This will be useful for PIV encryption, working together with
https://github.com/trussed-dev/trussed-auth/pull/41
This implements the standard HPKE from
[RFC 9180](https://www.rfc-editor.org/rfc/rfc9180.html). This uses a
custom implmentation instead of the `hpke` crate because this crate
seals the trait to implement custom ciphers, and we want to use
`ChaCha8` and not `ChaCha20`.
The implementation is tested against the RFC test vectors for
`ChaCha20`, and is made generic so that the same code can be used for
`ChaCha8` in the backend.
For ChaCha8Poly1305 AEAD ID, I used a custom `0xFFFE`, which is probably
unused. I need to look if there is somewhere someone already using
ChaCha8Poly1305 for HPKE and if there is a specified ID.
The HkdfExtension was previously maintained in a separate repository and
together with a custom backend. Every additional backend adds some
overhead, both in the firmware and for maintenance. Therefore this
patch moves the trussed-hkdf crate with the HkdfExtension as an
extension into this repository and implements it for the StagingBackend,
replacing the HkdfBackend.
This patch also releases trussed-hkdf v0.2.0 and trussed-staging v0.3.0.
Fixes: https://github.com/Nitrokey/trussed-hkdf-backend/issues/6
This patch always enables the syscalls that previously were behind the
encrypted-chunked feature. This makes sure that enabling the feature in
one crate does not break another crate that also depends on
trussed-chunked. In practice, the feature is always enabled anyway so
separating the encrypted syscalls does not bring any benefits.
Fixes: https://github.com/trussed-dev/trussed-staging/issues/20
Previously, this repository contained one crate with all extension
definitions and the backend implementation. This is problematic if
semantic versioning is used as a breaking change in the backend or in a
single extension would also affect all users of any other extension.
This patch moves the extensions into separate crates that can be
versioned independently so that clients only have to depend on the
extension crates they really need.
Fixes: https://github.com/trussed-dev/trussed-staging/issues/3
