Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Put mechanism variants behind feature flags #187

Merged
merged 1 commit into from
Dec 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,28 @@ jobs:
done
if: matrix.target == 'x86_64-unknown-linux-gnu'

- name: Check all targets with only one mechanism feature
run: |
# trussed-core + trussed
for mechanism in \
aes256-cbc chacha8-poly1305 ed255 hmac-blake2s hmac-sha1 hmac-sha256 hmac-sha512 \
p256 p384 p521 sha256 shared-secret tdes totp trng x255
do
for package in trussed-core trussed
do
echo "${package}: ${mechanism}"
cargo check --package ${package} --all-targets --no-default-features --features crypto-client,${mechanism}
done
done
# trussed-core only
for mechanism in \
brainpoolp256r1 brainpoolp384r1 brainpoolp512r1 rsa2048 rsa3072 rsa4096 secp256k1
do
echo "trussed-core: ${mechanism}"
cargo check --package trussed-core --all-targets --no-default-features --features crypto-client,${mechanism}
done
if: matrix.target == 'x86_64-unknown-linux-gnu'

- name: Check all targets with default features
run: |
cargo check --workspace --all-targets
Expand All @@ -66,7 +88,7 @@ jobs:
if: matrix.target == 'x86_64-unknown-linux-gnu'

- name: Run tests
run: cargo test --workspace --features serde-extensions,virt,p384,p521
run: cargo test --workspace --all-features
if: matrix.target == 'x86_64-unknown-linux-gnu'

- name: Check formatting
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Changed `Id::hex_clean` to format zero as `"00"`.
- Change client and mechanism selection:
- Put all client traits, requests, replies and implementations behind feature flags.
- Put all mechanisms behind feature flags.
- Move `CryptoClient::attest` into new `AttestationClient`.

### Fixed
Expand Down
80 changes: 62 additions & 18 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -109,25 +109,27 @@ default-mechanisms = [
# "hmac-sha512",
"p256",
"sha256",
"shared-secret",
"tdes",
"totp",
"trng",
]
aes256-cbc = []
chacha8-poly1305 = []
ed255 = []
x255 = []
hmac-blake2s = ["blake2"]
hmac-sha1 = []
hmac-sha256 = []
hmac-sha512 = []
p256 = []
p384 = ["dep:p384"]
p521 = ["dep:p521", "dep:ecdsa"]
sha256 = []
tdes = ["des"]
totp = ["sha-1"]
trng = ["sha-1"]
aes256-cbc = ["trussed-core/aes256-cbc"]
chacha8-poly1305 = ["trussed-core/chacha8-poly1305"]
ed255 = ["trussed-core/ed255"]
x255 = ["trussed-core/x255"]
hmac-blake2s = ["trussed-core/hmac-blake2s", "blake2"]
hmac-sha1 = ["trussed-core/hmac-sha1", "sha-1"]
hmac-sha256 = ["trussed-core/hmac-sha256"]
hmac-sha512 = ["trussed-core/hmac-sha512"]
p256 = ["trussed-core/p256"]
p384 = ["trussed-core/p384", "dep:p384"]
p521 = ["trussed-core/p521", "dep:p521", "dep:ecdsa"]
sha256 = ["trussed-core/sha256"]
shared-secret = ["trussed-core/shared-secret"]
tdes = ["trussed-core/tdes", "des"]
totp = ["trussed-core/totp", "sha-1"]
trng = ["trussed-core/trng", "sha-1"]

# clients
all-clients = [
Expand All @@ -139,7 +141,7 @@ all-clients = [
"management-client",
"ui-client",
]
attestation-client = ["crypto-client", "trussed-core/attestation-client"]
attestation-client = ["crypto-client", "ed255", "p256", "trussed-core/attestation-client"]
certificate-client = ["trussed-core/certificate-client"]
crypto-client = ["trussed-core/crypto-client"]
counter-client = ["trussed-core/counter-client"]
Expand All @@ -161,8 +163,50 @@ clients-11 = []
clients-12 = []

test-attestation-cert-ids = []
# [patch.crates-io]
# interchange = { git = "https://github.com/trussed-dev/interchange", branch = "main" }

[[test]]
name = "aes256cbc"
required-features = ["crypto-client", "default-mechanisms", "virt"]

[[test]]
name = "backends"
required-features = ["filesystem-client", "virt"]

[[test]]
name = "certificate"
required-features = ["certificate-client", "virt"]

[[test]]
name = "counter"
required-features = ["counter-client", "virt"]

[[test]]
name = "filesystem"
required-features = ["crypto-client", "default-mechanisms", "filesystem-client", "virt"]

[[test]]
name = "key_confusion"
required-features = ["crypto-client", "default-mechanisms", "hmac-blake2s", "hmac-sha512", "virt"]

[[test]]
name = "p256"
required-features = ["crypto-client", "default-mechanisms", "virt"]

[[test]]
name = "serde_extensions"
required-features = ["serde-extensions", "virt"]

[[test]]
name = "tdes"
required-features = ["crypto-client", "tdes", "virt"]

[[test]]
name = "virt"
required-features = ["filesystem-client", "management-client", "virt"]

[[test]]
name = "x255"
required-features = ["crypto-client", "default-mechanisms", "virt"]

[package.metadata.docs.rs]
features = ["serde-extensions", "virt"]
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Very much WIP. Actively developed. Unstable APIs.
## Running tests

```bash
cargo test --features serde-extensions,virt
cargo test --all-features
```

#### License
Expand Down
28 changes: 27 additions & 1 deletion core/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ serde.workspace = true
serde-indexed = "0.1"

[features]
serde-extensions = []

# client traits
attestation-client = []
certificate-client = []
crypto-client = []
Expand All @@ -24,4 +27,27 @@ filesystem-client = []
management-client = []
ui-client = []

serde-extensions = []
# mechanisms
aes256-cbc = []
brainpoolp256r1 = []
brainpoolp384r1 = []
brainpoolp512r1 = []
chacha8-poly1305 = []
ed255 = []
hmac-blake2s = []
hmac-sha1 = []
hmac-sha256 = []
hmac-sha512 = []
p256 = []
p384 = []
p521 = []
rsa2048 = []
rsa3072 = []
rsa4096 = []
secp256k1 = []
sha256 = []
shared-secret = []
tdes = []
totp = []
trng = []
x255 = []
5 changes: 1 addition & 4 deletions core/src/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,7 @@ pub use certificate::CertificateClient;
#[cfg(feature = "counter-client")]
pub use counter::CounterClient;
#[cfg(feature = "crypto-client")]
pub use crypto::{
Aes256Cbc, Chacha8Poly1305, CryptoClient, Ed255, HmacBlake2s, HmacSha1, HmacSha256, HmacSha512,
Sha256, Tdes, Totp, P256, P384, P521, X255,
};
pub use crypto::*;
#[cfg(feature = "filesystem-client")]
pub use filesystem::FilesystemClient;
#[cfg(feature = "management-client")]
Expand Down
14 changes: 14 additions & 0 deletions core/src/client/crypto.rs
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,7 @@ pub trait CryptoClient: PollClient {
}
}

#[cfg(feature = "aes256-cbc")]
pub trait Aes256Cbc: CryptoClient {
fn decrypt_aes256cbc<'c>(
&'c mut self,
Expand All @@ -309,6 +310,7 @@ pub trait Aes256Cbc: CryptoClient {
}
}

#[cfg(feature = "chacha8-poly1305")]
pub trait Chacha8Poly1305: CryptoClient {
fn decrypt_chacha8poly1305<'c>(
&'c mut self,
Expand Down Expand Up @@ -388,6 +390,7 @@ pub trait Chacha8Poly1305: CryptoClient {
}
}

#[cfg(feature = "hmac-blake2s")]
pub trait HmacBlake2s: CryptoClient {
fn hmacblake2s_derive_key(
&mut self,
Expand Down Expand Up @@ -417,6 +420,7 @@ pub trait HmacBlake2s: CryptoClient {
}
}

#[cfg(feature = "hmac-sha1")]
pub trait HmacSha1: CryptoClient {
fn hmacsha1_derive_key(
&mut self,
Expand Down Expand Up @@ -446,6 +450,7 @@ pub trait HmacSha1: CryptoClient {
}
}

#[cfg(feature = "hmac-sha256")]
pub trait HmacSha256: CryptoClient {
fn hmacsha256_derive_key(
&mut self,
Expand Down Expand Up @@ -475,6 +480,7 @@ pub trait HmacSha256: CryptoClient {
}
}

#[cfg(feature = "hmac-sha512")]
pub trait HmacSha512: CryptoClient {
fn hmacsha512_derive_key(
&mut self,
Expand Down Expand Up @@ -504,6 +510,7 @@ pub trait HmacSha512: CryptoClient {
}
}

#[cfg(feature = "ed255")]
pub trait Ed255: CryptoClient {
fn generate_ed255_private_key(
&mut self,
Expand Down Expand Up @@ -569,6 +576,7 @@ pub trait Ed255: CryptoClient {
}
}

#[cfg(feature = "p256")]
pub trait P256: CryptoClient {
fn generate_p256_private_key(
&mut self,
Expand Down Expand Up @@ -655,6 +663,7 @@ pub trait P256: CryptoClient {
}
}

#[cfg(feature = "p384")]
pub trait P384: CryptoClient {
fn generate_p384_private_key(
&mut self,
Expand Down Expand Up @@ -741,6 +750,7 @@ pub trait P384: CryptoClient {
}
}

#[cfg(feature = "p521")]
pub trait P521: CryptoClient {
fn generate_p521_private_key(
&mut self,
Expand Down Expand Up @@ -827,6 +837,7 @@ pub trait P521: CryptoClient {
}
}

#[cfg(feature = "sha256")]
pub trait Sha256: CryptoClient {
fn sha256_derive_key(
&mut self,
Expand All @@ -849,6 +860,7 @@ pub trait Sha256: CryptoClient {
}
}

#[cfg(feature = "tdes")]
pub trait Tdes: CryptoClient {
fn decrypt_tdes<'c>(
&'c mut self,
Expand All @@ -867,6 +879,7 @@ pub trait Tdes: CryptoClient {
}
}

#[cfg(feature = "totp")]
pub trait Totp: CryptoClient {
fn sign_totp(&mut self, key: KeyId, timestamp: u64) -> ClientResult<'_, reply::Sign, Self> {
self.sign(
Expand All @@ -878,6 +891,7 @@ pub trait Totp: CryptoClient {
}
}

#[cfg(feature = "x255")]
pub trait X255: CryptoClient {
fn generate_x255_secret_key(
&mut self,
Expand Down
Loading
Loading