Merge remote-tracking branch 'origin/feat_oberon_key' into TM/oberon-net

trinsic-id · Oct 7, 2021 · e2bb352 · e2bb352
2 parents 9863370 + 26c02d0
commit e2bb352
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 11 deletions.
diff --git a/native/src/oberon/mod.rs b/native/src/oberon/mod.rs
@@ -4,12 +4,19 @@ use rand::prelude::*;
 use std::convert::TryInto;
 
 impl crate::Oberon {
-    pub fn key<'a>(_request: &CreateOberonKeyRequest) -> Result<CreateOberonKeyReply, Error<'a>> {
-        let rng = thread_rng();
-
-        let sk = oberon::SecretKey::new(rng);
+    pub fn key<'a>(request: &CreateOberonKeyRequest) -> Result<CreateOberonKeyReply, Error<'a>> {
+        let sk = if request.seed.len() == 0 {
+            let rng = thread_rng();
+            oberon::SecretKey::new(rng)
+        } else {
+            oberon::SecretKey::hash(&request.seed)
+        };
+        let pk = oberon::PublicKey::from(&sk);
 
-        Ok(CreateOberonKeyReply { key: sk.to_bytes().to_vec() })
+        Ok(CreateOberonKeyReply {
+            sk: sk.to_bytes().to_vec(),
+            pk: pk.to_bytes().to_vec(),
+        })
     }
 
     pub fn token<'a>(request: &CreateOberonTokenRequest) -> Result<CreateOberonTokenReply, Error<'a>> {

diff --git a/native/src/proto/okapi_security.rs b/native/src/proto/okapi_security.rs
@@ -2,14 +2,20 @@
 #[derive(::serde::Serialize, ::serde::Deserialize)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct CreateOberonKeyRequest {
+    /// optional seed to generate deterministic keys
+    #[prost(bytes="vec", tag="1")]
+    pub seed: ::prost::alloc::vec::Vec<u8>,
 }
 /// Contains the oberon secret key bytes
 #[derive(::serde::Serialize, ::serde::Deserialize)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct CreateOberonKeyReply {
-    /// raw key bytes
+    /// raw secret key bytes
     #[prost(bytes="vec", tag="2")]
-    pub key: ::prost::alloc::vec::Vec<u8>,
+    pub sk: ::prost::alloc::vec::Vec<u8>,
+    /// raw public key bytes
+    #[prost(bytes="vec", tag="3")]
+    pub pk: ::prost::alloc::vec::Vec<u8>,
 }
 /// Create a new oberon token
 #[derive(::serde::Serialize, ::serde::Deserialize)]

diff --git a/native/src/tests/keys.rs b/native/src/tests/keys.rs
@@ -5,7 +5,7 @@ use fluid::prelude::*;
 
 #[theory]
 #[case(KeyType::X25519, 32)]
-#[case(KeyType::P256, 65)]
+#[case(KeyType::P256, 33)]
 #[case(KeyType::Ed25519, 32)]
 fn test_generate_key_no_seed(key_type: KeyType, public_key_size: usize) {
     let request = GenerateKeyRequest {
@@ -30,7 +30,7 @@ fn test_generate_key_no_seed(key_type: KeyType, public_key_size: usize) {
 #[test]
 fn test_generate_key_no_seed_1() {
     let key_type = KeyType::P256;
-    let public_key_size: usize = 65;
+    let public_key_size: usize = 33;
 
     let request = GenerateKeyRequest {
         seed: vec![],

diff --git a/native/src/tests/oberon.rs b/native/src/tests/oberon.rs
@@ -286,7 +286,17 @@ fn test_unblind_token() {
 
 #[test]
 fn test_create_key() {
-    let req = CreateOberonKeyRequest {};
+    let req = CreateOberonKeyRequest { seed: vec![] };
 
     crate::Oberon::key(&req).unwrap();
 }
+
+#[test]
+fn test_create_key_with_seed() {
+    let req = CreateOberonKeyRequest {
+        seed: b"super secret seed".to_vec(),
+    };
+
+    let result = crate::Oberon::key(&req);
+    assert!(result.is_ok())
+}
diff --git a/proto/security.proto b/proto/security.proto
@@ -10,11 +10,13 @@ option java_package = "trinsic.okapi";
 
 // Create an Oberon Compatible Secret Key
 message CreateOberonKeyRequest {
+    bytes seed = 1; // optional seed to generate deterministic keys
 }
 
 // Contains the oberon secret key bytes
 message CreateOberonKeyReply {
-    bytes key = 2; // raw key bytes
+    bytes sk = 2; // raw secret key bytes
+    bytes pk = 3; // raw public key bytes
 }
 
 // Create a new oberon token