Skip to content

Commit

Permalink
Remove encrypted-chunked feature
Browse files Browse the repository at this point in the history
This patch always enables the syscalls that previously were behind the
encrypted-chunked feature.  This makes sure that enabling the feature in
one crate does not break another crate that also depends on
trussed-chunked.  In practice, the feature is always enabled anyway so
separating the encrypted syscalls does not bring any benefits.

Fixes: #20
  • Loading branch information
robin-nitrokey committed Mar 15, 2024
1 parent 06bf42c commit 1a96453
Show file tree
Hide file tree
Showing 6 changed files with 3 additions and 39 deletions.
3 changes: 1 addition & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,7 @@ trussed = { workspace = true, features = ["virt"] }
default = ["manage"]

wrap-key-to-file = ["chacha20poly1305", "trussed-wrap-key-to-file"]
chunked = ["trussed-chunked"]
encrypted-chunked = ["chunked", "chacha20poly1305/stream", "trussed-chunked/encrypted-chunked"]
chunked = ["trussed-chunked", "chacha20poly1305/stream"]
manage = ["trussed-manage"]

virt = ["std", "trussed/virt"]
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
check:
RUSTLFAGS='-Dwarnings' cargo check --all-features --all-targets --workspace
RUSTLFAGS='-Dwarnings' cargo check --no-default-features
RUSTLFAGS='-Dwarnings' cargo check --features encrypted-chunked
RUSTLFAGS='-Dwarnings' cargo check --features chunked
RUSTLFAGS='-Dwarnings' cargo check --features manage
RUSTLFAGS='-Dwarnings' cargo check --features wrap-key-to-file

Expand Down
3 changes: 0 additions & 3 deletions extensions/chunked/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,3 @@ license.workspace = true
serde.workspace = true
serde-byte-array.workspace = true
trussed.workspace = true

[features]
encrypted-chunked = []
19 changes: 0 additions & 19 deletions extensions/chunked/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
#![warn(non_ascii_idents, trivial_casts, unused, unused_qualifications)]
#![deny(unsafe_code)]

#[cfg(feature = "encrypted-chunked")]
pub mod utils;

use serde::{Deserialize, Serialize};
Expand All @@ -30,10 +29,8 @@ impl Extension for ChunkedExtension {
#[allow(missing_docs, clippy::large_enum_variant)]
pub enum ChunkedRequest {
StartChunkedWrite(request::StartChunkedWrite),
#[cfg(feature = "encrypted-chunked")]
StartEncryptedChunkedWrite(request::StartEncryptedChunkedWrite),
StartChunkedRead(request::StartChunkedRead),
#[cfg(feature = "encrypted-chunked")]
StartEncryptedChunkedRead(request::StartEncryptedChunkedRead),
ReadChunk(request::ReadChunk),
WriteChunk(request::WriteChunk),
Expand All @@ -47,10 +44,8 @@ pub enum ChunkedRequest {
pub enum ChunkedReply {
ReadChunk(reply::ReadChunk),
StartChunkedWrite(reply::StartChunkedWrite),
#[cfg(feature = "encrypted-chunked")]
StartEncryptedChunkedWrite(reply::StartEncryptedChunkedWrite),
StartChunkedRead(reply::StartChunkedRead),
#[cfg(feature = "encrypted-chunked")]
StartEncryptedChunkedRead(reply::StartEncryptedChunkedRead),
WriteChunk(reply::WriteChunk),
AbortChunkedWrite(reply::AbortChunkedWrite),
Expand Down Expand Up @@ -107,7 +102,6 @@ pub mod request {
}
}

#[cfg(feature = "encrypted-chunked")]
#[derive(Debug, PartialEq, Eq, Deserialize, Serialize)]
pub struct StartEncryptedChunkedWrite {
pub location: Location,
Expand All @@ -117,7 +111,6 @@ pub mod request {
pub nonce: Option<ByteArray<CHACHA8_STREAM_NONCE_LEN>>,
}

#[cfg(feature = "encrypted-chunked")]
impl TryFrom<ChunkedRequest> for StartEncryptedChunkedWrite {
type Error = Error;
fn try_from(request: ChunkedRequest) -> Result<Self, Self::Error> {
Expand All @@ -128,7 +121,6 @@ pub mod request {
}
}

#[cfg(feature = "encrypted-chunked")]
impl From<StartEncryptedChunkedWrite> for ChunkedRequest {
fn from(request: StartEncryptedChunkedWrite) -> Self {
Self::StartEncryptedChunkedWrite(request)
Expand Down Expand Up @@ -157,15 +149,13 @@ pub mod request {
}
}

#[cfg(feature = "encrypted-chunked")]
#[derive(Debug, PartialEq, Eq, Deserialize, Serialize)]
pub struct StartEncryptedChunkedRead {
pub location: Location,
pub path: PathBuf,
pub key: KeyId,
}

#[cfg(feature = "encrypted-chunked")]
impl TryFrom<ChunkedRequest> for StartEncryptedChunkedRead {
type Error = Error;
fn try_from(request: ChunkedRequest) -> Result<Self, Self::Error> {
Expand All @@ -176,7 +166,6 @@ pub mod request {
}
}

#[cfg(feature = "encrypted-chunked")]
impl From<StartEncryptedChunkedRead> for ChunkedRequest {
fn from(request: StartEncryptedChunkedRead) -> Self {
Self::StartEncryptedChunkedRead(request)
Expand Down Expand Up @@ -318,11 +307,9 @@ pub mod reply {
}
}

#[cfg(feature = "encrypted-chunked")]
#[derive(Debug, PartialEq, Eq, Deserialize, Serialize)]
pub struct StartEncryptedChunkedWrite {}

#[cfg(feature = "encrypted-chunked")]
impl TryFrom<ChunkedReply> for StartEncryptedChunkedWrite {
type Error = Error;
fn try_from(reply: ChunkedReply) -> Result<Self, Self::Error> {
Expand All @@ -333,7 +320,6 @@ pub mod reply {
}
}

#[cfg(feature = "encrypted-chunked")]
impl From<StartEncryptedChunkedWrite> for ChunkedReply {
fn from(reply: StartEncryptedChunkedWrite) -> Self {
Self::StartEncryptedChunkedWrite(reply)
Expand Down Expand Up @@ -362,11 +348,9 @@ pub mod reply {
}
}

#[cfg(feature = "encrypted-chunked")]
#[derive(Debug, PartialEq, Eq, Deserialize, Serialize)]
pub struct StartEncryptedChunkedRead {}

#[cfg(feature = "encrypted-chunked")]
impl TryFrom<ChunkedReply> for StartEncryptedChunkedRead {
type Error = Error;
fn try_from(reply: ChunkedReply) -> Result<Self, Self::Error> {
Expand All @@ -377,7 +361,6 @@ pub mod reply {
}
}

#[cfg(feature = "encrypted-chunked")]
impl From<StartEncryptedChunkedRead> for ChunkedReply {
fn from(reply: StartEncryptedChunkedRead) -> Self {
Self::StartEncryptedChunkedRead(reply)
Expand Down Expand Up @@ -492,7 +475,6 @@ pub trait ChunkedClient: ExtensionClient<ChunkedExtension> + FilesystemClient {
///
/// More chunks can be written with [`write_file_chunk`](ChunkedClient::write_file_chunk).
/// The data is flushed and becomes readable when a chunk smaller than the maximum capacity of a [`Message`] is transfered.
#[cfg(feature = "encrypted-chunked")]
fn start_encrypted_chunked_write(
&mut self,
location: Location,
Expand Down Expand Up @@ -527,7 +509,6 @@ pub trait ChunkedClient: ExtensionClient<ChunkedExtension> + FilesystemClient {
/// More chunks can be read with [`read_file_chunk`](ChunkedClient::read_file_chunk).
/// The read is over once a chunk of size smaller than the maximum capacity of a [`Message`] is transfered.
/// Only once the entire file has been read does the data have been properly authenticated.
#[cfg(feature = "encrypted-chunked")]
fn start_encrypted_chunked_read(
&mut self,
location: Location,
Expand Down
13 changes: 0 additions & 13 deletions src/chunked/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
mod store;
use store::OpenSeekFrom;

#[cfg(feature = "encrypted-chunked")]
use chacha20poly1305::{
aead::stream::{DecryptorLE31, EncryptorLE31, Nonce as StreamNonce, StreamLE31},
ChaCha8Poly1305, KeyInit,
Expand Down Expand Up @@ -41,15 +40,13 @@ pub struct ChunkedWriteState {
pub location: Location,
}

#[cfg(feature = "encrypted-chunked")]
pub struct EncryptedChunkedReadState {
pub path: PathBuf,
pub location: Location,
pub offset: usize,
pub decryptor: DecryptorLE31<ChaCha8Poly1305>,
}

#[cfg(feature = "encrypted-chunked")]
pub struct EncryptedChunkedWriteState {
pub path: PathBuf,
pub location: Location,
Expand All @@ -60,9 +57,7 @@ pub struct EncryptedChunkedWriteState {
pub enum ChunkedIoState {
Read(ChunkedReadState),
Write(ChunkedWriteState),
#[cfg(feature = "encrypted-chunked")]
EncryptedRead(EncryptedChunkedReadState),
#[cfg(feature = "encrypted-chunked")]
EncryptedWrite(EncryptedChunkedWriteState),
}

Expand All @@ -83,7 +78,6 @@ impl ExtensionImpl<ChunkedExtension> for super::StagingBackend {
ChunkedRequest::ReadChunk(_) => {
let read_state = match &mut backend_ctx.chunked_io_state {
Some(ChunkedIoState::Read(read_state)) => read_state,
#[cfg(feature = "encrypted-chunked")]
Some(ChunkedIoState::EncryptedRead(_)) => {
return read_encrypted_chunk(store, client_id, backend_ctx)
}
Expand Down Expand Up @@ -168,7 +162,6 @@ impl ExtensionImpl<ChunkedExtension> for super::StagingBackend {
)?;
Ok(reply::AppendFile { file_length }.into())
}
#[cfg(feature = "encrypted-chunked")]
ChunkedRequest::StartEncryptedChunkedWrite(request) => {
clear_chunked_state(store, client_id, backend_ctx)?;
let key = keystore.load_key(
Expand Down Expand Up @@ -200,7 +193,6 @@ impl ExtensionImpl<ChunkedExtension> for super::StagingBackend {
}));
Ok(reply::StartEncryptedChunkedWrite {}.into())
}
#[cfg(feature = "encrypted-chunked")]
ChunkedRequest::StartEncryptedChunkedRead(request) => {
clear_chunked_state(store, client_id, backend_ctx)?;
let key = keystore.load_key(
Expand Down Expand Up @@ -238,9 +230,7 @@ fn clear_chunked_state(
info!("Automatically cancelling write");
store::abort_chunked_write(store, client_id, &write_state.path, write_state.location);
}
#[cfg(feature = "encrypted-chunked")]
Some(ChunkedIoState::EncryptedRead(_)) => {}
#[cfg(feature = "encrypted-chunked")]
Some(ChunkedIoState::EncryptedWrite(write_state)) => {
info!("Automatically cancelling encrypted write");
store::abort_chunked_write(store, client_id, &write_state.path, write_state.location);
Expand All @@ -265,7 +255,6 @@ fn write_chunk(
data,
)?;
}
#[cfg(feature = "encrypted-chunked")]
Some(ChunkedIoState::EncryptedWrite(ref mut write_state)) => {
let mut data =
Bytes::<{ MAX_MESSAGE_LENGTH + POLY1305_TAG_LEN }>::from_slice(data).unwrap();
Expand Down Expand Up @@ -306,7 +295,6 @@ fn write_last_chunk(
)?;
store::flush_chunks(store, client_id, &write_state.path, write_state.location)?;
}
#[cfg(feature = "encrypted-chunked")]
Some(ChunkedIoState::EncryptedWrite(write_state)) => {
let mut data =
Bytes::<{ MAX_MESSAGE_LENGTH + POLY1305_TAG_LEN }>::from_slice(data).unwrap();
Expand All @@ -332,7 +320,6 @@ fn write_last_chunk(
Ok(())
}

#[cfg(feature = "encrypted-chunked")]
fn read_encrypted_chunk(
store: impl Store,
client_id: &Path,
Expand Down
2 changes: 1 addition & 1 deletion tests/encrypted-chunked.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// Copyright (C) Nitrokey GmbH
// SPDX-License-Identifier: Apache-2.0 or MIT

#![cfg(all(feature = "virt", feature = "encrypted-chunked"))]
#![cfg(all(feature = "virt", feature = "chunked"))]

use littlefs2::path::PathBuf;
use serde_byte_array::ByteArray;
Expand Down

0 comments on commit 1a96453

Please sign in to comment.