From c646fdc655adf3d887f27ec58af2d0b5eaaa6002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Wed, 25 Oct 2023 11:15:32 +0200 Subject: [PATCH] Update to salty 0.3.0 This fixes a limitiation where trussed refused to deserialize a non-canonical but valid X255 key --- Cargo.toml | 2 +- src/mechanisms/x255.rs | 9 ++++----- tests/x255.rs | 12 ++++++++++++ 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 540d40f295f..6084de22824 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,7 +45,7 @@ heapless-bytes = { version = "0.3.0", features = ["cbor"] } interchange = "0.3.0" littlefs2 = "0.4.0" p256-cortex-m4 = { version = "0.1.0-alpha.6", features = ["prehash", "sec1-signatures"] } -salty = { version = "0.2.0", features = ["cose"] } +salty = { version = "0.3.0", features = ["cose"] } serde-indexed = "0.1.0" [dev-dependencies] diff --git a/src/mechanisms/x255.rs b/src/mechanisms/x255.rs index 8e747a7b0eb..c282d478759 100644 --- a/src/mechanisms/x255.rs +++ b/src/mechanisms/x255.rs @@ -1,4 +1,4 @@ -use core::convert::{TryFrom, TryInto}; +use core::convert::TryInto; use crate::api::*; // use crate::config::*; @@ -20,8 +20,7 @@ fn load_public_key( .try_into() .map_err(|_| Error::InternalError)?; - let public_key = - agreement::PublicKey::try_from(public_bytes).map_err(|_| Error::InternalError)?; + let public_key = public_bytes.into(); Ok(public_key) } @@ -186,8 +185,8 @@ impl DeserializeKey for super::X255 { } let serialized_key: [u8; 32] = request.serialized_key[..32].try_into().unwrap(); - let public_key = salty::agreement::PublicKey::try_from(serialized_key) - .map_err(|_| Error::InvalidSerializedKey)?; + // This will make it store the canonical encoding + let public_key: agreement::PublicKey = serialized_key.into(); let public_id = keystore.store_key( request.attributes.persistence, diff --git a/tests/x255.rs b/tests/x255.rs index d50234ae25b..ad973bc0105 100644 --- a/tests/x255.rs +++ b/tests/x255.rs @@ -41,3 +41,15 @@ fn x255_agree() { syscall!(client.serialize_key(Mechanism::SharedSecret, secret2, KeySerialization::Raw)); }) } + +#[test] +fn x255_non_canonical() { + client::get(|client| { + let _pk1 = syscall!(client.deserialize_key( + Mechanism::X255, + &[0xFF; 32], + KeySerialization::Raw, + StorageAttributes::new().set_serializable(true) + )); + }) +}