From 13e492848cc55780e16e4fbb94843f15cd2d70e5 Mon Sep 17 00:00:00 2001 From: SCingolani <31498644+SCingolani@users.noreply.github.com> Date: Tue, 30 Apr 2024 15:58:50 +0200 Subject: [PATCH] Add support for RngWorker without KeyStore (#202) * Add support for RngWorker without KeyStore * Fix tests and examples. Add test for no KeyStore --------- Co-authored-by: Santiago Cingolani --- examples/linux/src/main.rs | 2 +- .../stm32h745i/cm7/src/bin/rng_single_core.rs | 2 +- heimlig/src/hsm/workers/rng_worker.rs | 19 +++++--- heimlig/tests/misc.rs | 44 +++++++++++++++++-- heimlig/tests/random.rs | 4 +- 5 files changed, 59 insertions(+), 12 deletions(-) diff --git a/examples/linux/src/main.rs b/examples/linux/src/main.rs index 856b4bf..1866a6f 100644 --- a/examples/linux/src/main.rs +++ b/examples/linux/src/main.rs @@ -68,7 +68,7 @@ async fn worker_task( let rng: Mutex = Mutex::new(rand_chacha::ChaCha20Rng::from_seed([0u8; 32])); let mut rng_worker = RngWorker { - key_store: &key_store, + key_store: Some(&key_store), rng: &rng, requests: rng_req_rx, responses: rng_resp_tx, diff --git a/examples/stm32h745i/cm7/src/bin/rng_single_core.rs b/examples/stm32h745i/cm7/src/bin/rng_single_core.rs index ee602de..33de4c8 100644 --- a/examples/stm32h745i/cm7/src/bin/rng_single_core.rs +++ b/examples/stm32h745i/cm7/src/bin/rng_single_core.rs @@ -58,7 +58,7 @@ async fn hsm_task( let key_store: Mutex = Mutex::new(&mut key_store); let rng: Mutex = Mutex::new(rng); let mut rng_worker = RngWorker { - key_store: &key_store, + key_store: Some(&key_store), rng: &rng, requests: rng_req_rx, responses: rng_resp_tx, diff --git a/heimlig/src/hsm/workers/rng_worker.rs b/heimlig/src/hsm/workers/rng_worker.rs index 1e453ed..1d59451 100644 --- a/heimlig/src/hsm/workers/rng_worker.rs +++ b/heimlig/src/hsm/workers/rng_worker.rs @@ -18,7 +18,7 @@ pub struct RngWorker< > { pub rng: &'rng Mutex, // TODO: Move sym. key generation to own worker and get rid of key store here? - pub key_store: &'keystore Mutex, + pub key_store: Option<&'keystore Mutex>, pub requests: ReqSrc, pub responses: RespSink, } @@ -50,8 +50,16 @@ impl< key_id, overwrite, } => { - self.generate_symmetric_key(client_id, request_id, key_id, overwrite) - .await + if let Some(key_store) = self.key_store { + self.generate_symmetric_key(client_id, request_id, key_id, overwrite, key_store) + .await + } else { + Response::Error { + client_id, + request_id, + error: Error::NoKeyStore, + } + } } _ => Err(Error::UnexpectedRequestType)?, }; @@ -88,9 +96,10 @@ impl< request_id: RequestId, key_id: KeyId, overwrite: bool, + key_store: &Mutex, ) -> Response<'data> { // Own variable needed to break mutex lock immediately - let key_info = keystore::KeyStore::get_key_info(*self.key_store.lock().await, key_id); + let key_info = keystore::KeyStore::get_key_info(*key_store.lock().await, key_id); match key_info { Err(e) => Response::Error { client_id, @@ -101,7 +110,7 @@ impl< let mut key = [0u8; keystore::KeyType::MAX_SYMMETRIC_KEY_SIZE]; let key = &mut key[0..key_info.ty.key_size()]; self.rng.lock().await.fill_bytes(key); - let mut locked_key_store = self.key_store.lock().await; + let mut locked_key_store = key_store.lock().await; // Check overwrite permission if keystore::KeyStore::is_key_available(*locked_key_store, key_id) diff --git a/heimlig/tests/misc.rs b/heimlig/tests/misc.rs index 1d5d1d5..af3bd78 100644 --- a/heimlig/tests/misc.rs +++ b/heimlig/tests/misc.rs @@ -14,6 +14,44 @@ use heimlig::{ }, }; +#[async_std::test] +async fn generate_symmetric_key_no_keystore() { + let (mut client_requests, mut client_responses) = allocate_channel(); + let (mut worker_requests, mut worker_responses) = allocate_channel(); + let (mut api, mut core, req_worker_rx, resp_worker_tx) = init_core( + &[RequestType::GetRandom, RequestType::GenerateSymmetricKey], + &mut client_requests, + &mut client_responses, + &mut worker_requests, + &mut worker_responses, + None, + ); + let rng = init_rng(); + let mut worker = RngWorker { + rng: &rng, + key_store: + Option::<&embassy_sync::mutex::Mutex>>::None, + requests: req_worker_rx, + responses: resp_worker_tx, + }; + + // Generate key + let org_request_id = api + .generate_symmetric_key(SYM_256_KEY.id, false) + .await + .expect("failed to send request"); + let Response::Error { + client_id: _, + request_id, + error, + } = get_response_from_worker!(api, core, worker) + else { + panic!("Unexpected response type") + }; + assert_eq!(request_id, org_request_id); + assert_eq!(error, Error::NoKeyStore) +} + #[async_std::test] async fn generate_symmetric_key() { let mut large_key_buffer = [0u8; 2 * SYM_256_KEY.ty.key_size()]; @@ -33,7 +71,7 @@ async fn generate_symmetric_key() { let rng = init_rng(); let mut worker = RngWorker { rng: &rng, - key_store: &key_store, + key_store: Some(&key_store), requests: req_worker_rx, responses: resp_worker_tx, }; @@ -93,7 +131,7 @@ async fn multiple_clients() { let key_store: Mutex = Mutex::new(&mut key_store); let mut rng_worker = RngWorker { rng: &rng, - key_store: &key_store, + key_store: Some(&key_store), requests: rng_requests_rx, responses: rng_responses_tx, }; @@ -181,7 +219,7 @@ async fn no_worker_for_request() { let key_store: Mutex = Mutex::new(&mut key_store); let mut rng_worker = RngWorker { rng: &rng, - key_store: &key_store, + key_store: Some(&key_store), requests: rng_requests_rx, responses: rng_responses_tx, }; diff --git a/heimlig/tests/random.rs b/heimlig/tests/random.rs index 2622c73..11de503 100644 --- a/heimlig/tests/random.rs +++ b/heimlig/tests/random.rs @@ -31,7 +31,7 @@ async fn get_random() { let key_store: Mutex = Mutex::new(&mut key_store); let mut rng_worker = RngWorker { rng: &rng, - key_store: &key_store, + key_store: Some(&key_store), requests: req_worker_rx, responses: resp_worker_tx, }; @@ -72,7 +72,7 @@ async fn get_random_request_too_large() { let key_store: Mutex = Mutex::new(&mut key_store); let mut worker = RngWorker { rng: &rng, - key_store: &key_store, + key_store: Some(&key_store), requests: req_worker_rx, responses: resp_worker_tx, };