From 7157dab290284e91338db7a32a8db73b20c33596 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Wed, 18 Sep 2024 18:44:14 +0000 Subject: [PATCH 1/7] Add Dilithium mechanisms and key types --- src/key.rs | 11 +++++++++++ src/types.rs | 5 +++++ 2 files changed, 16 insertions(+) diff --git a/src/key.rs b/src/key.rs index b1c9d05379b..38939088df2 100644 --- a/src/key.rs +++ b/src/key.rs @@ -76,6 +76,11 @@ pub enum Kind { BrainpoolP384R1, BrainpoolP512R1, X255, + + // Post-quantum cryptography algorithms + Dilithium2, + Dilithium3, + Dilithium5, } bitflags::bitflags! { @@ -221,6 +226,9 @@ impl Kind { Kind::BrainpoolP256R1 => 12, Kind::BrainpoolP384R1 => 13, Kind::BrainpoolP512R1 => 14, + Kind::Dilithium2 => 15, + Kind::Dilithium3 => 16, + Kind::Dilithium5 => 17, } } @@ -240,6 +248,9 @@ impl Kind { 12 => Kind::BrainpoolP256R1, 13 => Kind::BrainpoolP384R1, 14 => Kind::BrainpoolP512R1, + 15 => Kind::Dilithium2, + 16 => Kind::Dilithium3, + 17 => Kind::Dilithium5, _ => return Err(Error::InvalidSerializedKey), }) } diff --git a/src/types.rs b/src/types.rs index 8c533760ff5..1c18b364aec 100644 --- a/src/types.rs +++ b/src/types.rs @@ -450,6 +450,11 @@ pub enum Mechanism { Rsa2048Pkcs1v15, Rsa3072Pkcs1v15, Rsa4096Pkcs1v15, + + // Post-quantum cryptography algorithms + Dilithium2, + Dilithium3, + Dilithium5, } pub type MediumData = Bytes; From 3ad1148b7d7270129abf69f6fa3af0956327e441 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Tue, 24 Sep 2024 01:02:04 +0000 Subject: [PATCH 2/7] Correct serialized key and material lengths --- src/key.rs | 9 ++++----- src/types.rs | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/key.rs b/src/key.rs index 38939088df2..c871e2b0975 100644 --- a/src/key.rs +++ b/src/key.rs @@ -6,12 +6,11 @@ use serde::{de::Visitor, ser::SerializeMap, Deserialize, Serialize}; use zeroize::Zeroize; pub use crate::Bytes; -use crate::{ - config::{MAX_KEY_MATERIAL_LENGTH, MAX_SERIALIZED_KEY_LENGTH}, - Error, -}; +use crate::{config::MAX_SERIALIZED_KEY_LENGTH, Error}; -pub type Material = Vec; +// Keys are often stored in serialized format (e.g. PKCS#8 used by the RSA backend), +// so material max length must be serialized max length. +pub type Material = Vec; pub type SerializedKeyBytes = Vec; // We don't implement serde to make sure nobody inadvertently still uses it diff --git a/src/types.rs b/src/types.rs index 1c18b364aec..d5611cd91b5 100644 --- a/src/types.rs +++ b/src/types.rs @@ -461,7 +461,7 @@ pub type MediumData = Bytes; pub type ShortData = Bytes; pub type Message = Bytes; -pub type SerializedKey = Bytes; +pub type SerializedKey = Bytes; #[derive(Copy, Clone, Eq, PartialEq, Debug, Serialize, Deserialize)] pub enum KeySerialization { From 2f17d2d84676f662a1a0b66562e6b86e91c556b0 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Thu, 26 Sep 2024 01:27:55 +0000 Subject: [PATCH 3/7] Fix keystore serialization length; update config values if PQC feature enabled --- Cargo.toml | 8 ++++++++ src/config.rs | 23 +++++++++++++++++++---- src/store/keystore.rs | 4 ++-- 3 files changed, 29 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d63f0313aeb..7863af22c3a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -80,6 +80,14 @@ verbose-tests = ["littlefs2/ll-assertions"] verbose-lfs = ["littlefs2/ll-assertions", "littlefs2/ll-trace"] virt = ["std"] +# Set by the PQC backend +pqc = [] +# If any PQC algorithm is set, it sets the general PQC feature +dilithium2 = ["pqc"] +dilithium3 = ["pqc"] +dilithium5 = ["pqc"] + + log-all = [] log-none = [] log-info = [] diff --git a/src/config.rs b/src/config.rs index d799cff4cd5..11973f4df7a 100644 --- a/src/config.rs +++ b/src/config.rs @@ -36,11 +36,26 @@ cfg_if::cfg_if! { } pub const MAX_SHORT_DATA_LENGTH: usize = 128; -pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; -// FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key -pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; +cfg_if::cfg_if! { + if #[cfg(feature = "pqc")] { + // TODO: derive these values appropriately + // If we're using the PQC backend, pull the max sizes from that crate. + pub const MAX_SIGNATURE_LENGTH: usize = 4627; //trussed_pqc_backend::sizes::MAX_SIGNATURE_LENGTH; + // For the PQC algorithms, public and private key are generated at the same time and stored together as + // the private key. Then in the derive call, it just pulls the public key from the private key store + // and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus + // the PKCS8 serialization overhead. + pub const MAX_KEY_MATERIAL_LENGTH: usize = 7519; //trussed_pqc_backend::sizes::MAX_PRIVATE_KEY_LENGTH + trussed_pqc_backend::sizes::MAX_PUBLIC_KEY_LENGTH; + } else { + pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; + // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key + pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; + } +} -// must be MAX_KEY_MATERIAL_LENGTH + 4 +// Must be MAX_KEY_MATERIAL_LENGTH + 4 +// Note that this is not the serialized key material (e.g. serialized PKCS#8), but +// the internal Trussed serialization that adds flags and such pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; pub const MAX_USER_ATTRIBUTE_LENGTH: usize = 256; diff --git a/src/store/keystore.rs b/src/store/keystore.rs index 91849b1ffdf..bdcec651f05 100644 --- a/src/store/keystore.rs +++ b/src/store/keystore.rs @@ -2,7 +2,7 @@ use littlefs2_core::{path, PathBuf}; use rand_chacha::ChaCha8Rng; use crate::{ - config::MAX_KEY_MATERIAL_LENGTH, + config::MAX_SERIALIZED_KEY_LENGTH, error::{Error, Result}, key, store::{self, Store}, @@ -181,7 +181,7 @@ impl Keystore for ClientKeystore { let location = self.location(secrecy, id).ok_or(Error::NoSuchKey)?; - let bytes: Bytes<{ MAX_KEY_MATERIAL_LENGTH }> = store::read(self.store, location, &path)?; + let bytes: Bytes<{ MAX_SERIALIZED_KEY_LENGTH }> = store::read(self.store, location, &path)?; let key = key::Key::try_deserialize(&bytes)?; From 199032d933eaae6498232bbfc048f68c9f25b803 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Tue, 1 Oct 2024 03:19:53 +0000 Subject: [PATCH 4/7] Use pqcrypto values for dynamic max signature/material size calculations; rename features --- Cargo.toml | 9 +++--- src/config.rs | 76 +++++++++++++++++++++++++++++++++++++++++---------- src/key.rs | 9 ++++++ src/types.rs | 3 ++ 4 files changed, 77 insertions(+), 20 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 7863af22c3a..dde78894ac2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -61,6 +61,7 @@ serde-indexed = "0.1.0" p384 = { version = "0.13.0", optional = true, default-features = false, features = ["sha384", "ecdh", "ecdsa"] } p521 = { version = "0.13.3", optional = true, default-features = false, features = ["sha512", "ecdh", "ecdsa"] } ecdsa = { version = "0.16.9", optional = true, default-features = false } +pqcrypto-dilithium = { version = "0.5.0", optional = true } [dev-dependencies] # Testing @@ -80,12 +81,10 @@ verbose-tests = ["littlefs2/ll-assertions"] verbose-lfs = ["littlefs2/ll-assertions", "littlefs2/ll-trace"] virt = ["std"] -# Set by the PQC backend -pqc = [] # If any PQC algorithm is set, it sets the general PQC feature -dilithium2 = ["pqc"] -dilithium3 = ["pqc"] -dilithium5 = ["pqc"] +backend-dilithium2 = ["dep:pqcrypto-dilithium", "cosey/backend-dilithium2"] +backend-dilithium3 = ["dep:pqcrypto-dilithium", "cosey/backend-dilithium3"] +backend-dilithium5 = ["dep:pqcrypto-dilithium", "cosey/backend-dilithium5"] log-all = [] diff --git a/src/config.rs b/src/config.rs index 11973f4df7a..e227fdb6ce1 100644 --- a/src/config.rs +++ b/src/config.rs @@ -36,22 +36,68 @@ cfg_if::cfg_if! { } pub const MAX_SHORT_DATA_LENGTH: usize = 128; -cfg_if::cfg_if! { - if #[cfg(feature = "pqc")] { - // TODO: derive these values appropriately - // If we're using the PQC backend, pull the max sizes from that crate. - pub const MAX_SIGNATURE_LENGTH: usize = 4627; //trussed_pqc_backend::sizes::MAX_SIGNATURE_LENGTH; - // For the PQC algorithms, public and private key are generated at the same time and stored together as - // the private key. Then in the derive call, it just pulls the public key from the private key store - // and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus - // the PKCS8 serialization overhead. - pub const MAX_KEY_MATERIAL_LENGTH: usize = 7519; //trussed_pqc_backend::sizes::MAX_PRIVATE_KEY_LENGTH + trussed_pqc_backend::sizes::MAX_PUBLIC_KEY_LENGTH; - } else { - pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; - // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key - pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; - } +// Constant (static compile-time) max function +const fn max(a: usize, b: usize) -> usize { + [a, b][(a < b) as usize] } +pub const MAX_SIGNATURE_LENGTH: usize = max( + // Default from before addition of PQC + 512 * 2, + max( + if cfg!(feature = "backend-dilithium2") { + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_BYTES + } else { + 0 + }, + max( + if cfg!(feature = "backend-dilithium3") { + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_BYTES + } else { + 0 + }, + if cfg!(feature = "backend-dilithium5") { + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_BYTES + } else { + 0 + }, + ), + ), +); + +// For the PQC algorithms, public and private key are generated at the same time and stored together as +// the private key. Then in the derive call, it just pulls the public key from the private key store +// and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus +// the PKCS8 serialization overhead. +pub const MAX_KEY_MATERIAL_LENGTH: usize = max( + // Default from before addition of PQC + 512 * 2, + max( + // + 31 is for PKCS#8 serialization + if cfg!(feature = "backend-dilithium2") { + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_SECRETKEYBYTES + + 31 + } else { + 0 + }, + max( + if cfg!(feature = "backend-dilithium3") { + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_SECRETKEYBYTES + + 31 + } else { + 0 + }, + if cfg!(feature = "backend-dilithium5") { + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_SECRETKEYBYTES + + 31 + } else { + 0 + }, + ), + ), +); // Must be MAX_KEY_MATERIAL_LENGTH + 4 // Note that this is not the serialized key material (e.g. serialized PKCS#8), but diff --git a/src/key.rs b/src/key.rs index c871e2b0975..93c963e469b 100644 --- a/src/key.rs +++ b/src/key.rs @@ -77,8 +77,11 @@ pub enum Kind { X255, // Post-quantum cryptography algorithms + #[cfg(feature = "backend-dilithium2")] Dilithium2, + #[cfg(feature = "backend-dilithium3")] Dilithium3, + #[cfg(feature = "backend-dilithium5")] Dilithium5, } @@ -225,8 +228,11 @@ impl Kind { Kind::BrainpoolP256R1 => 12, Kind::BrainpoolP384R1 => 13, Kind::BrainpoolP512R1 => 14, + #[cfg(feature = "backend-dilithium2")] Kind::Dilithium2 => 15, + #[cfg(feature = "backend-dilithium3")] Kind::Dilithium3 => 16, + #[cfg(feature = "backend-dilithium5")] Kind::Dilithium5 => 17, } } @@ -247,8 +253,11 @@ impl Kind { 12 => Kind::BrainpoolP256R1, 13 => Kind::BrainpoolP384R1, 14 => Kind::BrainpoolP512R1, + #[cfg(feature = "backend-dilithium2")] 15 => Kind::Dilithium2, + #[cfg(feature = "backend-dilithium3")] 16 => Kind::Dilithium3, + #[cfg(feature = "backend-dilithium5")] 17 => Kind::Dilithium5, _ => return Err(Error::InvalidSerializedKey), }) diff --git a/src/types.rs b/src/types.rs index d5611cd91b5..257f893717f 100644 --- a/src/types.rs +++ b/src/types.rs @@ -452,8 +452,11 @@ pub enum Mechanism { Rsa4096Pkcs1v15, // Post-quantum cryptography algorithms + #[cfg(feature = "backend-dilithium2")] Dilithium2, + #[cfg(feature = "backend-dilithium3")] Dilithium3, + #[cfg(feature = "backend-dilithium5")] Dilithium5, } From a1d01b45f234d77cce80c3430bb1ff1c798345b2 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Sun, 27 Oct 2024 22:06:41 +0000 Subject: [PATCH 5/7] Fix conditional signature length calculation --- Cargo.toml | 3 ++ src/config.rs | 81 +++++++++++++++------------------------------------ 2 files changed, 26 insertions(+), 58 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index dde78894ac2..a76dfc15dc9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -153,3 +153,6 @@ test-attestation-cert-ids = [] [package.metadata.docs.rs] features = ["serde-extensions", "virt"] rustdoc-args = ["--cfg", "docsrs"] + +[patch.crates-io] +cosey = { path = "../cosey" } diff --git a/src/config.rs b/src/config.rs index e227fdb6ce1..6824cde2764 100644 --- a/src/config.rs +++ b/src/config.rs @@ -36,68 +36,33 @@ cfg_if::cfg_if! { } pub const MAX_SHORT_DATA_LENGTH: usize = 128; -// Constant (static compile-time) max function -const fn max(a: usize, b: usize) -> usize { - [a, b][(a < b) as usize] -} -pub const MAX_SIGNATURE_LENGTH: usize = max( - // Default from before addition of PQC - 512 * 2, - max( - if cfg!(feature = "backend-dilithium2") { - pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_BYTES - } else { - 0 - }, - max( - if cfg!(feature = "backend-dilithium3") { - pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_BYTES - } else { - 0 - }, - if cfg!(feature = "backend-dilithium5") { - pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_BYTES - } else { - 0 - }, - ), - ), -); - // For the PQC algorithms, public and private key are generated at the same time and stored together as // the private key. Then in the derive call, it just pulls the public key from the private key store // and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus // the PKCS8 serialization overhead. -pub const MAX_KEY_MATERIAL_LENGTH: usize = max( - // Default from before addition of PQC - 512 * 2, - max( - // + 31 is for PKCS#8 serialization - if cfg!(feature = "backend-dilithium2") { - pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_SECRETKEYBYTES - + 31 - } else { - 0 - }, - max( - if cfg!(feature = "backend-dilithium3") { - pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_SECRETKEYBYTES - + 31 - } else { - 0 - }, - if cfg!(feature = "backend-dilithium5") { - pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_SECRETKEYBYTES - + 31 - } else { - 0 - }, - ), - ), -); +cfg_if::cfg_if! { + if #[cfg(feature = "backend-dilithium5")] { + pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_BYTES; + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_SECRETKEYBYTES + + 31; + } else if #[cfg(feature = "backend-dilithium3")] { + pub const MAX_SIGNATURE_LENGTH: pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_BYTES; + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_SECRETKEYBYTES + + 31; + } else if #[cfg(feature = "backend-dilithium2")] { + pub const MAX_SIGNATURE_LENGTH: pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_BYTES; + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_SECRETKEYBYTES + + 31; + } else { + // Default from before addition of PQC + pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; + // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key + pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; + } +} // Must be MAX_KEY_MATERIAL_LENGTH + 4 // Note that this is not the serialized key material (e.g. serialized PKCS#8), but From d59d2b7f1e93a06a447301adad9513ee32753dd7 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Mon, 4 Nov 2024 22:15:44 -0500 Subject: [PATCH 6/7] Dyanmic calculation of max message size and FIDO wrapped key size; add some debug messages --- src/config.rs | 25 +++++++++++++++++-------- src/mechanisms/chacha8poly1305.rs | 5 ++++- src/service.rs | 2 +- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/src/config.rs b/src/config.rs index 6824cde2764..1554d4030d9 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1,7 +1,6 @@ // TODO: this needs to be overridable. // Should we use the "config crate that can have a replacement patched in" idea? -pub const MAX_MESSAGE_LENGTH: usize = 1024; pub const MAX_MEDIUM_DATA_LENGTH: usize = 256; cfg_if::cfg_if! { if #[cfg(test)] { @@ -39,28 +38,36 @@ pub const MAX_SHORT_DATA_LENGTH: usize = 128; // For the PQC algorithms, public and private key are generated at the same time and stored together as // the private key. Then in the derive call, it just pulls the public key from the private key store // and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus -// the PKCS8 serialization overhead. +// the PKCS8 DER encoding overhead (31 bytes). cfg_if::cfg_if! { if #[cfg(feature = "backend-dilithium5")] { pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_BYTES; - pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_SECRETKEYBYTES + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_SECRETKEYBYTES + 31; + //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; } else if #[cfg(feature = "backend-dilithium3")] { - pub const MAX_SIGNATURE_LENGTH: pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_BYTES; + pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_BYTES; pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_PUBLICKEYBYTES + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_SECRETKEYBYTES + 31; + //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; } else if #[cfg(feature = "backend-dilithium2")] { - pub const MAX_SIGNATURE_LENGTH: pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_BYTES; - pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM5_CLEAN_CRYPTO_SECRETKEYBYTES + pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_BYTES; + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_dilithium::ffi::PQCLEAN_DILITHIUM2_CLEAN_CRYPTO_SECRETKEYBYTES + 31; + //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; } else { // Default from before addition of PQC pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; + //pub const MAX_MESSAGE_LENGTH: usize = 1024; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = 128; } } @@ -68,6 +75,8 @@ cfg_if::cfg_if! { // Note that this is not the serialized key material (e.g. serialized PKCS#8), but // the internal Trussed serialization that adds flags and such pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; +// 30 bytes are added by CBOR serialization of a FullCredential +pub const MAX_MESSAGE_LENGTH: usize = MAX_FIDO_WRAPPED_KEY_LENGTH + 30; pub const MAX_USER_ATTRIBUTE_LENGTH: usize = 256; diff --git a/src/mechanisms/chacha8poly1305.rs b/src/mechanisms/chacha8poly1305.rs index c19460decf2..10617931d5c 100644 --- a/src/mechanisms/chacha8poly1305.rs +++ b/src/mechanisms/chacha8poly1305.rs @@ -179,7 +179,9 @@ impl WrapKey for super::Chacha8Poly1305 { // TODO: need to check both secret and private keys let serialized_key = keystore.load_key(key::Secrecy::Secret, None, &request.key)?; - let message = Message::from_slice(&serialized_key.serialize()).unwrap(); + let serialized = serialized_key.serialize(); + let message = Message::from_slice(&serialized).unwrap(); + debug_now!("Serialized key length: {}", &serialized.len()); let encryption_request = request::Encrypt { mechanism: Mechanism::Chacha8Poly1305, @@ -193,6 +195,7 @@ impl WrapKey for super::Chacha8Poly1305 { let wrapped_key = crate::postcard_serialize_bytes(&encryption_reply).map_err(|_| Error::CborError)?; + debug_now!("Wrapped key length: {}", wrapped_key.len()); Ok(reply::WrapKey { wrapped_key }) } } diff --git a/src/service.rs b/src/service.rs index 16dbe3a5f17..66c41318517 100644 --- a/src/service.rs +++ b/src/service.rs @@ -942,7 +942,7 @@ impl Service { .platform .user_interface() .set_status(ui::Status::Processing); - // #[cfg(test)] println!("service got request: {:?}", &request); + info_now!("service got request: {:?}", &request); // resources.currently_serving = ep.client_id.clone(); let reply_result = if ep.backends.is_empty() { From 0e582884f97e022f97a497357953b26d737973cc Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Mon, 4 Nov 2024 23:56:47 -0500 Subject: [PATCH 7/7] Update max message size --- src/config.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config.rs b/src/config.rs index 1554d4030d9..db13dd754dd 100644 --- a/src/config.rs +++ b/src/config.rs @@ -76,7 +76,7 @@ cfg_if::cfg_if! { // the internal Trussed serialization that adds flags and such pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; // 30 bytes are added by CBOR serialization of a FullCredential -pub const MAX_MESSAGE_LENGTH: usize = MAX_FIDO_WRAPPED_KEY_LENGTH + 30; +pub const MAX_MESSAGE_LENGTH: usize = MAX_FIDO_WRAPPED_KEY_LENGTH + 30 + 2031 + 32 + 37; // TODO: update this to be different pub const MAX_USER_ATTRIBUTE_LENGTH: usize = 256;