@@ -3,13 +3,12 @@ use std::{
3
3
sync:: { RwLockReadGuard , RwLockWriteGuard } ,
4
4
} ;
5
5
6
+ use serde:: Serialize ;
6
7
use zeroize:: Zeroizing ;
7
8
8
9
use super :: KeyStoreInner ;
9
10
use crate :: {
10
- derive_shareable_key, error:: UnsupportedOperation , store:: backend:: StoreBackend ,
11
- AsymmetricCryptoKey , CryptoError , EncString , KeyId , KeyIds , Result , SigningKey ,
12
- SymmetricCryptoKey , UnsignedSharedKey ,
11
+ derive_shareable_key, error:: UnsupportedOperation , store:: backend:: StoreBackend , AsymmetricCryptoKey , CryptoError , EncString , KeyId , KeyIds , Result , Signature , SignatureAlgorithm , SignedObject , SigningKey , SymmetricCryptoKey , UnsignedSharedKey
13
12
} ;
14
13
15
14
/// The context of a crypto operation using [super::KeyStore]
@@ -250,6 +249,11 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
250
249
self . get_asymmetric_key ( key_id) . is_ok ( )
251
250
}
252
251
252
+ // Returns `true` if the context has a signing key with the given identifier
253
+ pub fn has_signing_key ( & self , key_id : Ids :: Signing ) -> bool {
254
+ self . get_signing_key ( key_id) . is_ok ( )
255
+ }
256
+
253
257
/// Generate a new random symmetric key and store it in the context
254
258
pub fn generate_symmetric_key ( & mut self , key_id : Ids :: Symmetric ) -> Result < Ids :: Symmetric > {
255
259
let key = SymmetricCryptoKey :: make_aes256_cbc_hmac_key ( ) ;
@@ -258,6 +262,17 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
258
262
Ok ( key_id)
259
263
}
260
264
265
+ // Generate a new signature key using the current default algorithm, and store it in the context
266
+ pub fn make_signing_key (
267
+ & mut self ,
268
+ key_id : Ids :: Signing ,
269
+ ) -> Result < Ids :: Signing > {
270
+ let key = SigningKey :: make ( SignatureAlgorithm :: default_algorithm ( ) ) ?;
271
+ #[ allow( deprecated) ]
272
+ self . set_signing_key ( key_id, key) ?;
273
+ Ok ( key_id)
274
+ }
275
+
261
276
/// Derive a shareable key using hkdf from secret and name and store it in the context.
262
277
///
263
278
/// A specialized variant of this function was called `CryptoService.makeSendKey` in the
@@ -293,6 +308,11 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
293
308
self . get_asymmetric_key ( key_id)
294
309
}
295
310
311
+ #[ deprecated( note = "This function should ideally never be used outside this crate" ) ]
312
+ pub fn dangerous_get_signing_key ( & self , key_id : Ids :: Signing ) -> Result < & SigningKey > {
313
+ self . get_signing_key ( key_id)
314
+ }
315
+
296
316
fn get_symmetric_key ( & self , key_id : Ids :: Symmetric ) -> Result < & SymmetricCryptoKey > {
297
317
if key_id. is_local ( ) {
298
318
self . local_symmetric_keys . get ( key_id)
@@ -400,6 +420,33 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
400
420
}
401
421
}
402
422
}
423
+
424
+ /// Signs the given data using the specified signing key, for the given [crate::SigningNamespace]
425
+ /// and returns the signature and the serialized message. See [crate::SigningKey::sign]
426
+ #[ allow( unused) ]
427
+ pub ( crate ) fn sign < Message : Serialize > (
428
+ & self ,
429
+ key : Ids :: Signing ,
430
+ message : & Message ,
431
+ namespace : & crate :: SigningNamespace ,
432
+ ) -> Result < SignedObject > {
433
+ let key = self . get_signing_key ( key) ?;
434
+ key. sign ( message, namespace)
435
+ }
436
+
437
+ /// Signs the given data using the specified signing key, for the given [crate::SigningNamespace]
438
+ /// and returns the signature and the serialized message. See [crate::SigningKey::sign_detached]
439
+ #[ allow( unused) ]
440
+ pub ( crate ) fn sign_detached < Message : Serialize > (
441
+ & self ,
442
+ key : Ids :: Signing ,
443
+ message : & Message ,
444
+ namespace : & crate :: SigningNamespace ,
445
+ ) -> Result < ( Signature , Vec < u8 > ) > {
446
+ let key = self . get_signing_key ( key) ?;
447
+ let ( signature, serialized_message) = key. sign_detached ( message, namespace) ?;
448
+ Ok ( ( signature, serialized_message. as_ref ( ) . to_vec ( ) ) )
449
+ }
403
450
}
404
451
405
452
#[ cfg( test) ]
0 commit comments