mls_rs_core/
key_package.rs

1// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2// Copyright by contributors to this project.
3// SPDX-License-Identifier: (Apache-2.0 OR MIT)
4
5#[cfg(mls_build_async)]
6use alloc::boxed::Box;
7use alloc::vec::Vec;
8use core::fmt::{self, Debug};
9use mls_rs_codec::{MlsDecode, MlsEncode, MlsSize};
10
11use crate::{crypto::HpkeSecretKey, error::IntoAnyError};
12
13#[derive(Clone, PartialEq, Eq, MlsEncode, MlsDecode, MlsSize)]
14#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
15#[non_exhaustive]
16/// Representation of a generated key package and secret keys.
17pub struct KeyPackageData {
18    #[cfg_attr(feature = "serde", serde(with = "crate::vec_serde"))]
19    pub key_package_bytes: Vec<u8>,
20    pub init_key: HpkeSecretKey,
21    pub leaf_node_key: HpkeSecretKey,
22    /// Seconds since the Unix epoch starting Jan 1st 1970.
23    pub expiration: u64,
24}
25
26impl Debug for KeyPackageData {
27    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
28        f.debug_struct("KeyPackageData")
29            .field(
30                "key_package_bytes",
31                &crate::debug::pretty_bytes(&self.key_package_bytes),
32            )
33            .field("init_key", &self.init_key)
34            .field("leaf_node_key", &self.leaf_node_key)
35            .field("expiration", &self.expiration)
36            .finish()
37    }
38}
39
40impl KeyPackageData {
41    pub fn new(
42        key_package_bytes: Vec<u8>,
43        init_key: HpkeSecretKey,
44        leaf_node_key: HpkeSecretKey,
45        expiration: u64,
46    ) -> KeyPackageData {
47        Self {
48            key_package_bytes,
49            init_key,
50            leaf_node_key,
51            expiration,
52        }
53    }
54}
55
56/// Storage trait that maintains key package secrets.
57#[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)]
58#[cfg_attr(mls_build_async, maybe_async::must_be_async)]
59pub trait KeyPackageStorage: Send + Sync {
60    /// Error type that the underlying storage mechanism returns on internal
61    /// failure.
62    type Error: IntoAnyError;
63
64    /// Delete [`KeyPackageData`] referenced by `id`.
65    ///
66    /// This function is called automatically when the key package referenced
67    /// by `id` is used to successfully join a group.
68    ///
69    /// # Warning
70    ///
71    /// [`KeyPackageData`] internally contains secret key values. The
72    /// provided delete mechanism should securely erase data.
73    async fn delete(&mut self, id: &[u8]) -> Result<(), Self::Error>;
74
75    /// Store [`KeyPackageData`] that can be accessed by `id` in the future.
76    ///
77    /// This function is automatically called whenever a new key package is created.
78    async fn insert(&mut self, id: Vec<u8>, pkg: KeyPackageData) -> Result<(), Self::Error>;
79
80    /// Retrieve [`KeyPackageData`] by its `id`.
81    ///
82    /// `None` should be returned in the event that no key packages are found
83    /// that match `id`.
84    async fn get(&self, id: &[u8]) -> Result<Option<KeyPackageData>, Self::Error>;
85}