Unify mechanism traits

CHANGELOG.md

@@ -64,6 +64,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Removed the `Copy` requirement.
   - Removed the `unsafe` keyword for the `Store` trait.
 - Removed the `unsafe` keyword for the `Platform` trait.
+- Replaced the mechanism RPC traits in `service` with a single `MechanismImpl` trait.
+- Made the `mechanisms` module private.  Mechanism implementation can still be accessed via the `Mechanism` enum.
 
 ### Fixed
 

src/lib.rs

@@ -32,7 +32,7 @@ pub mod error;
 pub mod interrupt;
 pub mod key;
 #[cfg(feature = "crypto-client")]
-pub mod mechanisms;
+mod mechanisms;
 pub mod pipe;
 pub mod platform;
 #[cfg(feature = "serde-extensions")]

src/mechanisms.rs

@@ -12,104 +12,87 @@
 
 // TODO: rename to aes256-cbc-zero-iv
 #[cfg(feature = "aes256-cbc")]
-pub struct Aes256Cbc {}
+pub struct Aes256Cbc;
 #[cfg(feature = "aes256-cbc")]
 mod aes256cbc;
 
 #[cfg(feature = "chacha8-poly1305")]
-pub struct Chacha8Poly1305 {}
+pub struct Chacha8Poly1305;
 #[cfg(feature = "chacha8-poly1305")]
 mod chacha8poly1305;
 
 #[cfg(feature = "shared-secret")]
-pub struct SharedSecret {}
+pub struct SharedSecret;
 #[cfg(feature = "shared-secret")]
 mod shared_secret;
 
 #[cfg(feature = "ed255")]
-pub struct Ed255 {}
+pub struct Ed255;
 #[cfg(feature = "ed255")]
 mod ed255;
 
 #[cfg(feature = "hmac-blake2s")]
-pub struct HmacBlake2s {}
+pub struct HmacBlake2s;
 #[cfg(feature = "hmac-blake2s")]
 mod hmacblake2s;
 
 #[cfg(feature = "hmac-sha1")]
-pub struct HmacSha1 {}
+pub struct HmacSha1;
 #[cfg(feature = "hmac-sha1")]
 mod hmacsha1;
 
 #[cfg(feature = "hmac-sha256")]
-pub struct HmacSha256 {}
+pub struct HmacSha256;
 #[cfg(feature = "hmac-sha256")]
 mod hmacsha256;
 
 #[cfg(feature = "hmac-sha512")]
-pub struct HmacSha512 {}
+pub struct HmacSha512;
 #[cfg(feature = "hmac-sha512")]
 mod hmacsha512;
 
 #[cfg(feature = "p256")]
-pub struct P256 {}
+pub struct P256;
 #[cfg(feature = "p256")]
-pub struct P256Prehashed {}
+pub struct P256Prehashed;
 #[cfg(feature = "p256")]
 mod p256;
 
 #[cfg(feature = "p384")]
-pub struct P384 {}
+pub struct P384;
 #[cfg(feature = "p384")]
-pub struct P384Prehashed {}
+pub struct P384Prehashed;
 #[cfg(feature = "p384")]
 mod p384;
 
 #[cfg(feature = "p521")]
-pub struct P521 {}
+pub struct P521;
 #[cfg(feature = "p521")]
-pub struct P521Prehashed {}
+pub struct P521Prehashed;
 #[cfg(feature = "p521")]
 mod p521;
 
 #[cfg(feature = "sha256")]
-pub struct Sha256 {}
+pub struct Sha256;
 #[cfg(feature = "sha256")]
 mod sha256;
 
 #[cfg(feature = "tdes")]
-pub struct Tdes {}
+pub struct Tdes;
 #[cfg(feature = "tdes")]
 mod tdes;
 
 #[cfg(feature = "totp")]
-pub struct Totp {}
+pub struct Totp;
 #[cfg(feature = "totp")]
 mod totp;
 
 #[cfg(feature = "trng")]
-pub struct Trng {}
+pub struct Trng;
 #[cfg(feature = "trng")]
 mod trng;
 
 #[cfg(feature = "x255")]
-pub struct X255 {}
+pub struct X255;
 #[cfg(feature = "x255")]
 mod x255;
-
-// pub enum MechanismEnum {
-//     NotImplemented,
-//     Ed255(ed255::Ed255),
-//     P256(p256::P256),
-// }
-
-// use crate::types::Mechanism;
-// pub fn enum_to_type(mechanism: Mechanism) -> MechanismEnum {
-//     match mechanism {
-//         #[cfg(feature = "ed255")]
-//         Mechanism::Ed255 => MechanismEnum::Ed255(ed255::Ed255 {} ),
-//         #[cfg(feature = "p256")]
-//         Mechanism::P256 => MechanismEnum::P256(p256::P256 {} ),
-//         _ => MechanismEnum::NotImplemented,
-//     }
-// }

src/mechanisms/aes256cbc.rs

@@ -1,15 +1,16 @@
 use crate::api::{reply, request};
 use crate::error::Error;
 use crate::key;
-use crate::service::{Decrypt, Encrypt, UnsafeInjectKey, WrapKey};
+use crate::service::MechanismImpl;
 use crate::store::keystore::Keystore;
 use crate::types::{Mechanism, Message, ShortData};
 
 const AES256_KEY_SIZE: usize = 32;
 
-impl Encrypt for super::Aes256Cbc {
+impl MechanismImpl for super::Aes256Cbc {
     /// Encrypts the input *with zero IV*
     fn encrypt(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::Encrypt,
     ) -> Result<reply::Encrypt, Error> {
@@ -63,10 +64,9 @@ impl Encrypt for super::Aes256Cbc {
             tag: ShortData::new(),
         })
     }
-}
 
-impl WrapKey for super::Aes256Cbc {
     fn wrap_key(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::WrapKey,
     ) -> Result<reply::WrapKey, Error> {
@@ -91,16 +91,15 @@ impl WrapKey for super::Aes256Cbc {
             associated_data: request.associated_data.clone(),
             nonce: request.nonce.clone(),
         };
-        let encryption_reply = <super::Aes256Cbc>::encrypt(keystore, &encryption_request)?;
+        let encryption_reply = self.encrypt(keystore, &encryption_request)?;
 
         let wrapped_key = encryption_reply.ciphertext;
 
         Ok(reply::WrapKey { wrapped_key })
     }
-}
 
-impl Decrypt for super::Aes256Cbc {
     fn decrypt(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::Decrypt,
     ) -> Result<reply::Decrypt, Error> {
@@ -155,10 +154,9 @@ impl Decrypt for super::Aes256Cbc {
             plaintext: Some(plaintext),
         })
     }
-}
 
-impl UnsafeInjectKey for super::Aes256Cbc {
     fn unsafe_inject_key(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::UnsafeInjectKey,
     ) -> Result<reply::UnsafeInjectKey, Error> {

src/mechanisms/chacha8poly1305.rs

@@ -5,7 +5,7 @@ use trussed_core::types::EncryptedData;
 use crate::api::{reply, request};
 use crate::error::Error;
 use crate::key;
-use crate::service::{Decrypt, Encrypt, GenerateKey, UnwrapKey, WrapKey};
+use crate::service::MechanismImpl;
 use crate::store::keystore::Keystore;
 use crate::types::{Mechanism, Message, ShortData};
 
@@ -20,9 +20,26 @@ const TAG_LEN: usize = 16;
 const KIND: key::Kind = key::Kind::Symmetric(KEY_LEN);
 const KIND_NONCE: key::Kind = key::Kind::Symmetric32Nonce(NONCE_LEN);
 
-impl GenerateKey for super::Chacha8Poly1305 {
+#[inline(never)]
+fn increment_nonce(nonce: &mut [u8]) -> Result<(), Error> {
+    assert_eq!(nonce.len(), NONCE_LEN);
+    let mut carry: u16 = 1;
+    for digit in nonce.iter_mut() {
+        let x = (*digit as u16) + carry;
+        *digit = x as u8;
+        carry = x >> 8;
+    }
+    if carry == 0 {
+        Ok(())
+    } else {
+        Err(Error::NonceOverflow)
+    }
+}
+
+impl MechanismImpl for super::Chacha8Poly1305 {
     #[inline(never)]
     fn generate_key(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::GenerateKey,
     ) -> Result<reply::GenerateKey, Error> {
@@ -45,27 +62,10 @@ impl GenerateKey for super::Chacha8Poly1305 {
 
         Ok(reply::GenerateKey { key: key_id })
     }
-}
 
-#[inline(never)]
-fn increment_nonce(nonce: &mut [u8]) -> Result<(), Error> {
-    assert_eq!(nonce.len(), NONCE_LEN);
-    let mut carry: u16 = 1;
-    for digit in nonce.iter_mut() {
-        let x = (*digit as u16) + carry;
-        *digit = x as u8;
-        carry = x >> 8;
-    }
-    if carry == 0 {
-        Ok(())
-    } else {
-        Err(Error::NonceOverflow)
-    }
-}
-
-impl Decrypt for super::Chacha8Poly1305 {
     #[inline(never)]
     fn decrypt(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::Decrypt,
     ) -> Result<reply::Decrypt, Error> {
@@ -103,12 +103,10 @@ impl Decrypt for super::Chacha8Poly1305 {
             },
         })
     }
-}
 
-#[cfg(feature = "chacha8-poly1305")]
-impl Encrypt for super::Chacha8Poly1305 {
     #[inline(never)]
     fn encrypt(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::Encrypt,
     ) -> Result<reply::Encrypt, Error> {
@@ -164,11 +162,10 @@ impl Encrypt for super::Chacha8Poly1305 {
             tag,
         })
     }
-}
 
-impl WrapKey for super::Chacha8Poly1305 {
     #[inline(never)]
     fn wrap_key(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::WrapKey,
     ) -> Result<reply::WrapKey, Error> {
@@ -186,19 +183,18 @@ impl WrapKey for super::Chacha8Poly1305 {
             associated_data: request.associated_data.clone(),
             nonce: request.nonce.clone(),
         };
-        let encryption_reply = <super::Chacha8Poly1305>::encrypt(keystore, &encryption_request)?;
+        let encryption_reply = self.encrypt(keystore, &encryption_request)?;
 
         let wrapped_key = EncryptedData::from(encryption_reply);
         let wrapped_key =
             crate::postcard_serialize_bytes(&wrapped_key).map_err(|_| Error::CborError)?;
 
         Ok(reply::WrapKey { wrapped_key })
     }
-}
 
-impl UnwrapKey for super::Chacha8Poly1305 {
     #[inline(never)]
     fn unwrap_key(
+        &self,
         keystore: &mut impl Keystore,
         request: &request::UnwrapKey,
     ) -> Result<reply::UnwrapKey, Error> {
@@ -211,13 +207,12 @@ impl UnwrapKey for super::Chacha8Poly1305 {
             request.associated_data.clone(),
         );
 
-        let serialized_key = if let Some(serialized_key) =
-            <super::Chacha8Poly1305>::decrypt(keystore, &decryption_request)?.plaintext
-        {
-            serialized_key
-        } else {
-            return Ok(reply::UnwrapKey { key: None });
-        };
+        let serialized_key =
+            if let Some(serialized_key) = self.decrypt(keystore, &decryption_request)?.plaintext {
+                serialized_key
+            } else {
+                return Ok(reply::UnwrapKey { key: None });
+            };
 
         // TODO: probably change this to returning Option<key> too
         let key::Key {