Crash on rotating kek when memory full

[szszszsz]

App crashes on rotating kek when the memory is full.
Found while working with usbip simulation.

Reported version: fido-authenticator v0.1.0

name = "fido-authenticator"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c809364e63e0bfc7153a6101235cd407a11d34e97b27984eb1f49e8e6a25122"

traceback

 DEBUG usbip_simulation                > syscall
 INFO  webcrypt_usbip::platform        > Set status: Processing
thread 'main' panicked at 'Err(NoSpace)', /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/st
ore.rs:446:28
stack backtrace:
   0: rust_begin_unwind
             at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:575:5
   1: core::panicking::panic_fmt
             at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/panicking.rs:65:14
   2: trussed::store::create_directories
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/store.rs:446:28
   3: trussed::store::store
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/store.rs:480:31
   4: <trussed::store::keystore::ClientKeystore<P> as trussed::store::keystore::Keystore>::store_key
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/store/keystore.rs:96:9
   5: trussed::mechanisms::chacha8poly1305::<impl trussed::service::GenerateKey for trussed::mechanisms::Chacha8Poly130
5>::generate_key
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/mechanisms/chacha8poly1305.r
s:29:22
   6: trussed::service::ServiceResources<P>::reply_to
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/service.rs:227:51
   7: trussed::service::Service<P>::process
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/service.rs:732:36
   8: <usbip_simulation::Syscall as trussed::platform::Syscall>::syscall
             at ./src/bin/main.rs:94:9
   9: <trussed::client::ClientImplementation<S> as trussed::client::PollClient>::syscall
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/client.rs:224:9
  10: trussed::client::CryptoClient::generate_key
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/client.rs:392:9
  11: trussed::client::mechanisms::Chacha8Poly1305::generate_chacha8poly1305_key
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/trussed-0.1.0/src/client/mechanisms.rs:44:9
  12: fido_authenticator::state::PersistentState::rotate_key_encryption_key
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/fido-authenticator-0.1.0/src/state.rs:375:28
  13: fido_authenticator::state::PersistentState::key_encryption_key
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/fido-authenticator-0.1.0/src/state.rs:364:21
  14: fido_authenticator::credential::Credential::try_from_bytes
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/fido-authenticator-0.1.0/src/credential.rs:293
:19
  15: fido_authenticator::ctap1::<impl ctap_types::ctap1::Authenticator for fido_authenticator::Authenticator<UP,T>>::a
uthenticate
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/fido-authenticator-0.1.0/src/ctap1.rs:175:20
  16: ctap_types::ctap1::Authenticator::call_ctap1
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/ctap-types-0.1.2/src/ctap1.rs:263:43
  17: fido_authenticator::dispatch::try_handle_ctap1
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/fido-authenticator-0.1.0/src/dispatch.rs:109:9
  18: fido_authenticator::dispatch::handle_ctap1
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/fido-authenticator-0.1.0/src/dispatch.rs:37:11
  19: fido_authenticator::dispatch::ctaphid::<impl ctaphid_dispatch::app::App for fido_authenticator::Authenticator<UP,
T>>::call
             at /tmp/.cargo/bin/registry/src/github.com-1ecc6299db9ec823/fido-authenticator-0.1.0/src/dispatch/ctaphid.
rs:37:38
  20: ctaphid_dispatch::dispatch::Dispatch::call_app
             at /tmp/.cargo/bin/git/checkouts/ctaphid-dispatch-cb43fac81fd62dee/8bad0da/src/dispatch.rs:50:29
  21: ctaphid_dispatch::dispatch::Dispatch::poll
             at /tmp/.cargo/bin/git/checkouts/ctaphid-dispatch-cb43fac81fd62dee/8bad0da/src/dispatch.rs:70:17
  22: usbip_simulation::main
             at ./src/bin/main.rs:179:9
  23: core::ops::function::FnOnce::call_once
             at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/ops/function.rs:251:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
make stop; rm trussed-state.bi                                             11.336s (oath-authenticator-test|●💩?) 18:20
~/w/o/nitrokey-webcrypt-usbip►                                              11.336s (oath-authenticator-test|💩?) 19:25

[robin-nitrokey]

Contrary to the naming, it looks like this is not actually rotating the key but “only” generating it on first use. So from my understanding, this only occurs if memory is filled by a different application before the first FIDO2 usage.

[szszszsz]

Exactly