Use custom struct in EncryptedSerializedCredential

Previously, EncryptedSerializedCredential was a wrapper for
trussed::api::reply::Encrypt.  As we want to remove the serde trait
implementations for the Trussed request and reply structs, this patch
changes the EncryptedSerializedCredential to directly store the
relevant information and implement the serde traits.

See also: trussed-dev/trussed#183

src/credential.rs

@@ -4,7 +4,11 @@ use core::cmp::Ordering;
 
 use serde::Serialize;
 use serde_bytes::ByteArray;
-use trussed::{client, syscall, try_syscall, types::KeyId};
+use serde_indexed::{DeserializeIndexed, SerializeIndexed};
+use trussed::{
+    client, syscall, try_syscall,
+    types::{KeyId, Message, ShortData},
+};
 
 pub(crate) use ctap_types::{
     // authenticator::{ctap1, ctap2, Error, Request, Response},
@@ -53,7 +57,7 @@ impl CredentialId {
             associated_data,
             Some(nonce)
         ));
-        EncryptedSerializedCredential(encrypted_serialized_credential)
+        EncryptedSerializedCredential::from(encrypted_serialized_credential)
             .try_into()
             .map_err(|_| Error::RequestTooLarge)
     }
@@ -64,15 +68,34 @@ impl CredentialId {
 // pub type SerializedCredential = Bytes<256>;
 pub(crate) type SerializedCredential = trussed::types::Message;
 
-#[derive(Clone, Debug)]
-struct EncryptedSerializedCredential(pub trussed::api::reply::Encrypt);
+#[derive(Clone, Debug, DeserializeIndexed, SerializeIndexed)]
+struct EncryptedSerializedCredential {
+    ciphertext: Message,
+    nonce: ShortData,
+    tag: ShortData,
+}
+
+impl From<trussed::api::reply::Encrypt> for EncryptedSerializedCredential {
+    fn from(reply: trussed::api::reply::Encrypt) -> Self {
+        let trussed::api::reply::Encrypt {
+            ciphertext,
+            nonce,
+            tag,
+        } = reply;
+        Self {
+            ciphertext,
+            nonce,
+            tag,
+        }
+    }
+}
 
 impl TryFrom<EncryptedSerializedCredential> for CredentialId {
     type Error = Error;
 
     fn try_from(esc: EncryptedSerializedCredential) -> Result<CredentialId> {
         Ok(CredentialId(
-            trussed::cbor_serialize_bytes(&esc.0).map_err(|_| Error::Other)?,
+            trussed::cbor_serialize_bytes(&esc).map_err(|_| Error::Other)?,
         ))
     }
 }
@@ -83,9 +106,8 @@ impl TryFrom<CredentialId> for EncryptedSerializedCredential {
     type Error = Error;
 
     fn try_from(cid: CredentialId) -> Result<EncryptedSerializedCredential> {
-        let encrypted_serialized_credential = EncryptedSerializedCredential(
-            ctap_types::serde::cbor_deserialize(&cid.0).map_err(|_| Error::InvalidCredential)?,
-        );
+        let encrypted_serialized_credential =
+            ctap_types::serde::cbor_deserialize(&cid.0).map_err(|_| Error::InvalidCredential)?;
         Ok(encrypted_serialized_credential)
     }
 }
@@ -144,10 +166,10 @@ impl Credential {
 
         let serialized = try_syscall!(authnr.trussed.decrypt_chacha8poly1305(
             kek,
-            &encrypted_serialized.0.ciphertext,
+            &encrypted_serialized.ciphertext,
             &rp_id_hash[..],
-            &encrypted_serialized.0.nonce,
-            &encrypted_serialized.0.tag,
+            &encrypted_serialized.nonce,
+            &encrypted_serialized.tag,
         ))
         .map_err(|_| Error::InvalidCredential)?
         .plaintext
@@ -990,10 +1012,10 @@ mod test {
                     EncryptedSerializedCredential::try_from(credential_id).unwrap();
                 let serialized = syscall!(client.decrypt_chacha8poly1305(
                     kek,
-                    &encrypted_serialized.0.ciphertext,
+                    &encrypted_serialized.ciphertext,
                     &rp_id_hash,
-                    &encrypted_serialized.0.nonce,
-                    &encrypted_serialized.0.tag,
+                    &encrypted_serialized.nonce,
+                    &encrypted_serialized.tag,
                 ))
                 .plaintext
                 .unwrap();