From 5c1ccde86023c97cf0f7f4a91b0c9d7162841990 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Wed, 26 Feb 2025 12:50:55 -0500 Subject: [PATCH 1/5] Migrate PQC changes from other repo --- Cargo.toml | 8 ++++++++ core/Cargo.toml | 6 ++++++ core/src/config.rs | 43 +++++++++++++++++++++++++++++++++++++++---- core/src/types.rs | 8 ++++++++ src/config.rs | 4 +++- src/key.rs | 21 +++++++++++++++++++++ src/store/keystore.rs | 4 ++-- 7 files changed, 87 insertions(+), 7 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 6d089e0b442..d1539505ac3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,6 +56,9 @@ hmac = "0.12" sha-1 = { version = "0.10", default-features = false, optional = true } sha2 = { version = "0.10", default-features = false } +# PQC +pqcrypto-mldsa = { version = "0.1.0", optional = true } + # ours cosey = "0.3" delog = "0.1.0" @@ -152,6 +155,11 @@ ui-client = ["trussed-core/ui-client"] test-attestation-cert-ids = [] +# If any PQC algorithm is set, it loads the dependency +mldsa44 = ["dep:pqcrypto-mldsa", "cosey/backend-mldsa-44", "trussed-core/backend-mldsa-44"] +mldsa65 = ["dep:pqcrypto-mldsa", "cosey/backend-mldsa-65", "trussed-core/backend-mldsa-65"] +mldsa87 = ["dep:pqcrypto-mldsa", "cosey/backend-mldsa-87", "trussed-core/backend-mldsa-87"] + [[test]] name = "aes256cbc" required-features = ["crypto-client", "default-mechanisms", "virt"] diff --git a/core/Cargo.toml b/core/Cargo.toml index 44c53137823..85391e68c84 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -10,6 +10,7 @@ license.workspace = true repository.workspace = true [dependencies] +cfg-if = "1.0" heapless-bytes.workspace = true littlefs2-core.workspace = true postcard.workspace = true @@ -54,5 +55,10 @@ totp = [] trng = [] x255 = [] +# PQC +mldsa44 = [] +mldsa65 = [] +mldsa87 = [] + [package.metadata.docs.rs] all-features = true diff --git a/core/src/config.rs b/core/src/config.rs index ca744a93e44..8343ff47636 100644 --- a/core/src/config.rs +++ b/core/src/config.rs @@ -1,9 +1,5 @@ -pub const MAX_MESSAGE_LENGTH: usize = 1024; pub const MAX_MEDIUM_DATA_LENGTH: usize = 256; pub const MAX_SHORT_DATA_LENGTH: usize = 128; -pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; -// FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key -pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; pub const MAX_USER_ATTRIBUTE_LENGTH: usize = 256; // request size is chosen to not exceed the largest standard syscall, Decrypt, so that the Request @@ -13,3 +9,42 @@ pub const SERDE_EXTENSION_REQUEST_LENGTH: usize = // reply size is chosen to not exceed the largest standard syscall, Encrypt, so that the Reply enum // does not grow from this variant pub const SERDE_EXTENSION_REPLY_LENGTH: usize = MAX_MESSAGE_LENGTH + 2 * MAX_SHORT_DATA_LENGTH; + +// For the PQC algorithms, public and private key are generated at the same time and stored together as +// the private key. Then in the derive call, it just pulls the public key from the private key store +// and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus +// the PKCS8 DER encoding overhead (31 bytes). +cfg_if::cfg_if! { + if #[cfg(feature = "mldsa87")] { + pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_BYTES; + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_SECRETKEYBYTES + + 31; + //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; + } else if #[cfg(feature = "mldsa65")] { + pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES; + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_SECRETKEYBYTES + + 31; + //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; + } else if #[cfg(feature = "mldsa44")] { + pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_BYTES; + pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_PUBLICKEYBYTES + + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_SECRETKEYBYTES + + 31; + //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; + } else { + // Default from before addition of PQC + pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; + // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key + pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; + //pub const MAX_MESSAGE_LENGTH: usize = 1024; + pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = 128; + } +} + +// 30 bytes are added by CBOR serialization of a FullCredential +pub const MAX_MESSAGE_LENGTH: usize = MAX_FIDO_WRAPPED_KEY_LENGTH + 30 + 2031 + 32 + 37; // TODO: update this to use different consts for each area where this is needed diff --git a/core/src/types.rs b/core/src/types.rs index 8ae8caf0b5f..153dd120f42 100644 --- a/core/src/types.rs +++ b/core/src/types.rs @@ -594,6 +594,14 @@ generate_mechanism! { Rsa3072Pkcs1v15, #[cfg(feature = "rsa4096")] Rsa4096Pkcs1v15, + + // Post-Quantum Cryptography + #[cfg(feature = "mldsa44")] + Mldsa44, + #[cfg(feature = "mldsa65")] + Mldsa65, + #[cfg(feature = "mldsa87")] + Mldsa87, } } diff --git a/src/config.rs b/src/config.rs index 32348b2bb18..45f1978bb36 100644 --- a/src/config.rs +++ b/src/config.rs @@ -7,7 +7,9 @@ pub use trussed_core::config::{ SERDE_EXTENSION_REQUEST_LENGTH, }; -// must be MAX_KEY_MATERIAL_LENGTH + 4 +// Must be MAX_KEY_MATERIAL_LENGTH + 4 +// Note that this is not the serialized key material (e.g. serialized PKCS#8), but +// the internal Trussed serialization that adds flags and such pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; pub const USER_ATTRIBUTE_NUMBER: u8 = 37; diff --git a/src/key.rs b/src/key.rs index b071d324a9c..a9473b83baa 100644 --- a/src/key.rs +++ b/src/key.rs @@ -11,6 +11,8 @@ use crate::{ Error, }; +// Keys are often stored in serialized format (e.g. PKCS#8 used by the RSA backend), +// so material max length must be serialized max length. pub type Material = Vec; pub type SerializedKeyBytes = Vec; @@ -77,6 +79,13 @@ pub enum Kind { BrainpoolP512R1, X255, Secp256k1, + // Post-quantum cryptography algorithms + #[cfg(feature = "mldsa44")] + Mldsa44, + #[cfg(feature = "mldsa65")] + Mldsa65, + #[cfg(feature = "mldsa87")] + Mldsa87, } bitflags::bitflags! { @@ -223,6 +232,12 @@ impl Kind { Kind::BrainpoolP384R1 => 13, Kind::BrainpoolP512R1 => 14, Kind::Secp256k1 => 15, + #[cfg(feature = "mldsa44")] + Kind::Mldsa44 => 16, + #[cfg(feature = "mldsa65")] + Kind::Mldsa65 => 17, + #[cfg(feature = "mldsa87")] + Kind::Mldsa87 => 18, } } @@ -243,6 +258,12 @@ impl Kind { 13 => Kind::BrainpoolP384R1, 14 => Kind::BrainpoolP512R1, 15 => Kind::Secp256k1, + #[cfg(feature = "mldsa44")] + 16 => Kind::Mldsa44, + #[cfg(feature = "mldsa65")] + 17 => Kind::Mldsa65, + #[cfg(feature = "mldsa87")] + 18 => Kind::Mldsa87, _ => return Err(Error::InvalidSerializedKey), }) } diff --git a/src/store/keystore.rs b/src/store/keystore.rs index 7b4f927f5c7..85ea155dbf5 100644 --- a/src/store/keystore.rs +++ b/src/store/keystore.rs @@ -2,7 +2,7 @@ use littlefs2_core::{path, PathBuf}; use rand_chacha::ChaCha8Rng; use crate::{ - config::MAX_KEY_MATERIAL_LENGTH, + config::MAX_SERIALIZED_KEY_LENGTH, error::{Error, Result}, key, store::{self, Store}, @@ -181,7 +181,7 @@ impl Keystore for ClientKeystore { let location = self.location(secrecy, id).ok_or(Error::NoSuchKey)?; - let bytes: Bytes<{ MAX_KEY_MATERIAL_LENGTH }> = store::read(self.store, location, &path)?; + let bytes: Bytes<{ MAX_SERIALIZED_KEY_LENGTH }> = store::read(self.store, location, &path)?; let key = key::Key::try_deserialize(&bytes)?; From e636dcf7d2b6387ca331d2b4ba279717da086a9d Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Thu, 27 Feb 2025 15:36:07 -0500 Subject: [PATCH 2/5] Fixes for upstream sync --- Cargo.toml | 6 +++--- core/Cargo.toml | 9 ++++++--- core/src/config.rs | 5 +++++ core/src/types.rs | 4 ++-- src/config.rs | 11 +++-------- src/key.rs | 8 +++----- src/store/keystore.rs | 2 +- 7 files changed, 23 insertions(+), 22 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d1539505ac3..dfd2e6d5029 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -156,9 +156,9 @@ ui-client = ["trussed-core/ui-client"] test-attestation-cert-ids = [] # If any PQC algorithm is set, it loads the dependency -mldsa44 = ["dep:pqcrypto-mldsa", "cosey/backend-mldsa-44", "trussed-core/backend-mldsa-44"] -mldsa65 = ["dep:pqcrypto-mldsa", "cosey/backend-mldsa-65", "trussed-core/backend-mldsa-65"] -mldsa87 = ["dep:pqcrypto-mldsa", "cosey/backend-mldsa-87", "trussed-core/backend-mldsa-87"] +mldsa44 = ["dep:pqcrypto-mldsa", "cosey/mldsa44", "trussed-core/mldsa44"] +mldsa65 = ["dep:pqcrypto-mldsa", "cosey/mldsa65", "trussed-core/mldsa65"] +mldsa87 = ["dep:pqcrypto-mldsa", "cosey/mldsa87", "trussed-core/mldsa87"] [[test]] name = "aes256cbc" diff --git a/core/Cargo.toml b/core/Cargo.toml index 85391e68c84..43e429403d7 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -18,6 +18,9 @@ rand_core.workspace = true serde.workspace = true serde-indexed = "0.1" +# PQC +pqcrypto-mldsa = { version = "0.1.0", optional = true } + [features] serde-extensions = [] @@ -56,9 +59,9 @@ trng = [] x255 = [] # PQC -mldsa44 = [] -mldsa65 = [] -mldsa87 = [] +mldsa44 = ["dep:pqcrypto-mldsa"] +mldsa65 = ["dep:pqcrypto-mldsa"] +mldsa87 = ["dep:pqcrypto-mldsa"] [package.metadata.docs.rs] all-features = true diff --git a/core/src/config.rs b/core/src/config.rs index 8343ff47636..da524bb26fb 100644 --- a/core/src/config.rs +++ b/core/src/config.rs @@ -10,6 +10,11 @@ pub const SERDE_EXTENSION_REQUEST_LENGTH: usize = // does not grow from this variant pub const SERDE_EXTENSION_REPLY_LENGTH: usize = MAX_MESSAGE_LENGTH + 2 * MAX_SHORT_DATA_LENGTH; +// Must be MAX_KEY_MATERIAL_LENGTH + 4 +// Note that this is not the serialized key material (e.g. serialized PKCS#8), but +// the internal Trussed serialization that adds flags and such +pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; + // For the PQC algorithms, public and private key are generated at the same time and stored together as // the private key. Then in the derive call, it just pulls the public key from the private key store // and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus diff --git a/core/src/types.rs b/core/src/types.rs index 153dd120f42..e3108e0a57c 100644 --- a/core/src/types.rs +++ b/core/src/types.rs @@ -9,7 +9,7 @@ pub use littlefs2_core::{DirEntry, Metadata, PathBuf}; #[cfg(feature = "crypto-client")] use crate::api::{reply, request}; use crate::config::{ - MAX_KEY_MATERIAL_LENGTH, MAX_MEDIUM_DATA_LENGTH, MAX_MESSAGE_LENGTH, MAX_SHORT_DATA_LENGTH, + MAX_MEDIUM_DATA_LENGTH, MAX_MESSAGE_LENGTH, MAX_SERIALIZED_KEY_LENGTH, MAX_SHORT_DATA_LENGTH, MAX_SIGNATURE_LENGTH, MAX_USER_ATTRIBUTE_LENGTH, }; @@ -49,7 +49,7 @@ pub mod reboot { pub type Message = Bytes; pub type MediumData = Bytes; pub type ShortData = Bytes; -pub type SerializedKey = Bytes; +pub type SerializedKey = Bytes; pub type Signature = Bytes; pub type UserAttribute = Bytes; diff --git a/src/config.rs b/src/config.rs index 45f1978bb36..35d6c30d3dd 100644 --- a/src/config.rs +++ b/src/config.rs @@ -2,14 +2,9 @@ // Should we use the "config crate that can have a replacement patched in" idea? pub use trussed_core::config::{ - MAX_KEY_MATERIAL_LENGTH, MAX_MEDIUM_DATA_LENGTH, MAX_MESSAGE_LENGTH, MAX_SHORT_DATA_LENGTH, - MAX_SIGNATURE_LENGTH, MAX_USER_ATTRIBUTE_LENGTH, SERDE_EXTENSION_REPLY_LENGTH, - SERDE_EXTENSION_REQUEST_LENGTH, + MAX_KEY_MATERIAL_LENGTH, MAX_MEDIUM_DATA_LENGTH, MAX_MESSAGE_LENGTH, MAX_SERIALIZED_KEY_LENGTH, + MAX_SHORT_DATA_LENGTH, MAX_SIGNATURE_LENGTH, MAX_USER_ATTRIBUTE_LENGTH, + SERDE_EXTENSION_REPLY_LENGTH, SERDE_EXTENSION_REQUEST_LENGTH, }; -// Must be MAX_KEY_MATERIAL_LENGTH + 4 -// Note that this is not the serialized key material (e.g. serialized PKCS#8), but -// the internal Trussed serialization that adds flags and such -pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; - pub const USER_ATTRIBUTE_NUMBER: u8 = 37; diff --git a/src/key.rs b/src/key.rs index a9473b83baa..2443ceb1b28 100644 --- a/src/key.rs +++ b/src/key.rs @@ -6,14 +6,12 @@ use serde::{de::Visitor, ser::SerializeMap, Deserialize, Serialize}; use zeroize::Zeroize; pub use crate::Bytes; -use crate::{ - config::{MAX_KEY_MATERIAL_LENGTH, MAX_SERIALIZED_KEY_LENGTH}, - Error, -}; +use crate::Error; +use trussed_core::config::MAX_SERIALIZED_KEY_LENGTH; // Keys are often stored in serialized format (e.g. PKCS#8 used by the RSA backend), // so material max length must be serialized max length. -pub type Material = Vec; +pub type Material = Vec; pub type SerializedKeyBytes = Vec; // We don't implement serde to make sure nobody inadvertently still uses it diff --git a/src/store/keystore.rs b/src/store/keystore.rs index 85ea155dbf5..04ceea291a1 100644 --- a/src/store/keystore.rs +++ b/src/store/keystore.rs @@ -2,13 +2,13 @@ use littlefs2_core::{path, PathBuf}; use rand_chacha::ChaCha8Rng; use crate::{ - config::MAX_SERIALIZED_KEY_LENGTH, error::{Error, Result}, key, store::{self, Store}, types::{KeyId, Location}, Bytes, }; +use trussed_core::config::MAX_SERIALIZED_KEY_LENGTH; pub type ClientId = PathBuf; From 12562439b80907c2732a4604e9ffe2848f69bd2b Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Tue, 11 Mar 2025 12:49:40 -0400 Subject: [PATCH 3/5] Fix issue from upstream merge --- src/store/keystore.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/store/keystore.rs b/src/store/keystore.rs index 4b8a56a1c25..94f7db14166 100644 --- a/src/store/keystore.rs +++ b/src/store/keystore.rs @@ -181,7 +181,7 @@ impl Keystore for ClientKeystore { let location = self.location(secrecy, id).ok_or(Error::NoSuchKey)?; - let bytes: Bytes<{ MAX_SERIALIZED_KEY_LENGTH }> = store::read(self.store, location, &path)?; + let bytes: Bytes<{ MAX_SERIALIZED_KEY_LENGTH }> = store::read(&self.store, location, &path)?; let key = key::Key::try_deserialize(&bytes)?; From 3d2613c056f0924f154864fec93a6eeedfcfeb34 Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Fri, 21 Mar 2025 19:44:07 -0400 Subject: [PATCH 4/5] Remove cfg-if dependency --- core/Cargo.toml | 1 - core/src/config.rs | 90 ++++++++++++++++++++++++++++++++-------------- 2 files changed, 63 insertions(+), 28 deletions(-) diff --git a/core/Cargo.toml b/core/Cargo.toml index 43e429403d7..09a6426a9d1 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -10,7 +10,6 @@ license.workspace = true repository.workspace = true [dependencies] -cfg-if = "1.0" heapless-bytes.workspace = true littlefs2-core.workspace = true postcard.workspace = true diff --git a/core/src/config.rs b/core/src/config.rs index da524bb26fb..2c90cfa3773 100644 --- a/core/src/config.rs +++ b/core/src/config.rs @@ -19,37 +19,73 @@ pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; // the private key. Then in the derive call, it just pulls the public key from the private key store // and re-saves it as a public-only key. Therefore, the max material length is both keys together, plus // the PKCS8 DER encoding overhead (31 bytes). -cfg_if::cfg_if! { - if #[cfg(feature = "mldsa87")] { - pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_BYTES; - pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_PUBLICKEYBYTES + +pub const MAX_SIGNATURE_LENGTH: usize = if cfg!(feature = "mldsa87") { + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_BYTES +} else if cfg!(feature = "mldsa65") { + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES +} else if cfg!(feature = "mldsa44") { + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_BYTES +} else { + // Default from before addition of PQC + 512 * 2 +}; + +pub const MAX_KEY_MATERIAL_LENGTH: usize = if cfg!(feature = "mldsa87") { + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_PUBLICKEYBYTES + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_SECRETKEYBYTES - + 31; - //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; - pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; - } else if #[cfg(feature = "mldsa65")] { - pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES; - pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES + + 31 +} else if cfg!(feature = "mldsa65") { + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_SECRETKEYBYTES - + 31; - //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; - pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; - } else if #[cfg(feature = "mldsa44")] { - pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_BYTES; - pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_PUBLICKEYBYTES + + 31 +} else if cfg!(feature = "mldsa44") { + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_PUBLICKEYBYTES + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_SECRETKEYBYTES - + 31; - //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; - pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; + + 31 +} else { + // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key + 1160 * 2 + 72; +}; + +pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = + if cfg!(feature = "mldsa87") || cfg!(feature = "mldsa65") || cfg!(feature = "mldsa44") { + MAX_SERIALIZED_KEY_LENGTH + 57 } else { - // Default from before addition of PQC - pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; - // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key - pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; - //pub const MAX_MESSAGE_LENGTH: usize = 1024; - pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = 128; - } -} + 128 + }; + +// cfg_if::cfg_if! { +// if #[cfg(feature = "mldsa87")] { +// pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_BYTES; +// pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_PUBLICKEYBYTES +// + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_SECRETKEYBYTES +// + 31; +// //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; +// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; +// } else if #[cfg(feature = "mldsa65")] { +// pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES; +// pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES +// + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_SECRETKEYBYTES +// + 31; +// //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; +// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; +// } else if #[cfg(feature = "mldsa44")] { +// pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_BYTES; +// pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_PUBLICKEYBYTES +// + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_SECRETKEYBYTES +// + 31; +// //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; +// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; +// } else { +// // Default from before addition of PQC +// pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; +// // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key +// pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; +// //pub const MAX_MESSAGE_LENGTH: usize = 1024; +// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = 128; +// } +// } // 30 bytes are added by CBOR serialization of a FullCredential pub const MAX_MESSAGE_LENGTH: usize = MAX_FIDO_WRAPPED_KEY_LENGTH + 30 + 2031 + 32 + 37; // TODO: update this to use different consts for each area where this is needed From ae5650877a8b29ddc0a0b3e0d65b85e7b82e713d Mon Sep 17 00:00:00 2001 From: Kyle Kotowick Date: Wed, 26 Mar 2025 12:19:57 -0400 Subject: [PATCH 5/5] Remove pqcrypto and cfg-if dependencies --- Cargo.toml | 10 +++----- core/Cargo.toml | 9 +++---- core/src/config.rs | 63 +++++++++++++--------------------------------- 3 files changed, 23 insertions(+), 59 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0fcbee0855e..6a4cad0dda0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,7 +33,6 @@ trussed-core = { version = "0.1.0" } # general bitflags = { version = "2.1" } # const-oid = "0.4.5" -cfg-if = "1.0" flexiber = { version = "0.1.0", features = ["derive", "heapless"] } generic-array = "0.14.4" heapless = { version = "0.7", features = ["serde"] } @@ -56,9 +55,6 @@ hmac = "0.12" sha-1 = { version = "0.10", default-features = false, optional = true } sha2 = { version = "0.10", default-features = false } -# PQC -pqcrypto-mldsa = { version = "0.1.0", optional = true } - # ours cosey = "0.3" delog = "0.1.0" @@ -157,9 +153,9 @@ ui-client = ["trussed-core/ui-client"] test-attestation-cert-ids = [] # If any PQC algorithm is set, it loads the dependency -mldsa44 = ["dep:pqcrypto-mldsa", "cosey/mldsa44", "trussed-core/mldsa44"] -mldsa65 = ["dep:pqcrypto-mldsa", "cosey/mldsa65", "trussed-core/mldsa65"] -mldsa87 = ["dep:pqcrypto-mldsa", "cosey/mldsa87", "trussed-core/mldsa87"] +mldsa44 = ["cosey/mldsa44", "trussed-core/mldsa44"] +mldsa65 = ["cosey/mldsa65", "trussed-core/mldsa65"] +mldsa87 = ["cosey/mldsa87", "trussed-core/mldsa87"] [[test]] name = "aes256cbc" diff --git a/core/Cargo.toml b/core/Cargo.toml index 09a6426a9d1..7584ac0dffb 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -17,9 +17,6 @@ rand_core.workspace = true serde.workspace = true serde-indexed = "0.1" -# PQC -pqcrypto-mldsa = { version = "0.1.0", optional = true } - [features] serde-extensions = [] @@ -58,9 +55,9 @@ trng = [] x255 = [] # PQC -mldsa44 = ["dep:pqcrypto-mldsa"] -mldsa65 = ["dep:pqcrypto-mldsa"] -mldsa87 = ["dep:pqcrypto-mldsa"] +mldsa44 = [] +mldsa65 = [] +mldsa87 = [] [package.metadata.docs.rs] all-features = true diff --git a/core/src/config.rs b/core/src/config.rs index 2c90cfa3773..c0594355095 100644 --- a/core/src/config.rs +++ b/core/src/config.rs @@ -21,71 +21,42 @@ pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4; // the PKCS8 DER encoding overhead (31 bytes). pub const MAX_SIGNATURE_LENGTH: usize = if cfg!(feature = "mldsa87") { - pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_BYTES + 4627 } else if cfg!(feature = "mldsa65") { - pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES + 3309 } else if cfg!(feature = "mldsa44") { - pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_BYTES + 2420 } else { // Default from before addition of PQC 512 * 2 }; pub const MAX_KEY_MATERIAL_LENGTH: usize = if cfg!(feature = "mldsa87") { - pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_SECRETKEYBYTES - + 31 + 2592 // Public key + + 4896 // Private key + + 31 } else if cfg!(feature = "mldsa65") { - pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_SECRETKEYBYTES - + 31 + 1952 // Public key + + 4032 // Private key + + 31 } else if cfg!(feature = "mldsa44") { - pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_PUBLICKEYBYTES - + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_SECRETKEYBYTES - + 31 + 1312 // Public key + + 2560 // Private key + + 31 } else { // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key - 1160 * 2 + 72; + 1160 * 2 + 72 }; pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = if cfg!(feature = "mldsa87") || cfg!(feature = "mldsa65") || cfg!(feature = "mldsa44") { MAX_SERIALIZED_KEY_LENGTH + 57 } else { + // Default from before addition of PQC 128 }; -// cfg_if::cfg_if! { -// if #[cfg(feature = "mldsa87")] { -// pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_BYTES; -// pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_PUBLICKEYBYTES -// + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA87_CLEAN_CRYPTO_SECRETKEYBYTES -// + 31; -// //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; -// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; -// } else if #[cfg(feature = "mldsa65")] { -// pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_BYTES; -// pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_PUBLICKEYBYTES -// + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA65_CLEAN_CRYPTO_SECRETKEYBYTES -// + 31; -// //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; -// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; -// } else if #[cfg(feature = "mldsa44")] { -// pub const MAX_SIGNATURE_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_BYTES; -// pub const MAX_KEY_MATERIAL_LENGTH: usize = pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_PUBLICKEYBYTES -// + pqcrypto_mldsa::ffi::PQCLEAN_MLDSA44_CLEAN_CRYPTO_SECRETKEYBYTES -// + 31; -// //pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH; -// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = MAX_SERIALIZED_KEY_LENGTH + 57; -// } else { -// // Default from before addition of PQC -// pub const MAX_SIGNATURE_LENGTH: usize = 512 * 2; -// // FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key -// pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72; -// //pub const MAX_MESSAGE_LENGTH: usize = 1024; -// pub const MAX_FIDO_WRAPPED_KEY_LENGTH: usize = 128; -// } -// } - // 30 bytes are added by CBOR serialization of a FullCredential -pub const MAX_MESSAGE_LENGTH: usize = MAX_FIDO_WRAPPED_KEY_LENGTH + 30 + 2031 + 32 + 37; // TODO: update this to use different consts for each area where this is needed +// TODO: This was calculated by debugging and finding each location where this variable needed to be larger for one reason or another. +// Update this to use different consts for each area where this is needed, instead of one const used everywhere. +pub const MAX_MESSAGE_LENGTH: usize = MAX_FIDO_WRAPPED_KEY_LENGTH + 30 + 2031 + 32 + 37;