trussed_core/client/
crypto.rs

1use super::{ClientError, ClientResult, PollClient};
2use crate::{
3    api::{reply, request},
4    types::{
5        Bytes, KeyId, KeySerialization, Location, Mechanism, MediumData, Message, SerializedKey,
6        ShortData, Signature, SignatureSerialization, StorageAttributes,
7    },
8};
9
10/// Trussed Client interface that Trussed apps can rely on.
11pub trait CryptoClient: PollClient {
12    // call with any of `crate::api::request::*`
13    // fn request<'c>(&'c mut self, req: impl Into<Request>)
14    // -> core::result::Result<RawFutureResult<'c, Self>, ClientError>;
15
16    fn agree(
17        &mut self,
18        mechanism: Mechanism,
19        private_key: KeyId,
20        public_key: KeyId,
21        attributes: StorageAttributes,
22    ) -> ClientResult<'_, reply::Agree, Self> {
23        self.request(request::Agree {
24            mechanism,
25            private_key,
26            public_key,
27            attributes,
28        })
29    }
30
31    fn decrypt<'c>(
32        &'c mut self,
33        mechanism: Mechanism,
34        key: KeyId,
35        message: &[u8],
36        associated_data: &[u8],
37        nonce: &[u8],
38        tag: &[u8],
39    ) -> ClientResult<'c, reply::Decrypt, Self> {
40        let message = Message::from_slice(message).map_err(|_| ClientError::DataTooLarge)?;
41        let associated_data =
42            Message::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?;
43        let nonce = ShortData::from_slice(nonce).map_err(|_| ClientError::DataTooLarge)?;
44        let tag = ShortData::from_slice(tag).map_err(|_| ClientError::DataTooLarge)?;
45        self.request(request::Decrypt {
46            mechanism,
47            key,
48            message,
49            associated_data,
50            nonce,
51            tag,
52        })
53    }
54
55    fn delete(&mut self, key: KeyId) -> ClientResult<'_, reply::Delete, Self> {
56        self.request(request::Delete {
57            key,
58            // mechanism,
59        })
60    }
61
62    /// Clear private data from the key
63    ///
64    /// This will not delete all metadata from storage.
65    /// Other backends can retain metadata required for `unwrap_key` to work properly
66    /// and delete this metadata only once `delete` is called.
67    fn clear(&mut self, key: KeyId) -> ClientResult<'_, reply::Clear, Self> {
68        self.request(request::Clear {
69            key,
70            // mechanism,
71        })
72    }
73
74    /// Skips deleting read-only / manufacture keys (currently, "low ID").
75    fn delete_all(&mut self, location: Location) -> ClientResult<'_, reply::DeleteAllKeys, Self> {
76        self.request(request::DeleteAllKeys { location })
77    }
78
79    fn derive_key(
80        &mut self,
81        mechanism: Mechanism,
82        base_key: KeyId,
83        additional_data: Option<MediumData>,
84        attributes: StorageAttributes,
85    ) -> ClientResult<'_, reply::DeriveKey, Self> {
86        self.request(request::DeriveKey {
87            mechanism,
88            base_key,
89            additional_data,
90            attributes,
91        })
92    }
93
94    fn deserialize_key<'c>(
95        &'c mut self,
96        mechanism: Mechanism,
97        serialized_key: &[u8],
98        format: KeySerialization,
99        attributes: StorageAttributes,
100    ) -> ClientResult<'c, reply::DeserializeKey, Self> {
101        let serialized_key =
102            SerializedKey::from_slice(serialized_key).map_err(|_| ClientError::DataTooLarge)?;
103        self.request(request::DeserializeKey {
104            mechanism,
105            serialized_key,
106            format,
107            attributes,
108        })
109    }
110
111    fn encrypt<'c>(
112        &'c mut self,
113        mechanism: Mechanism,
114        key: KeyId,
115        message: &[u8],
116        associated_data: &[u8],
117        nonce: Option<ShortData>,
118    ) -> ClientResult<'c, reply::Encrypt, Self> {
119        let message = Message::from_slice(message).map_err(|_| ClientError::DataTooLarge)?;
120        let associated_data =
121            ShortData::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?;
122        self.request(request::Encrypt {
123            mechanism,
124            key,
125            message,
126            associated_data,
127            nonce,
128        })
129    }
130
131    fn exists(
132        &mut self,
133        mechanism: Mechanism,
134        key: KeyId,
135    ) -> ClientResult<'_, reply::Exists, Self> {
136        self.request(request::Exists { key, mechanism })
137    }
138
139    fn generate_key(
140        &mut self,
141        mechanism: Mechanism,
142        attributes: StorageAttributes,
143    ) -> ClientResult<'_, reply::GenerateKey, Self> {
144        self.request(request::GenerateKey {
145            mechanism,
146            attributes,
147        })
148    }
149
150    fn generate_secret_key(
151        &mut self,
152        size: usize,
153        persistence: Location,
154    ) -> ClientResult<'_, reply::GenerateSecretKey, Self> {
155        self.request(request::GenerateSecretKey {
156            size,
157            attributes: StorageAttributes::new().set_persistence(persistence),
158        })
159    }
160
161    fn hash(
162        &mut self,
163        mechanism: Mechanism,
164        message: Message,
165    ) -> ClientResult<'_, reply::Hash, Self> {
166        self.request(request::Hash { mechanism, message })
167    }
168
169    fn random_bytes(&mut self, count: usize) -> ClientResult<'_, reply::RandomBytes, Self> {
170        self.request(request::RandomBytes { count })
171    }
172
173    fn serialize_key(
174        &mut self,
175        mechanism: Mechanism,
176        key: KeyId,
177        format: KeySerialization,
178    ) -> ClientResult<'_, reply::SerializeKey, Self> {
179        self.request(request::SerializeKey {
180            key,
181            mechanism,
182            format,
183        })
184    }
185
186    fn sign<'c>(
187        &'c mut self,
188        mechanism: Mechanism,
189        key: KeyId,
190        data: &[u8],
191        format: SignatureSerialization,
192    ) -> ClientResult<'c, reply::Sign, Self> {
193        self.request(request::Sign {
194            key,
195            mechanism,
196            message: Bytes::from_slice(data).map_err(|_| ClientError::DataTooLarge)?,
197            format,
198        })
199    }
200
201    fn verify<'c>(
202        &'c mut self,
203        mechanism: Mechanism,
204        key: KeyId,
205        message: &[u8],
206        signature: &[u8],
207        format: SignatureSerialization,
208    ) -> ClientResult<'c, reply::Verify, Self> {
209        self.request(request::Verify {
210            mechanism,
211            key,
212            message: Message::from_slice(message).expect("all good"),
213            signature: Signature::from_slice(signature).expect("all good"),
214            format,
215        })
216    }
217
218    fn unsafe_inject_key(
219        &mut self,
220        mechanism: Mechanism,
221        raw_key: &[u8],
222        persistence: Location,
223        format: KeySerialization,
224    ) -> ClientResult<'_, reply::UnsafeInjectKey, Self> {
225        self.request(request::UnsafeInjectKey {
226            mechanism,
227            raw_key: SerializedKey::from_slice(raw_key).unwrap(),
228            attributes: StorageAttributes::new().set_persistence(persistence),
229            format,
230        })
231    }
232
233    fn unsafe_inject_shared_key(
234        &mut self,
235        raw_key: &[u8],
236        location: Location,
237    ) -> ClientResult<'_, reply::UnsafeInjectSharedKey, Self> {
238        self.request(request::UnsafeInjectSharedKey {
239            raw_key: ShortData::from_slice(raw_key).unwrap(),
240            location,
241        })
242    }
243
244    fn unwrap_key<'c>(
245        &'c mut self,
246        mechanism: Mechanism,
247        wrapping_key: KeyId,
248        wrapped_key: Message,
249        associated_data: &[u8],
250        nonce: &[u8],
251        attributes: StorageAttributes,
252    ) -> ClientResult<'c, reply::UnwrapKey, Self> {
253        let associated_data =
254            Message::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?;
255        let nonce = ShortData::from_slice(nonce).map_err(|_| ClientError::DataTooLarge)?;
256        self.request(request::UnwrapKey {
257            mechanism,
258            wrapping_key,
259            wrapped_key,
260            associated_data,
261            nonce,
262            attributes,
263        })
264    }
265
266    fn wrap_key(
267        &mut self,
268        mechanism: Mechanism,
269        wrapping_key: KeyId,
270        key: KeyId,
271        associated_data: &[u8],
272        nonce: Option<ShortData>,
273    ) -> ClientResult<'_, reply::WrapKey, Self> {
274        let associated_data =
275            Bytes::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?;
276        self.request(request::WrapKey {
277            mechanism,
278            wrapping_key,
279            key,
280            associated_data,
281            nonce,
282        })
283    }
284}