From d8de0e3967839f1b3fa31914337513698ba076a3 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 12 Dec 2024 16:05:29 +0100 Subject: [PATCH] Use trussed_core::types::EncryptedData Previously, we serialized trussed::api::reply::Encrypt directly. We have removed the serde trait implementations for the Trussed request and reply structs so this patch updates WrappedKeyData to use the EncryptedData struct instead. See also: https://github.com/trussed-dev/trussed/issues/183 --- Cargo.toml | 4 +++- src/core_api.rs | 30 +++++++++++------------------- 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0a67770..86f5aa0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,6 +25,7 @@ trussed.workspace = true se05x = { version = "0.1.5", features = ["serde", "builder"] } trussed-auth = "0.3.0" +trussed-core = "0.1" trussed-manage = "0.1.0" trussed-se050-manage = "0.1.0" trussed-wrap-key-to-file = "0.1.0" @@ -58,7 +59,8 @@ serde_test = "1.0.176" [patch.crates-io] ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" } -trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "046478b7a4f6e2315acf9112d98308379c2e3eee" } +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "eadd27cda0f457caae609e7fa972277e46695bd3" } +trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "eadd27cda0f457caae609e7fa972277e46695bd3" } trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth.git", rev = "c030b82ad3441f337af09afe3a69e8a6da5785ea" } trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" } trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", tag = "v0.2.1" } diff --git a/src/core_api.rs b/src/core_api.rs index c353382..bee4197 100644 --- a/src/core_api.rs +++ b/src/core_api.rs @@ -34,6 +34,7 @@ use trussed::{ types::{CoreContext, KeyId, KeySerialization, Location, Mechanism, Message}, Bytes, Error, }; +use trussed_core::types::EncryptedData; use trussed_rsa_alloc::{RsaImportFormat, RsaPublicParts}; use crate::{ @@ -89,7 +90,7 @@ pub(crate) enum WrappedKeyType { /// If this is a raw wrapped key, `is_se050` is not included and therefore deserializes to `false` #[derive(Serialize, Deserialize, Debug, Clone)] struct WrappedKeyData { - encrypted_data: reply::Encrypt, + encrypted_data: EncryptedData, ty: WrappedKeyType, } @@ -2629,7 +2630,8 @@ impl> Se050Backend { ::encrypt( core_keystore, &encryption_request, - )?; + )? + .into(); let mut wrapped_key: Bytes<1024> = postcard::to_vec(&WrappedKeyData { encrypted_data, ty }) .map_err(|_| Error::CborError)? @@ -2749,24 +2751,14 @@ impl> Se050Backend { return Err(Error::FunctionNotSupported); } - let WrappedKeyData { - encrypted_data: - reply::Encrypt { - ciphertext, - nonce, - tag, - }, - ty, - } = postcard::from_bytes(&req.wrapped_key[1..]).map_err(|_| Error::CborError)?; + let WrappedKeyData { encrypted_data, ty } = + postcard::from_bytes(&req.wrapped_key[1..]).map_err(|_| Error::CborError)?; - let decryption_request = request::Decrypt { - mechanism: Mechanism::Chacha8Poly1305, - key: req.wrapping_key, - message: ciphertext, - associated_data: req.associated_data.clone(), - nonce, - tag, - }; + let decryption_request = encrypted_data.decrypt( + Mechanism::Chacha8Poly1305, + req.wrapping_key, + req.associated_data.clone(), + ); let decryption_result = ::decrypt(