1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
use super::*;
use crate::asymmetric_common::*;
use crate::CryptoCtx;
use parking_lot::{Mutex, MutexGuard};
use std::sync::Arc;
pub trait KxSecretKeyBuilder {
fn from_raw(&self, raw: &[u8]) -> Result<KxSecretKey, CryptoError>;
}
#[derive(Clone)]
pub struct KxSecretKey {
inner: Arc<Mutex<Box<dyn KxSecretKeyLike>>>,
}
impl KxSecretKey {
pub fn new(kx_secretkey_like: Box<dyn KxSecretKeyLike>) -> Self {
KxSecretKey {
inner: Arc::new(Mutex::new(kx_secretkey_like)),
}
}
pub fn inner(&self) -> MutexGuard<'_, Box<dyn KxSecretKeyLike>> {
self.inner.lock()
}
pub fn locked<T, U>(&self, mut f: T) -> U
where
T: FnMut(MutexGuard<'_, Box<dyn KxSecretKeyLike>>) -> U,
{
f(self.inner())
}
pub fn alg(&self) -> KxAlgorithm {
self.inner().alg()
}
pub(crate) fn as_raw(&self) -> Result<Vec<u8>, CryptoError> {
Ok(self.inner().as_raw()?.to_vec())
}
pub(crate) fn export(&self, encoding: SecretKeyEncoding) -> Result<Vec<u8>, CryptoError> {
match encoding {
SecretKeyEncoding::Raw => Ok(self.inner().as_raw()?.to_vec()),
_ => bail!(CryptoError::UnsupportedEncoding),
}
}
pub(crate) fn publickey(&self) -> Result<KxPublicKey, CryptoError> {
self.inner().publickey()
}
pub fn dh(&self, pk: &KxPublicKey) -> Result<Vec<u8>, CryptoError> {
ensure!(pk.alg() == self.alg(), CryptoError::IncompatibleKeys);
self.inner().dh(pk)
}
fn decapsulate(&self, encapsulated_secret: &[u8]) -> Result<Vec<u8>, CryptoError> {
self.inner().decapsulate(encapsulated_secret)
}
}
pub trait KxSecretKeyLike: Sync + Send {
fn as_any(&self) -> &dyn Any;
fn alg(&self) -> KxAlgorithm;
fn len(&self) -> Result<usize, CryptoError>;
fn as_raw(&self) -> Result<&[u8], CryptoError>;
fn publickey(&self) -> Result<KxPublicKey, CryptoError>;
fn dh(&self, _pk: &KxPublicKey) -> Result<Vec<u8>, CryptoError> {
bail!(CryptoError::InvalidOperation);
}
fn decapsulate(&self, _encapsulated_secret: &[u8]) -> Result<Vec<u8>, CryptoError> {
bail!(CryptoError::InvalidOperation);
}
}
impl CryptoCtx {
pub fn kx_dh(&self, pk_handle: Handle, sk_handle: Handle) -> Result<Handle, CryptoError> {
let pk = self
.handles
.publickey
.get(pk_handle)?
.into_kx_public_key()?;
let sk = self
.handles
.secretkey
.get(sk_handle)?
.into_kx_secret_key()?;
let shared_secret = sk.dh(&pk)?;
ArrayOutput::register(&self.handles, shared_secret)
}
pub fn kx_decapsulate(
&self,
sk_handle: Handle,
encapsulated_secret: &[u8],
) -> Result<Handle, CryptoError> {
let sk = self
.handles
.secretkey
.get(sk_handle)?
.into_kx_secret_key()?;
let shared_secret = sk.decapsulate(encapsulated_secret)?;
ArrayOutput::register(&self.handles, shared_secret)
}
}