fix: hold reference to which backend is used for any key

Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>

askar-crypto/src/alg/aes/mod.rs

@@ -7,7 +7,7 @@ use aes_gcm::{Aes128Gcm, Aes256Gcm};
 use serde::{Deserialize, Serialize};
 use zeroize::Zeroize;
 
-use super::{AesTypes, HasKeyAlg, KeyAlg};
+use super::{AesTypes, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::{ArrayKey, ResizeBuffer, Writer},
     encrypt::{KeyAeadInPlace, KeyAeadMeta, KeyAeadParams},
@@ -80,6 +80,8 @@ impl<T: AesType> PartialEq for AesKey<T> {
 
 impl<T: AesType> Eq for AesKey<T> {}
 
+impl<T: AesType> HasKeyBackend for AesKey<T> {}
+
 impl<T: AesType> HasKeyAlg for AesKey<T> {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::Aes(T::ALG_TYPE)

askar-crypto/src/alg/any.rs

@@ -40,8 +40,9 @@ use super::p384::{self, P384KeyPair};
 #[cfg(feature = "p256_hardware")]
 use super::p256_hardware::P256HardwareKeyPair;
 
-use super::{HasKeyAlg, KeyAlg};
+use super::{HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
+    backend::KeyBackend,
     buffer::{ResizeBuffer, WriteBuffer},
     encrypt::{KeyAeadInPlace, KeyAeadParams},
     error::Error,
@@ -74,6 +75,10 @@ impl AnyKey {
         self.0.algorithm()
     }
 
+    pub fn backend(&self) -> KeyBackend {
+        self.0.key_backend()
+    }
+
     fn assume<K: AnyKeyAlg>(&self) -> &K {
         self.downcast_ref().expect("Error assuming key type")
     }
@@ -118,7 +123,9 @@ pub trait AnyKeyCreate: Sized {
     fn from_secret_bytes(alg: KeyAlg, secret: &[u8]) -> Result<Self, Error>;
 
     /// Convert from a concrete key instance
-    fn from_key<K: HasKeyAlg + Send + Sync + RefUnwindSafe + UnwindSafe + 'static>(key: K) -> Self;
+    fn from_key<K: HasKeyAlg + HasKeyBackend + Send + Sync + RefUnwindSafe + UnwindSafe + 'static>(
+        key: K,
+    ) -> Self;
 
     /// Create a new key instance from a key exchange
     fn from_key_exchange<Sk, Pk>(alg: KeyAlg, secret: &Sk, public: &Pk) -> Result<Self, Error>
@@ -155,7 +162,11 @@ impl AnyKeyCreate for Box<AnyKey> {
     }
 
     #[inline(always)]
-    fn from_key<K: HasKeyAlg + Send + Sync + RefUnwindSafe + UnwindSafe + 'static>(key: K) -> Self {
+    fn from_key<
+        K: HasKeyAlg + HasKeyBackend + Send + Sync + RefUnwindSafe + UnwindSafe + 'static,
+    >(
+        key: K,
+    ) -> Self {
         Box::new(KeyT(key))
     }
 
@@ -198,7 +209,11 @@ impl AnyKeyCreate for Arc<AnyKey> {
     }
 
     #[inline(always)]
-    fn from_key<K: HasKeyAlg + Send + Sync + RefUnwindSafe + UnwindSafe + 'static>(key: K) -> Self {
+    fn from_key<
+        K: HasKeyAlg + HasKeyBackend + Send + Sync + RefUnwindSafe + UnwindSafe + 'static,
+    >(
+        key: K,
+    ) -> Self {
         Arc::new(KeyT(key))
     }
 
@@ -288,10 +303,10 @@ fn generate_any_for_hardware<R: AllocKey>(alg: KeyAlg) -> Result<R, Error> {
 }
 
 #[inline]
-fn get_any_with_id<R: AllocKey>(alg: KeyAlg, id: &str) -> Result<R, Error> {
+fn get_any_with_id<R: AllocKey>(alg: KeyAlg, _id: &str) -> Result<R, Error> {
     let key = match alg {
         #[cfg(feature = "p256_hardware")]
-        KeyAlg::EcCurve(EcCurves::Secp256r1) => P256HardwareKeyPair::from_id(id).map(R::alloc_key),
+        KeyAlg::EcCurve(EcCurves::Secp256r1) => P256HardwareKeyPair::from_id(_id).map(R::alloc_key),
         _ => Err(err_msg!(
             Unsupported,
             "Unsupported algorithm for key retrieval by id"
@@ -688,14 +703,14 @@ macro_rules! match_key_alg {
     }};
     (@ P256 $($rest:ident)*; $key:ident, $alg:ident) => {{
         #[cfg(feature = "p256")]
-        if $alg == KeyAlg::EcCurve(EcCurves::Secp256r1) {
+        if $alg == KeyAlg::EcCurve(EcCurves::Secp256r1) && $key.backend() == KeyBackend::Software {
             return Ok($key.assume::<P256KeyPair>())
         }
         match_key_alg!(@ $($rest)*; $key, $alg)
     }};
     (@ P256Hardware $($rest:ident)*; $key:ident, $alg:ident) => {{
         #[cfg(feature = "p256_hardware")]
-        if $alg == KeyAlg::EcCurve(EcCurves::Secp256r1) {
+        if $alg == KeyAlg::EcCurve(EcCurves::Secp256r1) && $key.backend() == KeyBackend::SecureElement {
             return Ok($key.assume::<P256HardwareKeyPair>())
         }
         match_key_alg!(@ $($rest)*; $key, $alg)
@@ -920,12 +935,12 @@ impl AllocKey for Box<AnyKey> {
     }
 }
 
-pub trait AnyKeyAlg: HasKeyAlg + 'static {
+pub trait AnyKeyAlg: HasKeyAlg + HasKeyBackend + 'static {
     fn as_any(&self) -> &dyn Any;
 }
 
 // implement for all concrete key types
-impl<K: HasKeyAlg + Sized + 'static> AnyKeyAlg for K {
+impl<K: HasKeyAlg + HasKeyBackend + Sized + 'static> AnyKeyAlg for K {
     fn as_any(&self) -> &dyn Any {
         self
     }

askar-crypto/src/alg/bls.rs

@@ -18,7 +18,7 @@ use crate::generic_array::{
     ArrayLength,
 };
 
-use super::{BlsCurves, HasKeyAlg, KeyAlg};
+use super::{BlsCurves, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::ArrayKey,
     error::Error,
@@ -91,6 +91,8 @@ impl<Pk: BlsPublicKeyType> PartialEq for BlsKeyPair<Pk> {
 
 impl<Pk: BlsPublicKeyType> Eq for BlsKeyPair<Pk> {}
 
+impl<Pk: BlsPublicKeyType> HasKeyBackend for BlsKeyPair<Pk> {}
+
 impl<Pk: BlsPublicKeyType> HasKeyAlg for BlsKeyPair<Pk> {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::Bls12_381(Pk::ALG_TYPE)

askar-crypto/src/alg/chacha20.rs

@@ -7,7 +7,7 @@ use chacha20poly1305::{ChaCha20Poly1305, XChaCha20Poly1305};
 use serde::{Deserialize, Serialize};
 use zeroize::Zeroize;
 
-use super::{Chacha20Types, HasKeyAlg, KeyAlg};
+use super::{Chacha20Types, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::{ArrayKey, ResizeBuffer, Writer},
     encrypt::{KeyAeadInPlace, KeyAeadMeta, KeyAeadParams},
@@ -105,6 +105,8 @@ impl<T: Chacha20Type> PartialEq for Chacha20Key<T> {
 
 impl<T: Chacha20Type> Eq for Chacha20Key<T> {}
 
+impl<T: Chacha20Type> HasKeyBackend for Chacha20Key<T> {}
+
 impl<T: Chacha20Type> HasKeyAlg for Chacha20Key<T> {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::Chacha20(T::ALG_TYPE)

askar-crypto/src/alg/ed25519.rs

@@ -15,7 +15,7 @@ use subtle::ConstantTimeEq;
 use x25519_dalek::{PublicKey as XPublicKey, StaticSecret as XSecretKey};
 use zeroize::{Zeroize, ZeroizeOnDrop};
 
-use super::{x25519::X25519KeyPair, HasKeyAlg, KeyAlg};
+use super::{x25519::X25519KeyPair, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::{ArrayKey, WriteBuffer},
     error::Error,
@@ -124,6 +124,8 @@ impl KeyGen for Ed25519KeyPair {
     }
 }
 
+impl HasKeyBackend for Ed25519KeyPair {}
+
 impl HasKeyAlg for Ed25519KeyPair {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::Ed25519

askar-crypto/src/alg/k256.rs

@@ -14,7 +14,7 @@ use k256::{
 };
 use subtle::ConstantTimeEq;
 
-use super::{ec_common, EcCurves, HasKeyAlg, KeyAlg};
+use super::{ec_common, EcCurves, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::{ArrayKey, WriteBuffer},
     error::Error,
@@ -103,6 +103,8 @@ impl K256KeyPair {
     }
 }
 
+impl HasKeyBackend for K256KeyPair {}
+
 impl HasKeyAlg for K256KeyPair {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::EcCurve(EcCurves::Secp256k1)

askar-crypto/src/alg/mod.rs

@@ -10,6 +10,7 @@ use arbitrary::Arbitrary;
 use zeroize::Zeroize;
 
 use crate::{
+    backend::KeyBackend,
     buffer::{WriteBuffer, Writer},
     error::Error,
 };
@@ -270,6 +271,15 @@ pub trait HasKeyAlg: Debug {
     fn algorithm(&self) -> KeyAlg;
 }
 
+/// A trait for accessing the backend of a key, used when
+/// converting to generic `AnyKey` instances.
+pub trait HasKeyBackend: Debug {
+    /// Get the corresponding key algorithm.
+    fn key_backend(&self) -> KeyBackend {
+        KeyBackend::default()
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

askar-crypto/src/alg/p256.rs

@@ -16,7 +16,7 @@ use p256::{
 };
 use subtle::ConstantTimeEq;
 
-use super::{ec_common, EcCurves, HasKeyAlg, KeyAlg};
+use super::{ec_common, EcCurves, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::{ArrayKey, WriteBuffer},
     error::Error,
@@ -105,6 +105,8 @@ impl P256KeyPair {
     }
 }
 
+impl HasKeyBackend for P256KeyPair {}
+
 impl HasKeyAlg for P256KeyPair {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::EcCurve(EcCurves::Secp256r1)

askar-crypto/src/alg/p256_hardware.rs

@@ -5,7 +5,7 @@
 
 use super::{
     p256::{self, P256KeyPair, ES256_SIGNATURE_LENGTH},
-    EcCurves, HasKeyAlg, KeyAlg,
+    EcCurves, HasKeyAlg, HasKeyBackend, KeyAlg, KeyBackend,
 };
 use crate::{
     buffer::WriteBuffer,
@@ -132,6 +132,12 @@ impl KeySign for P256HardwareKeyPair {
     }
 }
 
+impl HasKeyBackend for P256HardwareKeyPair {
+    fn key_backend(&self) -> KeyBackend {
+        KeyBackend::SecureElement
+    }
+}
+
 impl HasKeyAlg for P256HardwareKeyPair {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::EcCurve(EcCurves::Secp256r1)

askar-crypto/src/alg/p384.rs

@@ -16,7 +16,7 @@ use p384::{
 };
 use subtle::ConstantTimeEq;
 
-use super::{ec_common, EcCurves, HasKeyAlg, KeyAlg};
+use super::{ec_common, EcCurves, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::{ArrayKey, WriteBuffer},
     error::Error,
@@ -105,6 +105,8 @@ impl P384KeyPair {
     }
 }
 
+impl HasKeyBackend for P384KeyPair {}
+
 impl HasKeyAlg for P384KeyPair {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::EcCurve(EcCurves::Secp384r1)

askar-crypto/src/alg/x25519.rs

@@ -9,7 +9,7 @@ use subtle::ConstantTimeEq;
 use x25519_dalek::{PublicKey, StaticSecret as SecretKey};
 use zeroize::Zeroizing;
 
-use super::{ed25519::Ed25519KeyPair, HasKeyAlg, KeyAlg};
+use super::{ed25519::Ed25519KeyPair, HasKeyAlg, HasKeyBackend, KeyAlg};
 use crate::{
     buffer::{ArrayKey, WriteBuffer},
     error::Error,
@@ -87,6 +87,8 @@ impl Debug for X25519KeyPair {
     }
 }
 
+impl HasKeyBackend for X25519KeyPair {}
+
 impl HasKeyAlg for X25519KeyPair {
     fn algorithm(&self) -> KeyAlg {
         KeyAlg::X25519