Remove serde trait implementations for requests and replies

Implementing Serialize and Deserialize for the request and reply structs leaks implementation details, especially when using serde_indexed. This patch removes these implementations for the request and reply structs and also for some other types that presumably only had them because they were used in these structs and that are not serialized or deserialized anywhere in the Trussed ecosystem. Fixes: #183
trussed-dev · Dec 16, 2024 · 1218f21 · 1218f21
1 parent 1b62220
commit 1218f21
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 16 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -43,6 +43,7 @@ nb = "1"
 postcard.workspace = true
 rand_core.workspace = true
 serde.workspace = true
+serde-indexed = "0.1"
 zeroize = { version = "1.2", default-features = false, features = ["zeroize_derive"] }
 rand_chacha = { version = "0.3.1", default-features = false }
 

diff --git a/core/Cargo.toml b/core/Cargo.toml
@@ -15,8 +15,6 @@ postcard.workspace = true
 rand_core.workspace = true
 serde.workspace = true
 
-serde-indexed = "0.1"
-
 [features]
 crypto-client-attest = []
 counter-client = []

diff --git a/core/src/api/macros.rs b/core/src/api/macros.rs
@@ -70,7 +70,7 @@ macro_rules! impl_request {
     )*)
         => {$(
     $(#[$attr])?
-    #[derive(Clone, Eq, PartialEq, Debug, serde_indexed::DeserializeIndexed, serde_indexed::SerializeIndexed)]
+    #[derive(Clone, Eq, PartialEq, Debug)]
     pub struct $request {
         $(
             pub $name: $type,
@@ -109,7 +109,7 @@ macro_rules! impl_reply {
         => {$(
 
     $(#[$attr])?
-    #[derive(Clone, Eq, PartialEq, Debug, serde_indexed::DeserializeIndexed, serde_indexed::SerializeIndexed)]
+    #[derive(Clone, Eq, PartialEq, Debug)]
     pub struct $reply {
         $(
             pub $name: $type,

diff --git a/core/src/types.rs b/core/src/types.rs
@@ -13,9 +13,7 @@ use crate::config::{
 };
 
 pub mod consent {
-    use serde::{Deserialize, Serialize};
-
-    #[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+    #[derive(Copy, Clone, Eq, PartialEq, Debug)]
     pub enum Level {
         /// There is no user present
         None,
@@ -27,7 +25,7 @@ pub mod consent {
         Strong,
     }
 
-    #[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+    #[derive(Copy, Clone, Eq, PartialEq, Debug)]
     pub enum Error {
         FailedToInterrupt,
         Interrupted,
@@ -39,9 +37,7 @@ pub mod consent {
 }
 
 pub mod reboot {
-    use serde::{Deserialize, Serialize};
-
-    #[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+    #[derive(Copy, Clone, Eq, PartialEq, Debug)]
     pub enum To {
         Application,
         ApplicationUpdate,
@@ -240,7 +236,7 @@ pub enum Location {
     External,
 }
 
-#[derive(Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+#[derive(Clone, Eq, PartialEq, Debug)]
 #[non_exhaustive]
 pub struct StorageAttributes {
     // each object must have a unique ID
@@ -350,7 +346,7 @@ pub enum Mechanism {
     Rsa4096Pkcs1v15,
 }
 
-#[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+#[derive(Copy, Clone, Eq, PartialEq, Debug)]
 pub enum KeySerialization {
     // Asn1Der,
     Cose,
@@ -366,7 +362,7 @@ pub enum KeySerialization {
     Pkcs8Der,
 }
 
-#[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
+#[derive(Copy, Clone, Eq, PartialEq, Debug)]
 pub enum SignatureSerialization {
     Asn1Der,
     // Cose,

diff --git a/src/mechanisms/chacha8poly1305.rs b/src/mechanisms/chacha8poly1305.rs
@@ -19,6 +19,28 @@ const TAG_LEN: usize = 16;
 const KIND: key::Kind = key::Kind::Symmetric(KEY_LEN);
 const KIND_NONCE: key::Kind = key::Kind::Symmetric32Nonce(NONCE_LEN);
 
+#[derive(serde_indexed::DeserializeIndexed, serde_indexed::SerializeIndexed)]
+struct WrappedKey {
+    ciphertext: Message,
+    nonce: ShortData,
+    tag: ShortData,
+}
+
+impl From<reply::Encrypt> for WrappedKey {
+    fn from(reply: reply::Encrypt) -> Self {
+        let reply::Encrypt {
+            ciphertext,
+            nonce,
+            tag,
+        } = reply;
+        Self {
+            ciphertext,
+            nonce,
+            tag,
+        }
+    }
+}
+
 #[cfg(feature = "chacha8-poly1305")]
 impl GenerateKey for super::Chacha8Poly1305 {
     #[inline(never)]
@@ -190,8 +212,9 @@ impl WrapKey for super::Chacha8Poly1305 {
         };
         let encryption_reply = <super::Chacha8Poly1305>::encrypt(keystore, &encryption_request)?;
 
+        let wrapped_key = WrappedKey::from(encryption_reply);
         let wrapped_key =
-            crate::postcard_serialize_bytes(&encryption_reply).map_err(|_| Error::CborError)?;
+            crate::postcard_serialize_bytes(&wrapped_key).map_err(|_| Error::CborError)?;
 
         Ok(reply::WrapKey { wrapped_key })
     }
@@ -204,7 +227,7 @@ impl UnwrapKey for super::Chacha8Poly1305 {
         keystore: &mut impl Keystore,
         request: &request::UnwrapKey,
     ) -> Result<reply::UnwrapKey, Error> {
-        let reply::Encrypt {
+        let WrappedKey {
             ciphertext,
             nonce,
             tag,