Skip to content

Commit 635b536

Browse files
committed
Add methods to key context
1 parent 75ba449 commit 635b536

File tree

1 file changed

+50
-3
lines changed

1 file changed

+50
-3
lines changed

crates/bitwarden-crypto/src/store/context.rs

Lines changed: 50 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,12 @@ use std::{
33
sync::{RwLockReadGuard, RwLockWriteGuard},
44
};
55

6+
use serde::Serialize;
67
use zeroize::Zeroizing;
78

89
use super::KeyStoreInner;
910
use crate::{
10-
derive_shareable_key, error::UnsupportedOperation, store::backend::StoreBackend,
11-
AsymmetricCryptoKey, CryptoError, EncString, KeyId, KeyIds, Result, SigningKey,
12-
SymmetricCryptoKey, UnsignedSharedKey,
11+
derive_shareable_key, error::UnsupportedOperation, store::backend::StoreBackend, AsymmetricCryptoKey, CryptoError, EncString, KeyId, KeyIds, Result, Signature, SignatureAlgorithm, SignedObject, SigningKey, SymmetricCryptoKey, UnsignedSharedKey
1312
};
1413

1514
/// The context of a crypto operation using [super::KeyStore]
@@ -250,6 +249,11 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
250249
self.get_asymmetric_key(key_id).is_ok()
251250
}
252251

252+
// Returns `true` if the context has a signing key with the given identifier
253+
pub fn has_signing_key(&self, key_id: Ids::Signing) -> bool {
254+
self.get_signing_key(key_id).is_ok()
255+
}
256+
253257
/// Generate a new random symmetric key and store it in the context
254258
pub fn generate_symmetric_key(&mut self, key_id: Ids::Symmetric) -> Result<Ids::Symmetric> {
255259
let key = SymmetricCryptoKey::make_aes256_cbc_hmac_key();
@@ -258,6 +262,17 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
258262
Ok(key_id)
259263
}
260264

265+
// Generate a new signature key using the current default algorithm, and store it in the context
266+
pub fn make_signing_key(
267+
&mut self,
268+
key_id: Ids::Signing,
269+
) -> Result<Ids::Signing> {
270+
let key = SigningKey::make(SignatureAlgorithm::default_algorithm())?;
271+
#[allow(deprecated)]
272+
self.set_signing_key(key_id, key)?;
273+
Ok(key_id)
274+
}
275+
261276
/// Derive a shareable key using hkdf from secret and name and store it in the context.
262277
///
263278
/// A specialized variant of this function was called `CryptoService.makeSendKey` in the
@@ -293,6 +308,11 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
293308
self.get_asymmetric_key(key_id)
294309
}
295310

311+
#[deprecated(note = "This function should ideally never be used outside this crate")]
312+
pub fn dangerous_get_signing_key(&self, key_id: Ids::Signing) -> Result<&SigningKey> {
313+
self.get_signing_key(key_id)
314+
}
315+
296316
fn get_symmetric_key(&self, key_id: Ids::Symmetric) -> Result<&SymmetricCryptoKey> {
297317
if key_id.is_local() {
298318
self.local_symmetric_keys.get(key_id)
@@ -400,6 +420,33 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
400420
}
401421
}
402422
}
423+
424+
/// Signs the given data using the specified signing key, for the given [crate::SigningNamespace]
425+
/// and returns the signature and the serialized message. See [crate::SigningKey::sign]
426+
#[allow(unused)]
427+
pub(crate) fn sign<Message: Serialize>(
428+
&self,
429+
key: Ids::Signing,
430+
message: &Message,
431+
namespace: &crate::SigningNamespace,
432+
) -> Result<SignedObject> {
433+
let key = self.get_signing_key(key)?;
434+
key.sign(message, namespace)
435+
}
436+
437+
/// Signs the given data using the specified signing key, for the given [crate::SigningNamespace]
438+
/// and returns the signature and the serialized message. See [crate::SigningKey::sign_detached]
439+
#[allow(unused)]
440+
pub(crate) fn sign_detached<Message: Serialize>(
441+
&self,
442+
key: Ids::Signing,
443+
message: &Message,
444+
namespace: &crate::SigningNamespace,
445+
) -> Result<(Signature, Vec<u8>)> {
446+
let key = self.get_signing_key(key)?;
447+
let (signature, serialized_message) = key.sign_detached(message, namespace)?;
448+
Ok((signature, serialized_message.as_ref().to_vec()))
449+
}
403450
}
404451

405452
#[cfg(test)]

0 commit comments

Comments
 (0)