baseid_crypto/

key.rs

//! Key types and generation.

use baseid_core::error::CryptoError;
use baseid_core::types::{KeyType, SignatureAlgorithm};
use serde::{Deserialize, Serialize};
use zeroize::Zeroize;

/// A public key with its type metadata.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PublicKey {
    pub key_type: KeyType,
    pub bytes: Vec<u8>,
}

/// A key pair consisting of a public key and secret key material.
///
/// Secret key bytes are zeroized on drop.
pub struct KeyPair {
    pub public: PublicKey,
    secret: SecretKey,
}

/// Secret key material. Zeroized on drop.
struct SecretKey {
    bytes: Vec<u8>,
}

impl Drop for SecretKey {
    fn drop(&mut self) {
        self.bytes.zeroize();
    }
}

impl std::fmt::Debug for KeyPair {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("KeyPair")
            .field("public", &self.public)
            .field("secret", &"[REDACTED]")
            .finish()
    }
}

impl KeyPair {
    /// Generate a new key pair for the given key type.
    pub fn generate(key_type: KeyType) -> baseid_core::Result<Self> {
        use rand::rngs::OsRng;

        match key_type {
            KeyType::Bls12381G2 => Err(CryptoError::UnsupportedAlgorithm.into()),
            KeyType::Ed25519 => {
                let signing_key = ed25519_dalek::SigningKey::generate(&mut OsRng);
                let verifying_key = signing_key.verifying_key();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: verifying_key.as_bytes().to_vec(),
                    },
                    secret: SecretKey {
                        bytes: signing_key.to_bytes().to_vec(),
                    },
                })
            }
            KeyType::P256 => {
                let signing_key = p256::ecdsa::SigningKey::random(&mut OsRng);
                let verifying_key = signing_key.verifying_key();
                let public_bytes = verifying_key.to_encoded_point(true).as_bytes().to_vec();
                let secret_bytes = signing_key.to_bytes().to_vec();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: public_bytes,
                    },
                    secret: SecretKey {
                        bytes: secret_bytes,
                    },
                })
            }
            KeyType::P384 => {
                let signing_key = p384::ecdsa::SigningKey::random(&mut OsRng);
                let verifying_key = signing_key.verifying_key();
                let public_bytes = verifying_key.to_encoded_point(true).as_bytes().to_vec();
                let secret_bytes = signing_key.to_bytes().to_vec();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: public_bytes,
                    },
                    secret: SecretKey {
                        bytes: secret_bytes,
                    },
                })
            }
            KeyType::Secp256k1 => {
                let signing_key = k256::ecdsa::SigningKey::random(&mut OsRng);
                let verifying_key = signing_key.verifying_key();
                let public_bytes = verifying_key.to_encoded_point(true).as_bytes().to_vec();
                let secret_bytes = signing_key.to_bytes().to_vec();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: public_bytes,
                    },
                    secret: SecretKey {
                        bytes: secret_bytes,
                    },
                })
            }
        }
    }

    /// Return the signature algorithm this key pair uses.
    pub fn algorithm(&self) -> SignatureAlgorithm {
        self.public.algorithm()
    }

    /// Expose the secret key bytes.
    pub fn secret_bytes(&self) -> &[u8] {
        &self.secret.bytes
    }

    /// Reconstruct a key pair from secret key bytes (derives the public key).
    pub fn from_bytes(key_type: KeyType, secret_bytes: &[u8]) -> baseid_core::Result<Self> {
        match key_type {
            KeyType::Bls12381G2 => Err(CryptoError::UnsupportedAlgorithm.into()),
            KeyType::Ed25519 => {
                let bytes: [u8; 32] = secret_bytes
                    .try_into()
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                let signing_key = ed25519_dalek::SigningKey::from_bytes(&bytes);
                let verifying_key = signing_key.verifying_key();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: verifying_key.as_bytes().to_vec(),
                    },
                    secret: SecretKey {
                        bytes: secret_bytes.to_vec(),
                    },
                })
            }
            KeyType::P256 => {
                if secret_bytes.len() != 32 {
                    return Err(CryptoError::InvalidKeyMaterial.into());
                }
                let signing_key = p256::ecdsa::SigningKey::from_bytes(secret_bytes.into())
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                let verifying_key = signing_key.verifying_key();
                let public_bytes = verifying_key.to_encoded_point(true).as_bytes().to_vec();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: public_bytes,
                    },
                    secret: SecretKey {
                        bytes: secret_bytes.to_vec(),
                    },
                })
            }
            KeyType::P384 => {
                if secret_bytes.len() != 48 {
                    return Err(CryptoError::InvalidKeyMaterial.into());
                }
                let signing_key = p384::ecdsa::SigningKey::from_bytes(secret_bytes.into())
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                let verifying_key = signing_key.verifying_key();
                let public_bytes = verifying_key.to_encoded_point(true).as_bytes().to_vec();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: public_bytes,
                    },
                    secret: SecretKey {
                        bytes: secret_bytes.to_vec(),
                    },
                })
            }
            KeyType::Secp256k1 => {
                if secret_bytes.len() != 32 {
                    return Err(CryptoError::InvalidKeyMaterial.into());
                }
                let signing_key = k256::ecdsa::SigningKey::from_bytes(secret_bytes.into())
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                let verifying_key = signing_key.verifying_key();
                let public_bytes = verifying_key.to_encoded_point(true).as_bytes().to_vec();
                Ok(Self {
                    public: PublicKey {
                        key_type,
                        bytes: public_bytes,
                    },
                    secret: SecretKey {
                        bytes: secret_bytes.to_vec(),
                    },
                })
            }
        }
    }
}

impl PublicKey {
    /// Construct a public key from raw bytes with validation.
    pub fn from_bytes(key_type: KeyType, public_bytes: &[u8]) -> baseid_core::Result<Self> {
        if key_type == KeyType::Bls12381G2 {
            return Err(CryptoError::UnsupportedAlgorithm.into());
        }
        // Validate the bytes by attempting to parse them
        match key_type {
            KeyType::Bls12381G2 => unreachable!(),
            KeyType::Ed25519 => {
                let bytes: [u8; 32] = public_bytes
                    .try_into()
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                ed25519_dalek::VerifyingKey::from_bytes(&bytes)
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
            }
            KeyType::P256 => {
                use p256::elliptic_curve::sec1::FromEncodedPoint;
                let point = p256::EncodedPoint::from_bytes(public_bytes)
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                let maybe = p256::PublicKey::from_encoded_point(&point);
                if maybe.is_none().into() {
                    return Err(CryptoError::InvalidKeyMaterial.into());
                }
            }
            KeyType::P384 => {
                use p384::elliptic_curve::sec1::FromEncodedPoint;
                let point = p384::EncodedPoint::from_bytes(public_bytes)
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                let maybe = p384::PublicKey::from_encoded_point(&point);
                if maybe.is_none().into() {
                    return Err(CryptoError::InvalidKeyMaterial.into());
                }
            }
            KeyType::Secp256k1 => {
                use k256::elliptic_curve::sec1::FromEncodedPoint;
                let point = k256::EncodedPoint::from_bytes(public_bytes)
                    .map_err(|_| CryptoError::InvalidKeyMaterial)?;
                let maybe = k256::PublicKey::from_encoded_point(&point);
                if maybe.is_none().into() {
                    return Err(CryptoError::InvalidKeyMaterial.into());
                }
            }
        }
        Ok(Self {
            key_type,
            bytes: public_bytes.to_vec(),
        })
    }

    /// Return the default signature algorithm for this key type.
    pub fn algorithm(&self) -> SignatureAlgorithm {
        match self.key_type {
            KeyType::Ed25519 => SignatureAlgorithm::EdDsa,
            KeyType::P256 => SignatureAlgorithm::Es256,
            KeyType::P384 => SignatureAlgorithm::Es384,
            KeyType::Secp256k1 => SignatureAlgorithm::Es256k,
            KeyType::Bls12381G2 => SignatureAlgorithm::BbsPlus,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn generate_ed25519() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        assert_eq!(kp.public.key_type, KeyType::Ed25519);
        assert_eq!(kp.public.bytes.len(), 32);
        assert_eq!(kp.secret_bytes().len(), 32);
    }

    #[test]
    fn generate_p256() {
        let kp = KeyPair::generate(KeyType::P256).unwrap();
        assert_eq!(kp.public.key_type, KeyType::P256);
        assert_eq!(kp.public.bytes.len(), 33); // compressed
        assert_eq!(kp.secret_bytes().len(), 32);
    }

    #[test]
    fn generate_p384() {
        let kp = KeyPair::generate(KeyType::P384).unwrap();
        assert_eq!(kp.public.key_type, KeyType::P384);
        assert_eq!(kp.public.bytes.len(), 49); // compressed
        assert_eq!(kp.secret_bytes().len(), 48);
    }

    #[test]
    fn generate_secp256k1() {
        let kp = KeyPair::generate(KeyType::Secp256k1).unwrap();
        assert_eq!(kp.public.key_type, KeyType::Secp256k1);
        assert_eq!(kp.public.bytes.len(), 33); // compressed
        assert_eq!(kp.secret_bytes().len(), 32);
    }

    #[test]
    fn roundtrip_from_bytes_ed25519() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let restored = KeyPair::from_bytes(KeyType::Ed25519, kp.secret_bytes()).unwrap();
        assert_eq!(kp.public.bytes, restored.public.bytes);
    }

    #[test]
    fn roundtrip_from_bytes_p256() {
        let kp = KeyPair::generate(KeyType::P256).unwrap();
        let restored = KeyPair::from_bytes(KeyType::P256, kp.secret_bytes()).unwrap();
        assert_eq!(kp.public.bytes, restored.public.bytes);
    }

    #[test]
    fn roundtrip_from_bytes_p384() {
        let kp = KeyPair::generate(KeyType::P384).unwrap();
        let restored = KeyPair::from_bytes(KeyType::P384, kp.secret_bytes()).unwrap();
        assert_eq!(kp.public.bytes, restored.public.bytes);
    }

    #[test]
    fn roundtrip_from_bytes_secp256k1() {
        let kp = KeyPair::generate(KeyType::Secp256k1).unwrap();
        let restored = KeyPair::from_bytes(KeyType::Secp256k1, kp.secret_bytes()).unwrap();
        assert_eq!(kp.public.bytes, restored.public.bytes);
    }

    #[test]
    fn public_key_from_bytes_validates() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let pk = PublicKey::from_bytes(KeyType::Ed25519, &kp.public.bytes).unwrap();
        assert_eq!(pk.bytes, kp.public.bytes);
    }

    #[test]
    fn public_key_rejects_invalid_bytes() {
        assert!(PublicKey::from_bytes(KeyType::Ed25519, &[0u8; 31]).is_err());
        assert!(PublicKey::from_bytes(KeyType::P256, &[0u8; 10]).is_err());
        assert!(PublicKey::from_bytes(KeyType::P384, &[0u8; 10]).is_err());
        assert!(PublicKey::from_bytes(KeyType::Secp256k1, &[0u8; 10]).is_err());
    }

    #[test]
    fn keypair_from_bytes_rejects_invalid() {
        assert!(KeyPair::from_bytes(KeyType::Ed25519, &[0u8; 10]).is_err());
        assert!(KeyPair::from_bytes(KeyType::P256, &[0u8; 10]).is_err());
        assert!(KeyPair::from_bytes(KeyType::P384, &[0u8; 10]).is_err());
        assert!(KeyPair::from_bytes(KeyType::Secp256k1, &[0u8; 10]).is_err());
    }

    #[test]
    fn algorithm_mapping() {
        assert_eq!(
            KeyPair::generate(KeyType::Ed25519).unwrap().algorithm(),
            SignatureAlgorithm::EdDsa
        );
        assert_eq!(
            KeyPair::generate(KeyType::P256).unwrap().algorithm(),
            SignatureAlgorithm::Es256
        );
        assert_eq!(
            KeyPair::generate(KeyType::P384).unwrap().algorithm(),
            SignatureAlgorithm::Es384
        );
        assert_eq!(
            KeyPair::generate(KeyType::Secp256k1).unwrap().algorithm(),
            SignatureAlgorithm::Es256k
        );
    }
}