keymgr: Add function for generating EncodableKeys.
This commit is contained in:
parent
f5f133c04c
commit
9c326ced81
|
@ -4562,6 +4562,7 @@ dependencies = [
|
|||
"dyn-clone",
|
||||
"fs-mistrust",
|
||||
"itertools",
|
||||
"rand 0.8.5",
|
||||
"serde",
|
||||
"ssh-key",
|
||||
"tempfile",
|
||||
|
|
|
@ -30,6 +30,7 @@ downcast-rs = "1.2.0"
|
|||
dyn-clone = "1.0.11"
|
||||
fs-mistrust = { path = "../fs-mistrust", version = "0.7.1", features = ["serde", "walkdir"] }
|
||||
itertools = "0.11.0"
|
||||
rand = "0.8"
|
||||
serde = { version = "1.0.103", features = ["derive"] }
|
||||
ssh-key = { version = "0.5.1", features = ["std"] }
|
||||
thiserror = "1"
|
||||
|
|
|
@ -13,3 +13,5 @@ REMOVED: the `has_key_bundle` function (from the `Keystore` trait)
|
|||
ADDED: `PartialEq`, `Eq`, `Hash` derives for `ArtiPath` and `KeyType`
|
||||
ADDED: a `to_bytes` function to `EncodableKey` trait
|
||||
ADDED: `Keystore::contains()`
|
||||
ADDED: `KeygenRng` trait
|
||||
ADDED: `EncodableKey::generate()`
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
pub(crate) mod arti;
|
||||
|
||||
use rand::{CryptoRng, RngCore};
|
||||
use tor_hscrypto::pk::{HsClientDescEncSecretKey, HsClientIntroAuthKeypair};
|
||||
use tor_llcrypto::pk::{curve25519, ed25519};
|
||||
use zeroize::Zeroizing;
|
||||
|
@ -14,6 +15,11 @@ use downcast_rs::{impl_downcast, Downcast};
|
|||
/// A type-erased key returned by a [`Keystore`].
|
||||
pub type ErasedKey = Box<dyn EncodableKey>;
|
||||
|
||||
/// A random number generator for generating [`EncodableKey`]s.
|
||||
pub trait KeygenRng: RngCore + CryptoRng {}
|
||||
|
||||
impl<T> KeygenRng for T where T: RngCore + CryptoRng {}
|
||||
|
||||
/// A generic key store.
|
||||
//
|
||||
// TODO HSS: eventually this will be able to store items that aren't keys (such as certificates and
|
||||
|
@ -76,6 +82,11 @@ pub trait EncodableKey: Downcast {
|
|||
where
|
||||
Self: Sized;
|
||||
|
||||
/// Generate a new key of this type.
|
||||
fn generate(rng: &mut dyn KeygenRng) -> Self
|
||||
where
|
||||
Self: Sized;
|
||||
|
||||
/// The byte representation of the key.
|
||||
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>>;
|
||||
}
|
||||
|
@ -90,6 +101,13 @@ impl EncodableKey for curve25519::StaticSecret {
|
|||
KeyType::X25519StaticSecret
|
||||
}
|
||||
|
||||
fn generate(rng: &mut dyn KeygenRng) -> Self
|
||||
where
|
||||
Self: Sized,
|
||||
{
|
||||
curve25519::StaticSecret::new(rng)
|
||||
}
|
||||
|
||||
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
|
||||
Ok(curve25519::StaticSecret::to_bytes(self).to_vec().into())
|
||||
}
|
||||
|
@ -103,6 +121,15 @@ impl EncodableKey for ed25519::Keypair {
|
|||
KeyType::Ed25519Keypair
|
||||
}
|
||||
|
||||
fn generate(rng: &mut dyn KeygenRng) -> Self
|
||||
where
|
||||
Self: Sized,
|
||||
{
|
||||
use tor_llcrypto::util::rand_compat::RngCompatExt;
|
||||
|
||||
ed25519::Keypair::generate(&mut rng.rng_compat())
|
||||
}
|
||||
|
||||
fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
|
||||
Ok(ed25519::Keypair::to_bytes(self).to_vec().into())
|
||||
}
|
||||
|
|
|
@ -65,7 +65,7 @@ pub use key_specifier::{ArtiPath, ArtiPathComponent, CTorPath, KeySpecifier};
|
|||
pub use {
|
||||
key_type::KeyType,
|
||||
keystore::arti::ArtiNativeKeystore,
|
||||
keystore::{EncodableKey, ErasedKey, Keystore, ToEncodableKey},
|
||||
keystore::{EncodableKey, ErasedKey, KeygenRng, Keystore, ToEncodableKey},
|
||||
mgr::KeyMgr,
|
||||
};
|
||||
|
||||
|
|
|
@ -169,6 +169,13 @@ mod tests {
|
|||
KeyType::Ed25519Keypair
|
||||
}
|
||||
|
||||
fn generate(_rng: &mut dyn KeygenRng) -> Self
|
||||
where
|
||||
Self: Sized,
|
||||
{
|
||||
"generated_test_key".into()
|
||||
}
|
||||
|
||||
fn to_bytes(&self) -> Result<zeroize::Zeroizing<Vec<u8>>> {
|
||||
Ok(self.as_bytes().to_vec().into())
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue