keymgr: Add function for generating EncodableKeys.
This commit is contained in:
parent
f5f133c04c
commit
9c326ced81
|
@ -4562,6 +4562,7 @@ dependencies = [
|
||||||
"dyn-clone",
|
"dyn-clone",
|
||||||
"fs-mistrust",
|
"fs-mistrust",
|
||||||
"itertools",
|
"itertools",
|
||||||
|
"rand 0.8.5",
|
||||||
"serde",
|
"serde",
|
||||||
"ssh-key",
|
"ssh-key",
|
||||||
"tempfile",
|
"tempfile",
|
||||||
|
|
|
@ -30,6 +30,7 @@ downcast-rs = "1.2.0"
|
||||||
dyn-clone = "1.0.11"
|
dyn-clone = "1.0.11"
|
||||||
fs-mistrust = { path = "../fs-mistrust", version = "0.7.1", features = ["serde", "walkdir"] }
|
fs-mistrust = { path = "../fs-mistrust", version = "0.7.1", features = ["serde", "walkdir"] }
|
||||||
itertools = "0.11.0"
|
itertools = "0.11.0"
|
||||||
|
rand = "0.8"
|
||||||
serde = { version = "1.0.103", features = ["derive"] }
|
serde = { version = "1.0.103", features = ["derive"] }
|
||||||
ssh-key = { version = "0.5.1", features = ["std"] }
|
ssh-key = { version = "0.5.1", features = ["std"] }
|
||||||
thiserror = "1"
|
thiserror = "1"
|
||||||
|
|
|
@ -13,3 +13,5 @@ REMOVED: the `has_key_bundle` function (from the `Keystore` trait)
|
||||||
ADDED: `PartialEq`, `Eq`, `Hash` derives for `ArtiPath` and `KeyType`
|
ADDED: `PartialEq`, `Eq`, `Hash` derives for `ArtiPath` and `KeyType`
|
||||||
ADDED: a `to_bytes` function to `EncodableKey` trait
|
ADDED: a `to_bytes` function to `EncodableKey` trait
|
||||||
ADDED: `Keystore::contains()`
|
ADDED: `Keystore::contains()`
|
||||||
|
ADDED: `KeygenRng` trait
|
||||||
|
ADDED: `EncodableKey::generate()`
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
pub(crate) mod arti;
|
pub(crate) mod arti;
|
||||||
|
|
||||||
|
use rand::{CryptoRng, RngCore};
|
||||||
use tor_hscrypto::pk::{HsClientDescEncSecretKey, HsClientIntroAuthKeypair};
|
use tor_hscrypto::pk::{HsClientDescEncSecretKey, HsClientIntroAuthKeypair};
|
||||||
use tor_llcrypto::pk::{curve25519, ed25519};
|
use tor_llcrypto::pk::{curve25519, ed25519};
|
||||||
use zeroize::Zeroizing;
|
use zeroize::Zeroizing;
|
||||||
|
@ -14,6 +15,11 @@ use downcast_rs::{impl_downcast, Downcast};
|
||||||
/// A type-erased key returned by a [`Keystore`].
|
/// A type-erased key returned by a [`Keystore`].
|
||||||
pub type ErasedKey = Box<dyn EncodableKey>;
|
pub type ErasedKey = Box<dyn EncodableKey>;
|
||||||
|
|
||||||
|
/// A random number generator for generating [`EncodableKey`]s.
|
||||||
|
pub trait KeygenRng: RngCore + CryptoRng {}
|
||||||
|
|
||||||
|
impl<T> KeygenRng for T where T: RngCore + CryptoRng {}
|
||||||
|
|
||||||
/// A generic key store.
|
/// A generic key store.
|
||||||
//
|
//
|
||||||
// TODO HSS: eventually this will be able to store items that aren't keys (such as certificates and
|
// TODO HSS: eventually this will be able to store items that aren't keys (such as certificates and
|
||||||
|
@ -76,6 +82,11 @@ pub trait EncodableKey: Downcast {
|
||||||
where
|
where
|
||||||
Self: Sized;
|
Self: Sized;
|
||||||
|
|
||||||
|
/// Generate a new key of this type.
|
||||||
|
fn generate(rng: &mut dyn KeygenRng) -> Self
|
||||||
|
where
|
||||||
|
Self: Sized;
|
||||||
|
|
||||||
/// The byte representation of the key.
|
/// The byte representation of the key.
|
||||||
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>>;
|
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>>;
|
||||||
}
|
}
|
||||||
|
@ -90,6 +101,13 @@ impl EncodableKey for curve25519::StaticSecret {
|
||||||
KeyType::X25519StaticSecret
|
KeyType::X25519StaticSecret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn generate(rng: &mut dyn KeygenRng) -> Self
|
||||||
|
where
|
||||||
|
Self: Sized,
|
||||||
|
{
|
||||||
|
curve25519::StaticSecret::new(rng)
|
||||||
|
}
|
||||||
|
|
||||||
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
|
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
|
||||||
Ok(curve25519::StaticSecret::to_bytes(self).to_vec().into())
|
Ok(curve25519::StaticSecret::to_bytes(self).to_vec().into())
|
||||||
}
|
}
|
||||||
|
@ -103,6 +121,15 @@ impl EncodableKey for ed25519::Keypair {
|
||||||
KeyType::Ed25519Keypair
|
KeyType::Ed25519Keypair
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn generate(rng: &mut dyn KeygenRng) -> Self
|
||||||
|
where
|
||||||
|
Self: Sized,
|
||||||
|
{
|
||||||
|
use tor_llcrypto::util::rand_compat::RngCompatExt;
|
||||||
|
|
||||||
|
ed25519::Keypair::generate(&mut rng.rng_compat())
|
||||||
|
}
|
||||||
|
|
||||||
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
|
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
|
||||||
Ok(ed25519::Keypair::to_bytes(self).to_vec().into())
|
Ok(ed25519::Keypair::to_bytes(self).to_vec().into())
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,7 +65,7 @@ pub use key_specifier::{ArtiPath, ArtiPathComponent, CTorPath, KeySpecifier};
|
||||||
pub use {
|
pub use {
|
||||||
key_type::KeyType,
|
key_type::KeyType,
|
||||||
keystore::arti::ArtiNativeKeystore,
|
keystore::arti::ArtiNativeKeystore,
|
||||||
keystore::{EncodableKey, ErasedKey, Keystore, ToEncodableKey},
|
keystore::{EncodableKey, ErasedKey, KeygenRng, Keystore, ToEncodableKey},
|
||||||
mgr::KeyMgr,
|
mgr::KeyMgr,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -169,6 +169,13 @@ mod tests {
|
||||||
KeyType::Ed25519Keypair
|
KeyType::Ed25519Keypair
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn generate(_rng: &mut dyn KeygenRng) -> Self
|
||||||
|
where
|
||||||
|
Self: Sized,
|
||||||
|
{
|
||||||
|
"generated_test_key".into()
|
||||||
|
}
|
||||||
|
|
||||||
fn to_bytes(&self) -> Result<zeroize::Zeroizing<Vec<u8>>> {
|
fn to_bytes(&self) -> Result<zeroize::Zeroizing<Vec<u8>>> {
|
||||||
Ok(self.as_bytes().to_vec().into())
|
Ok(self.as_bytes().to_vec().into())
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue