-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Import HkdfExtension from Nitrokey/trussed-hkdf-backend
The HkdfExtension was previously maintained in a separate repository and together with a custom backend. Every additional backend adds some overhead, both in the firmware and for maintenance. Therefore this patch moves the trussed-hkdf crate with the HkdfExtension as an extension into this repository and implements it for the StagingBackend, replacing the HkdfBackend. This patch also releases trussed-hkdf v0.2.0 and trussed-staging v0.3.0. Fixes: Nitrokey/trussed-hkdf-backend#6
- Loading branch information
1 parent
a9557b0
commit e016b25
Showing
10 changed files
with
432 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ | |
# SPDX-License-Identifier: CC0-1.0 | ||
|
||
[workspace] | ||
members = ["extensions/chunked", "extensions/manage", "extensions/wrap-key-to-file"] | ||
members = ["extensions/chunked", "extensions/hkdf", "extensions/manage", "extensions/wrap-key-to-file"] | ||
|
||
[workspace.package] | ||
authors = ["Nitrokey GmbH <[email protected]>"] | ||
|
@@ -17,7 +17,7 @@ trussed = { version = "0.1.0", features = ["serde-extensions"] } | |
|
||
[package] | ||
name = "trussed-staging" | ||
version = "0.2.0" | ||
version = "0.3.0" | ||
description = "Work in progress trussed features" | ||
authors.workspace = true | ||
edition.workspace = true | ||
|
@@ -30,23 +30,29 @@ serde-byte-array.workspace = true | |
trussed.workspace = true | ||
|
||
chacha20poly1305 = { version = "0.10", default-features = false, features = ["heapless", "reduced-round"], optional = true } | ||
rand_core = { version = "0.6.4", default-features = false } | ||
delog = "0.1.6" | ||
hkdf = { version = "0.12", optional = true } | ||
rand_core = { version = "0.6.4", default-features = false } | ||
sha2 = { version = "0.10", default-features = false, optional = true } | ||
littlefs2 = "0.4.0" | ||
|
||
trussed-chunked = { version = "0.1.0", optional = true } | ||
trussed-hkdf = { version = "0.2.0", optional = true } | ||
trussed-manage = { version = "0.1.0", optional = true } | ||
trussed-wrap-key-to-file = { version = "0.1.0", optional = true } | ||
|
||
[dev-dependencies] | ||
hex-literal = "0.3.4" | ||
hmac = "0.12.0" | ||
trussed = { workspace = true, features = ["virt"] } | ||
|
||
[features] | ||
default = [] | ||
|
||
wrap-key-to-file = ["chacha20poly1305", "trussed-wrap-key-to-file"] | ||
chunked = ["trussed-chunked", "chacha20poly1305/stream"] | ||
hkdf = ["trussed-hkdf", "dep:hkdf", "dep:sha2"] | ||
manage = ["trussed-manage"] | ||
wrap-key-to-file = ["chacha20poly1305", "trussed-wrap-key-to-file"] | ||
|
||
virt = ["std", "trussed/virt"] | ||
std = [] | ||
|
@@ -64,5 +70,6 @@ trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "45ed62ba9 | |
littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "ebd27e49ca321089d01d8c9b169c4aeb58ceeeca" } | ||
|
||
trussed-chunked = { path = "extensions/chunked" } | ||
trussed-hkdf = { path = "extensions/hkdf" } | ||
trussed-manage = { path = "extensions/manage" } | ||
trussed-wrap-key-to-file = { path = "extensions/wrap-key-to-file" } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<!-- | ||
Copyright (C) Nitrokey GmbH | ||
SPDX-License-Identifier: CC0-1.0 | ||
--> | ||
|
||
# Changelog | ||
All notable changes to this project will be documented in this file. | ||
|
||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), | ||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). | ||
|
||
## [Unreleased][] | ||
|
||
[Unreleased]: https://github.com/trussed-dev/trussed-staging/compare/hkdf-v0.2.0...HEAD | ||
|
||
- | ||
|
||
## [0.2.0][] - 2024-03-25 | ||
|
||
[0.2.0]: https://github.com/trussed-dev/trussed-staging/releases/tag/hkdf-v0.2.0 | ||
|
||
- Move the `trussed-hkdf` crate from the [Nitrokey/trussed-hkdf-backend][] | ||
repository into the [trussed-dev/trussed-staging][] repository | ||
- Remove the `HkdfBackend`. The `HkdfExtension` is now implemented by the | ||
`StagingBackend` in `trussed-staging` if the `hkdf` feature is enabled | ||
|
||
[Nitrokey/trussed-hkdf-backend]: https://github.com/Nitrokey/trussed-hkdf-backend | ||
[trussed-dev/trussed-staging]: https://github.com/trussed-dev/trussed-staging | ||
|
||
## [0.1.0][] - 2024-02-20 | ||
|
||
[0.1.0]: https://github.com/Nitrokey/trussed-hkdf-backend/releases/tag/v0.1.0 | ||
|
||
Initial release of the `HkdfExtension` and its implementation in the `HkdfBackend`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Copyright (C) Nitrokey GmbH | ||
# SPDX-License-Identifier: CC0-1.0 | ||
|
||
[package] | ||
name = "trussed-hkdf" | ||
version = "0.2.0" | ||
authors.workspace = true | ||
edition.workspace = true | ||
repository.workspace = true | ||
license.workspace = true | ||
|
||
[dependencies] | ||
serde.workspace = true | ||
trussed.workspace = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,164 @@ | ||
// Copyright (C) Nitrokey GmbH | ||
// SPDX-License-Identifier: Apache-2.0 or MIT | ||
|
||
#![no_std] | ||
#![warn(non_ascii_idents, trivial_casts, unused, unused_qualifications)] | ||
#![deny(unsafe_code)] | ||
|
||
use serde::{Deserialize, Serialize}; | ||
use trussed::{ | ||
config::MAX_MEDIUM_DATA_LENGTH, | ||
serde_extensions::{Extension, ExtensionClient, ExtensionResult}, | ||
types::{Bytes, KeyId, Location, Message}, | ||
Error, | ||
}; | ||
|
||
#[derive(Clone, Copy, Debug, Serialize, Deserialize)] | ||
pub struct OkmId(pub KeyId); | ||
|
||
/// Can represent either data or a key | ||
#[derive(Serialize, Deserialize)] | ||
pub enum KeyOrData<const N: usize> { | ||
Key(KeyId), | ||
Data(Bytes<N>), | ||
} | ||
|
||
pub struct HkdfExtension; | ||
|
||
impl Extension for HkdfExtension { | ||
type Request = HkdfRequest; | ||
type Reply = HkdfReply; | ||
} | ||
|
||
#[allow(clippy::large_enum_variant)] | ||
#[derive(Serialize, Deserialize)] | ||
pub enum HkdfRequest { | ||
Extract(HkdfExtractRequest), | ||
Expand(HkdfExpandRequest), | ||
} | ||
#[derive(Serialize, Deserialize)] | ||
pub enum HkdfReply { | ||
Extract(HkdfExtractReply), | ||
Expand(HkdfExpandReply), | ||
} | ||
|
||
impl From<HkdfExpandRequest> for HkdfRequest { | ||
fn from(v: HkdfExpandRequest) -> Self { | ||
Self::Expand(v) | ||
} | ||
} | ||
|
||
impl From<HkdfExtractRequest> for HkdfRequest { | ||
fn from(v: HkdfExtractRequest) -> Self { | ||
Self::Extract(v) | ||
} | ||
} | ||
|
||
impl From<HkdfExpandReply> for HkdfReply { | ||
fn from(v: HkdfExpandReply) -> Self { | ||
Self::Expand(v) | ||
} | ||
} | ||
|
||
impl From<HkdfExtractReply> for HkdfReply { | ||
fn from(v: HkdfExtractReply) -> Self { | ||
Self::Extract(v) | ||
} | ||
} | ||
|
||
impl TryFrom<HkdfRequest> for HkdfExpandRequest { | ||
type Error = Error; | ||
fn try_from(v: HkdfRequest) -> Result<Self, Error> { | ||
match v { | ||
HkdfRequest::Expand(v) => Ok(v), | ||
_ => Err(Error::InternalError), | ||
} | ||
} | ||
} | ||
impl TryFrom<HkdfRequest> for HkdfExtractRequest { | ||
type Error = Error; | ||
fn try_from(v: HkdfRequest) -> Result<Self, Error> { | ||
match v { | ||
HkdfRequest::Extract(v) => Ok(v), | ||
_ => Err(Error::InternalError), | ||
} | ||
} | ||
} | ||
|
||
impl TryFrom<HkdfReply> for HkdfExpandReply { | ||
type Error = Error; | ||
fn try_from(v: HkdfReply) -> Result<Self, Error> { | ||
match v { | ||
HkdfReply::Expand(v) => Ok(v), | ||
_ => Err(Error::InternalError), | ||
} | ||
} | ||
} | ||
impl TryFrom<HkdfReply> for HkdfExtractReply { | ||
type Error = Error; | ||
fn try_from(v: HkdfReply) -> Result<Self, Error> { | ||
match v { | ||
HkdfReply::Extract(v) => Ok(v), | ||
_ => Err(Error::InternalError), | ||
} | ||
} | ||
} | ||
|
||
#[derive(Serialize, Deserialize)] | ||
pub struct HkdfExtractReply { | ||
pub okm: OkmId, | ||
} | ||
|
||
#[derive(Serialize, Deserialize)] | ||
pub struct HkdfExtractRequest { | ||
pub ikm: KeyOrData<MAX_MEDIUM_DATA_LENGTH>, | ||
pub salt: Option<KeyOrData<MAX_MEDIUM_DATA_LENGTH>>, | ||
/// Location to store the OKM | ||
pub storage: Location, | ||
} | ||
|
||
#[derive(Serialize, Deserialize)] | ||
pub struct HkdfExpandReply { | ||
pub key: KeyId, | ||
} | ||
|
||
#[derive(Serialize, Deserialize)] | ||
pub struct HkdfExpandRequest { | ||
pub prk: OkmId, | ||
pub info: Message, | ||
pub len: usize, | ||
pub storage: Location, | ||
} | ||
|
||
pub type HkdfResult<'a, R, C> = ExtensionResult<'a, HkdfExtension, R, C>; | ||
|
||
pub trait HkdfClient: ExtensionClient<HkdfExtension> { | ||
fn hkdf_extract( | ||
&mut self, | ||
ikm: KeyOrData<MAX_MEDIUM_DATA_LENGTH>, | ||
salt: Option<KeyOrData<MAX_MEDIUM_DATA_LENGTH>>, | ||
storage: Location, | ||
) -> HkdfResult<'_, HkdfExtractReply, Self> { | ||
self.extension(HkdfRequest::Extract(HkdfExtractRequest { | ||
ikm, | ||
salt, | ||
storage, | ||
})) | ||
} | ||
fn hkdf_expand( | ||
&mut self, | ||
prk: OkmId, | ||
info: Message, | ||
len: usize, | ||
storage: Location, | ||
) -> HkdfResult<'_, HkdfExpandReply, Self> { | ||
self.extension(HkdfRequest::Expand(HkdfExpandRequest { | ||
prk, | ||
info, | ||
len, | ||
storage, | ||
})) | ||
} | ||
} | ||
|
||
impl<C: ExtensionClient<HkdfExtension>> HkdfClient for C {} |
Oops, something went wrong.