Skip to content

Commit

Permalink
Add support for RngWorker without KeyStore (#202)
Browse files Browse the repository at this point in the history 
* Add support for RngWorker without KeyStore

* Fix tests and examples. Add test for no KeyStore

---------

Co-authored-by: Santiago Cingolani <[email protected]>
  • Loading branch information
@SCingolani
SCingolani and Santiago Cingolani authored Apr 30, 2024
1 parent e10d43f commit 13e4928
Show file tree
Hide file tree
Showing 5 changed files with 59 additions and 12 deletions.
2 changes: 1 addition & 1 deletion examples/linux/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ async fn worker_task(
let rng: Mutex<CriticalSectionRawMutex, _> =
Mutex::new(rand_chacha::ChaCha20Rng::from_seed([0u8; 32]));
let mut rng_worker = RngWorker {
key_store: &key_store,
key_store: Some(&key_store),
rng: &rng,
requests: rng_req_rx,
responses: rng_resp_tx,
Expand Down
2 changes: 1 addition & 1 deletion examples/stm32h745i/cm7/src/bin/rng_single_core.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ async fn hsm_task(
let key_store: Mutex<NoopRawMutex, _> = Mutex::new(&mut key_store);
let rng: Mutex<NoopRawMutex, _> = Mutex::new(rng);
let mut rng_worker = RngWorker {
key_store: &key_store,
key_store: Some(&key_store),
rng: &rng,
requests: rng_req_rx,
responses: rng_resp_tx,
Expand Down
19 changes: 14 additions & 5 deletions heimlig/src/hsm/workers/rng_worker.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ pub struct RngWorker<
> {
pub rng: &'rng Mutex<M, R>,
// TODO: Move sym. key generation to own worker and get rid of key store here?
pub key_store: &'keystore Mutex<M, &'keystore mut KeyStore>,
pub key_store: Option<&'keystore Mutex<M, &'keystore mut KeyStore>>,
pub requests: ReqSrc,
pub responses: RespSink,
}
Expand Down Expand Up @@ -50,8 +50,16 @@ impl<
key_id,
overwrite,
} => {
self.generate_symmetric_key(client_id, request_id, key_id, overwrite)
.await
if let Some(key_store) = self.key_store {
self.generate_symmetric_key(client_id, request_id, key_id, overwrite, key_store)
.await
} else {
Response::Error {
client_id,
request_id,
error: Error::NoKeyStore,
}
}
}
_ => Err(Error::UnexpectedRequestType)?,
};
Expand Down Expand Up @@ -88,9 +96,10 @@ impl<
request_id: RequestId,
key_id: KeyId,
overwrite: bool,
key_store: &Mutex<M, &mut KeyStore>,
) -> Response<'data> {
// Own variable needed to break mutex lock immediately
let key_info = keystore::KeyStore::get_key_info(*self.key_store.lock().await, key_id);
let key_info = keystore::KeyStore::get_key_info(*key_store.lock().await, key_id);
match key_info {
Err(e) => Response::Error {
client_id,
Expand All @@ -101,7 +110,7 @@ impl<
let mut key = [0u8; keystore::KeyType::MAX_SYMMETRIC_KEY_SIZE];
let key = &mut key[0..key_info.ty.key_size()];
self.rng.lock().await.fill_bytes(key);
let mut locked_key_store = self.key_store.lock().await;
let mut locked_key_store = key_store.lock().await;

// Check overwrite permission
if keystore::KeyStore::is_key_available(*locked_key_store, key_id)
Expand Down
44 changes: 41 additions & 3 deletions heimlig/tests/misc.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,44 @@ use heimlig::{
},
};

#[async_std::test]
async fn generate_symmetric_key_no_keystore() {
let (mut client_requests, mut client_responses) = allocate_channel();
let (mut worker_requests, mut worker_responses) = allocate_channel();
let (mut api, mut core, req_worker_rx, resp_worker_tx) = init_core(
&[RequestType::GetRandom, RequestType::GenerateSymmetricKey],
&mut client_requests,
&mut client_responses,
&mut worker_requests,
&mut worker_responses,
None,
);
let rng = init_rng();
let mut worker = RngWorker {
rng: &rng,
key_store:
Option::<&embassy_sync::mutex::Mutex<NoopRawMutex, &mut MemoryKeyStore<0, 0>>>::None,
requests: req_worker_rx,
responses: resp_worker_tx,
};

// Generate key
let org_request_id = api
.generate_symmetric_key(SYM_256_KEY.id, false)
.await
.expect("failed to send request");
let Response::Error {
client_id: _,
request_id,
error,
} = get_response_from_worker!(api, core, worker)
else {
panic!("Unexpected response type")
};
assert_eq!(request_id, org_request_id);
assert_eq!(error, Error::NoKeyStore)
}

#[async_std::test]
async fn generate_symmetric_key() {
let mut large_key_buffer = [0u8; 2 * SYM_256_KEY.ty.key_size()];
Expand All @@ -33,7 +71,7 @@ async fn generate_symmetric_key() {
let rng = init_rng();
let mut worker = RngWorker {
rng: &rng,
key_store: &key_store,
key_store: Some(&key_store),
requests: req_worker_rx,
responses: resp_worker_tx,
};
Expand Down Expand Up @@ -93,7 +131,7 @@ async fn multiple_clients() {
let key_store: Mutex<NoopRawMutex, _> = Mutex::new(&mut key_store);
let mut rng_worker = RngWorker {
rng: &rng,
key_store: &key_store,
key_store: Some(&key_store),
requests: rng_requests_rx,
responses: rng_responses_tx,
};
Expand Down Expand Up @@ -181,7 +219,7 @@ async fn no_worker_for_request() {
let key_store: Mutex<NoopRawMutex, _> = Mutex::new(&mut key_store);
let mut rng_worker = RngWorker {
rng: &rng,
key_store: &key_store,
key_store: Some(&key_store),
requests: rng_requests_rx,
responses: rng_responses_tx,
};
Expand Down
4 changes: 2 additions & 2 deletions heimlig/tests/random.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ async fn get_random() {
let key_store: Mutex<NoopRawMutex, _> = Mutex::new(&mut key_store);
let mut rng_worker = RngWorker {
rng: &rng,
key_store: &key_store,
key_store: Some(&key_store),
requests: req_worker_rx,
responses: resp_worker_tx,
};
Expand Down Expand Up @@ -72,7 +72,7 @@ async fn get_random_request_too_large() {
let key_store: Mutex<NoopRawMutex, _> = Mutex::new(&mut key_store);
let mut worker = RngWorker {
rng: &rng,
key_store: &key_store,
key_store: Some(&key_store),
requests: req_worker_rx,
responses: resp_worker_tx,
};
Expand Down

0 comments on commit 13e4928

Please sign in to comment.