feat: draft-20 [WPB-1192]

.github/workflows/docs.yml

@@ -17,4 +17,4 @@ jobs:
       - uses: actions/checkout@v3
       - uses: dtolnay/rust-toolchain@stable
       - uses: Swatinem/rust-cache@v2
-      - run: cargo doc -p openmls --message-format json
+      - run: cargo doc -p openmls

Cargo.toml

@@ -5,27 +5,22 @@ members = [
     "openmls_rust_crypto",
     "fuzz",
     "cli",
-    "interop_client",
+    # "interop_client",
     "memory_keystore",
-    "evercrypt_backend",
     "delivery-service/ds",
     "delivery-service/ds-lib",
-    "basic_credential"
+    "basic_credential",
+    "x509_credential"
 ]
 resolver = "2"
 
-# Patching unreleased crates
 [workspace.dependencies]
-tls_codec = { version = "0.3.0-pre.3", features = ["derive", "serde", "mls"] }
+async-trait = "0.1"
 
-[patch.crates-io.hpke-rs]
-git = "https://github.com/franziskuskiefer/hpke-rs.git"
+[workspace.dependencies.tls_codec]
+version = "0.3.0"
+features = ["derive", "serde", "mls"]
 
-[patch.crates-io.hpke-rs-crypto]
-git = "https://github.com/franziskuskiefer/hpke-rs.git"
-
-[patch.crates-io.hpke-rs-evercrypt]
-git = "https://github.com/franziskuskiefer/hpke-rs.git"
-
-[patch.crates-io.hpke-rs-rust-crypto]
-git = "https://github.com/franziskuskiefer/hpke-rs.git"
+[workspace.dependencies.tls_codec_derive]
+version = "0.3.0"
+features = ["derive", "serde", "mls"]

basic_credential/Cargo.toml

@@ -12,12 +12,18 @@ readme = "README.md"
 [dependencies]
 openmls_traits = { version = "0.1.0", path = "../traits" }
 tls_codec = { workspace = true }
+async-trait = { workspace = true }
 serde = "1.0"
 
 # Rust Crypto
-ed25519-dalek = { version = "1.0" }
-p256 = { version = "0.11" }
-rand-07 = {version = "0.7", package = "rand" } # only needed because of ed25519-dalek
+ed25519-dalek = { version = "2.0.0-rc.2", features = ["rand_core"] }
+p256 = "0.13"
+p384 = "0.13"
+secrecy = { version = "0.8", features = ["serde"] }
+rand_core = "0.6"
+getrandom = { version = "0.2", features = ["js"] }
+
+[dev-dependencies]
 rand = "0.8"
 
 [features]

basic_credential/src/lib.rs

@@ -4,34 +4,82 @@
 //!
 //! For now this credential uses only RustCrypto.
 
+use secrecy::{ExposeSecret, SecretVec};
 use std::fmt::Debug;
 
 use openmls_traits::{
     key_store::{MlsEntity, MlsEntityId, OpenMlsKeyStore},
-    signatures::Signer,
-    types::{CryptoError, Error, SignatureScheme},
+    types::{CryptoError, SignatureScheme},
 };
 
-use p256::ecdsa::SigningKey;
-
-// See https://github.com/rust-analyzer/rust-analyzer/issues/7243
-// for the rust-analyzer issue with the following line.
-use ed25519_dalek::Signer as DalekSigner;
-use rand::rngs::OsRng;
-use tls_codec::{TlsDeserialize, TlsSerialize, TlsSize};
+fn expose_sk<S: serde::Serializer>(data: &SecretVec<u8>, ser: S) -> Result<S::Ok, S::Error> {
+    use serde::ser::SerializeSeq as _;
+    let exposed = data.expose_secret();
+    let mut seq = ser.serialize_seq(Some(exposed.len()))?;
+    for b in exposed.iter() {
+        seq.serialize_element(b)?;
+    }
+    seq.end()
+}
 
 /// A signature key pair for the basic credential.
 ///
 /// This can be used as keys to implement the MLS basic credential. It is a simple
 /// private and public key pair with corresponding signature scheme.
-#[derive(TlsSerialize, TlsSize, TlsDeserialize, serde::Serialize, serde::Deserialize)]
-#[cfg_attr(feature = "clonable", derive(Clone))]
+#[derive(serde::Serialize, serde::Deserialize)]
 pub struct SignatureKeyPair {
-    private: Vec<u8>,
+    #[serde(serialize_with = "expose_sk")]
+    private: SecretVec<u8>,
     public: Vec<u8>,
     signature_scheme: SignatureScheme,
 }
 
+#[cfg(feature = "clonable")]
+impl Clone for SignatureKeyPair {
+    fn clone(&self) -> Self {
+        Self {
+            private: self.private.expose_secret().clone().into(),
+            public: self.public.clone(),
+            signature_scheme: self.signature_scheme,
+        }
+    }
+}
+
+impl secrecy::SerializableSecret for SignatureKeyPair {}
+
+impl tls_codec::Size for SignatureKeyPair {
+    fn tls_serialized_len(&self) -> usize {
+        self.private.expose_secret().tls_serialized_len()
+            + self.public.tls_serialized_len()
+            + self.signature_scheme.tls_serialized_len()
+    }
+}
+
+impl tls_codec::Deserialize for SignatureKeyPair {
+    fn tls_deserialize<R: std::io::Read>(bytes: &mut R) -> Result<Self, tls_codec::Error>
+    where
+        Self: Sized,
+    {
+        let private = Vec::<u8>::tls_deserialize(bytes)?.into();
+        let public = Vec::<u8>::tls_deserialize(bytes)?;
+        let signature_scheme = SignatureScheme::tls_deserialize(bytes)?;
+        Ok(Self {
+            private,
+            public,
+            signature_scheme,
+        })
+    }
+}
+
+impl tls_codec::Serialize for SignatureKeyPair {
+    fn tls_serialize<W: std::io::Write>(&self, writer: &mut W) -> Result<usize, tls_codec::Error> {
+        let mut written = self.private.expose_secret().tls_serialize(writer)?;
+        written += self.public.tls_serialize(writer)?;
+        written += self.signature_scheme.tls_serialize(writer)?;
+        Ok(written)
+    }
+}
+
 impl Debug for SignatureKeyPair {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.debug_struct("SignatureKeyPair")
@@ -42,58 +90,43 @@ impl Debug for SignatureKeyPair {
     }
 }
 
-impl Signer for SignatureKeyPair {
-    fn sign(&self, payload: &[u8]) -> Result<Vec<u8>, Error> {
-        match self.signature_scheme {
-            SignatureScheme::ECDSA_SECP256R1_SHA256 => {
-                let k = SigningKey::from_bytes(&self.private).map_err(|_| Error::SigningError)?;
-                let signature = k.sign(payload);
-                Ok(signature.to_der().to_bytes().into())
-            }
-            SignatureScheme::ED25519 => {
-                let k = ed25519_dalek::Keypair::from_bytes(&self.private)
-                    .map_err(|_| Error::SigningError)?;
-                let signature = k.sign(payload);
-                Ok(signature.to_bytes().into())
-            }
-            _ => Err(Error::SigningError),
-        }
+impl openmls_traits::signatures::DefaultSigner for SignatureKeyPair {
+    fn private_key(&self) -> &[u8] {
+        self.private.expose_secret().as_slice()
     }
 
     fn signature_scheme(&self) -> SignatureScheme {
         self.signature_scheme
     }
 }
 
-/// Compute the ID for a [`Signature`] in the key store.
-fn id(public_key: &[u8], signature_scheme: SignatureScheme) -> Vec<u8> {
-    const LABEL: &[u8; 22] = b"RustCryptoSignatureKey";
-    let mut id = public_key.to_vec();
-    id.extend_from_slice(LABEL);
-    let signature_scheme = (signature_scheme as u16).to_be_bytes();
-    id.extend_from_slice(&signature_scheme);
-    id
-}
-
 impl MlsEntity for SignatureKeyPair {
     const ID: MlsEntityId = MlsEntityId::SignatureKeyPair;
 }
 
 impl SignatureKeyPair {
     /// Generates a fresh signature keypair using the [`SignatureScheme`].
-    pub fn new(signature_scheme: SignatureScheme) -> Result<Self, CryptoError> {
-        let (private, public) = match signature_scheme {
+    pub fn new(
+        signature_scheme: SignatureScheme,
+        csprng: &mut impl rand_core::CryptoRngCore,
+    ) -> Result<Self, CryptoError> {
+        let (private, public): (SecretVec<u8>, Vec<u8>) = match signature_scheme {
             SignatureScheme::ECDSA_SECP256R1_SHA256 => {
-                let k = SigningKey::random(&mut OsRng);
-                let pk = k.verifying_key().to_encoded_point(false).as_bytes().into();
-                (k.to_bytes().as_slice().into(), pk)
+                let sk = p256::ecdsa::SigningKey::random(csprng);
+                let pk = sk.verifying_key().to_encoded_point(false).to_bytes().into();
+                (sk.to_bytes().to_vec().into(), pk)
+            }
+            SignatureScheme::ECDSA_SECP384R1_SHA384 => {
+                let sk = p384::ecdsa::SigningKey::random(csprng);
+                let pk = sk.verifying_key().to_encoded_point(false).to_bytes().into();
+                (sk.to_bytes().to_vec().into(), pk)
             }
             SignatureScheme::ED25519 => {
-                let k = ed25519_dalek::Keypair::generate(&mut rand_07::rngs::OsRng).to_bytes();
-                let pk = k[ed25519_dalek::SECRET_KEY_LENGTH..].to_vec();
+                let sk = ed25519_dalek::SigningKey::generate(csprng);
+                let pk = sk.verifying_key();
                 // full key here because we need it to sign...
-                let sk_pk = k.into();
-                (sk_pk, pk)
+                let sk_pk: Vec<u8> = sk.to_bytes().into();
+                (sk_pk.into(), pk.to_bytes().into())
             }
             _ => return Err(CryptoError::UnsupportedSignatureScheme),
         };
@@ -108,31 +141,70 @@ impl SignatureKeyPair {
     /// Create a new signature key pair from the raw keys.
     pub fn from_raw(signature_scheme: SignatureScheme, private: Vec<u8>, public: Vec<u8>) -> Self {
         Self {
-            private,
+            private: private.into(),
             public,
             signature_scheme,
         }
     }
 
-    fn id(&self) -> Vec<u8> {
-        id(&self.public, self.signature_scheme)
+    /// Create a new KeyPair but verify that the private key actually matches the public key
+    pub fn try_from_raw(
+        signature_scheme: SignatureScheme,
+        private: Vec<u8>,
+        public: Vec<u8>,
+    ) -> Result<Self, CryptoError> {
+        match signature_scheme {
+            SignatureScheme::ED25519 => {
+                let sk = ed25519_dalek::SigningKey::try_from(
+                    &private[..ed25519_dalek::SECRET_KEY_LENGTH],
+                )
+                .map_err(|_| CryptoError::InvalidKey)?;
+                let pk = ed25519_dalek::VerifyingKey::try_from(&public[..])
+                    .map_err(|_| CryptoError::InvalidKey)?;
+
+                if sk.verifying_key() != pk {
+                    return Err(CryptoError::MismatchKeypair);
+                }
+            }
+            SignatureScheme::ECDSA_SECP256R1_SHA256 => {
+                let sk = p256::ecdsa::SigningKey::try_from(&private[..])
+                    .map_err(|_| CryptoError::InvalidKey)?;
+                let pk = p256::ecdsa::VerifyingKey::try_from(&public[..])
+                    .map_err(|_| CryptoError::InvalidKey)?;
+                if sk.verifying_key() != &pk {
+                    return Err(CryptoError::MismatchKeypair);
+                }
+            }
+            SignatureScheme::ECDSA_SECP384R1_SHA384 => {
+                let sk = p384::ecdsa::SigningKey::try_from(&private[..])
+                    .map_err(|_| CryptoError::InvalidKey)?;
+                let pk = p384::ecdsa::VerifyingKey::try_from(&public[..])
+                    .map_err(|_| CryptoError::InvalidKey)?;
+                if sk.verifying_key() != &pk {
+                    return Err(CryptoError::MismatchKeypair);
+                }
+            }
+            _ => {}
+        };
+
+        Ok(Self {
+            private: private.into(),
+            public,
+            signature_scheme,
+        })
     }
 
     /// Store this signature key pair in the key store.
-    pub fn store<T>(&self, key_store: &T) -> Result<(), <T as OpenMlsKeyStore>::Error>
+    pub async fn store<T>(&self, key_store: &T) -> Result<(), <T as OpenMlsKeyStore>::Error>
     where
         T: OpenMlsKeyStore,
     {
-        key_store.store(&self.id(), self)
+        key_store.store(&self.public, self).await
     }
 
     /// Read a signature key pair from the key store.
-    pub fn read(
-        key_store: &impl OpenMlsKeyStore,
-        public_key: &[u8],
-        signature_scheme: SignatureScheme,
-    ) -> Option<Self> {
-        key_store.read(&id(public_key, signature_scheme))
+    pub async fn read(key_store: &impl OpenMlsKeyStore, public_key: &[u8]) -> Option<Self> {
+        key_store.read(public_key).await
     }
 
     /// Get the public key as byte slice.
@@ -152,6 +224,26 @@ impl SignatureKeyPair {
 
     #[cfg(feature = "test-utils")]
     pub fn private(&self) -> &[u8] {
-        &self.private
+        self.private.expose_secret()
+    }
+}
+
+#[cfg(test)]
+pub mod tests {
+    use super::*;
+
+    #[test]
+    fn signature_keypair_try_from_raw_should_work() {
+        let schemes = [
+            SignatureScheme::ED25519,
+            SignatureScheme::ECDSA_SECP256R1_SHA256,
+            SignatureScheme::ECDSA_SECP384R1_SHA384,
+        ];
+        for scheme in schemes {
+            let kp = SignatureKeyPair::new(scheme, &mut rand::thread_rng()).unwrap();
+            let sk = kp.private.expose_secret().clone();
+            let pk = kp.public.clone();
+            SignatureKeyPair::try_from_raw(scheme, sk, pk).unwrap();
+        }
     }
 }

book/src/user_manual/identity.md

@@ -15,11 +15,10 @@ Note that the implementation of the Authentication Service and, thus, the detail
 ## Creating and using credentials
 
 OpenMLS allows clients to create `Credentials`.
-A `BasicCredential`, currently the only credential type supported by OpenMLS, consists only of the `identity`.
-Thus, to create a fresh `Credential`, the following inputs are required:
+A `BasicCredential`, consists only of the `identity`.
+Thus, to create a fresh `Credential`, the following input is required:
 
 - `identity: Vec<u8>`: An octet string that uniquely identifies the client.
-- `credential_type: CredentialType`: The type of the credential, in this case `CredentialType::Basic`.
 
 ```rust,no_run,noplayground
 {{#include ../../../openmls/tests/book_code.rs:create_basic_credential}}

cli/Cargo.toml

@@ -2,11 +2,12 @@
 name = "cli"
 version = "0.1.0"
 authors = ["OpenMLS Authors"]
-edition = "2018"
+edition = "2021"
 
 [dependencies]
 url = "2.2"
-reqwest = { version = "0.11", features = ["blocking", "json"] }
+reqwest = { version = "0.11", features = ["json"] }
+tokio = { version = "1.24", features = ["full"] }
 base64 = "0.13"
 log = "0.4"
 pretty_env_logger = "0.4"