From cb0788e89cbdd695b4003a9f8acaeaa391a6d5d3 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 19 Sep 2022 16:13:07 +0200
Subject: [PATCH] Rust guest example: fix unused functions for wasmtime

Also slightly change the DH and encapsulate APIs to be more explicit
about their parameters.
---
 implementations/bindings/rust/Cargo.toml      |  2 +-
 .../bindings/rust/src/kx/low/mod.rs           | 11 +++-----
 .../bindings/rust/src/kx/low/public_key.rs    | 20 ++++++++++----
 .../bindings/rust/src/kx/low/secret_key.rs    | 15 ++++++++++-
 implementations/bindings/rust/src/main.rs     | 27 -------------------
 implementations/bindings/rust/src/test.rs     | 13 +++++----
 6 files changed, 40 insertions(+), 48 deletions(-)
 delete mode 100644 implementations/bindings/rust/src/main.rs

diff --git a/implementations/bindings/rust/Cargo.toml b/implementations/bindings/rust/Cargo.toml
index f952390..9daf782 100644
--- a/implementations/bindings/rust/Cargo.toml
+++ b/implementations/bindings/rust/Cargo.toml
@@ -9,4 +9,4 @@ publish = false
 forced-target = "wasm32-wasi"
 
 [dependencies]
-num_enum = "0.5"
\ No newline at end of file
+num_enum = "0.5"
diff --git a/implementations/bindings/rust/src/kx/low/mod.rs b/implementations/bindings/rust/src/kx/low/mod.rs
index 827c04c..ae21958 100644
--- a/implementations/bindings/rust/src/kx/low/mod.rs
+++ b/implementations/bindings/rust/src/kx/low/mod.rs
@@ -6,11 +6,8 @@ pub use key_pair::*;
 pub use public_key::*;
 pub use secret_key::*;
 
-use crate::common::ArrayOutput;
-use crate::error::*;
-use crate::raw;
-
-pub fn kx_dh(public_key: KxPublicKey, secret_key: KxSecretKey) -> Result<Vec<u8>, Error> {
-    let shared_secret_handle = unsafe { raw::kx_dh(public_key.0.handle, secret_key.0.handle)? };
-    ArrayOutput::new(shared_secret_handle).into_vec()
+#[derive(Debug)]
+pub struct EncapsulatedSecret {
+    pub secret: Vec<u8>,
+    pub encapsulated_secret: Vec<u8>,
 }
diff --git a/implementations/bindings/rust/src/kx/low/public_key.rs b/implementations/bindings/rust/src/kx/low/public_key.rs
index 168b28e..578bc20 100644
--- a/implementations/bindings/rust/src/kx/low/public_key.rs
+++ b/implementations/bindings/rust/src/kx/low/public_key.rs
@@ -1,3 +1,5 @@
+use super::secret_key::*;
+use super::EncapsulatedSecret;
 use crate::asymmetric_common::*;
 use crate::common::ArrayOutput;
 use crate::error::*;
@@ -67,12 +69,20 @@ impl KxPublicKey {
         self.0.local()
     }
 
-    pub fn encapsulate(&self) -> Result<(Vec<u8>, Vec<u8>), Error> {
+    pub fn dh(&self, secret_key: &KxSecretKey) -> Result<Vec<u8>, Error> {
+        if self.0.alg != secret_key.0.alg {
+            return Err(Error::IncompatibleKeys);
+        }
+        let shared_secret_handle = unsafe { raw::kx_dh(self.0.handle, secret_key.0.handle)? };
+        ArrayOutput::new(shared_secret_handle).into_vec()
+    }
+
+    pub fn encapsulate(&self) -> Result<EncapsulatedSecret, Error> {
         let (secret_handle, encapsulated_secret_handle) =
             unsafe { raw::kx_encapsulate(self.0.handle) }?;
-        Ok((
-            ArrayOutput::new(secret_handle).into_vec()?,
-            ArrayOutput::new(encapsulated_secret_handle).into_vec()?,
-        ))
+        Ok(EncapsulatedSecret {
+            secret: ArrayOutput::new(secret_handle).into_vec()?,
+            encapsulated_secret: ArrayOutput::new(encapsulated_secret_handle).into_vec()?,
+        })
     }
 }
diff --git a/implementations/bindings/rust/src/kx/low/secret_key.rs b/implementations/bindings/rust/src/kx/low/secret_key.rs
index fab276d..9d8d3b0 100644
--- a/implementations/bindings/rust/src/kx/low/secret_key.rs
+++ b/implementations/bindings/rust/src/kx/low/secret_key.rs
@@ -31,6 +31,14 @@ impl KxSecretKey {
         )?))
     }
 
+    pub fn from_sec(alg: &'static str, encoded: impl AsRef<[u8]>) -> Result<Self, Error> {
+        Ok(KxSecretKey(SecretKey::from_sec(
+            raw::ALGORITHM_TYPE_KEY_EXCHANGE,
+            alg,
+            encoded,
+        )?))
+    }
+
     pub fn from_local(alg: &'static str, encoded: impl AsRef<[u8]>) -> Result<Self, Error> {
         Ok(KxSecretKey(SecretKey::from_local(
             raw::ALGORITHM_TYPE_KEY_EXCHANGE,
@@ -51,11 +59,16 @@ impl KxSecretKey {
         self.0.pem()
     }
 
+    pub fn sec(&self) -> Result<Vec<u8>, Error> {
+        self.0.sec()
+    }
+
     pub fn local(&self) -> Result<Vec<u8>, Error> {
         self.0.local()
     }
 
-    pub fn decapsulate(&self, encapsulated_secret: &[u8]) -> Result<Vec<u8>, Error> {
+    pub fn decapsulate(&self, encapsulated_secret: impl AsRef<[u8]>) -> Result<Vec<u8>, Error> {
+        let encapsulated_secret = encapsulated_secret.as_ref();
         let secret_handle = unsafe {
             raw::kx_decapsulate(
                 self.0.handle,
diff --git a/implementations/bindings/rust/src/main.rs b/implementations/bindings/rust/src/main.rs
deleted file mode 100644
index 72d73c6..0000000
--- a/implementations/bindings/rust/src/main.rs
+++ /dev/null
@@ -1,27 +0,0 @@
-mod asymmetric_common;
-mod common;
-mod raw;
-
-pub mod error;
-pub mod signatures;
-pub mod symmetric;
-
-pub mod prelude {
-    pub use crate::error::Error as WasiCryptoError;
-    pub use crate::signatures::*;
-    pub use crate::symmetric::*;
-}
-
-use prelude::*;
-
-fn main() -> Result<(), WasiCryptoError> {
-    let mut options = SymmetricOptions::new();
-    let nonce = [0u8; 12];
-    options.set("nonce", &nonce)?;
-    let key = SymmetricKey::generate("AES-128-GCM", Some(&options))?;
-    let mut state = SymmetricState::new("AES-128-GCM", Some(&key), Some(&options))?;
-    let ciphertext = state.encrypt(b"test")?;
-    let mut state = SymmetricState::new("AES-128-GCM", Some(&key), Some(&options))?;
-    state.decrypt(&ciphertext)?;
-    Ok(())
-}
diff --git a/implementations/bindings/rust/src/test.rs b/implementations/bindings/rust/src/test.rs
index da2ffaa..0cadba9 100644
--- a/implementations/bindings/rust/src/test.rs
+++ b/implementations/bindings/rust/src/test.rs
@@ -5,7 +5,7 @@ mod test {
     fn test_symmetric() -> Result<(), WasiCryptoError> {
         let mut options = SymmetricOptions::new();
         let nonce = [0u8; 12];
-        options.set("nonce", &nonce)?;
+        options.set("nonce", nonce)?;
         let key = SymmetricKey::generate("AES-128-GCM", Some(&options))?;
         let mut state = SymmetricState::new("AES-128-GCM", Some(&key), Some(&options))?;
         let ciphertext = state.encrypt(b"test")?;
@@ -37,7 +37,7 @@ mod test {
 
     #[test]
     fn test_signatures() -> Result<(), WasiCryptoError> {
-        let _ = SignaturePublicKey::from_raw("Ed25519", &[0; 32])?;
+        let _ = SignaturePublicKey::from_raw("Ed25519", [0; 32])?;
 
         let kp = SignatureKeyPair::generate("Ed25519")?;
         let signature = kp.sign("hello")?;
@@ -104,7 +104,7 @@ mod test {
         let pk2 = kp2.publickey()?;
         let sk2 = kp2.secretkey()?;
 
-        assert_eq!(kx_dh(pk1, sk2)?, kx_dh(pk2, sk1)?);
+        assert_eq!(pk1.dh(&sk2)?, pk2.dh(&sk1)?);
 
         Ok(())
     }
@@ -115,11 +115,10 @@ mod test {
         let pk = kp.publickey()?;
         let sk = kp.secretkey()?;
 
-        let (secret, encapsulated_secret) = pk.encapsulate()?;
+        let kem_output = pk.encapsulate()?;
+        let decapsulated_secret = sk.decapsulate(kem_output.encapsulated_secret.as_slice())?;
 
-        let decapsulated_secret = sk.decapsulate(encapsulated_secret.as_slice())?;
-
-        assert_eq!(secret, decapsulated_secret);
+        assert_eq!(kem_output.secret, decapsulated_secret);
         Ok(())
     }
 }