This will be useful for PIV encryption, working together with
https://github.com/trussed-dev/trussed-auth/pull/41
This implements the standard HPKE from
[RFC 9180](https://www.rfc-editor.org/rfc/rfc9180.html). This uses a
custom implmentation instead of the `hpke` crate because this crate
seals the trait to implement custom ciphers, and we want to use
`ChaCha8` and not `ChaCha20`.
The implementation is tested against the RFC test vectors for
`ChaCha20`, and is made generic so that the same code can be used for
`ChaCha8` in the backend.
For ChaCha8Poly1305 AEAD ID, I used a custom `0xFFFE`, which is probably
unused. I need to look if there is somewhere someone already using
ChaCha8Poly1305 for HPKE and if there is a specified ID.
The HkdfExtension was previously maintained in a separate repository and
together with a custom backend. Every additional backend adds some
overhead, both in the firmware and for maintenance. Therefore this
patch moves the trussed-hkdf crate with the HkdfExtension as an
extension into this repository and implements it for the StagingBackend,
replacing the HkdfBackend.
This patch also releases trussed-hkdf v0.2.0 and trussed-staging v0.3.0.
Fixes: https://github.com/Nitrokey/trussed-hkdf-backend/issues/6
For some reason, the manage extension is implemented by default by the
trussed-staging backend while the chunked and wrap-key-to-file
extensions have to be specified explicitly. For consistency and to
avoid activating features we don’t need, this patch removes the manage
feature from the default features.
sosthene-nitrokey
Sosthène Guédon
Robin Krahl