core_crypto/e2e_identity/enrollment/
crypto.rs1use mls_crypto_provider::{MlsCryptoProvider, RustCrypto};
2use openmls::prelude::SignatureScheme;
3use openmls_traits::{OpenMlsCryptoProvider as _, crypto::OpenMlsCrypto as _};
4
5use super::{Error, Result};
6use crate::{MlsError, e2e_identity::crypto::E2eiSignatureKeypair, prelude::MlsCiphersuite};
7
8impl super::E2eiEnrollment {
9 pub(crate) fn new_sign_key(
10 ciphersuite: MlsCiphersuite,
11 backend: &MlsCryptoProvider,
12 ) -> Result<E2eiSignatureKeypair> {
13 let (sk, _) = backend
14 .crypto()
15 .signature_key_gen(ciphersuite.signature_algorithm())
16 .map_err(MlsError::wrap("performing signature keygen"))?;
17 E2eiSignatureKeypair::try_new(ciphersuite.signature_algorithm(), sk)
18 }
19
20 pub(crate) fn get_sign_key_for_mls(&self) -> Result<Vec<u8>> {
21 let sk = match self.ciphersuite.signature_algorithm() {
22 SignatureScheme::ECDSA_SECP256R1_SHA256 | SignatureScheme::ECDSA_SECP384R1_SHA384 => self.sign_sk.to_vec(),
23 SignatureScheme::ECDSA_SECP521R1_SHA512 => RustCrypto::normalize_p521_secret_key(&self.sign_sk).to_vec(),
24 SignatureScheme::ED25519 => RustCrypto::normalize_ed25519_key(self.sign_sk.as_slice())
25 .map_err(MlsError::wrap("normalizing ed25519 key"))?
26 .to_bytes()
27 .to_vec(),
28 SignatureScheme::ED448 => return Err(Error::NotYetSupported),
29 };
30 Ok(sk)
31 }
32}