-
 /// Result of comparison of current `IdentityChangeHistory` to the `IdentityChangeHistory`
 /// of the same Identity, that was known to us earlier
-#[derive(Debug, Clone, Encode, Decode, PartialEq, Eq)]
-#[rustfmt::skip]
-#[cbor(index_only)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub enum IdentityHistoryComparison {
     /// No difference
-    #[n(1)] Equal,
+    Equal,
     /// Some changes don't match between current identity and known identity
-    #[n(2)] Conflict,
+    Conflict,
     /// Current identity is more recent than known identity
-    #[n(3)] Newer,
+    Newer,
     /// Known identity is more recent
-    #[n(4)] Older,
+    Older,
 }
diff --git a/implementations/rust/ockam/ockam_identity/src/models/change_history.rs b/implementations/rust/ockam/ockam_identity/src/models/change_history.rs
@@ -15,55 +15,53 @@ pub struct ChangeHistory(#[n(0)] pub Vec<Change>);
 /// Individual Identity change which implies replacing the old key
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct Change {
     /// CBOR serialized [`super::VersionedData`]
     /// where VersionedData::data is CBOR serialized [`ChangeData`]
     #[cbor(with = "minicbor::bytes")]
-    #[n(1)] pub data: Vec<u8>,
+    #[n(0)] pub data: Vec<u8>,
     /// Self-signature over the data using the key from this same [`Change`]
-    #[n(2)] pub signature: ChangeSignature,
+    #[n(1)] pub signature: ChangeSignature,
     /// Self-signature over the data using the key
     /// from the previous [`Change`] in the [`ChangeHistory`]
-    #[n(3)] pub previous_signature: Option<ChangeSignature>,
+    #[n(2)] pub previous_signature: Option<ChangeSignature>,
 }
 
 /// [`Change`] signature
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
 pub enum ChangeSignature {
     /// Signature using EdDSA Ed25519
-    #[n(1)] EdDSACurve25519(#[n(0)] EdDSACurve25519Signature),
+    #[n(0)] EdDSACurve25519(#[n(0)] EdDSACurve25519Signature),
     /// Signature using ECDSA P256
-    #[n(2)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256Signature),
+    #[n(1)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256Signature),
 }
 
 /// Data inside a [`Change`]
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct ChangeData {
     /// [`ChangeHash`] linking this [`Change`] to a previous
     /// It's mandatory unless this is the very first [`Change`] in the [`ChangeHistory`]
-    #[n(1)] pub previous_change: Option<ChangeHash>,
+    #[n(0)] pub previous_change: Option<ChangeHash>,
     /// Public Key from that [`Change`]
-    #[n(2)] pub primary_public_key: PrimaryPublicKey,
+    #[n(1)] pub primary_public_key: PrimaryPublicKey,
     /// Indicates that all [`super::PurposeKeyAttestation`]s signed by previous Primary Public Key should not
     /// be considered valid anymore.
     /// This is usually a desired behaviour if a Purpose Key was compromised.
-    #[n(3)] pub revoke_all_purpose_keys: bool,
+    #[n(2)] pub revoke_all_purpose_keys: bool,
     /// Creation [`TimestampInSeconds`] (UTC)
-    #[n(4)] pub created_at: TimestampInSeconds,
+    #[n(3)] pub created_at: TimestampInSeconds,
     /// Expiration [`TimestampInSeconds`] (UTC)
-    #[n(5)] pub expires_at: TimestampInSeconds,
+    #[n(4)] pub expires_at: TimestampInSeconds,
 }
 
 /// [`Change`]'s public key
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
 pub enum PrimaryPublicKey {
     /// EdDSA Ed25519 Public Key
-    #[n(1)] EdDSACurve25519(#[n(0)] EdDSACurve25519PublicKey),
+    #[n(0)] EdDSACurve25519(#[n(0)] EdDSACurve25519PublicKey),
     /// ECDSA P256 Public Key
-    #[n(2)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256PublicKey),
+    #[n(1)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256PublicKey),
 }
diff --git a/implementations/rust/ockam/ockam_identity/src/models/credential.rs b/implementations/rust/ockam/ockam_identity/src/models/credential.rs
@@ -7,42 +7,40 @@ use ockam_vault::{ECDSASHA256CurveP256Signature, EdDSACurve25519Signature};
 /// Credential
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct Credential {
     /// CBOR serialized [`super::VersionedData`]
     /// where VersionedData::data is CBOR serialized [`CredentialData`]
     #[cbor(with = "minicbor::bytes")]
-    #[n(1)] pub data: Vec<u8>,
+    #[n(0)] pub data: Vec<u8>,
     /// Signature over data field using corresponding Credentials [`super::PurposeKeyAttestation`]
-    #[n(2)] pub signature: CredentialSignature,
+    #[n(1)] pub signature: CredentialSignature,
 }
 
 /// Signature over [`CredentialData`] using corresponding Credentials [`super::PurposeKeyAttestation`]
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
 pub enum CredentialSignature {
     /// An EdDSA signature using Curve 25519.
-    #[n(1)] EdDSACurve25519(#[n(0)] EdDSACurve25519Signature),
+    #[n(0)] EdDSACurve25519(#[n(0)] EdDSACurve25519Signature),
     /// An ECDSA signature using SHA-256 and Curve P-256.
-    #[n(2)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256Signature),
+    #[n(1)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256Signature),
 }
 
 /// Data inside a [`Credential`]
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct CredentialData {
     /// To whom this Credential was issued
-    #[n(1)] pub subject: Option<Identifier>,
+    #[n(0)] pub subject: Option<Identifier>,
     /// Latest Subject's Identity [`ChangeHash`] that was known to the Authority (issuer) at the
     /// moment of issuing of that Credential
-    #[n(2)] pub subject_latest_change_hash: Option<ChangeHash>,
+    #[n(1)] pub subject_latest_change_hash: Option<ChangeHash>,
     /// [`Attributes`] that Authority (issuer) attests about that Subject
-    #[n(3)] pub subject_attributes: Attributes,
+    #[n(2)] pub subject_attributes: Attributes,
     /// Creation [`TimestampInSeconds`] (UTC)
-    #[n(4)] pub created_at: TimestampInSeconds,
+    #[n(3)] pub created_at: TimestampInSeconds,
     /// Expiration [`TimestampInSeconds`] (UTC)
-    #[n(5)] pub expires_at: TimestampInSeconds,
+    #[n(4)] pub expires_at: TimestampInSeconds,
 }
 
 /// Number that determines which keys&values to expect in the [`Attributes`]
@@ -54,10 +52,9 @@ pub struct CredentialSchemaIdentifier(#[n(0)] pub u64);
 /// Set a keys&values that an Authority (issuer) attests about the Subject
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct Attributes {
     /// [`CredentialSchemaIdentifier`] that determines which keys&values to expect in the [`Attributes`]
-    #[n(1)] pub schema: CredentialSchemaIdentifier,
+    #[n(0)] pub schema: CredentialSchemaIdentifier,
     /// Set of keys&values
-    #[n(2)] pub map: BTreeMap<ByteVec, ByteVec>,
+    #[n(1)] pub map: BTreeMap<ByteVec, ByteVec>,
 }
diff --git a/implementations/rust/ockam/ockam_identity/src/models/credential_and_purpose_key.rs b/implementations/rust/ockam/ockam_identity/src/models/credential_and_purpose_key.rs
@@ -5,11 +5,10 @@ use minicbor::{Decode, Encode};
 /// [`Credential`] and will be used to verify it
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct CredentialAndPurposeKey {
     /// [`Credential`]
-    #[n(1)] pub credential: Credential,
+    #[n(0)] pub credential: Credential,
     /// Corresponding [`PurposeKeyAttestation`] that was used to issue that
     /// [`Credential`] and will be used to verify it
-    #[n(2)] pub purpose_key_attestation: PurposeKeyAttestation,
+    #[n(1)] pub purpose_key_attestation: PurposeKeyAttestation,
 }
diff --git a/implementations/rust/ockam/ockam_identity/src/models/purpose_key_attestation.rs b/implementations/rust/ockam/ockam_identity/src/models/purpose_key_attestation.rs
@@ -12,42 +12,40 @@ use ockam_vault::{
 /// a [`super::super::purpose_key::PurposeKey`] with itself
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct PurposeKeyAttestation {
     /// CBOR serialized [`super::VersionedData`]
     /// where VersionedData::data is CBOR serialized [`PurposeKeyAttestationData`]
     #[cbor(with = "minicbor::bytes")]
-    #[n(1)] pub data: Vec<u8>,
+    #[n(0)] pub data: Vec<u8>,
     /// Signature over data field using a key from [`super::super::identity::Identity`]
-    #[n(2)] pub signature: PurposeKeyAttestationSignature,
+    #[n(1)] pub signature: PurposeKeyAttestationSignature,
 }
 
 /// Signature over data field using a key from [`super::super::identity::Identity`]
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
 pub enum PurposeKeyAttestationSignature {
     /// Signature using EdDSA Ed25519 key from the corresponding [`super::super::identity::Identity`]
-    #[n(1)] EdDSACurve25519(#[n(0)] EdDSACurve25519Signature),
+    #[n(0)] EdDSACurve25519(#[n(0)] EdDSACurve25519Signature),
     /// Signature using ECDSA P256 key from the corresponding [`super::super::identity::Identity`]
-    #[n(2)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256Signature),
+    #[n(1)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256Signature),
 }
 
 /// Data inside a [`PurposeKeyAttestation`]
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct PurposeKeyAttestationData {
     /// [`Identifier`] of the [`super::super::identity::Identity`] this Purpose Key belongs to
-    #[n(1)] pub subject: Identifier,
+    #[n(0)] pub subject: Identifier,
     /// Latest [`ChangeHash`] (at the moment of issuing) of the [`super::super::identity::Identity`]
     /// this Purpose Key belongs to
-    #[n(2)] pub subject_latest_change_hash: ChangeHash,
+    #[n(1)] pub subject_latest_change_hash: ChangeHash,
     /// Public key of this Purpose Key
-    #[n(3)] pub public_key: PurposePublicKey,
+    #[n(2)] pub public_key: PurposePublicKey,
     /// Creation [`TimestampInSeconds`] (UTC)
-    #[n(4)] pub created_at: TimestampInSeconds,
+    #[n(3)] pub created_at: TimestampInSeconds,
     /// Expiration [`TimestampInSeconds`] (UTC)
-    #[n(5)] pub expires_at: TimestampInSeconds,
+    #[n(4)] pub expires_at: TimestampInSeconds,
 }
 
 /// [`PurposeKeyAttestation`]'s public key
@@ -56,17 +54,17 @@ pub struct PurposeKeyAttestationData {
 pub enum PurposePublicKey {
     /// Key dedicated to creation of Secure Channels
     /// This key is used as a static key in Noise XX handshake
-    #[n(1)] SecureChannelStatic(#[n(0)] X25519PublicKey),
+    #[n(0)] SecureChannelStatic(#[n(0)] X25519PublicKey),
     /// Key dedicated to signing [`super::Credential`]s
-    #[n(2)] CredentialSigning(#[n(0)] CredentialVerifyingKey),
+    #[n(1)] CredentialSigning(#[n(0)] CredentialVerifyingKey),
 }
 
 /// Key dedicated to signing [`super::Credential`]s
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
 pub enum CredentialVerifyingKey {
     /// Curve25519 Public Key for verifying EdDSA signatures.
-    #[n(1)] EdDSACurve25519(#[n(0)] EdDSACurve25519PublicKey),
+    #[n(0)] EdDSACurve25519(#[n(0)] EdDSACurve25519PublicKey),
     /// Curve P-256 Public Key for verifying ECDSA SHA256 signatures.
-    #[n(2)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256PublicKey),
+    #[n(1)] ECDSASHA256CurveP256(#[n(0)] ECDSASHA256CurveP256PublicKey),
 }
diff --git a/implementations/rust/ockam/ockam_identity/src/models/versioned_data.rs b/implementations/rust/ockam/ockam_identity/src/models/versioned_data.rs
@@ -4,11 +4,10 @@ use ockam_core::compat::vec::Vec;
 /// Binary and a version
 #[derive(Clone, Debug, PartialEq, Eq, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub struct VersionedData {
     /// Version
-    #[n(1)] pub version: u8,
+    #[n(0)] pub version: u8,
     /// Binary
     #[cbor(with = "minicbor::bytes")]
-    #[n(2)] pub data: Vec<u8>,
+    #[n(1)] pub data: Vec<u8>,
 }
diff --git a/...tations/rust/ockam/ockam_identity/src/secure_channel/handshake/handshake_state_machine.rs b/...tations/rust/ockam/ockam_identity/src/secure_channel/handshake/handshake_state_machine.rs
@@ -233,15 +233,14 @@ impl CommonStateMachine {
 /// This internal structure is used as a payload in the XX protocol
 #[derive(Debug, Clone, Encode, Decode)]
 #[rustfmt::skip]
-#[cbor(map)]
 pub(super) struct IdentityAndCredentials {
     /// Exported identity
-    #[n(1)] pub(super) change_history: ChangeHistory,
+    #[n(0)] pub(super) change_history: ChangeHistory,
     /// The Purpose Key guarantees that the other end has access to the private key of the identity
     /// The Purpose Key here is also the static key of the noise ('x') and is issued with the static
     /// key of the identity
-    #[n(2)] pub(super) purpose_key_attestation: PurposeKeyAttestation,
+    #[n(1)] pub(super) purpose_key_attestation: PurposeKeyAttestation,
     /// Credentials associated to the identity along with corresponding Credentials Purpose Keys
     /// to verify those Credentials
-    #[n(3)] pub(super) credentials: Vec<CredentialAndPurposeKey>,
+    #[n(2)] pub(super) credentials: Vec<CredentialAndPurposeKey>,
 }