core_crypto/e2e_identity/
crypto.rs

1use super::error::*;
2use crate::{prelude::MlsCiphersuite, CryptoError, CryptoResult, MlsError};
3use mls_crypto_provider::{MlsCryptoProvider, PkiKeypair, RustCrypto};
4use openmls_basic_credential::SignatureKeyPair as OpenMlsSignatureKeyPair;
5use openmls_traits::{
6    crypto::OpenMlsCrypto,
7    types::{Ciphersuite, SignatureScheme},
8    OpenMlsCryptoProvider,
9};
10use wire_e2e_identity::prelude::JwsAlgorithm;
11use zeroize::Zeroize;
12
13impl super::E2eiEnrollment {
14    pub(super) fn new_sign_key(
15        ciphersuite: MlsCiphersuite,
16        backend: &MlsCryptoProvider,
17    ) -> CryptoResult<E2eiSignatureKeypair> {
18        let (sk, _) = backend
19            .crypto()
20            .signature_key_gen(ciphersuite.signature_algorithm())
21            .map_err(MlsError::from)?;
22        E2eiSignatureKeypair::try_new(ciphersuite.signature_algorithm(), sk)
23    }
24
25    pub(super) fn get_sign_key_for_mls(&self) -> CryptoResult<Vec<u8>> {
26        let sk = match self.ciphersuite.signature_algorithm() {
27            SignatureScheme::ECDSA_SECP256R1_SHA256 | SignatureScheme::ECDSA_SECP384R1_SHA384 => self.sign_sk.to_vec(),
28            SignatureScheme::ECDSA_SECP521R1_SHA512 => RustCrypto::normalize_p521_secret_key(&self.sign_sk).to_vec(),
29            SignatureScheme::ED25519 => RustCrypto::normalize_ed25519_key(self.sign_sk.as_slice())
30                .map_err(MlsError::from)?
31                .to_bytes()
32                .to_vec(),
33            SignatureScheme::ED448 => return Err(E2eIdentityError::NotYetSupported.into()),
34        };
35        Ok(sk)
36    }
37}
38
39impl TryFrom<MlsCiphersuite> for JwsAlgorithm {
40    type Error = E2eIdentityError;
41
42    fn try_from(cs: MlsCiphersuite) -> E2eIdentityResult<Self> {
43        let cs = openmls_traits::types::Ciphersuite::from(cs);
44        Ok(match cs {
45            Ciphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519
46            | Ciphersuite::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 => JwsAlgorithm::Ed25519,
47            Ciphersuite::MLS_128_DHKEMP256_AES128GCM_SHA256_P256 => JwsAlgorithm::P256,
48            Ciphersuite::MLS_256_DHKEMP384_AES256GCM_SHA384_P384 => JwsAlgorithm::P384,
49            Ciphersuite::MLS_256_DHKEMP521_AES256GCM_SHA512_P521 => JwsAlgorithm::P521,
50            Ciphersuite::MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448
51            | Ciphersuite::MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 => {
52                return Err(E2eIdentityError::NotYetSupported)
53            }
54        })
55    }
56}
57
58#[derive(Debug, serde::Serialize, serde::Deserialize, Zeroize, derive_more::From, derive_more::Deref)]
59#[zeroize(drop)]
60pub struct E2eiSignatureKeypair(Vec<u8>);
61
62impl E2eiSignatureKeypair {
63    pub fn try_new(sc: SignatureScheme, sk: Vec<u8>) -> CryptoResult<Self> {
64        let keypair = PkiKeypair::new(sc, sk)?;
65        Ok(Self(keypair.signing_key_bytes()))
66    }
67}
68
69impl TryFrom<&OpenMlsSignatureKeyPair> for E2eiSignatureKeypair {
70    type Error = CryptoError;
71
72    fn try_from(kp: &OpenMlsSignatureKeyPair) -> CryptoResult<Self> {
73        Self::try_new(kp.signature_scheme(), kp.private().to_vec())
74    }
75}
core_crypto/e2e_identity/crypto.rs

core_crypto/e2e_identity/
crypto.rs
