feat: datakey support exportable

2024-11-15 01:26:09 +08:00
parent 82b38a2cf1
commit 655f9f5ede
2 changed files with 19 additions and 14 deletions
--- a/src/jose.rs
+++ b/src/jose.rs
@@ -7,7 +7,7 @@ use rand::{random, thread_rng};
 use rsa::pkcs1::LineEnding;
 use rsa::pkcs8::EncodePublicKey;
 use rsa::{Oaep, RsaPrivateKey, RsaPublicKey};
-use rust_util::{opt_result, simple_error, XResult};
+use rust_util::{iff, opt_result, simple_error, XResult};
 use serde_derive::{Deserialize, Serialize};
 use sha1::Sha1;
 use sha2::{Digest, Sha256};
@@ -18,7 +18,7 @@ const JWE_ALG_A256KW: &str = "A256KW";
 const JWE_ALG_RSA_OAEP: &str = "RSA-OAEP";
 const JWE_DOT: &str = ".";

-#[derive(Debug, Serialize, Deserialize)]
+#[derive(Default, Debug, Serialize, Deserialize)]
 pub struct JweHeader {
    pub enc: String,
    pub alg: String,
@@ -27,6 +27,8 @@ pub struct JweHeader {
    pub version: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub data_type: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub exportable: Option<bool>,
 }

 pub fn generate_rsa_key(bits: u32) -> XResult<RsaPrivateKey> {
@@ -58,8 +60,7 @@ pub fn serialize_jwe_rsa(payload: &[u8], rsa_public_key: &RsaPublicKey) -> XResu
        enc: JWE_ENC_A256GCM.to_string(),
        alg: JWE_ALG_RSA_OAEP.to_string(),
        vendor: "local-mini-kms".to_string(),
-        version: None,
-        data_type: None,
+        ..Default::default()
    };
    serialize_jwe_fn(&header, payload, |data_key| -> XResult<Vec<u8>> {
        let mut r = thread_rng();
@@ -77,20 +78,22 @@ pub fn deserialize_jwe_rsa(jwe: &str, rsa: &RsaPrivateKey) -> XResult<(Vec<u8>,
 }

 pub fn serialize_jwe_aes(payload: &[u8], key: &[u8]) -> XResult<String> {
-    serialize_jwe_aes_32(None, payload, to_bytes32(key)?)
+    serialize_jwe_aes_32(None, None, payload, to_bytes32(key)?)
 }

-pub fn serialize_jwe_aes_with_data_type(data_type: &str, payload: &[u8], key: &[u8]) -> XResult<String> {
-    serialize_jwe_aes_32(Some(data_type.to_string()), payload, to_bytes32(key)?)
+pub fn serialize_jwe_aes_with_data_type(data_type: &str, exportable: bool, payload: &[u8], key: &[u8]) -> XResult<String> {
+    serialize_jwe_aes_32(Some(data_type.to_string()), iff!(exportable, Some(false), None), payload, to_bytes32(key)?)
 }

-pub fn serialize_jwe_aes_32(data_type: Option<String>, payload: &[u8], key: [u8; 32]) -> XResult<String> {
+pub fn serialize_jwe_aes_32(data_type: Option<String>, exportable: Option<bool>, payload: &[u8], key: [u8; 32]) -> XResult<String> {
    let header = JweHeader {
        enc: JWE_ENC_A256GCM.to_string(),
        alg: JWE_ALG_A256KW.to_string(),
        vendor: "local-mini-kms".to_string(),
        version: Some(get_master_key_checksum(&key)),
        data_type,
+        exportable,
+        ..Default::default()
    };
    serialize_jwe_fn(&header, payload, |data_key| -> XResult<Vec<u8>> {
        let kek = Kek::from(key);