Unify encoding and decoding key APIs

Author: arckoor

src/crypto/aws_lc/ecdsa.rs

@@ -23,7 +23,7 @@ macro_rules! define_ecdsa_signer {
                 }
 
                 Ok(Self(
-                    EcdsaKeyPair::from_pkcs8($signing_alg, encoding_key.inner())
+                    EcdsaKeyPair::from_pkcs8($signing_alg, encoding_key.as_bytes())
                         .map_err(|_| ErrorKind::InvalidEcdsaKey)?,
                 ))
             }
@@ -62,7 +62,11 @@ macro_rules! define_ecdsa_verifier {
         impl Verifier<Vec<u8>> for $name {
             fn verify(&self, msg: &[u8], signature: &Vec<u8>) -> std::result::Result<(), Error> {
                 $verification_alg
-                    .verify_sig(self.0.as_bytes(), msg, signature)
+                    .verify_sig(
+                        self.0.try_get_as_bytes().map_err(Error::from_source)?,
+                        msg,
+                        signature,
+                    )
                     .map_err(Error::from_source)?;
                 Ok(())
             }

src/crypto/aws_lc/eddsa.rs

@@ -16,7 +16,7 @@ impl EdDSASigner {
         }
 
         Ok(Self(
-            Ed25519KeyPair::from_pkcs8(encoding_key.inner())
+            Ed25519KeyPair::from_pkcs8(encoding_key.as_bytes())
                 .map_err(|_| ErrorKind::InvalidEddsaKey)?,
         ))
     }
@@ -48,7 +48,9 @@ impl EdDSAVerifier {
 
 impl Verifier<Vec<u8>> for EdDSAVerifier {
     fn verify(&self, msg: &[u8], signature: &Vec<u8>) -> std::result::Result<(), Error> {
-        ED25519.verify_sig(self.0.as_bytes(), msg, signature).map_err(Error::from_source)?;
+        ED25519
+            .verify_sig(self.0.try_get_as_bytes().map_err(Error::from_source)?, msg, signature)
+            .map_err(Error::from_source)?;
         Ok(())
     }
 }

src/crypto/aws_lc/hmac.rs

@@ -5,16 +5,20 @@ use aws_lc_rs::hmac;
 use signature::{Signer, Verifier};
 
 use crate::crypto::{JwtSigner, JwtVerifier};
-use crate::errors::Result;
-use crate::{Algorithm, DecodingKey, EncodingKey};
+use crate::errors::{ErrorKind, Result, new_error};
+use crate::{Algorithm, AlgorithmFamily, DecodingKey, EncodingKey};
 
 macro_rules! define_hmac_signer {
     ($name:ident, $alg:expr, $hmac_alg:expr) => {
         pub struct $name(hmac::Key);
 
         impl $name {
             pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
-                Ok(Self(hmac::Key::new($hmac_alg, encoding_key.try_get_hmac_secret()?)))
+                if encoding_key.family() != AlgorithmFamily::Hmac {
+                    return Err(new_error(ErrorKind::InvalidKeyFormat));
+                }
+
+                Ok(Self(hmac::Key::new($hmac_alg, encoding_key.as_bytes())))
             }
         }
 
@@ -38,7 +42,11 @@ macro_rules! define_hmac_verifier {
 
         impl $name {
             pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
-                Ok(Self(hmac::Key::new($hmac_alg, decoding_key.try_get_hmac_secret()?)))
+                if decoding_key.family() != AlgorithmFamily::Hmac {
+                    return Err(new_error(ErrorKind::InvalidKeyFormat));
+                }
+
+                Ok(Self(hmac::Key::new($hmac_alg, decoding_key.try_get_as_bytes()?)))
             }
         }
 

src/crypto/aws_lc/rsa.rs

@@ -16,7 +16,7 @@ fn try_sign_rsa(
     encoding_key: &EncodingKey,
     msg: &[u8],
 ) -> std::result::Result<Vec<u8>, signature::Error> {
-    let key_pair = crypto_sig::RsaKeyPair::from_der(encoding_key.inner())
+    let key_pair = crypto_sig::RsaKeyPair::from_der(encoding_key.as_bytes())
         .map_err(signature::Error::from_source)?;
 
     let mut signature = vec![0; key_pair.public_modulus_len()];

src/crypto/rust_crypto/ecdsa.rs

@@ -25,7 +25,7 @@ macro_rules! define_ecdsa_signer {
                 }
 
                 Ok(Self(
-                    <$signing_key>::from_pkcs8_der(encoding_key.inner())
+                    <$signing_key>::from_pkcs8_der(encoding_key.as_bytes())
                         .map_err(|_| ErrorKind::InvalidEcdsaKey)?,
                 ))
             }
@@ -57,7 +57,7 @@ macro_rules! define_ecdsa_verifier {
                 }
 
                 Ok(Self(
-                    <$verifying_key>::from_sec1_bytes(decoding_key.as_bytes())
+                    <$verifying_key>::from_sec1_bytes(decoding_key.try_get_as_bytes()?)
                         .map_err(|_| ErrorKind::InvalidEcdsaKey)?,
                 ))
             }

src/crypto/rust_crypto/eddsa.rs

@@ -17,7 +17,7 @@ impl EdDSASigner {
         }
 
         Ok(Self(
-            SigningKey::from_pkcs8_der(encoding_key.inner())
+            SigningKey::from_pkcs8_der(encoding_key.as_bytes())
                 .map_err(|_| ErrorKind::InvalidEddsaKey)?,
         ))
     }
@@ -45,7 +45,7 @@ impl EdDSAVerifier {
 
         Ok(Self(
             VerifyingKey::from_bytes(
-                <&[u8; 32]>::try_from(&decoding_key.as_bytes()[..32])
+                <&[u8; 32]>::try_from(&decoding_key.try_get_as_bytes()?[..32])
                     .map_err(|_| ErrorKind::InvalidEddsaKey)?,
             )
             .map_err(|_| ErrorKind::InvalidEddsaKey)?,

src/crypto/rust_crypto/hmac.rs

@@ -6,8 +6,8 @@ use sha2::{Sha256, Sha384, Sha512};
 use signature::{Signer, Verifier};
 
 use crate::crypto::{JwtSigner, JwtVerifier};
-use crate::errors::{ErrorKind, Result};
-use crate::{Algorithm, DecodingKey, EncodingKey};
+use crate::errors::{ErrorKind, Result, new_error};
+use crate::{Algorithm, AlgorithmFamily, DecodingKey, EncodingKey};
 
 type HmacSha256 = Hmac<Sha256>;
 type HmacSha384 = Hmac<Sha384>;
@@ -20,7 +20,11 @@ macro_rules! define_hmac_signer {
 
         impl $name {
             pub(crate) fn new(encoding_key: &EncodingKey) -> Result<Self> {
-                let inner = <$hmac_type>::new_from_slice(encoding_key.try_get_hmac_secret()?)
+                if encoding_key.family() != AlgorithmFamily::Hmac {
+                    return Err(new_error(ErrorKind::InvalidKeyFormat));
+                }
+
+                let inner = <$hmac_type>::new_from_slice(encoding_key.as_bytes())
                     .map_err(|_| ErrorKind::InvalidKeyFormat)?;
 
                 Ok(Self(inner))
@@ -52,7 +56,11 @@ macro_rules! define_hmac_verifier {
 
         impl $name {
             pub(crate) fn new(decoding_key: &DecodingKey) -> Result<Self> {
-                let inner = <$hmac_type>::new_from_slice(decoding_key.try_get_hmac_secret()?)
+                if decoding_key.family() != AlgorithmFamily::Hmac {
+                    return Err(new_error(ErrorKind::InvalidKeyFormat));
+                }
+
+                let inner = <$hmac_type>::new_from_slice(decoding_key.try_get_as_bytes()?)
                     .map_err(|_| ErrorKind::InvalidKeyFormat)?;
 
                 Ok(Self(inner))

src/crypto/rust_crypto/rsa.rs

@@ -28,14 +28,12 @@ where
     H: Digest + AssociatedOid + FixedOutputReset,
 {
     let mut rng = rand::thread_rng();
+    let private_key = rsa::RsaPrivateKey::from_pkcs1_der(encoding_key.as_bytes())
+        .map_err(signature::Error::from_source)?;
     if pss {
-        let private_key = rsa::RsaPrivateKey::from_pkcs1_der(encoding_key.inner())
-            .map_err(signature::Error::from_source)?;
         let signing_key = BlindedSigningKey::<H>::new(private_key);
         Ok(signing_key.sign_with_rng(&mut rng, msg).to_vec())
     } else {
-        let private_key = rsa::RsaPrivateKey::from_pkcs1_der(encoding_key.inner())
-            .map_err(signature::Error::from_source)?;
         let signing_key = SigningKey::<H>::new(private_key);
         Ok(signing_key.sign_with_rng(&mut rng, msg).to_vec())
     }

src/decoding.rs

@@ -229,20 +229,13 @@ impl DecodingKey {
         }
     }
 
-    /// Get the value of the key.
-    pub fn as_bytes(&self) -> &[u8] {
+    /// Try to get the key in raw byte format.
+    ///
+    /// To be used for defining your own `CryptoProvider`.
+    pub fn try_get_as_bytes(&self) -> Result<&[u8]> {
         match &self.kind {
-            DecodingKeyKind::SecretOrDer(b) => b,
-            DecodingKeyKind::RsaModulusExponent { .. } => unreachable!(),
-        }
-    }
-
-    /// Try to get the HMAC secret from a key.
-    pub fn try_get_hmac_secret(&self) -> Result<&[u8]> {
-        if self.family == AlgorithmFamily::Hmac {
-            Ok(self.as_bytes())
-        } else {
-            Err(new_error(ErrorKind::InvalidKeyFormat))
+            DecodingKeyKind::SecretOrDer(b) => Ok(b),
+            DecodingKeyKind::RsaModulusExponent { .. } => Err(ErrorKind::InvalidKeyFormat.into()),
         }
     }
 }

src/encoding.rs

@@ -110,18 +110,11 @@ impl EncodingKey {
     }
 
     /// Get the value of the key.
-    pub fn inner(&self) -> &[u8] {
+    ///
+    /// To be used for defining your own `CryptoProvider`.
+    pub fn as_bytes(&self) -> &[u8] {
         &self.content
     }
-
-    /// Try to get the HMAC secret from a key.
-    pub fn try_get_hmac_secret(&self) -> Result<&[u8]> {
-        if self.family == AlgorithmFamily::Hmac {
-            Ok(self.inner())
-        } else {
-            Err(new_error(ErrorKind::InvalidKeyFormat))
-        }
-    }
 }
 
 impl Debug for EncodingKey {