deploy: df2867d

src/trussed/mechanisms/chacha8poly1305.rs.html

@@ -253,12 +253,9 @@
 <a href="#252" id="252">252</a>
 <a href="#253" id="253">253</a>
 <a href="#254" id="254">254</a>
-<a href="#255" id="255">255</a>
-<a href="#256" id="256">256</a>
-<a href="#257" id="257">257</a>
-<a href="#258" id="258">258</a>
-<a href="#259" id="259">259</a></pre></div><pre class="rust"><code><span class="kw">use </span>generic_array::GenericArray;
+<a href="#255" id="255">255</a></pre></div><pre class="rust"><code><span class="kw">use </span>generic_array::GenericArray;
 <span class="kw">use </span>rand_core::RngCore;
+<span class="kw">use </span>trussed_core::types::EncryptedData;
 
 <span class="kw">use </span><span class="kw">crate</span>::api::{reply, request};
 <span class="kw">use </span><span class="kw">crate</span>::error::Error;
@@ -449,8 +446,9 @@
         };
         <span class="kw">let </span>encryption_reply = &lt;<span class="kw">super</span>::Chacha8Poly1305&gt;::encrypt(keystore, <span class="kw-2">&amp;</span>encryption_request)<span class="question-mark">?</span>;
 
+        <span class="kw">let </span>wrapped_key = EncryptedData::from(encryption_reply);
         <span class="kw">let </span>wrapped_key =
-            <span class="kw">crate</span>::postcard_serialize_bytes(<span class="kw-2">&amp;</span>encryption_reply).map_err(|<span class="kw">_</span>| Error::CborError)<span class="question-mark">?</span>;
+            <span class="kw">crate</span>::postcard_serialize_bytes(<span class="kw-2">&amp;</span>wrapped_key).map_err(|<span class="kw">_</span>| Error::CborError)<span class="question-mark">?</span>;
 
         <span class="prelude-val">Ok</span>(reply::WrapKey { wrapped_key })
     }
@@ -463,20 +461,14 @@
         keystore: <span class="kw-2">&amp;mut </span><span class="kw">impl </span>Keystore,
         request: <span class="kw-2">&amp;</span>request::UnwrapKey,
     ) -&gt; <span class="prelude-ty">Result</span>&lt;reply::UnwrapKey, Error&gt; {
-        <span class="kw">let </span>reply::Encrypt {
-            ciphertext,
-            nonce,
-            tag,
-        } = <span class="kw">crate</span>::postcard_deserialize(<span class="kw-2">&amp;</span>request.wrapped_key).map_err(|<span class="kw">_</span>| Error::CborError)<span class="question-mark">?</span>;
-
-        <span class="kw">let </span>decryption_request = request::Decrypt {
-            mechanism: Mechanism::Chacha8Poly1305,
-            key: request.wrapping_key,
-            message: ciphertext,
-            associated_data: request.associated_data.clone(),
-            nonce,
-            tag,
-        };
+        <span class="kw">let </span>encrypted_data: EncryptedData =
+            <span class="kw">crate</span>::postcard_deserialize(<span class="kw-2">&amp;</span>request.wrapped_key).map_err(|<span class="kw">_</span>| Error::CborError)<span class="question-mark">?</span>;
+
+        <span class="kw">let </span>decryption_request = encrypted_data.decrypt(
+            Mechanism::Chacha8Poly1305,
+            request.wrapping_key,
+            request.associated_data.clone(),
+        );
 
         <span class="kw">let </span>serialized_key = <span class="kw">if let </span><span class="prelude-val">Some</span>(serialized_key) =
             &lt;<span class="kw">super</span>::Chacha8Poly1305&gt;::decrypt(keystore, <span class="kw-2">&amp;</span>decryption_request)<span class="question-mark">?</span>.plaintext

src/trussed_core/api/macros.rs.html

@@ -211,7 +211,7 @@
     )<span class="kw-2">*</span>)
         =&gt; {$(
     $(<span class="attr">#[<span class="macro-nonterminal">$attr</span>]</span>)<span class="question-mark">?
-    </span><span class="attr">#[derive(Clone, Eq, PartialEq, Debug, serde_indexed::DeserializeIndexed, serde_indexed::SerializeIndexed)]
+    </span><span class="attr">#[derive(Clone, Eq, PartialEq, Debug)]
     </span><span class="kw">pub struct </span><span class="macro-nonterminal">$request </span>{
         $(
             <span class="kw">pub </span><span class="macro-nonterminal">$name</span>: <span class="macro-nonterminal">$</span><span class="kw">type</span>,
@@ -250,7 +250,7 @@
         =&gt; {$(
 
     $(<span class="attr">#[<span class="macro-nonterminal">$attr</span>]</span>)<span class="question-mark">?
-    </span><span class="attr">#[derive(Clone, Eq, PartialEq, Debug, serde_indexed::DeserializeIndexed, serde_indexed::SerializeIndexed)]
+    </span><span class="attr">#[derive(Clone, Eq, PartialEq, Debug)]
     </span><span class="kw">pub struct </span><span class="macro-nonterminal">$reply </span>{
         $(
             <span class="kw">pub </span><span class="macro-nonterminal">$name</span>: <span class="macro-nonterminal">$</span><span class="kw">type</span>,

src/trussed_core/types.rs.html

@@ -373,7 +373,53 @@
 <a href="#372" id="372">372</a>
 <a href="#373" id="373">373</a>
 <a href="#374" id="374">374</a>
-<a href="#375" id="375">375</a></pre></div><pre class="rust"><code><span class="kw">use </span>core::{marker::PhantomData, ops::Deref};
+<a href="#375" id="375">375</a>
+<a href="#376" id="376">376</a>
+<a href="#377" id="377">377</a>
+<a href="#378" id="378">378</a>
+<a href="#379" id="379">379</a>
+<a href="#380" id="380">380</a>
+<a href="#381" id="381">381</a>
+<a href="#382" id="382">382</a>
+<a href="#383" id="383">383</a>
+<a href="#384" id="384">384</a>
+<a href="#385" id="385">385</a>
+<a href="#386" id="386">386</a>
+<a href="#387" id="387">387</a>
+<a href="#388" id="388">388</a>
+<a href="#389" id="389">389</a>
+<a href="#390" id="390">390</a>
+<a href="#391" id="391">391</a>
+<a href="#392" id="392">392</a>
+<a href="#393" id="393">393</a>
+<a href="#394" id="394">394</a>
+<a href="#395" id="395">395</a>
+<a href="#396" id="396">396</a>
+<a href="#397" id="397">397</a>
+<a href="#398" id="398">398</a>
+<a href="#399" id="399">399</a>
+<a href="#400" id="400">400</a>
+<a href="#401" id="401">401</a>
+<a href="#402" id="402">402</a>
+<a href="#403" id="403">403</a>
+<a href="#404" id="404">404</a>
+<a href="#405" id="405">405</a>
+<a href="#406" id="406">406</a>
+<a href="#407" id="407">407</a>
+<a href="#408" id="408">408</a>
+<a href="#409" id="409">409</a>
+<a href="#410" id="410">410</a>
+<a href="#411" id="411">411</a>
+<a href="#412" id="412">412</a>
+<a href="#413" id="413">413</a>
+<a href="#414" id="414">414</a>
+<a href="#415" id="415">415</a>
+<a href="#416" id="416">416</a>
+<a href="#417" id="417">417</a>
+<a href="#418" id="418">418</a>
+<a href="#419" id="419">419</a>
+<a href="#420" id="420">420</a>
+<a href="#421" id="421">421</a></pre></div><pre class="rust"><code><span class="kw">use </span>core::{marker::PhantomData, ops::Deref};
 
 <span class="kw">use </span>rand_core::{CryptoRng, RngCore};
 <span class="kw">use </span>serde::{Deserialize, Serialize};
@@ -382,15 +428,14 @@
 <span class="kw">pub use </span>heapless_bytes::Bytes;
 <span class="kw">pub use </span>littlefs2_core::{DirEntry, Metadata, PathBuf};
 
+<span class="kw">use </span><span class="kw">crate</span>::api::{reply, request};
 <span class="kw">use </span><span class="kw">crate</span>::config::{
     MAX_KEY_MATERIAL_LENGTH, MAX_MEDIUM_DATA_LENGTH, MAX_MESSAGE_LENGTH, MAX_SHORT_DATA_LENGTH,
     MAX_SIGNATURE_LENGTH, MAX_USER_ATTRIBUTE_LENGTH,
 };
 
 <span class="kw">pub mod </span>consent {
-    <span class="kw">use </span>serde::{Deserialize, Serialize};
-
-    <span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+    <span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug)]
     </span><span class="kw">pub enum </span>Level {
         <span class="doccomment">/// There is no user present
         </span><span class="prelude-val">None</span>,
@@ -402,7 +447,7 @@
         </span>Strong,
     }
 
-    <span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+    <span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug)]
     </span><span class="kw">pub enum </span>Error {
         FailedToInterrupt,
         Interrupted,
@@ -414,9 +459,7 @@
 }
 
 <span class="kw">pub mod </span>reboot {
-    <span class="kw">use </span>serde::{Deserialize, Serialize};
-
-    <span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+    <span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug)]
     </span><span class="kw">pub enum </span>To {
         Application,
         ApplicationUpdate,
@@ -615,7 +658,7 @@
     External,
 }
 
-<span class="attr">#[derive(Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+<span class="attr">#[derive(Clone, Eq, PartialEq, Debug)]
 #[non_exhaustive]
 </span><span class="kw">pub struct </span>StorageAttributes {
     <span class="comment">// each object must have a unique ID
@@ -725,7 +768,7 @@
     Rsa4096Pkcs1v15,
 }
 
-<span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+<span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug)]
 </span><span class="kw">pub enum </span>KeySerialization {
     <span class="comment">// Asn1Der,
     </span>Cose,
@@ -741,11 +784,60 @@
     Pkcs8Der,
 }
 
-<span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+<span class="attr">#[derive(Copy, Clone, Eq, PartialEq, Debug)]
 </span><span class="kw">pub enum </span>SignatureSerialization {
     Asn1Der,
     <span class="comment">// Cose,
     </span>Raw,
     <span class="comment">// Sec1,
 </span>}
+
+<span class="doccomment">/// Serializable version of [`reply::Encrypt`][].
+///
+/// Sometimes it is necessary the result of an encryption together with the metadata required for
+/// decryption, for example when wrapping keys.  This struct stores the data that is returned by
+/// the [`request::Encrypt`][] syscall, see [`reply::Encrypt`][], in a serializable format.
+</span><span class="attr">#[derive(
+    Clone, Debug, Eq, PartialEq, serde_indexed::DeserializeIndexed, serde_indexed::SerializeIndexed,
+)]
+#[non_exhaustive]
+</span><span class="kw">pub struct </span>EncryptedData {
+    <span class="kw">pub </span>ciphertext: Message,
+    <span class="kw">pub </span>nonce: ShortData,
+    <span class="kw">pub </span>tag: ShortData,
+}
+
+<span class="kw">impl </span>EncryptedData {
+    <span class="doccomment">/// Creates a decryption request to decrypt the stored data.
+    </span><span class="kw">pub fn </span>decrypt(
+        <span class="self">self</span>,
+        mechanism: Mechanism,
+        key: KeyId,
+        associated_data: Message,
+    ) -&gt; request::Decrypt {
+        request::Decrypt {
+            mechanism,
+            key,
+            message: <span class="self">self</span>.ciphertext,
+            associated_data,
+            nonce: <span class="self">self</span>.nonce,
+            tag: <span class="self">self</span>.tag,
+        }
+    }
+}
+
+<span class="kw">impl </span>From&lt;reply::Encrypt&gt; <span class="kw">for </span>EncryptedData {
+    <span class="kw">fn </span>from(reply: reply::Encrypt) -&gt; <span class="self">Self </span>{
+        <span class="kw">let </span>reply::Encrypt {
+            ciphertext,
+            nonce,
+            tag,
+        } = reply;
+        <span class="self">Self </span>{
+            ciphertext,
+            nonce,
+            tag,
+        }
+    }
+}
 </code></pre></div></section></main></body></html>