Merge pull request #47 from sentclose/move-pre-defined-keys-to-crypto…

…-sdk Move pre defined keys to crypto sdk
sentclose · Jun 24, 2024 · 8f5d80b · 8f5d80b
2 parents 421140f + cddbeea
commit 8f5d80b
Show file tree

Hide file tree

Showing 30 changed files with 319 additions and 2,151 deletions.
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -80,7 +80,7 @@ jobs:
           key: ${{ runner.os }}-cargo-crypto_rust-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Crypto rust tests
-        run: cargo test --package sentc-crypto --lib test --features=server
+        run: cargo test --package sentc-crypto --lib test --features=server,std_keys
 
   crypto-light-default:
     runs-on: ubuntu-latest

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,7 +9,8 @@ members = [
     "implementation/js/sentc_wasm_light",
     "implementation/dart/sentc_flutter_rust",
     "implementation/dart/sentc_flutter_rust_light",
-    "crypto_keys/crypto_std_keys", "crypto_keys/crypto_fips_keys",
+    "crypto_keys/crypto_std_keys",
+    "crypto_keys/crypto_fips_keys",
 ]
 
 [workspace.package]
@@ -31,6 +32,7 @@ sentc-crypto-utils = { version = "0.13.0", path = "crypto_utils" }
 sentc-crypto = { version = "0.13.0", path = "crypto", default-features = false }
 sentc-crypto-light = { version = "0.13.0", path = "crypto_light", default-features = false }
 sentc-crypto-std-keys = { version = "0.13.0", path = "crypto_keys/crypto_std_keys" }
+sentc-crypto-fips-keys = { version = "0.13.0", path = "crypto_keys/crypto_fips_keys" }
 
 [profile.dev]
 # Must always use panic = "abort" to avoid needing to define the unstable eh_personality lang item.

diff --git a/crypto/Cargo.toml b/crypto/Cargo.toml
@@ -22,6 +22,7 @@ sentc-crypto-core = { workspace = true }
 sentc-crypto-utils = { workspace = true, features = ["encryption"] }
 sentc-crypto-common = { workspace = true }
 sentc-crypto-std-keys = { workspace = true, features = ["full"], optional = true }
+sentc-crypto-fips-keys = { workspace = true, features = ["full"], optional = true }
 
 # key and data export
 base64ct = { version = "1.0.1", default-features = false, features = ["alloc"] }  # must use this version because it is not comp. with password_hash from argon2
@@ -31,13 +32,12 @@ pem-rfc7468 = { version = "0.3.1", features = ["alloc"] }
 serde_json = { version = "1.0.81", default-features = false, features = ["alloc"] }
 serde = { version = "1.0", default-features = false, features = ["derive", "alloc"] }
 
-[dev-dependencies]
-sentc-crypto-std-keys = { workspace = true, features = ["full"] }
-
 [features]
 export = ["std_keys"]
 std_keys = ["sentc-crypto-std-keys"]
 
+fips_keys = ["sentc-crypto-fips-keys"]
+
 server = []
 server_test = []
 

diff --git a/crypto/src/crypto/crypto.rs b/crypto/src/crypto/crypto.rs
@@ -207,13 +207,23 @@ impl<SGen: SymKeyGenWrapper, SC: SymKeyComposerWrapper, P: PkFromUserKeyWrapper>
 #[cfg(test)]
 mod test
 {
-	use sentc_crypto_std_keys::util::{PublicKey, SignKey, SymmetricKey};
 	use sentc_crypto_utils::cryptomat::{PkFromUserKeyWrapper, SkCryptoWrapper, SymKeyCrypto};
 
-	use super::*;
+	use crate::crypto::mimic_keys::FakeSignKeyWrapper;
 	use crate::group::test_fn::create_group;
 	use crate::user::test_fn::create_user;
 
+	#[cfg(feature = "std_keys")]
+	pub type TestKeyGenerator = crate::keys::std::StdKeyGenerator;
+	#[cfg(all(feature = "fips_keys", not(feature = "std_keys")))]
+	pub type TestKeyGenerator = crate::keys::fips::FipsKeyGenerator;
+
+	#[cfg(feature = "std_keys")]
+	pub type TestPublicKey = sentc_crypto_std_keys::util::PublicKey;
+
+	#[cfg(all(feature = "fips_keys", not(feature = "std_keys")))]
+	pub type TestPublicKey = sentc_crypto_fips_keys::util::PublicKey;
+
 	#[test]
 	fn test_encrypt_decrypt_sym_raw()
 	{
@@ -226,7 +236,7 @@ mod test
 		let text = "123*+^êéèüöß@€&$";
 
 		let (head, encrypted) = group_key
-			.encrypt_raw(text.as_bytes(), None::<&SignKey>)
+			.encrypt_raw(text.as_bytes(), None::<&FakeSignKeyWrapper>)
 			.unwrap();
 
 		let decrypted = group_key.decrypt_raw(&encrypted, &head, None).unwrap();
@@ -270,7 +280,7 @@ mod test
 		let payload = b"payload1234567891011121314151617";
 
 		let (head, encrypted) = group_key
-			.encrypt_raw_with_aad(text.as_bytes(), payload, None::<&SignKey>)
+			.encrypt_raw_with_aad(text.as_bytes(), payload, None::<&FakeSignKeyWrapper>)
 			.unwrap();
 
 		let decrypted = group_key
@@ -315,10 +325,10 @@ mod test
 		let text = "123*+^êéèüöß@€&$";
 		let user = create_user();
 
-		let (head, encrypted) = PublicKey::encrypt_raw_with_user_key(
+		let (head, encrypted) = TestPublicKey::encrypt_raw_with_user_key(
 			&user.user_keys[0].exported_public_key,
 			text.as_bytes(),
-			None::<&SignKey>,
+			None::<&FakeSignKeyWrapper>,
 		)
 		.unwrap();
 
@@ -336,7 +346,7 @@ mod test
 		let text = "123*+^êéèüöß@€&$";
 		let user = create_user();
 
-		let (head, encrypted) = PublicKey::encrypt_raw_with_user_key(
+		let (head, encrypted) = TestPublicKey::encrypt_raw_with_user_key(
 			&user.user_keys[0].exported_public_key,
 			text.as_bytes(),
 			Some(&user.user_keys[0].sign_key),
@@ -363,7 +373,7 @@ mod test
 		let text = "123*+^êéèüöß@€&$";
 
 		let encrypted = group_key
-			.encrypt(text.as_bytes(), None::<&SignKey>)
+			.encrypt(text.as_bytes(), None::<&FakeSignKeyWrapper>)
 			.unwrap();
 
 		let decrypted = group_key.decrypt(&encrypted, None).unwrap();
@@ -383,7 +393,7 @@ mod test
 		let payload = b"payload1234567891011121314151617";
 
 		let encrypted = group_key
-			.encrypt_with_aad(text.as_bytes(), payload, None::<&SignKey>)
+			.encrypt_with_aad(text.as_bytes(), payload, None::<&FakeSignKeyWrapper>)
 			.unwrap();
 
 		let decrypted = group_key
@@ -406,7 +416,7 @@ mod test
 		let payload2 = b"payload1234567891011121314151618";
 
 		let encrypted = group_key
-			.encrypt_with_aad(text.as_bytes(), payload, None::<&SignKey>)
+			.encrypt_with_aad(text.as_bytes(), payload, None::<&FakeSignKeyWrapper>)
 			.unwrap();
 
 		let decrypted = group_key.decrypt_with_aad(&encrypted, payload2, None);
@@ -447,10 +457,10 @@ mod test
 		//now start encrypt and decrypt with the group master key
 		let text = "123*+^êéèüöß@€&$";
 
-		let encrypted = PublicKey::encrypt_with_user_key(
+		let encrypted = TestPublicKey::encrypt_with_user_key(
 			&user.user_keys[0].exported_public_key,
 			text.as_bytes(),
-			None::<&SignKey>,
+			None::<&FakeSignKeyWrapper>,
 		)
 		.unwrap();
 
@@ -470,7 +480,7 @@ mod test
 		//now start encrypt and decrypt with the group master key
 		let text = "123*+^êéèüöß@€&$";
 
-		let encrypted = PublicKey::encrypt_with_user_key(
+		let encrypted = TestPublicKey::encrypt_with_user_key(
 			&user.user_keys[0].exported_public_key,
 			text.as_bytes(),
 			Some(&user.user_keys[0].sign_key),
@@ -496,7 +506,9 @@ mod test
 		//now start encrypt and decrypt with the group master key
 		let text = "123*+^êéèüöß@€&$";
 
-		let encrypted = group_key.encrypt_string(text, None::<&SignKey>).unwrap();
+		let encrypted = group_key
+			.encrypt_string(text, None::<&FakeSignKeyWrapper>)
+			.unwrap();
 
 		let decrypted = group_key.decrypt_string(&encrypted, None).unwrap();
 
@@ -514,7 +526,7 @@ mod test
 		let payload = "payload1234567891011121314151617";
 
 		let encrypted = group_key
-			.encrypt_string_with_aad(text, payload, None::<&SignKey>)
+			.encrypt_string_with_aad(text, payload, None::<&FakeSignKeyWrapper>)
 			.unwrap();
 
 		let decrypted = group_key
@@ -554,7 +566,12 @@ mod test
 		//now start encrypt and decrypt with the group master key
 		let text = "123*+^êéèüöß@€&$";
 
-		let encrypted = PublicKey::encrypt_string_with_user_key(&user.user_keys[0].exported_public_key, text, None::<&SignKey>).unwrap();
+		let encrypted = TestPublicKey::encrypt_string_with_user_key(
+			&user.user_keys[0].exported_public_key,
+			text,
+			None::<&FakeSignKeyWrapper>,
+		)
+		.unwrap();
 
 		let decrypted = user.user_keys[0]
 			.private_key
@@ -572,7 +589,7 @@ mod test
 		//now start encrypt and decrypt with the group master key
 		let text = "123*+^êéèüöß@€&$";
 
-		let encrypted = PublicKey::encrypt_string_with_user_key(
+		let encrypted = TestPublicKey::encrypt_string_with_user_key(
 			&user.user_keys[0].exported_public_key,
 			text,
 			Some(&user.user_keys[0].sign_key),
@@ -594,7 +611,7 @@ mod test
 		let (_, key_data, _, _, _) = create_group(&user.user_keys[0]);
 		let master_key = &key_data[0].group_key;
 
-		let (key, encrypted_key) = KeyGenerator::<SymmetricKey, SymmetricKey, PublicKey>::generate_non_register_sym_key(master_key).unwrap();
+		let (key, encrypted_key) = TestKeyGenerator::generate_non_register_sym_key(master_key).unwrap();
 
 		//test the encrypt / decrypt
 		let text = "123*+^êéèüöß@€&$";
@@ -611,7 +628,7 @@ mod test
 
 		//check if we can decrypt the key with the master key
 
-		let decrypted_key = KeyGenerator::<SymmetricKey, SymmetricKey, PublicKey>::decrypt_sym_key(master_key, &encrypted_key).unwrap();
+		let decrypted_key = TestKeyGenerator::decrypt_sym_key(master_key, &encrypted_key).unwrap();
 
 		assert_eq!(key.key.as_ref(), decrypted_key.key.as_ref());
 	}
@@ -621,10 +638,7 @@ mod test
 	{
 		let user = create_user();
 
-		let (key, encrypted_key) = KeyGenerator::<SymmetricKey, SymmetricKey, PublicKey>::generate_non_register_sym_key_by_public_key(
-			&user.user_keys[0].exported_public_key,
-		)
-		.unwrap();
+		let (key, encrypted_key) = TestKeyGenerator::generate_non_register_sym_key_by_public_key(&user.user_keys[0].exported_public_key).unwrap();
 
 		//test the encrypt / decrypt
 		let text = "123*+^êéèüöß@€&$";
@@ -641,9 +655,7 @@ mod test
 
 		//check if we can decrypt the key with the master key
 
-		let decrypted_key =
-			KeyGenerator::<SymmetricKey, SymmetricKey, PublicKey>::decrypt_sym_key_by_private_key(&user.user_keys[0].private_key, &encrypted_key)
-				.unwrap();
+		let decrypted_key = TestKeyGenerator::decrypt_sym_key_by_private_key(&user.user_keys[0].private_key, &encrypted_key).unwrap();
 
 		let text = "123*+^êéèüöß@€&$";
 

diff --git a/crypto/src/crypto/crypto_export.rs b/crypto/src/crypto/crypto_export.rs
@@ -6,7 +6,8 @@ use sentc_crypto_common::user::{UserPublicKeyData, UserVerifyKeyData};
 use sentc_crypto_std_keys::util::{PublicKey, SecretKey, SignKey, SymmetricKey};
 use sentc_crypto_utils::cryptomat::{KeyToString, PkFromUserKeyWrapper, SkCryptoWrapper, SymKeyCrypto};
 
-use crate::{SdkError, StdKeyGenerator};
+use crate::keys::std::StdKeyGenerator;
+use crate::SdkError;
 
 pub(crate) fn prepare_sign_key(sign_key: Option<&str>) -> Result<Option<SignKey>, SdkError>
 {

diff --git a/crypto/src/crypto_sortable/mod.rs b/crypto/src/crypto_sortable/mod.rs
@@ -4,7 +4,7 @@ mod crypto_sortable_export;
 #[cfg(feature = "export")]
 pub use crypto_sortable_export::*;
 
-#[cfg(test)]
+#[cfg(all(test, feature = "std_keys"))]
 mod test
 {
 	use core::str::FromStr;

diff --git a/crypto/src/file/file_export.rs b/crypto/src/file/file_export.rs
@@ -5,8 +5,9 @@ use sentc_crypto_common::file::BelongsToType;
 use sentc_crypto_std_keys::util::SymmetricKey;
 
 use crate::crypto::{prepare_sign_key, prepare_verify_key};
+use crate::keys::std::StdFileEncryptor;
 use crate::util::{export_core_sym_key_to_string, import_core_sym_key};
-use crate::{SdkError, StdFileEncryptor};
+use crate::SdkError;
 
 pub fn prepare_register_file(
 	master_key_id: String,