impl serde for KeyPairs

webrtc-rs · Sep 10, 2023 · d1e7c87 · d1e7c87
1 parent c69f2bd
commit d1e7c87
Show file tree

Hide file tree

Showing 5 changed files with 116 additions and 8 deletions.
diff --git a/rmls/src/crypto/key_pair.rs b/rmls/src/crypto/key_pair.rs
@@ -1,5 +1,8 @@
 use crate::crypto::provider::SignatureScheme;
 use crate::crypto::{HPKEPrivateKey, HPKEPublicKey, SignaturePrivateKey, SignaturePublicKey};
+use crate::utilities::error::*;
+use crate::utilities::serde::{Deserializer, Serializer};
+use bytes::{Buf, BufMut};
 
 /// SignatureKeyPair is a wrapper of CryptoProvider's signature key pair
 #[derive(Default, Debug, Clone, Eq, PartialEq)]
@@ -9,6 +12,35 @@ pub struct SignatureKeyPair {
     pub(crate) signature_scheme: SignatureScheme,
 }
 
+impl Deserializer for SignatureKeyPair {
+    fn deserialize<B>(buf: &mut B) -> Result<Self>
+    where
+        Self: Sized,
+        B: Buf,
+    {
+        let private_key = SignaturePrivateKey::deserialize(buf)?;
+        let public_key = SignaturePublicKey::deserialize(buf)?;
+        let signature_scheme = SignatureScheme::deserialize(buf)?;
+        Ok(Self {
+            private_key,
+            public_key,
+            signature_scheme,
+        })
+    }
+}
+
+impl Serializer for SignatureKeyPair {
+    fn serialize<B>(&self, buf: &mut B) -> Result<()>
+    where
+        Self: Sized,
+        B: BufMut,
+    {
+        self.private_key.serialize(buf)?;
+        self.public_key.serialize(buf)?;
+        self.signature_scheme.serialize(buf)
+    }
+}
+
 impl SignatureKeyPair {
     /// Returns private key
     pub fn private_key(&self) -> &SignaturePrivateKey {
@@ -33,6 +65,32 @@ pub struct HPKEKeyPair {
     pub(crate) public_key: HPKEPublicKey,
 }
 
+impl Deserializer for HPKEKeyPair {
+    fn deserialize<B>(buf: &mut B) -> Result<Self>
+    where
+        Self: Sized,
+        B: Buf,
+    {
+        let private_key = SignaturePrivateKey::deserialize(buf)?;
+        let public_key = SignaturePublicKey::deserialize(buf)?;
+        Ok(Self {
+            private_key,
+            public_key,
+        })
+    }
+}
+
+impl Serializer for HPKEKeyPair {
+    fn serialize<B>(&self, buf: &mut B) -> Result<()>
+    where
+        Self: Sized,
+        B: BufMut,
+    {
+        self.private_key.serialize(buf)?;
+        self.public_key.serialize(buf)
+    }
+}
+
 impl HPKEKeyPair {
     /// Returns private key
     pub fn private_key(&self) -> &HPKEPrivateKey {

diff --git a/rmls/src/crypto/provider/mod.rs b/rmls/src/crypto/provider/mod.rs
@@ -63,6 +63,38 @@ pub enum SignatureScheme {
     ED448 = 0x0808,
 }
 
+impl Deserializer for SignatureScheme {
+    fn deserialize<B>(buf: &mut B) -> Result<Self>
+    where
+        Self: Sized,
+        B: Buf,
+    {
+        if buf.remaining() < 2 {
+            return Err(Error::BufferTooSmall);
+        }
+        let v = buf.get_u16();
+        match v {
+            0x0403 => Ok(SignatureScheme::ECDSA_SECP256R1_SHA256),
+            0x0503 => Ok(SignatureScheme::ECDSA_SECP384R1_SHA384),
+            0x0603 => Ok(SignatureScheme::ECDSA_SECP521R1_SHA512),
+            0x0807 => Ok(SignatureScheme::ED25519),
+            0x0808 => Ok(SignatureScheme::ED448),
+            _ => Err(Error::InvalidSignatureSchemeValue(v)),
+        }
+    }
+}
+
+impl Serializer for SignatureScheme {
+    fn serialize<B>(&self, buf: &mut B) -> Result<()>
+    where
+        Self: Sized,
+        B: BufMut,
+    {
+        buf.put_u16(*self as u16);
+        Ok(())
+    }
+}
+
 /// KeyStore trait provides the CRUD operations of Key
 pub trait KeyStore: Send + Sync {
     fn store(&self, key: &Bytes, val: &Bytes) -> Result<()>;

diff --git a/rmls/src/key_package/builder.rs b/rmls/src/key_package/builder.rs
@@ -39,15 +39,15 @@ impl KeyPackageBuilder {
         self
     }
 
-    /// Finalize and build the key package with Encryption and HPKE Key Pairs
+    /// Finalize, build the key package, and store keys in KeyStore
     pub fn build(
         self,
         crypto_provider: &impl CryptoProvider,
         crypto_config: CryptoConfig,
         credential: Credential,
         signature_key_pair: &SignatureKeyPair,
-    ) -> Result<(KeyPackage, EncryptionKeyPair, HPKEKeyPair)> {
-        KeyPackage::new(
+    ) -> Result<KeyPackage> {
+        let (key_package, encryption_key_pair, init_private_key) = KeyPackage::new(
             crypto_provider,
             crypto_config,
             credential,
@@ -56,6 +56,22 @@ impl KeyPackageBuilder {
             self.key_package_extensions.unwrap_or_default(),
             self.leaf_node_capabilities.unwrap_or_default(),
             self.leaf_node_extensions.unwrap_or_default(),
-        )
+        )?;
+
+        crypto_provider.key_store().store(
+            &*(key_package.generate_ref(crypto_provider)?),
+            &key_package.serialize_detached()?,
+        )?;
+
+        crypto_provider.key_store().store(
+            &encryption_key_pair.public_key,
+            &encryption_key_pair.serialize_detached()?,
+        )?;
+
+        crypto_provider
+            .key_store()
+            .store(&key_package.payload.init_key, &init_private_key)?;
+
+        Ok(key_package)
     }
 }
diff --git a/rmls/src/key_package/mod.rs b/rmls/src/key_package/mod.rs
@@ -12,7 +12,7 @@ pub mod builder;
 use bytes::{Buf, BufMut, Bytes, BytesMut};
 use std::ops::Deref;
 
-use crate::crypto::key_pair::{EncryptionKeyPair, HPKEKeyPair};
+use crate::crypto::key_pair::EncryptionKeyPair;
 use crate::crypto::{
     cipher_suite::*, config::CryptoConfig, credential::Credential, key_pair::SignatureKeyPair,
     provider::CryptoProvider, *,
@@ -155,7 +155,7 @@ impl KeyPackage {
         key_package_extensions: Extensions,
         leaf_node_capabilities: Capabilities,
         leaf_node_extensions: Extensions,
-    ) -> Result<(Self, EncryptionKeyPair, HPKEKeyPair)> {
+    ) -> Result<(Self, EncryptionKeyPair, HPKEPrivateKey)> {
         if crypto_provider
             .signature(crypto_config.cipher_suite)?
             .signature_scheme()
@@ -180,10 +180,10 @@ impl KeyPackage {
             key_package_extensions,
             leaf_node_capabilities,
             leaf_node_extensions,
-            init_key.public_key.clone(),
+            init_key.public_key,
         )?;
 
-        Ok((key_package, encryption_key_pair, init_key))
+        Ok((key_package, encryption_key_pair, init_key.private_key))
     }
 
     #[allow(clippy::too_many_arguments)]

diff --git a/rmls/src/utilities/error.rs b/rmls/src/utilities/error.rs
@@ -23,6 +23,8 @@ pub enum Error {
     InputContainsExcessBytes(usize),
     #[error("invalid sibling")]
     InvalidSibling,
+    #[error("invalid signature scheme value {0}")]
+    InvalidSignatureSchemeValue(u16),
     #[error("invalid leaf node source value {0}")]
     InvalidLeafNodeSourceValue(u8),
     #[error("invalid extension type value {0}")]