feat: add 'signature_public_key_len' & 'validate_signature_key' to Cr…

…yptoProvider
wireapp · Apr 15, 2024 · 58fed9f · 58fed9f
1 parent 945654c
commit 58fed9f
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 0 deletions.
diff --git a/openmls_rust_crypto/Cargo.toml b/openmls_rust_crypto/Cargo.toml
@@ -21,13 +21,15 @@ hmac = { version = "0.12" }
 ed25519-dalek = { version = "2.0.0-rc.3", features = ["rand_core"] }
 p256 = { version = "0.13" }
 p384 = { version = "0.13" }
+p521 = "0.13"
 hkdf = { version = "0.12" }
 rand_core = "0.6"
 rand_chacha = { version = "0.3" }
 tls_codec = { workspace = true }
 zeroize = { version = "1.6", features = ["derive"] }
 signature = "2.1"
 thiserror = "1.0"
+generic-array = "0.14"
 
 [dependencies.hpke]
 git = "https://github.com/wireapp/rust-hpke.git"

diff --git a/openmls_rust_crypto/src/provider.rs b/openmls_rust_crypto/src/provider.rs
@@ -274,6 +274,23 @@ impl OpenMlsCrypto for RustCrypto {
         }
     }
 
+    fn signature_public_key_len(&self, alg: SignatureScheme) -> usize {
+        use generic_array::typenum::Unsigned;
+        match alg {
+            SignatureScheme::ECDSA_SECP256R1_SHA256 => {
+                <p256::NistP256 as p256::elliptic_curve::Curve>::FieldBytesSize::to_usize()
+            }
+            SignatureScheme::ECDSA_SECP384R1_SHA384 => {
+                <p384::NistP384 as p384::elliptic_curve::Curve>::FieldBytesSize::to_usize()
+            }
+            SignatureScheme::ECDSA_SECP521R1_SHA512 => {
+                <p521::NistP521 as p521::elliptic_curve::Curve>::FieldBytesSize::to_usize()
+            }
+            SignatureScheme::ED25519 => ed25519_dalek::PUBLIC_KEY_LENGTH,
+            SignatureScheme::ED448 => 57,
+        }
+    }
+
     fn verify_signature(
         &self,
         alg: openmls_traits::types::SignatureScheme,

diff --git a/traits/src/crypto.rs b/traits/src/crypto.rs
@@ -77,6 +77,17 @@ pub trait OpenMlsCrypto {
     /// generation fails.
     fn signature_key_gen(&self, alg: SignatureScheme) -> Result<(Vec<u8>, Vec<u8>), CryptoError>;
 
+    /// Gives the length of a signature public key, in bytes
+    fn signature_public_key_len(&self, alg: SignatureScheme) -> usize;
+
+    /// Parses and validate a signature public key
+    fn validate_signature_key(&self, alg: SignatureScheme, key: &[u8]) -> Result<(), CryptoError> {
+        if self.signature_public_key_len(alg) != key.len() {
+            return Err(CryptoError::InvalidKey);
+        }
+        Ok(())
+    }
+
     /// Verify the signature
     ///
     /// Returns an error if the [`SignatureScheme`] is not supported or the