rodolphe/coffio
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow to spefify not_before and not_after when generating a custom IKM

Browse source
This commit is contained in:
Rodolphe Bréard 2024-04-07 11:32:03 +02:00
parent c22756a2c0
commit 71647c31c5
1 changed files with 28 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
src/ikm.rs
View file

@ -130,7 +130,7 @@ impl InputKeyMaterial {
/// ///
/// ``` /// ```
/// use coffio::{InputKeyMaterialList, Scheme}; /// use coffio::{InputKeyMaterialList, Scheme};
/// use std::time::Duration; /// use std::time::{Duration, SystemTime};
/// ///
/// // Create an empty IKM list. /// // Create an empty IKM list.
/// let mut ikml = InputKeyMaterialList::new(); /// let mut ikml = InputKeyMaterialList::new();
@ -141,9 +141,12 @@ impl InputKeyMaterial {
/// assert_eq!(ikml.len(), 1); /// assert_eq!(ikml.len(), 1);
/// ///
/// // Add an IKM to the list with custom settings. /// // Add an IKM to the list with custom settings.
/// let not_before = SystemTime::now();
/// let not_after = not_before + Duration::from_secs(315_569_252);
/// let _ = ikml.add_custom_ikm( /// let _ = ikml.add_custom_ikm(
/// Scheme::Aes128GcmWithSha256, /// Scheme::Aes128GcmWithSha256,
/// Duration::from_secs(315_569_252), /// not_before,
/// not_after,
/// ); /// );
/// assert_eq!(ikml.len(), 2); /// assert_eq!(ikml.len(), 2);
/// ///
@ -182,24 +185,27 @@ impl InputKeyMaterialList {
#[cfg(feature = "ikm-management")] #[cfg(feature = "ikm-management")]
pub fn add_ikm(&mut self) -> Result<()> { pub fn add_ikm(&mut self) -> Result<()> {
self.add_custom_ikm( let not_before = SystemTime::now();
crate::DEFAULT_SCHEME, let not_after = not_before + Duration::from_secs(crate::DEFAULT_IKM_DURATION);
Duration::from_secs(crate::DEFAULT_IKM_DURATION), self.add_custom_ikm(crate::DEFAULT_SCHEME, not_before, not_after)
)
} }
#[cfg(feature = "ikm-management")] #[cfg(feature = "ikm-management")]
pub fn add_custom_ikm(&mut self, scheme: Scheme, duration: Duration) -> Result<()> { pub fn add_custom_ikm(
&mut self,
scheme: Scheme,
not_before: SystemTime,
not_after: SystemTime,
) -> Result<()> {
let ikm_len = scheme.get_ikm_size(); let ikm_len = scheme.get_ikm_size();
let mut content: Vec<u8> = vec![0; ikm_len]; let mut content: Vec<u8> = vec![0; ikm_len];
getrandom::getrandom(content.as_mut_slice())?; getrandom::getrandom(content.as_mut_slice())?;
let not_before = SystemTime::now();
self.id_counter += 1; self.id_counter += 1;
self.ikm_lst.push(InputKeyMaterial { self.ikm_lst.push(InputKeyMaterial {
id: self.id_counter, id: self.id_counter,
scheme, scheme,
not_before, not_before,
not_after: not_before + duration, not_after,
is_revoked: false, is_revoked: false,
content, content,
}); });
@ -317,6 +323,13 @@ mod tests {
} }
} }
#[cfg(test)]
fn get_default_time_period() -> (SystemTime, SystemTime) {
let not_before = SystemTime::now();
let not_after = not_before + Duration::from_secs(crate::DEFAULT_IKM_DURATION);
(not_before, not_after)
}
#[cfg(all(test, feature = "ikm-management"))] #[cfg(all(test, feature = "ikm-management"))]
mod ikm_management { mod ikm_management {
use super::*; use super::*;
@ -364,10 +377,8 @@ mod ikm_management {
assert_eq!(el.id, 1); assert_eq!(el.id, 1);
assert_eq!(el.is_revoked, false); assert_eq!(el.is_revoked, false);
let res = lst.add_custom_ikm( let (not_before, not_after) = get_default_time_period();
Scheme::XChaCha20Poly1305WithBlake3, let res = lst.add_custom_ikm(Scheme::XChaCha20Poly1305WithBlake3, not_before, not_after);
Duration::from_secs(crate::DEFAULT_IKM_DURATION),
);
assert!(res.is_ok(), "res: {res:?}"); assert!(res.is_ok(), "res: {res:?}");
assert_eq!(lst.id_counter, 2); assert_eq!(lst.id_counter, 2);
assert_eq!(lst.ikm_lst.len(), 2); assert_eq!(lst.ikm_lst.len(), 2);
@ -527,10 +538,8 @@ mod encryption {
let mut lst = InputKeyMaterialList::new(); let mut lst = InputKeyMaterialList::new();
let _ = lst.add_ikm(); let _ = lst.add_ikm();
let _ = lst.add_ikm(); let _ = lst.add_ikm();
let _ = lst.add_custom_ikm( let (not_before, not_after) = get_default_time_period();
Scheme::XChaCha20Poly1305WithBlake3, let _ = lst.add_custom_ikm(Scheme::XChaCha20Poly1305WithBlake3, not_before, not_after);
Duration::from_secs(crate::DEFAULT_IKM_DURATION),
);
let res = lst.get_latest_ikm(); let res = lst.get_latest_ikm();
assert!(res.is_ok(), "res: {res:?}"); assert!(res.is_ok(), "res: {res:?}");
let latest_ikm = res.unwrap(); let latest_ikm = res.unwrap();
@ -544,10 +553,8 @@ mod encryption {
let mut lst = InputKeyMaterialList::new(); let mut lst = InputKeyMaterialList::new();
let _ = lst.add_ikm(); let _ = lst.add_ikm();
let _ = lst.add_ikm(); let _ = lst.add_ikm();
let _ = lst.add_custom_ikm( let (not_before, not_after) = get_default_time_period();
Scheme::Aes128GcmWithSha256, let _ = lst.add_custom_ikm(Scheme::Aes128GcmWithSha256, not_before, not_after);
Duration::from_secs(crate::DEFAULT_IKM_DURATION),
);
let res = lst.get_latest_ikm(); let res = lst.get_latest_ikm();
assert!(res.is_ok(), "res: {res:?}"); assert!(res.is_ok(), "res: {res:?}");
let latest_ikm = res.unwrap(); let latest_ikm = res.unwrap();