Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nonce to wrap_key and unwrap_key syscalls #148

Merged
merged 1 commit into from
Mar 1, 2024
Merged

Add nonce to wrap_key and unwrap_key syscalls #148

merged 1 commit into from
Mar 1, 2024

Conversation

robin-nitrokey
Copy link
Member

This patch adds a nonce argument to the wrap_key and unwrap_key syscalls to be able to use the Aes256Cbc mechanism with a non-zero IV in the future.

I’m not sure if it really makes sense to add the nonce to unwrap_key too. For Aes256Cbc it would be useful, but it currently does not implement unwrap_key anyway. For ChaCha8Poly1305, the encryption result including the nonce is serialized so it does not need to be passed manually by the caller.

sosthene-nitrokey
sosthene-nitrokey reviewed Mar 1, 2024
View reviewed changes
src/client/mechanisms.rs
Comment on lines 19 to 21
) -> ClientResult<'_, reply::WrapKey, Self> {
self.wrap_key(Mechanism::Aes256Cbc, wrapping_key, key, &[])
self.wrap_key(Mechanism::Aes256Cbc, wrapping_key, key, &[], None)
}
Copy link
Contributor

@sosthene-nitrokey sosthene-nitrokey Mar 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why use None here but add it to client::wrap_key_chacha8poly1305 ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because currently it does not have any effect for Aes256Cbc. I would implement that in a separate PR that then also updates the shortcut functions.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would put both in the same PR.

@robin-nitrokey
Add nonce to wrap_key and unwrap_key syscalls
6a02eeb 
This patch adds a nonce argument to the wrap_key and unwrap_key syscalls
to be able to use the Aes256Cbc mechanism with a non-zero IV in the
future.
@robin-nitrokey robin-nitrokey mentioned this pull request Mar 1, 2024
Merged
@robin-nitrokey robin-nitrokey merged commit 6492aba into trussed-dev:main Mar 1, 2024
2 checks passed
@robin-nitrokey robin-nitrokey deleted the wrap-key-nonce branch March 1, 2024 16:20
@robin-nitrokey robin-nitrokey mentioned this pull request Mar 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sosthene-nitrokey sosthene-nitrokey sosthene-nitrokey approved these changes

@daringer daringer daringer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@robin-nitrokey @daringer @sosthene-nitrokey