trussed-staging 0.5.0-rc.1

Work in progress trussed features
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

// Copyright (C) Nitrokey GmbH
// SPDX-License-Identifier: Apache-2.0 or MIT

use hkdf::Hkdf;
use sha2::Sha256;
use trussed::{
    config::MAX_MEDIUM_DATA_LENGTH,
    key::{Kind, Secrecy},
    serde_extensions::ExtensionImpl,
    service::ServiceResources,
    store::{ClientKeystore, Keystore, Store},
    types::CoreContext,
    Platform,
};
use trussed_core::{
    types::{Bytes, MediumData, ShortData},
    Error,
};
use trussed_hkdf::{
    HkdfExpandReply, HkdfExpandRequest, HkdfExtension, HkdfExtractReply, HkdfExtractRequest,
    HkdfReply, HkdfRequest, KeyOrData, OkmId,
};

use crate::{StagingBackend, StagingContext};

impl ExtensionImpl<HkdfExtension> for StagingBackend {
    fn extension_request<P: Platform>(
        &mut self,
        core_ctx: &mut CoreContext,
        _backend_ctx: &mut StagingContext,
        request: &HkdfRequest,
        resources: &mut ServiceResources<P>,
    ) -> Result<HkdfReply, Error> {
        let mut keystore = resources.keystore(core_ctx.path.clone())?;
        Ok(match request {
            HkdfRequest::Extract(req) => extract(req, &mut keystore)?.into(),
            HkdfRequest::Expand(req) => expand(req, &mut keystore)?.into(),
        })
    }
}

fn get_mat<S: Store>(
    req: &KeyOrData<MAX_MEDIUM_DATA_LENGTH>,
    keystore: &mut ClientKeystore<S>,
) -> Result<MediumData, Error> {
    Ok(match req {
        KeyOrData::Data(d) => d.clone(),
        KeyOrData::Key(key_id) => {
            let key_mat = keystore.load_key(Secrecy::Secret, None, key_id)?;
            if !matches!(key_mat.kind, Kind::Symmetric(..) | Kind::Shared(..)) {
                warn!("Attempt to HKDF on a private key");
                return Err(Error::MechanismInvalid);
            }
            Bytes::try_from(&*key_mat.material).map_err(|_| {
                warn!("Attempt to HKDF a too large key");
                Error::InternalError
            })?
        }
    })
}

fn extract<S: Store>(
    req: &HkdfExtractRequest,
    keystore: &mut ClientKeystore<S>,
) -> Result<HkdfExtractReply, Error> {
    let ikm = get_mat(&req.ikm, keystore)?;
    let salt = req
        .salt
        .as_ref()
        .map(|s| get_mat(s, keystore))
        .transpose()?;
    let salt_ref = salt.as_deref();
    let (prk, _) = Hkdf::<Sha256>::extract(salt_ref, &ikm);
    assert_eq!(prk.len(), 256 / 8);
    let key_id = keystore.store_key(
        req.storage,
        Secrecy::Secret,
        Kind::Symmetric(prk.len()),
        &prk,
    )?;
    Ok(HkdfExtractReply { okm: OkmId(key_id) })
}
fn expand<S: Store>(
    req: &HkdfExpandRequest,
    keystore: &mut ClientKeystore<S>,
) -> Result<HkdfExpandReply, Error> {
    let prk = keystore.load_key(Secrecy::Secret, None, &req.prk.0)?;
    if !matches!(prk.kind, Kind::Symmetric(32)) {
        error!("Attempt to use wrong key for HKDF expand");
        return Err(Error::ObjectHandleInvalid);
    }

    let hkdf = Hkdf::<Sha256>::from_prk(&prk.material).map_err(|_| {
        warn!("Failed to create HKDF");
        Error::InternalError
    })?;
    let mut okm = ShortData::new();
    okm.resize_zero(req.len).map_err(|_| {
        error!("Attempt to run HKDF with too large output");
        Error::WrongMessageLength
    })?;
    hkdf.expand(&req.info, &mut okm).map_err(|_| {
        warn!("Bad HKDF expand length");
        Error::WrongMessageLength
    })?;

    let key = keystore.store_key(
        req.storage,
        Secrecy::Secret,
        Kind::Symmetric(okm.len()),
        &okm,
    )?;

    Ok(HkdfExpandReply { key })
}