From 0d0b5ec33db1f0b519d2ffc495301a21db9b7399 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 12 Dec 2024 15:56:11 +0100 Subject: [PATCH] Use custom struct in EncryptedSerializedCredential Previously, EncryptedSerializedCredential was a wrapper for trussed::api::reply::Encrypt. As we want to remove the serde trait implementations for the Trussed request and reply structs, this patch changes the EncryptedSerializedCredential to directly store the relevant information and implement the serde traits. See also: https://github.com/trussed-dev/trussed/issues/183 --- src/credential.rs | 50 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/src/credential.rs b/src/credential.rs index cf17cda..5b7acfd 100644 --- a/src/credential.rs +++ b/src/credential.rs @@ -4,7 +4,11 @@ use core::cmp::Ordering; use serde::Serialize; use serde_bytes::ByteArray; -use trussed::{client, syscall, try_syscall, types::KeyId}; +use serde_indexed::{DeserializeIndexed, SerializeIndexed}; +use trussed::{ + client, syscall, try_syscall, + types::{KeyId, Message, ShortData}, +}; pub(crate) use ctap_types::{ // authenticator::{ctap1, ctap2, Error, Request, Response}, @@ -53,7 +57,7 @@ impl CredentialId { associated_data, Some(nonce) )); - EncryptedSerializedCredential(encrypted_serialized_credential) + EncryptedSerializedCredential::from(encrypted_serialized_credential) .try_into() .map_err(|_| Error::RequestTooLarge) } @@ -64,15 +68,34 @@ impl CredentialId { // pub type SerializedCredential = Bytes<256>; pub(crate) type SerializedCredential = trussed::types::Message; -#[derive(Clone, Debug)] -struct EncryptedSerializedCredential(pub trussed::api::reply::Encrypt); +#[derive(Clone, Debug, DeserializeIndexed, SerializeIndexed)] +struct EncryptedSerializedCredential { + ciphertext: Message, + nonce: ShortData, + tag: ShortData, +} + +impl From for EncryptedSerializedCredential { + fn from(reply: trussed::api::reply::Encrypt) -> Self { + let trussed::api::reply::Encrypt { + ciphertext, + nonce, + tag, + } = reply; + Self { + ciphertext, + nonce, + tag, + } + } +} impl TryFrom for CredentialId { type Error = Error; fn try_from(esc: EncryptedSerializedCredential) -> Result { Ok(CredentialId( - trussed::cbor_serialize_bytes(&esc.0).map_err(|_| Error::Other)?, + trussed::cbor_serialize_bytes(&esc).map_err(|_| Error::Other)?, )) } } @@ -83,9 +106,8 @@ impl TryFrom for EncryptedSerializedCredential { type Error = Error; fn try_from(cid: CredentialId) -> Result { - let encrypted_serialized_credential = EncryptedSerializedCredential( - ctap_types::serde::cbor_deserialize(&cid.0).map_err(|_| Error::InvalidCredential)?, - ); + let encrypted_serialized_credential = + ctap_types::serde::cbor_deserialize(&cid.0).map_err(|_| Error::InvalidCredential)?; Ok(encrypted_serialized_credential) } } @@ -144,10 +166,10 @@ impl Credential { let serialized = try_syscall!(authnr.trussed.decrypt_chacha8poly1305( kek, - &encrypted_serialized.0.ciphertext, + &encrypted_serialized.ciphertext, &rp_id_hash[..], - &encrypted_serialized.0.nonce, - &encrypted_serialized.0.tag, + &encrypted_serialized.nonce, + &encrypted_serialized.tag, )) .map_err(|_| Error::InvalidCredential)? .plaintext @@ -990,10 +1012,10 @@ mod test { EncryptedSerializedCredential::try_from(credential_id).unwrap(); let serialized = syscall!(client.decrypt_chacha8poly1305( kek, - &encrypted_serialized.0.ciphertext, + &encrypted_serialized.ciphertext, &rp_id_hash, - &encrypted_serialized.0.nonce, - &encrypted_serialized.0.tag, + &encrypted_serialized.nonce, + &encrypted_serialized.tag, )) .plaintext .unwrap();