Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@OtaK
OtaK committed Jan 11, 2024
1 parent f142bce commit 77967c2
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 7 deletions.
21 changes: 17 additions & 4 deletions crypto/src/test_utils/x509.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,23 @@ pub fn create_root_cert_ta(signature_scheme: SignatureScheme) -> x509_cert::Cert
let serial_number = SerialNumber::from(1u32);
let validity = Validity::from_now(std::time::Duration::MAX).unwrap();
let subject = Name::from_str("CN=World domination corporation,O=World domination Inc,C=US").unwrap();
let spki =

let mut builder =
x509_cert::builder::CertificateBuilder::new(Profile::Root, serial_number, validity, subject, pub_key, keypair).unwrap();
let pki_keypair = crypto.keypair_to_spki_keypair(signature_scheme, &sk).unwrap();
let spki = crypto.public_key_to_spki(signature_scheme, &pk).unwrap();

let mut builder = x509_cert::builder::CertificateBuilder::new(

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / proteus-wasm-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / check-strict 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / check 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / coverage 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied

Check failure on line 39 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / proteus-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: signature::keypair::KeypairRef` is not satisfied
Profile::Root,
serial_number,
validity,
subject,
spki,
&pki_keypair,

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / wasm-core-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / proteus-wasm-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / check-strict 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / check 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / coverage 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied

Check failure on line 45 in crypto/src/test_utils/x509.rs

View workflow job for this annotation

GitHub Actions / proteus-test 

the trait bound `mls_crypto_provider::crypto_provider::PkiKeypair: SignatureAlgorithmIdentifier` is not satisfied
)
.unwrap();

// TODO: Stop trying to make dynamic dispatch work. It doesn't; Instead use a good old gigantic
//- match statement and ugly code repetition

todo!()
}

/// Create a certificate chain with a CA and a Leaf for usage with the certificate trust anchors
Expand Down
7 changes: 4 additions & 3 deletions mls-provider/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,15 @@ aes-gcm = "0.10"
sha2 = "0.10"
chacha20poly1305 = "0.10"
hmac = "0.12"
ed25519-dalek = "2.0.0-rc.2"
ed25519-dalek = { version = "2.1", features = ["pkcs8"] }
signature = "2.1"
ecdsa = { version = "0.16", features = ["der"] }
p256 = "0.13"
p384 = "0.13"
p256 = { version = "0.13", features = ["pkcs8"] }
p384 = { version = "0.13", features = ["pkcs8"] }
# TODO: Uncomment this once p521 crate is ready
# p521 = { version = "0.12", git = "https://github.com/RustCrypto/elliptic-curves", package = "p521" }
hkdf = "0.12"
spki = "0.7"
rand = { version = "0.8", features = ["getrandom"] }
getrandom = { version = "0.2", features = ["js"] }
rand_core = "0.6"
Expand Down
45 changes: 45 additions & 0 deletions mls-provider/src/crypto_provider.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -502,6 +502,51 @@ impl OpenMlsCrypto for RustCrypto {
}
}

pub enum PkiKeypair {
P256(p256::ecdsa::SigningKey),
P384(p384::ecdsa::SigningKey),
Ed25519(ed25519_dalek::SigningKey),
}

impl RustCrypto {
pub fn keypair_to_spki_keypair<'a>(&self, alg: SignatureScheme, sk: &'a [u8]) -> Result<PkiKeypair, CryptoError> {

Check failure on line 512 in mls-provider/src/crypto_provider.rs

View workflow job for this annotation

GitHub Actions / build 

the following explicit lifetimes could be elided: 'a
match alg {
SignatureScheme::ECDSA_SECP256R1_SHA256 => Ok(PkiKeypair::P256(
p256::ecdsa::SigningKey::from_bytes(sk.into()).map_err(|_| CryptoError::CryptoLibraryError)?,
)),
SignatureScheme::ECDSA_SECP384R1_SHA384 => Ok(PkiKeypair::P384(
p384::ecdsa::SigningKey::from_bytes(sk.into()).map_err(|_| CryptoError::CryptoLibraryError)?,
)),
SignatureScheme::ED25519 => Ok(PkiKeypair::Ed25519(
ed25519_dalek::SigningKey::try_from(sk).map_err(|_| CryptoError::CryptoLibraryError)?,
)),
_ => Err(CryptoError::UnsupportedSignatureScheme),
}
}

pub fn public_key_to_spki(
&self,
alg: SignatureScheme,
pk: &[u8],
) -> Result<spki::SubjectPublicKeyInfoOwned, CryptoError> {
match alg {
SignatureScheme::ECDSA_SECP256R1_SHA256 => {
let pk = p256::ecdsa::VerifyingKey::from_sec1_bytes(pk).map_err(|_| CryptoError::CryptoLibraryError)?;
Ok(spki::SubjectPublicKeyInfoOwned::from_key(pk).map_err(|_| CryptoError::CryptoLibraryError)?)
}
SignatureScheme::ECDSA_SECP384R1_SHA384 => {
let pk = p384::ecdsa::VerifyingKey::from_sec1_bytes(pk).map_err(|_| CryptoError::CryptoLibraryError)?;
Ok(spki::SubjectPublicKeyInfoOwned::from_key(pk).map_err(|_| CryptoError::CryptoLibraryError)?)
}
SignatureScheme::ED25519 => {
let pk = ed25519_dalek::VerifyingKey::try_from(pk).map_err(|_| CryptoError::CryptoLibraryError)?;
Ok(spki::SubjectPublicKeyInfoOwned::from_key(pk).map_err(|_| CryptoError::CryptoLibraryError)?)
}
_ => Err(CryptoError::UnsupportedSignatureScheme),
}
}
}

mod hpke_core {
use openmls_traits::types::{CryptoError, HpkeCiphertext, HpkeKeyPair};

Expand Down

0 comments on commit 77967c2

Please sign in to comment.