missing deserialization methods

eclipse-biscuit · Feb 8, 2025 · c06cc0a · c06cc0a
1 parent 95af1c2
commit c06cc0a
Show file tree

Hide file tree

Showing 3 changed files with 132 additions and 8 deletions.
diff --git a/biscuit-auth/src/crypto/ed25519.rs b/biscuit-auth/src/crypto/ed25519.rs
@@ -126,6 +126,20 @@ impl PrivateKey {
         Self::from_bytes(&bytes)
     }
 
+    #[cfg(feature = "pem")]
+    pub fn from_private_key_der(bytes: &[u8]) -> Result<Self, error::Format> {
+        let kp = SigningKey::from_pkcs8_der(bytes)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PrivateKey(kp.to_bytes()))
+    }
+
+    #[cfg(feature = "pem")]
+    pub fn from_private_key_pem(str: &str) -> Result<Self, error::Format> {
+        let kp = SigningKey::from_pkcs8_pem(str)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PrivateKey(kp.to_bytes()))
+    }
+
     /// returns the matching public key
     pub fn public(&self) -> PublicKey {
         PublicKey(SigningKey::from_bytes(&self.0).verifying_key())
@@ -223,6 +237,24 @@ impl PublicKey {
         crate::format::schema::public_key::Algorithm::Ed25519
     }
 
+    #[cfg(feature = "pem")]
+    pub fn from_public_key_der(bytes: &[u8]) -> Result<Self, error::Format> {
+        use ed25519_dalek::pkcs8::DecodePublicKey;
+
+        let pubkey = ed25519_dalek::VerifyingKey::from_public_key_der(bytes)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PublicKey(pubkey))
+    }
+
+    #[cfg(feature = "pem")]
+    pub fn from_public_key_pem(str: &str) -> Result<Self, error::Format> {
+        use ed25519_dalek::pkcs8::DecodePublicKey;
+
+        let pubkey = ed25519_dalek::VerifyingKey::from_public_key_pem(str)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PublicKey(pubkey))
+    }
+
     pub(crate) fn write(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(f, "ed25519/{}", hex::encode(&self.to_bytes()))
     }

diff --git a/biscuit-auth/src/crypto/mod.rs b/biscuit-auth/src/crypto/mod.rs
@@ -76,17 +76,23 @@ impl KeyPair {
     }
 
     #[cfg(feature = "pem")]
-    pub fn from_private_key_der(bytes: &[u8]) -> Result<Self, error::Format> {
-        ed25519::KeyPair::from_private_key_der(bytes)
-            .map(KeyPair::Ed25519)
-            .or_else(|_| p256::KeyPair::from_private_key_der(bytes).map(KeyPair::P256))
+    pub fn from_private_key_der(bytes: &[u8], algorithm: Algorithm) -> Result<Self, error::Format> {
+        match algorithm {
+            Algorithm::Ed25519 => Ok(KeyPair::Ed25519(ed25519::KeyPair::from_private_key_der(
+                bytes,
+            )?)),
+            Algorithm::Secp256r1 => Ok(KeyPair::P256(p256::KeyPair::from_private_key_der(bytes)?)),
+        }
     }
 
     #[cfg(feature = "pem")]
-    pub fn from_private_key_pem(str: &str) -> Result<Self, error::Format> {
-        ed25519::KeyPair::from_private_key_pem(str)
-            .map(KeyPair::Ed25519)
-            .or_else(|_| p256::KeyPair::from_private_key_pem(str).map(KeyPair::P256))
+    pub fn from_private_key_pem(str: &str, algorithm: Algorithm) -> Result<Self, error::Format> {
+        match algorithm {
+            Algorithm::Ed25519 => Ok(KeyPair::Ed25519(ed25519::KeyPair::from_private_key_pem(
+                str,
+            )?)),
+            Algorithm::Secp256r1 => Ok(KeyPair::P256(p256::KeyPair::from_private_key_pem(str)?)),
+        }
     }
 
     pub fn private(&self) -> PrivateKey {
@@ -177,6 +183,30 @@ impl PrivateKey {
         Self::from_bytes(&bytes, algorithm)
     }
 
+    #[cfg(feature = "pem")]
+    pub fn from_private_key_der(bytes: &[u8], algorithm: Algorithm) -> Result<Self, error::Format> {
+        match algorithm {
+            Algorithm::Ed25519 => Ok(PrivateKey::Ed25519(
+                ed25519::PrivateKey::from_private_key_der(bytes)?,
+            )),
+            Algorithm::Secp256r1 => Ok(PrivateKey::P256(p256::PrivateKey::from_private_key_der(
+                bytes,
+            )?)),
+        }
+    }
+
+    #[cfg(feature = "pem")]
+    pub fn from_private_key_pem(str: &str, algorithm: Algorithm) -> Result<Self, error::Format> {
+        match algorithm {
+            Algorithm::Ed25519 => Ok(PrivateKey::Ed25519(
+                ed25519::PrivateKey::from_private_key_pem(str)?,
+            )),
+            Algorithm::Secp256r1 => Ok(PrivateKey::P256(p256::PrivateKey::from_private_key_pem(
+                str,
+            )?)),
+        }
+    }
+
     /// returns the matching public key
     pub fn public(&self) -> PublicKey {
         match self {
@@ -250,6 +280,28 @@ impl PublicKey {
         }
     }
 
+    #[cfg(feature = "pem")]
+    pub fn from_public_key_der(bytes: &[u8], algorithm: Algorithm) -> Result<Self, error::Format> {
+        match algorithm {
+            Algorithm::Ed25519 => Ok(PublicKey::Ed25519(ed25519::PublicKey::from_public_key_der(
+                bytes,
+            )?)),
+            Algorithm::Secp256r1 => Ok(PublicKey::P256(p256::PublicKey::from_public_key_der(
+                bytes,
+            )?)),
+        }
+    }
+
+    #[cfg(feature = "pem")]
+    pub fn from_public_key_pem(str: &str, algorithm: Algorithm) -> Result<Self, error::Format> {
+        match algorithm {
+            Algorithm::Ed25519 => Ok(PublicKey::Ed25519(ed25519::PublicKey::from_public_key_pem(
+                str,
+            )?)),
+            Algorithm::Secp256r1 => Ok(PublicKey::P256(p256::PublicKey::from_public_key_pem(str)?)),
+        }
+    }
+
     pub fn verify_signature(
         &self,
         data: &[u8],

diff --git a/biscuit-auth/src/crypto/p256.rs b/biscuit-auth/src/crypto/p256.rs
@@ -68,13 +68,17 @@ impl KeyPair {
 
     #[cfg(feature = "pem")]
     pub fn from_private_key_der(bytes: &[u8]) -> Result<Self, error::Format> {
+        use p256::pkcs8::DecodePrivateKey;
+
         let kp = SigningKey::from_pkcs8_der(bytes)
             .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
         Ok(KeyPair { kp })
     }
 
     #[cfg(feature = "pem")]
     pub fn from_private_key_pem(str: &str) -> Result<Self, error::Format> {
+        use p256::pkcs8::DecodePrivateKey;
+
         let kp = SigningKey::from_pkcs8_pem(str)
             .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
         Ok(KeyPair { kp })
@@ -122,6 +126,24 @@ impl PrivateKey {
         Self::from_bytes(&bytes)
     }
 
+    #[cfg(feature = "pem")]
+    pub fn from_private_key_der(bytes: &[u8]) -> Result<Self, error::Format> {
+        use p256::pkcs8::DecodePrivateKey;
+
+        let kp = SigningKey::from_pkcs8_der(bytes)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PrivateKey(kp))
+    }
+
+    #[cfg(feature = "pem")]
+    pub fn from_private_key_pem(str: &str) -> Result<Self, error::Format> {
+        use p256::pkcs8::DecodePrivateKey;
+
+        let kp = SigningKey::from_pkcs8_pem(str)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PrivateKey(kp))
+    }
+
     /// returns the matching public key
     pub fn public(&self) -> PublicKey {
         PublicKey(*(&self.0).verifying_key())
@@ -168,6 +190,24 @@ impl PublicKey {
         Self::from_bytes(&bytes)
     }
 
+    #[cfg(feature = "pem")]
+    pub fn from_public_key_der(bytes: &[u8]) -> Result<Self, error::Format> {
+        use p256::pkcs8::DecodePublicKey;
+
+        let pubkey = VerifyingKey::from_public_key_der(bytes)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PublicKey(pubkey))
+    }
+
+    #[cfg(feature = "pem")]
+    pub fn from_public_key_pem(str: &str) -> Result<Self, error::Format> {
+        use p256::pkcs8::DecodePublicKey;
+
+        let pubkey = VerifyingKey::from_public_key_pem(str)
+            .map_err(|e| error::Format::InvalidKey(e.to_string()))?;
+        Ok(PublicKey(pubkey))
+    }
+
     pub fn from_proto(key: &schema::PublicKey) -> Result<Self, error::Format> {
         if key.algorithm != schema::public_key::Algorithm::Ed25519 as i32 {
             return Err(error::Format::DeserializationError(format!(