adding import and export jwk keys into signatures

CMakeLists.txt

@@ -114,6 +114,8 @@ target_include_directories(${LIB_NAME}
     ${OPENSSL_INCLUDE_DIR}
 )
 
+install(TARGETS ${LIB_NAME} EXPORT mlspp-targets)
+
 ###
 ### Tests
 ###
@@ -125,9 +127,7 @@ endif()
 ### Exports
 ###
 set(CMAKE_EXPORT_PACKAGE_REGISTRY ON)
-export(EXPORT mlspp-targets 
-       NAMESPACE MLSPP::
-       FILE ${CMAKE_CURRENT_BINARY_DIR}/mlspp-targets.cmake)
+export(EXPORT mlspp-targets NAMESPACE MLSPP:: FILE mlspp-targets.cmake)
 export(PACKAGE MLSPP)
 
 configure_package_config_file(cmake/config.cmake.in
@@ -144,8 +144,6 @@ write_basic_package_version_file(
 ### Install
 ###
 
-install(TARGETS ${LIB_NAME} EXPORT mlspp-targets)
-
 install(
   DIRECTORY
     include/
@@ -156,7 +154,16 @@ install(
   FILES
     ${CMAKE_CURRENT_BINARY_DIR}/mlspp-config.cmake
     ${CMAKE_CURRENT_BINARY_DIR}/mlspp-config-version.cmake
-    ${CMAKE_CURRENT_BINARY_DIR}/mlspp-targets.cmake
+  DESTINATION
+    ${CMAKE_INSTALL_DATADIR}/mlspp)
+
+install(
+  EXPORT
+    mlspp-targets
+  NAMESPACE
+    MLSPP::
+  FILE
+    mlspp-targets.cmake
   DESTINATION
     ${CMAKE_INSTALL_DATADIR}/mlspp)
 

alternatives/openssl_3/vcpkg.json

@@ -7,7 +7,8 @@
       "name": "openssl",
       "version>=": "3.0.7"
     },
-    "doctest"
+    "doctest",
+    "nlohmann-json"
   ],
   "builtin-baseline": "5908d702d61cea1429b223a0b7a10ab86bad4c78",
   "overrides": [

include/mls/credential.h

@@ -11,9 +11,9 @@ namespace mls {
 // } BasicCredential;
 struct BasicCredential
 {
-  BasicCredential() = default;
+  BasicCredential() {}
 
-  explicit BasicCredential(bytes identity_in)
+  BasicCredential(bytes identity_in)
     : identity(std::move(identity_in))
   {
   }

include/mls/crypto.h

@@ -210,13 +210,18 @@ extern const std::string multi_credential;
 
 struct SignaturePublicKey
 {
+  static SignaturePublicKey from_jwk(CipherSuite suite,
+                                     const std::string& json_str);
+
   bytes data;
 
   bool verify(const CipherSuite& suite,
               const std::string& label,
               const bytes& message,
               const bytes& signature) const;
 
+  std::string to_jwk(CipherSuite suite) const;
+
   TLS_SERIALIZABLE(data)
 };
 
@@ -225,6 +230,8 @@ struct SignaturePrivateKey
   static SignaturePrivateKey generate(CipherSuite suite);
   static SignaturePrivateKey parse(CipherSuite suite, const bytes& data);
   static SignaturePrivateKey derive(CipherSuite suite, const bytes& secret);
+  static SignaturePrivateKey from_jwk(CipherSuite suite,
+                                      const std::string& json_str);
 
   SignaturePrivateKey() = default;
 
@@ -236,6 +243,7 @@ struct SignaturePrivateKey
              const bytes& message) const;
 
   void set_public_key(CipherSuite suite);
+  std::string to_jwk(CipherSuite suite) const;
 
   TLS_SERIALIZABLE(data)
 

lib/bytes/CMakeLists.txt

@@ -9,7 +9,11 @@ file(GLOB_RECURSE LIB_SOURCES CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/src
 
 add_library(${CURRENT_LIB_NAME} ${LIB_HEADERS} ${LIB_SOURCES})
 add_dependencies(${CURRENT_LIB_NAME} tls_syntax)
-target_link_libraries(${CURRENT_LIB_NAME} tls_syntax)
+target_link_libraries(${CURRENT_LIB_NAME}
+  PUBLIC
+    tls_syntax
+  PRIVATE
+    OpenSSL::Crypto)
 target_include_directories(${CURRENT_LIB_NAME}
   PUBLIC
     $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>

lib/bytes/include/bytes/bytes.h

@@ -115,4 +115,16 @@ to_hex(const bytes& data);
 bytes
 from_hex(const std::string& hex);
 
+std::string
+to_base64(const bytes& data);
+
+std::string
+to_base64url(const bytes& data);
+
+bytes
+from_base64(const std::string& enc);
+
+bytes
+from_base64url(const std::string& enc);
+
 } // namespace bytes_ns

lib/bytes/src/bytes.cpp

@@ -1,7 +1,10 @@
 #include <bytes/bytes.h>
 
+#include <array>
 #include <iomanip>
-#include <iostream>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
 #include <sstream>
 #include <stdexcept>
 
@@ -137,4 +140,123 @@ operator!=(const std::vector<uint8_t>& lhs, const bytes_ns::bytes& rhs)
   return rhs != lhs;
 }
 
+std::string
+to_base64(const bytes& data)
+{
+  bool done = false;
+  int result = 0;
+
+  if (data.empty()) {
+    return "";
+  }
+
+  BIO* b64 = BIO_new(BIO_f_base64());
+  BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+  BIO* out = BIO_new(BIO_s_mem());
+  BIO_push(b64, out);
+
+  while (!done) {
+    result = BIO_write(b64, data.data(), static_cast<int>(data.size()));
+
+    if (result <= 0) {
+      if (BIO_should_retry(b64)) {
+        continue;
+      }
+      throw std::runtime_error("base64 encode failed");
+    }
+    done = true;
+  }
+  BIO_flush(b64);
+  char* string_ptr = nullptr;
+  // long string_len = BIO_get_mem_data(out, &string_ptr);
+  // BIO_get_mem_data failed clang-tidy
+  long string_len = BIO_ctrl(out, BIO_CTRL_INFO, 0, &string_ptr);
+  auto return_value = std::string(string_ptr, string_len);
+
+  BIO_set_close(out, BIO_NOCLOSE);
+  BIO_free(b64);
+  BIO_free(out);
+  return return_value;
+}
+
+std::string
+to_base64url(const bytes& data)
+{
+  if (data.empty()) {
+    return "";
+  }
+
+  std::string return_value = to_base64(data);
+
+  // remove the end padding
+  auto sz = return_value.find_first_of('=');
+
+  if (sz != std::string::npos) {
+    return_value = return_value.substr(0, sz);
+  }
+
+  // replace plus with hyphen
+  std::replace(return_value.begin(), return_value.end(), '+', '-');
+
+  // replace slash with underscore
+  std::replace(return_value.begin(), return_value.end(), '/', '_');
+  return return_value;
+}
+
+bytes
+from_base64(const std::string& enc)
+{
+  if (enc.length() == 0) {
+    return {};
+  }
+
+  if (enc.length() % 4 != 0) {
+    throw std::runtime_error("Base64 length is not divisible by 4");
+  }
+  bytes input = from_ascii(enc);
+  bytes output(input.size() / 4 * 3);
+  int output_buffer_length = static_cast<int>(output.size());
+  EVP_ENCODE_CTX* ctx = EVP_ENCODE_CTX_new();
+  EVP_DecodeInit(ctx);
+
+  int result = EVP_DecodeUpdate(ctx,
+                                output.data(),
+                                &output_buffer_length,
+                                input.data(),
+                                static_cast<int>(input.size()));
+
+  if (result == -1) {
+    auto code = ERR_get_error();
+    throw std::runtime_error(ERR_error_string(code, nullptr));
+  }
+
+  if (result == 0 && enc.substr(enc.length() - 2, enc.length()) == "==") {
+    output = output.slice(0, output.size() - 2);
+  } else if (result == 0 && enc.substr(enc.length() - 1, enc.length()) == "=") {
+    output = output.slice(0, output.size() - 1);
+  } else if (result == 0) {
+    throw std::runtime_error("Base64 padding was malformed.");
+  }
+  EVP_DecodeFinal(ctx, output.data(), &output_buffer_length);
+  EVP_ENCODE_CTX_free(ctx);
+  return output;
+}
+
+bytes
+from_base64url(const std::string& enc)
+{
+  if (enc.empty()) {
+    return {};
+  }
+  std::string enc_copy = enc; // copy
+  std::replace(enc_copy.begin(), enc_copy.end(), '-', '+');
+  std::replace(enc_copy.begin(), enc_copy.end(), '_', '/');
+
+  while (enc_copy.length() % 4 != 0) {
+    enc_copy += "=";
+  }
+  bytes return_value = from_base64(enc_copy);
+  return return_value;
+}
+
 } // namespace bytes_ns

lib/bytes/test/bytes.cpp

@@ -2,6 +2,7 @@
 #include <doctest/doctest.h>
 #include <memory>
 #include <sstream>
+#include <vector>
 
 using namespace bytes_ns;
 using namespace std::literals::string_literals;
@@ -40,6 +41,33 @@ TEST_CASE("To/from hex/ASCII")
   REQUIRE(from_ascii(str) == ascii);
 }
 
+TEST_CASE("To Base64 / To Base64Url")
+{
+  struct KnownAnswerTest
+  {
+    bytes data;
+    std::string base64;
+    std::string base64u;
+  };
+
+  const std::vector<KnownAnswerTest> cases{
+    { from_ascii("hello there"), "aGVsbG8gdGhlcmU=", "aGVsbG8gdGhlcmU" },
+    { from_ascii("A B C D E F "), "QSBCIEMgRCBFIEYg", "QSBCIEMgRCBFIEYg" },
+    { from_ascii("hello\xfethere"), "aGVsbG/+dGhlcmU=", "aGVsbG_-dGhlcmU" },
+    { from_ascii("\xfe"), "/g==", "_g" },
+    { from_ascii("\x01\x02"), "AQI=", "AQI" },
+    { from_ascii("\x01"), "AQ==", "AQ" },
+    { from_ascii(""), "", "" },
+  };
+
+  for (const auto& tc : cases) {
+    REQUIRE(to_base64(tc.data) == tc.base64);
+    REQUIRE(to_base64url(tc.data) == tc.base64u);
+    REQUIRE(from_base64(tc.base64) == tc.data);
+    REQUIRE(from_base64url(tc.base64u) == tc.data);
+  }
+}
+
 TEST_CASE("Operators")
 {
   const auto lhs = from_hex("00010203");

lib/hpke/CMakeLists.txt

@@ -3,6 +3,7 @@ set(CURRENT_LIB_NAME hpke)
 ###
 ### Dependencies
 ###
+find_package(nlohmann_json REQUIRED)
 find_package(OpenSSL 1.1 REQUIRED)
 
 ###
@@ -14,7 +15,11 @@ file(GLOB_RECURSE LIB_SOURCES CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/src
 
 add_library(${CURRENT_LIB_NAME} ${LIB_HEADERS} ${LIB_SOURCES})
 add_dependencies(${CURRENT_LIB_NAME} bytes tls_syntax)
-target_link_libraries(${CURRENT_LIB_NAME} PRIVATE bytes tls_syntax OpenSSL::Crypto)
+target_link_libraries(${CURRENT_LIB_NAME} 
+  PRIVATE
+    nlohmann_json::nlohmann_json OpenSSL::Crypto
+  PUBLIC
+    bytes tls_syntax)
 target_include_directories(${CURRENT_LIB_NAME}
   PUBLIC
     $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>

lib/hpke/include/hpke/signature.h

@@ -50,6 +50,13 @@ struct Signature
   virtual std::unique_ptr<PrivateKey> deserialize_private(
     const bytes& skm) const;
 
+  virtual std::unique_ptr<PrivateKey> import_jwk_private(
+    const std::string& json_str) const;
+  virtual std::unique_ptr<PublicKey> import_jwk(
+    const std::string& json_str) const;
+  virtual std::string export_jwk_private(const bytes& env) const;
+  virtual std::string export_jwk(const bytes& env) const;
+
   virtual bytes sign(const bytes& data, const PrivateKey& sk) const = 0;
   virtual bool verify(const bytes& data,
                       const bytes& sig,