core_crypto/e2e_identity/enrollment/
crypto.rs

1use mls_crypto_provider::{MlsCryptoProvider, RustCrypto};
2use openmls::prelude::SignatureScheme;
3use openmls_traits::{OpenMlsCryptoProvider as _, crypto::OpenMlsCrypto as _};
4
5use super::{Error, Result};
6use crate::{MlsError, e2e_identity::crypto::E2eiSignatureKeypair, prelude::MlsCiphersuite};
7
8impl super::E2eiEnrollment {
9    pub(crate) fn new_sign_key(
10        ciphersuite: MlsCiphersuite,
11        backend: &MlsCryptoProvider,
12    ) -> Result<E2eiSignatureKeypair> {
13        let (sk, _) = backend
14            .crypto()
15            .signature_key_gen(ciphersuite.signature_algorithm())
16            .map_err(MlsError::wrap("performing signature keygen"))?;
17        E2eiSignatureKeypair::try_new(ciphersuite.signature_algorithm(), sk)
18    }
19
20    pub(crate) fn get_sign_key_for_mls(&self) -> Result<Vec<u8>> {
21        let sk = match self.ciphersuite.signature_algorithm() {
22            SignatureScheme::ECDSA_SECP256R1_SHA256 | SignatureScheme::ECDSA_SECP384R1_SHA384 => self.sign_sk.to_vec(),
23            SignatureScheme::ECDSA_SECP521R1_SHA512 => RustCrypto::normalize_p521_secret_key(&self.sign_sk).to_vec(),
24            SignatureScheme::ED25519 => RustCrypto::normalize_ed25519_key(self.sign_sk.as_slice())
25                .map_err(MlsError::wrap("normalizing ed25519 key"))?
26                .to_bytes()
27                .to_vec(),
28            SignatureScheme::ED448 => return Err(Error::NotYetSupported),
29        };
30        Ok(sk)
31    }
32}