Make credential: change the path of rks to rp_id_hash.credential_id_hash from rp_id_hash/credential_id_hash

The goal is to make credential storage more efficient, by making use of littlefs's
ability to inline file contents into the directory metadata when the file is small.

Author: sosthene-nitrokey

CHANGELOG.md

@@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Implement PIN token permissions ([#63][])
 - Implement UpdateUserInformation subcommand for CredentialManagement
 - Support CTAP 2.1
+- Remove the per-relying party directory to save spcae ([#55][])
 
 [#26]: https://github.com/solokeys/fido-authenticator/issues/26
 [#28]: https://github.com/solokeys/fido-authenticator/issues/28
@@ -37,6 +38,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#61]: https://github.com/Nitrokey/fido-authenticator/pull/61
 [#62]: https://github.com/Nitrokey/fido-authenticator/pull/62
 [#63]: https://github.com/Nitrokey/fido-authenticator/pull/63
+[#55]: https://github.com/Nitrokey/fido-authenticator/issues/55
 
 ## [0.1.1] - 2022-08-22
 - Fix bug that treated U2F payloads as APDU over APDU in NFC transport @conorpp

Cargo.toml

@@ -25,6 +25,7 @@ sha2 = { version = "0.10", default-features = false }
 trussed = "0.1"
 trussed-hkdf = { version = "0.1.0" }
 trussed-staging = { version = "0.1.0", default-features = false, optional = true }
+littlefs2 = { version = "0.4.0" }
 
 apdu-dispatch = { version = "0.1", optional = true }
 ctaphid-dispatch = { version = "0.1", optional = true }
@@ -50,6 +51,7 @@ env_logger = "0.11.0"
 rand = "0.8.4"
 trussed = { version = "0.1", features = ["virt"] }
 trussed-usbip = { version = "0.0.1", default-features = false, features = ["ctaphid"] }
+trussed-staging = { version = "0.1.0", features = ["migration-tests"] }
 usbd-ctaphid = "0.1.0"
 
 [package.metadata.docs.rs]
@@ -59,10 +61,10 @@ features = ["dispatch"]
 ctap-types = { git = "https://github.com/trussed-dev/ctap-types.git", rev = "4846817d9cd44604121680a19d46f3264973a3ce" }
 ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" }
 apdu-dispatch = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "915fc237103fcecc29d0f0b73391f19abf6576de" }
-littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "ebd27e49ca321089d01d8c9b169c4aeb58ceeeca" }
-serde-indexed = { git = "https://github.com/sosthene-nitrokey/serde-indexed.git", rev = "5005d23cb4ee8622e62188ea0f9466146f851f0d" }
-trussed = { git = "https://github.com/Nitrokey/trussed.git", tag = "v0.1.0-nitrokey.18" }
+littlefs2 = { git = "https://github.com/sosthene-nitrokey/littlefs2.git", rev = "99b1a9832c46c9097e73ca1fa43e119026e2068f" }
+trussed = { git = "https://github.com/Nitrokey/trussed.git", rev = "dadeda9a1fe94911196223232bcabff2cc746b7e" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging", rev = "93801d3b4aefe469806a213e7a49aa540059abb1" }
 trussed-hkdf = { git = "https://github.com/Nitrokey/trussed-hkdf-backend.git", tag = "v0.1.0" }
-trussed-staging = { git = "https://github.com/Nitrokey/trussed-staging", tag = "v0.1.0-nitrokey-hmac256p256.3" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.1" }
 usbd-ctaphid = { git = "https://github.com/Nitrokey/usbd-ctaphid.git", tag = "v0.1.0-nitrokey.2" }
+serde-indexed = { git = "https://github.com/sosthene-nitrokey/serde-indexed.git", rev = "5005d23cb4ee8622e62188ea0f9466146f851f0d" }

examples/usbip.rs

@@ -29,19 +29,18 @@ impl trussed_usbip::Apps<'static, VirtClient, CoreOnly> for FidoApp {
             #[cfg(feature = "chunked")]
             max_size: 4096,
         });
+        let mut fido = fido_authenticator::Authenticator::new(
+            builder.build("fido", &[BackendId::Core]),
+            fido_authenticator::Conforming {},
+            fido_authenticator::Config {
+                max_msg_size: usbd_ctaphid::constants::MESSAGE_SIZE,
+                skip_up_timeout: None,
+                max_resident_credential_count: Some(10),
+                large_blobs: large_blogs,
+            },
+        );
 
-        FidoApp {
-            fido: fido_authenticator::Authenticator::new(
-                builder.build("fido", &[BackendId::Core]),
-                fido_authenticator::Conforming {},
-                fido_authenticator::Config {
-                    max_msg_size: usbd_ctaphid::constants::MESSAGE_SIZE,
-                    skip_up_timeout: None,
-                    max_resident_credential_count: Some(10),
-                    large_blobs: large_blogs,
-                },
-            ),
-        }
+        FidoApp { fido }
     }
 
     fn with_ctaphid_apps<T>(

src/ctap2.rs

@@ -397,7 +397,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
             // then check the maximum number of RK credentials
             if let Some(max_count) = self.config.max_resident_credential_count {
                 let mut cm = credential_management::CredentialManagement::new(self);
-                let metadata = cm.get_creds_metadata();
+                let metadata = cm.get_creds_metadata()?;
                 let count = metadata
                     .existing_resident_credentials_count
                     .unwrap_or(max_count);
@@ -945,7 +945,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
         let sub_parameters = &parameters.sub_command_params;
         match parameters.sub_command {
             // 0x1
-            Subcommand::GetCredsMetadata => Ok(cred_mgmt.get_creds_metadata()),
+            Subcommand::GetCredsMetadata => cred_mgmt.get_creds_metadata(),
 
             // 0x2
             Subcommand::EnumerateRpsBegin => cred_mgmt.first_relying_party(),
@@ -1040,7 +1040,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
         // If no allowList is passed, credential is None and the retrieved credentials
         // are stored in state.runtime.credential_heap
         let (credential, num_credentials) = self
-            .prepare_credentials(&rp_id_hash, &parameters.allow_list, uv_performed)
+            .prepare_credentials(&rp_id_hash, &parameters.allow_list, uv_performed)?
             .ok_or(Error::NoCredentials)?;
 
         info_now!("found {:?} applicable credentials", num_credentials);
@@ -1180,7 +1180,7 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
         rp_id_hash: &Bytes<32>,
         allow_list: &Option<ctap2::get_assertion::AllowList>,
         uv_performed: bool,
-    ) -> Option<(Credential, u32)> {
+    ) -> Result<Option<(Credential, u32)>> {
         debug_now!("remaining stack size: {} bytes", msp() - 0x2000_0000);
 
         self.state.runtime.clear_credential_cache();
@@ -1214,50 +1214,74 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
                         continue;
                     }
 
-                    return Some((credential, 1));
+                    return Ok(Some((credential, 1)));
                 }
 
                 // we don't recognize any credentials in the allowlist
-                return None;
+                return Ok(None);
             }
         }
 
         // we are only dealing with discoverable credentials.
         debug_now!("Allowlist not passed, fetching RKs");
+        self.prepare_cache(rp_id_hash, uv_performed)?;
 
-        let mut maybe_path =
-            syscall!(self
-                .trussed
-                .read_dir_first(Location::Internal, rp_rk_dir(rp_id_hash), None,))
-            .entry
-            .map(|entry| PathBuf::from(entry.path()));
+        let num_credentials = self.state.runtime.remaining_credentials();
+        let credential = self.state.runtime.pop_credential(&mut self.trussed);
+        Ok(credential.map(|credential| (Credential::Full(credential), num_credentials)))
+    }
 
+    /// Populate the cache with the RP credentials.
+    ///
+    /// Returns true if legacy credentials are present and therefore prepare_cache_legacy should be called too
+    #[inline(never)]
+    fn prepare_cache(&mut self, rp_id_hash: &Bytes<32>, uv_performed: bool) -> Result<()> {
         use crate::state::CachedCredential;
         use core::str::FromStr;
 
-        while let Some(path) = maybe_path {
-            let credential_data =
-                syscall!(self.trussed.read_file(Location::Internal, path.clone(),)).data;
+        let rp_rk_dir = rp_rk_dir(rp_id_hash);
+        let mut maybe_entry = syscall!(self.trussed.read_dir_first_alphabetical(
+            Location::Internal,
+            PathBuf::from(b"rk"),
+            Some(rp_rk_dir.clone())
+        ))
+        .entry;
+
+        while let Some(entry) = maybe_entry.take() {
+            if !entry.path().as_ref().starts_with(rp_rk_dir.as_ref()) {
+                // We got past all credentials for the relevant RP
+                break;
+            }
 
-            let credential = FullCredential::deserialize(&credential_data).ok()?;
+            if entry.path() == &*rp_rk_dir {
+                debug_assert!(entry.metadata().is_dir());
+                error!("Migration missing");
+                return Err(Error::Other);
+            }
+
+            let credential_data = syscall!(self
+                .trussed
+                .read_file(Location::Internal, entry.path().into(),))
+            .data;
+
+            let credential = FullCredential::deserialize(&credential_data).map_err(|_err| {
+                error!("Failed to deserialize credential: {_err:?}");
+                Error::Other
+            })?;
             let timestamp = credential.creation_time;
             let credential = Credential::Full(credential);
 
             if self.check_credential_applicable(&credential, false, uv_performed) {
                 self.state.runtime.push_credential(CachedCredential {
                     timestamp,
-                    path: String::from_str(path.as_str_ref_with_trailing_nul()).ok()?,
+                    path: String::from_str(entry.path().as_str_ref_with_trailing_nul())
+                        .map_err(|_| Error::Other)?,
                 });
             }
 
-            maybe_path = syscall!(self.trussed.read_dir_next())
-                .entry
-                .map(|entry| PathBuf::from(entry.path()));
+            maybe_entry = syscall!(self.trussed.read_dir_next()).entry;
         }
-
-        let num_credentials = self.state.runtime.remaining_credentials();
-        let credential = self.state.runtime.pop_credential(&mut self.trussed);
-        credential.map(|credential| (Credential::Full(credential), num_credentials))
+        Ok(())
     }
 
     fn decrypt_pin_hash_and_maybe_escalate(
@@ -2001,11 +2025,12 @@ fn rp_rk_dir(rp_id_hash: &Bytes<32>) -> PathBuf {
 }
 
 fn rk_path(rp_id_hash: &Bytes<32>, credential_id_hash: &Bytes<32>) -> PathBuf {
-    let mut path = rp_rk_dir(rp_id_hash);
-
-    let mut hex = [0u8; 16];
-    format_hex(&credential_id_hash[..8], &mut hex);
-    path.push(&PathBuf::from(&hex));
+    let mut buf = [0; 33];
+    buf[16] = b'.';
+    format_hex(&rp_id_hash[..8], &mut buf[..16]);
+    format_hex(&credential_id_hash[..8], &mut buf[17..]);
 
+    let mut path = PathBuf::from("rk");
+    path.push(&PathBuf::from(buf.as_slice()));
     path
 }