Add methods to key context

quexten · quexten · commit 635b536702bf · 2025-05-20T20:15:46.000+02:00
diff --git a/crates/bitwarden-crypto/src/store/context.rs b/crates/bitwarden-crypto/src/store/context.rs
@@ -3,13 +3,12 @@ use std::{
     sync::{RwLockReadGuard, RwLockWriteGuard},
 };
 
+use serde::Serialize;
 use zeroize::Zeroizing;
 
 use super::KeyStoreInner;
 use crate::{
-    derive_shareable_key, error::UnsupportedOperation, store::backend::StoreBackend,
-    AsymmetricCryptoKey, CryptoError, EncString, KeyId, KeyIds, Result, SigningKey,
-    SymmetricCryptoKey, UnsignedSharedKey,
+    derive_shareable_key, error::UnsupportedOperation, store::backend::StoreBackend, AsymmetricCryptoKey, CryptoError, EncString, KeyId, KeyIds, Result, Signature, SignatureAlgorithm, SignedObject, SigningKey, SymmetricCryptoKey, UnsignedSharedKey
 };
 
 /// The context of a crypto operation using [super::KeyStore]
@@ -250,6 +249,11 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
         self.get_asymmetric_key(key_id).is_ok()
     }
 
+    // Returns `true` if the context has a signing key with the given identifier
+    pub fn has_signing_key(&self, key_id: Ids::Signing) -> bool {
+        self.get_signing_key(key_id).is_ok()
+    }
+
     /// Generate a new random symmetric key and store it in the context
     pub fn generate_symmetric_key(&mut self, key_id: Ids::Symmetric) -> Result<Ids::Symmetric> {
         let key = SymmetricCryptoKey::make_aes256_cbc_hmac_key();
@@ -258,6 +262,17 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
         Ok(key_id)
     }
 
+    // Generate a new signature key using the current default algorithm, and store it in the context
+    pub fn make_signing_key(
+        &mut self,
+        key_id: Ids::Signing,
+    ) -> Result<Ids::Signing> {
+        let key = SigningKey::make(SignatureAlgorithm::default_algorithm())?;
+        #[allow(deprecated)]
+        self.set_signing_key(key_id, key)?;
+        Ok(key_id)
+    }
+
     /// Derive a shareable key using hkdf from secret and name and store it in the context.
     ///
     /// A specialized variant of this function was called `CryptoService.makeSendKey` in the
@@ -293,6 +308,11 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
         self.get_asymmetric_key(key_id)
     }
 
+    #[deprecated(note = "This function should ideally never be used outside this crate")]
+    pub fn dangerous_get_signing_key(&self, key_id: Ids::Signing) -> Result<&SigningKey> {
+        self.get_signing_key(key_id)
+    }
+
     fn get_symmetric_key(&self, key_id: Ids::Symmetric) -> Result<&SymmetricCryptoKey> {
         if key_id.is_local() {
             self.local_symmetric_keys.get(key_id)
@@ -400,6 +420,33 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
             }
         }
     }
+
+    /// Signs the given data using the specified signing key, for the given [crate::SigningNamespace]
+    /// and returns the signature and the serialized message. See [crate::SigningKey::sign]
+    #[allow(unused)]
+    pub(crate) fn sign<Message: Serialize>(
+        &self,
+        key: Ids::Signing,
+        message: &Message,
+        namespace: &crate::SigningNamespace,
+    ) -> Result<SignedObject> {
+        let key = self.get_signing_key(key)?;
+        key.sign(message, namespace)
+    }
+
+    /// Signs the given data using the specified signing key, for the given [crate::SigningNamespace]
+    /// and returns the signature and the serialized message. See [crate::SigningKey::sign_detached]
+    #[allow(unused)]
+    pub(crate) fn sign_detached<Message: Serialize>(
+        &self,
+        key: Ids::Signing,
+        message: &Message,
+        namespace: &crate::SigningNamespace,
+    ) -> Result<(Signature, Vec<u8>)> {
+        let key = self.get_signing_key(key)?;
+        let (signature, serialized_message) = key.sign_detached(message, namespace)?;
+        Ok((signature, serialized_message.as_ref().to_vec()))
+    }
 }
 
 #[cfg(test)]
