From 26c02d082f3a58b681c18727c1ea7b5e2e2c4399 Mon Sep 17 00:00:00 2001
From: Tomislav Markovski <tmarkovski@gmail.com>
Date: Thu, 7 Oct 2021 17:40:12 -0400
Subject: [PATCH] Add pub key and seed to api. Tests fix (#189)

* Add pub key and seed to api

* Fix unit tests

* refactor

* Change comment location
---
 native/src/oberon/mod.rs           | 17 ++++++++++++-----
 native/src/proto/okapi_security.rs | 10 ++++++++--
 native/src/tests/keys.rs           |  4 ++--
 native/src/tests/oberon.rs         | 12 +++++++++++-
 proto/security.proto               |  4 +++-
 5 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/native/src/oberon/mod.rs b/native/src/oberon/mod.rs
index 8c95ed20..3c546b62 100644
--- a/native/src/oberon/mod.rs
+++ b/native/src/oberon/mod.rs
@@ -4,12 +4,19 @@ use rand::prelude::*;
 use std::convert::TryInto;
 
 impl crate::Oberon {
-    pub fn key<'a>(_request: &CreateOberonKeyRequest) -> Result<CreateOberonKeyReply, Error<'a>> {
-        let rng = thread_rng();
-
-        let sk = oberon::SecretKey::new(rng);
+    pub fn key<'a>(request: &CreateOberonKeyRequest) -> Result<CreateOberonKeyReply, Error<'a>> {
+        let sk = if request.seed.len() == 0 {
+            let rng = thread_rng();
+            oberon::SecretKey::new(rng)
+        } else {
+            oberon::SecretKey::hash(&request.seed)
+        };
+        let pk = oberon::PublicKey::from(&sk);
 
-        Ok(CreateOberonKeyReply { key: sk.to_bytes().to_vec() })
+        Ok(CreateOberonKeyReply {
+            sk: sk.to_bytes().to_vec(),
+            pk: pk.to_bytes().to_vec(),
+        })
     }
 
     pub fn token<'a>(request: &CreateOberonTokenRequest) -> Result<CreateOberonTokenReply, Error<'a>> {
diff --git a/native/src/proto/okapi_security.rs b/native/src/proto/okapi_security.rs
index ae3f071b..0520dd24 100644
--- a/native/src/proto/okapi_security.rs
+++ b/native/src/proto/okapi_security.rs
@@ -2,14 +2,20 @@
 #[derive(::serde::Serialize, ::serde::Deserialize)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct CreateOberonKeyRequest {
+    /// optional seed to generate deterministic keys
+    #[prost(bytes="vec", tag="1")]
+    pub seed: ::prost::alloc::vec::Vec<u8>,
 }
 /// Contains the oberon secret key bytes
 #[derive(::serde::Serialize, ::serde::Deserialize)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct CreateOberonKeyReply {
-    /// raw key bytes
+    /// raw secret key bytes
     #[prost(bytes="vec", tag="2")]
-    pub key: ::prost::alloc::vec::Vec<u8>,
+    pub sk: ::prost::alloc::vec::Vec<u8>,
+    /// raw public key bytes
+    #[prost(bytes="vec", tag="3")]
+    pub pk: ::prost::alloc::vec::Vec<u8>,
 }
 /// Create a new oberon token
 #[derive(::serde::Serialize, ::serde::Deserialize)]
diff --git a/native/src/tests/keys.rs b/native/src/tests/keys.rs
index 86943cc5..6c060b95 100644
--- a/native/src/tests/keys.rs
+++ b/native/src/tests/keys.rs
@@ -5,7 +5,7 @@ use fluid::prelude::*;
 
 #[theory]
 #[case(KeyType::X25519, 32)]
-#[case(KeyType::P256, 65)]
+#[case(KeyType::P256, 33)]
 #[case(KeyType::Ed25519, 32)]
 fn test_generate_key_no_seed(key_type: KeyType, public_key_size: usize) {
     let request = GenerateKeyRequest {
@@ -30,7 +30,7 @@ fn test_generate_key_no_seed(key_type: KeyType, public_key_size: usize) {
 #[test]
 fn test_generate_key_no_seed_1() {
     let key_type = KeyType::P256;
-    let public_key_size: usize = 65;
+    let public_key_size: usize = 33;
 
     let request = GenerateKeyRequest {
         seed: vec![],
diff --git a/native/src/tests/oberon.rs b/native/src/tests/oberon.rs
index 4704fe98..c48245bf 100644
--- a/native/src/tests/oberon.rs
+++ b/native/src/tests/oberon.rs
@@ -286,7 +286,17 @@ fn test_unblind_token() {
 
 #[test]
 fn test_create_key() {
-    let req = CreateOberonKeyRequest {};
+    let req = CreateOberonKeyRequest { seed: vec![] };
 
     crate::Oberon::key(&req).unwrap();
 }
+
+#[test]
+fn test_create_key_with_seed() {
+    let req = CreateOberonKeyRequest {
+        seed: b"super secret seed".to_vec(),
+    };
+
+    let result = crate::Oberon::key(&req);
+    assert!(result.is_ok())
+}
diff --git a/proto/security.proto b/proto/security.proto
index 6054906f..616b70be 100644
--- a/proto/security.proto
+++ b/proto/security.proto
@@ -10,11 +10,13 @@ option java_package = "trinsic.okapi";
 
 // Create an Oberon Compatible Secret Key
 message CreateOberonKeyRequest {
+    bytes seed = 1; // optional seed to generate deterministic keys
 }
 
 // Contains the oberon secret key bytes
 message CreateOberonKeyReply {
-    bytes key = 2; // raw key bytes
+    bytes sk = 2; // raw secret key bytes
+    bytes pk = 3; // raw public key bytes
 }
 
 // Create a new oberon token