Skip to content

Commit

Permalink
Trial miracl-trussed wrapping
Browse files Browse the repository at this point in the history
  • Loading branch information
nickray committed Jun 11, 2021
1 parent 817a9e7 commit dae7693
Show file tree
Hide file tree
Showing 11 changed files with 479 additions and 7 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,7 @@ jobs:
run: cargo test --verbose
if: matrix.target == 'x86_64-unknown-linux-gnu'

- name: Run tests
run: cargo test --verbose --features p384
if: matrix.target == 'x86_64-unknown-linux-gnu'

10 changes: 10 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ hmac = "0.11"
sha-1 = { version = "0.9", default-features = false, optional = true }
sha2 = { version = "0.9", default-features = false }

# miracl
miracl32 = { version = "0.1.0-alpha.0", optional = true }

# ours
cosey = "0.3"
delog = "0.1.0"
Expand Down Expand Up @@ -95,6 +98,13 @@ aes256-cbc = []
chacha8-poly1305 = []
ed255 = []
x255 = []
ed448 = ["miracl32"]
x448 = ["miracl32"]
rsa2k = ["miracl32"]
rsa3k = ["miracl32"]
rsa4k = ["miracl32"]
p384 = ["miracl32"]
p521 = ["miracl32"]
hmac-blake2s = ["blake2"]
hmac-sha1 = []
hmac-sha256 = []
Expand Down
5 changes: 5 additions & 0 deletions bacon.toml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ default_job = "check"
command = ["cargo", "check", "--color", "always"]
need_stdout = false

[jobs.check-miracl]
# command = ["cargo", "check", "--color", "always", "--features", "clients-1"]
command = ["cargo", "check", "--color", "always", "--features", "ed448,x448,rsa2k,rsa3k,rsa4k,p384,p521"]
need_stdout = false

[jobs.check-cortex-m4]
# command = ["cargo", "check", "--color", "always", "--features", "clients-1"]
command = ["cargo", "check", "--color", "always", "--target", "thumbv7em-none-eabi"]
Expand Down
52 changes: 52 additions & 0 deletions src/client/mechanisms.rs
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,58 @@ pub trait P256: CryptoClient {
}
}

#[cfg(feature = "p384")]
impl<S: Syscall> P384 for ClientImplementation<S> {}

pub trait P384: CryptoClient {
fn generate_p384_private_key(&mut self, persistence: Location)
-> ClientResult<'_, reply::GenerateKey, Self>
{
self.generate_key(Mechanism::P384, StorageAttributes::new().set_persistence(persistence))
}

fn derive_p384_public_key(&mut self, private_key: KeyId, persistence: Location)
-> ClientResult<'_, reply::DeriveKey, Self>
{
self.derive_key(Mechanism::P384, private_key, None, StorageAttributes::new().set_persistence(persistence))
}

fn deserialize_p384_key<'c>(&'c mut self, serialized_key: &[u8], format: KeySerialization, attributes: StorageAttributes)
-> ClientResult<'c, reply::DeserializeKey, Self>
{
self.deserialize_key(Mechanism::P384, serialized_key, format, attributes)
}

fn serialize_p384_key(&mut self, key: KeyId, format: KeySerialization)
-> ClientResult<'_, reply::SerializeKey, Self>
{
self.serialize_key(Mechanism::P384, key, format)
}

fn sign_p384<'c>(&'c mut self, key: KeyId, message: &[u8], format: SignatureSerialization)
-> ClientResult<'c, reply::Sign, Self>
{
self.sign(Mechanism::P384, key, message, format)
}

fn verify_p384<'c>(&'c mut self, key: KeyId, message: &[u8], signature: &[u8])
-> ClientResult<'c, reply::Verify, Self>
{
self.verify(Mechanism::P384, key, message, signature, SignatureSerialization::Raw)
}

fn agree_p384(&mut self, private_key: KeyId, public_key: KeyId, persistence: Location)
-> ClientResult<'_, reply::Agree, Self>
{
self.agree(
Mechanism::P384,
private_key,
public_key,
StorageAttributes::new().set_persistence(persistence),
)
}
}

#[cfg(feature = "sha256")]
impl<S: Syscall> Sha256 for ClientImplementation<S> {}

Expand Down
3 changes: 2 additions & 1 deletion src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ pub const MAX_KEY_MATERIAL_LENGTH: usize = 128;
pub const MAX_SERIALIZED_KEY_LENGTH: usize = 132;
pub type MAX_SERVICE_CLIENTS = consts::U5;
pub const MAX_SHORT_DATA_LENGTH: usize = 128;
pub const MAX_SIGNATURE_LENGTH: usize = 72;
// 72 was for P256, raw P384 is 96
pub const MAX_SIGNATURE_LENGTH: usize = 96;
pub const MAX_USER_ATTRIBUTE_LENGTH: usize = 256;

pub const USER_ATTRIBUTE_NUMBER: u8 = 37;
Expand Down
37 changes: 31 additions & 6 deletions src/key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,13 @@ pub enum Kind {
Ed255,
P256,
X255,
P384,
P521,
Rsa2k,
Rsa3k,
Rsa4k,
Ed448,
X448,
}

bitflags::bitflags! {
Expand Down Expand Up @@ -136,17 +143,35 @@ impl Kind {
Kind::Ed255 => 4,
Kind::P256 => 5,
Kind::X255 => 6,
// following PIV and our extensions
Kind::P384 => 0x14,
Kind::P521 => 0x15,
Kind::Rsa2k => 0x7,
Kind::Rsa3k => 0xE0,
Kind::Rsa4k => 0xE1,
Kind::Ed448 => 0xE4,
Kind::X448 => 0xE5,
}
}

pub fn try_from(code: u16, length: usize) -> Result<Self, Error> {
use Kind::*;
Ok(match code {
1 => Self::Shared(length),
2 => Self::Symmetric(length),
3 => Self::Symmetric32Nonce(length - 32),
4 => Self::Ed255,
5 => Self::P256,
6 => Self::X255,
1 => Shared(length),
2 => Symmetric(length),
3 => Symmetric32Nonce(length - 32),
4 => Ed255,
5 => P256,
6 => X255,

0x14 => P384,
0x15 => P521,
0x7 => Rsa2k,
0xE0 => Rsa3k,
0xE1 => Rsa4k,
0xE4 => Ed448,
0xE5 => X448,

_ => return Err(Error::InvalidSerializedKey),
})
}
Expand Down
26 changes: 26 additions & 0 deletions src/mechanisms.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,21 @@
// should be revisited.

// TODO: rename to aes256-cbc-zero-iv

#[allow(unused_macros)]
macro_rules! dummy_impl {
($Mechanism:ident) => {
impl crate::service::Agree for $Mechanism {}
impl crate::service::DeriveKey for $Mechanism {}
impl crate::service::DeserializeKey for $Mechanism {}
impl crate::service::Exists for $Mechanism {}
impl crate::service::GenerateKey for $Mechanism {}
impl crate::service::SerializeKey for $Mechanism {}
impl crate::service::Sign for $Mechanism {}
impl crate::service::Verify for $Mechanism {}
}
}

pub struct Aes256Cbc {}
mod aes256cbc;

Expand Down Expand Up @@ -42,6 +57,17 @@ impl crate::service::DeriveKey for HmacSha512 {}
#[cfg(not(feature = "hmac-sha512"))]
impl crate::service::Sign for HmacSha512 {}

pub struct P384 {}
#[cfg(feature = "p384")]
mod p384;
#[cfg(not(feature = "p384"))]
dummy_impl!(P384);


pub struct Rsa2k {}
#[cfg(feature = "rsa2k")]
mod rsa2k;

pub struct P256 {}
pub struct P256Prehashed {}
mod p256;
Expand Down
Loading

0 comments on commit dae7693

Please sign in to comment.