diff --git a/Cargo.lock b/Cargo.lock index e7e2cf2d..6d7541c4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5,18 +5,21 @@ version = 3 [[package]] name = "admin-app" version = "0.1.0" -source = "git+https://github.com/Nitrokey/admin-app.git?tag=v0.1.0-nitrokey.18#599d205e47a7430dfed1c37263fa565597b6597f" +source = "git+https://github.com/Nitrokey/admin-app.git?branch=ctaphid-app#b6e3efa3db4df2e71d4f48e7568b5d5859dd6277" dependencies = [ "apdu-app", "cbor-smol", - "ctaphid-dispatch", + "ctaphid-app", "delog", + "heapless", + "heapless-bytes", "hex-literal 0.4.1", "iso7816", "littlefs2-core", "serde", "strum_macros", "trussed", + "trussed-core", "trussed-manage", "trussed-se050-manage", ] @@ -190,6 +193,7 @@ dependencies = [ "trussed", "trussed-auth", "trussed-chunked", + "trussed-core", "trussed-fs-info", "trussed-hkdf", "trussed-hpke", @@ -894,17 +898,26 @@ dependencies = [ "serde_repr", ] +[[package]] +name = "ctaphid-app" +version = "0.1.0" +source = "git+https://github.com/trussed-dev/ctaphid-dispatch.git?branch=heapless-bytes#871f0930ea1aacb5029b8e38f5da2f928f8ec100" +dependencies = [ + "heapless-bytes", + "trussed-core", +] + [[package]] name = "ctaphid-dispatch" version = "0.1.1" -source = "git+https://github.com/Nitrokey/ctaphid-dispatch.git?tag=v0.1.1-nitrokey.3#7f08ac0229ca49a5e2cd69e001658e1b43bc0a2b" +source = "git+https://github.com/trussed-dev/ctaphid-dispatch.git?branch=heapless-bytes#871f0930ea1aacb5029b8e38f5da2f928f8ec100" dependencies = [ + "ctaphid-app", "delog", - "heapless", "heapless-bytes", "interchange", "ref-swap", - "trussed", + "trussed-core", ] [[package]] @@ -1128,14 +1141,14 @@ checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" [[package]] name = "encrypted_container" version = "0.1.0" -source = "git+https://github.com/Nitrokey/trussed-secrets-app?rev=fae41aabe63fa674042b3d217d734955f1f2aac2#fae41aabe63fa674042b3d217d734955f1f2aac2" +source = "git+https://github.com/Nitrokey/trussed-secrets-app?branch=ctaphid-app#6e3ffbd5d8186ae2f3a2ecac93fa5338852000b4" dependencies = [ "cbor-smol", "delog", "heapless", "heapless-bytes", "serde", - "trussed", + "trussed-core", ] [[package]] @@ -1180,23 +1193,24 @@ dependencies = [ [[package]] name = "fido-authenticator" version = "0.1.1" -source = "git+https://github.com/Nitrokey/fido-authenticator.git?tag=v0.1.1-nitrokey.24#63a14793877f49e0bd6a99d28834a0013fdb9d64" +source = "git+https://github.com/Nitrokey/fido-authenticator.git?branch=ctaphid-app#bc452c8bf80f24ef10cbf797488e7c86ec3beff5" dependencies = [ "apdu-app", "cbor-smol", "cosey", "ctap-types", - "ctaphid-dispatch", + "ctaphid-app", "delog", "heapless", + "heapless-bytes", "iso7816", "littlefs2-core", "serde", "serde-indexed", "serde_bytes", "sha2", - "trussed", "trussed-chunked", + "trussed-core", "trussed-fs-info", "trussed-hkdf", ] @@ -1717,6 +1731,7 @@ dependencies = [ "serde", "serial_test", "trussed", + "trussed-core", ] [[package]] @@ -2111,11 +2126,12 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "opcard" version = "1.4.1" -source = "git+https://github.com/Nitrokey/opcard-rs?rev=1a0d5bf623af114e2adfc8ac89f7b0418ec49349#1a0d5bf623af114e2adfc8ac89f7b0418ec49349" +source = "git+https://github.com/Nitrokey/opcard-rs?branch=trussed-core#74158b1cb9b9a05d022529f1b9a343bc41e89f70" dependencies = [ "admin-app", "apdu-app", "bitflags 2.6.0", + "cbor-smol", "cfg-if", "delog", "heapless", @@ -2127,9 +2143,9 @@ dependencies = [ "serde", "serde_repr", "subtle", - "trussed", "trussed-auth", "trussed-chunked", + "trussed-core", "trussed-rsa-alloc", "trussed-wrap-key-to-file", ] @@ -2221,9 +2237,10 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "piv-authenticator" version = "0.3.8" -source = "git+https://github.com/Nitrokey/piv-authenticator.git?rev=84ebc022ebacbd1b1964f38f6173010a2fd514f8#84ebc022ebacbd1b1964f38f6173010a2fd514f8" +source = "git+https://github.com/Nitrokey/piv-authenticator.git?branch=trussed-core#37144e01467b285ee0c0b74ae42eb96cd921e977" dependencies = [ "apdu-app", + "cbor-smol", "cfg-if", "delog", "flexiber", @@ -2235,9 +2252,9 @@ dependencies = [ "log", "serde", "subtle", - "trussed", "trussed-auth", "trussed-chunked", + "trussed-core", "trussed-hpke", "trussed-rsa-alloc", "trussed-wrap-key-to-file", @@ -2657,13 +2674,13 @@ dependencies = [ [[package]] name = "secrets-app" version = "0.13.0" -source = "git+https://github.com/Nitrokey/trussed-secrets-app?rev=fae41aabe63fa674042b3d217d734955f1f2aac2#fae41aabe63fa674042b3d217d734955f1f2aac2" +source = "git+https://github.com/Nitrokey/trussed-secrets-app?branch=ctaphid-app#6e3ffbd5d8186ae2f3a2ecac93fa5338852000b4" dependencies = [ "apdu-app", "bitflags 2.6.0", "block-padding", "cbor-smol", - "ctaphid-dispatch", + "ctaphid-app", "delog", "encrypted_container", "flexiber", @@ -2673,8 +2690,8 @@ dependencies = [ "iso7816", "littlefs2-core", "serde", - "trussed", "trussed-auth", + "trussed-core", ] [[package]] @@ -3177,7 +3194,7 @@ dependencies = [ [[package]] name = "trussed" version = "0.1.0" -source = "git+https://github.com/nitrokey/trussed.git?tag=v0.1.0-nitrokey.24#43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae" +source = "git+https://github.com/trussed-dev/trussed.git?rev=f5d4af2733a33305d044f763f12dc31d417b57ee#f5d4af2733a33305d044f763f12dc31d417b57ee" dependencies = [ "aes", "bitflags 2.6.0", @@ -3215,7 +3232,7 @@ dependencies = [ [[package]] name = "trussed-auth" version = "0.3.0" -source = "git+https://github.com/trussed-dev/trussed-auth?rev=c030b82ad3441f337af09afe3a69e8a6da5785ea#c030b82ad3441f337af09afe3a69e8a6da5785ea" +source = "git+https://github.com/trussed-dev/trussed-auth?branch=trussed-core#490c34951d1fd03181b2989d4de4b5f301947d4f" dependencies = [ "chacha20poly1305", "hkdf", @@ -3227,24 +3244,24 @@ dependencies = [ "sha2", "subtle", "trussed", + "trussed-core", ] [[package]] name = "trussed-chunked" version = "0.1.0" -source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=chunked-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98" +source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=9355f700831c1a278c334f76382fbf98d82aedcd#9355f700831c1a278c334f76382fbf98d82aedcd" dependencies = [ "serde", "serde-byte-array", - "trussed", + "trussed-core", ] [[package]] name = "trussed-core" version = "0.1.0" -source = "git+https://github.com/nitrokey/trussed.git?tag=v0.1.0-nitrokey.24#43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae" +source = "git+https://github.com/trussed-dev/trussed.git?rev=f5d4af2733a33305d044f763f12dc31d417b57ee#f5d4af2733a33305d044f763f12dc31d417b57ee" dependencies = [ - "heapless", "heapless-bytes", "littlefs2-core", "postcard 0.7.3", @@ -3256,45 +3273,46 @@ dependencies = [ [[package]] name = "trussed-fs-info" version = "0.1.0" -source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=fs-info-v0.1.0#72b082002e0869facfc11bf8d76a1272c7ddf4ee" +source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=9355f700831c1a278c334f76382fbf98d82aedcd#9355f700831c1a278c334f76382fbf98d82aedcd" dependencies = [ "serde", "serde-byte-array", - "trussed", + "trussed-core", ] [[package]] name = "trussed-hkdf" version = "0.2.0" -source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=hkdf-v0.2.0#e016b25fbc49f3ba13272d58a9e9d47a16d8ea14" +source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=9355f700831c1a278c334f76382fbf98d82aedcd#9355f700831c1a278c334f76382fbf98d82aedcd" dependencies = [ "serde", - "trussed", + "trussed-core", ] [[package]] name = "trussed-hpke" version = "0.1.0" -source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=hpke-v0.1.0#7c99973187eb9ae2c1e410b5996169ccf2690efa" +source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=9355f700831c1a278c334f76382fbf98d82aedcd#9355f700831c1a278c334f76382fbf98d82aedcd" dependencies = [ "serde", "serde-byte-array", - "trussed", + "trussed-core", ] [[package]] name = "trussed-manage" version = "0.1.0" -source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=manage-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98" +source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=9355f700831c1a278c334f76382fbf98d82aedcd#9355f700831c1a278c334f76382fbf98d82aedcd" dependencies = [ + "littlefs2-core", "serde", - "trussed", + "trussed-core", ] [[package]] name = "trussed-rsa-alloc" version = "0.2.1" -source = "git+https://github.com/trussed-dev/trussed-rsa-backend.git?tag=v0.2.1#655eca355df59e85a9f1d803623bc2efa10a8b5a" +source = "git+https://github.com/trussed-dev/trussed-rsa-backend.git?branch=trussed-core#0862927a09468001d9bc4fbdf372a1a313bfdf43" dependencies = [ "delog", "heapless-bytes", @@ -3303,12 +3321,13 @@ dependencies = [ "rsa", "serde", "trussed", + "trussed-core", ] [[package]] name = "trussed-se050-backend" version = "0.3.6" -source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?rev=f4ff60b8aa0f322a424613165f66ed9112c7a94f#f4ff60b8aa0f322a424613165f66ed9112c7a94f" +source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?branch=trussed-core#cd22bf17adea286fb5c6da6bbc74dcdc54f17b74" dependencies = [ "admin-app", "bitflags 2.6.0", @@ -3335,6 +3354,7 @@ dependencies = [ "sha2", "trussed", "trussed-auth", + "trussed-core", "trussed-hpke", "trussed-manage", "trussed-rsa-alloc", @@ -3345,16 +3365,16 @@ dependencies = [ [[package]] name = "trussed-se050-manage" version = "0.1.0" -source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?tag=se050-manage-v0.1.0#d70748efbde217bb6f2a7b1ecd579d2480f7edc0" +source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?branch=trussed-core#cd22bf17adea286fb5c6da6bbc74dcdc54f17b74" dependencies = [ "serde", - "trussed", + "trussed-core", ] [[package]] name = "trussed-staging" version = "0.3.2" -source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069#53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069" +source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=9355f700831c1a278c334f76382fbf98d82aedcd#9355f700831c1a278c334f76382fbf98d82aedcd" dependencies = [ "aead", "chacha20poly1305", @@ -3380,7 +3400,7 @@ dependencies = [ [[package]] name = "trussed-usbip" version = "0.0.1" -source = "git+https://github.com/Nitrokey/pc-usbip-runner.git?tag=v0.0.1-nitrokey.5#8d36e78e932b52ae62639bd3fb10ec5c0bae4aed" +source = "git+https://github.com/trussed-dev/pc-usbip-runner.git?branch=deps#cdb43edcd4626c1116168911416cef09c178fdc4" dependencies = [ "apdu-dispatch", "ctaphid-dispatch", @@ -3396,10 +3416,10 @@ dependencies = [ [[package]] name = "trussed-wrap-key-to-file" version = "0.1.0" -source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=wrap-key-to-file-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98" +source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=9355f700831c1a278c334f76382fbf98d82aedcd#9355f700831c1a278c334f76382fbf98d82aedcd" dependencies = [ "serde", - "trussed", + "trussed-core", ] [[package]] @@ -3539,17 +3559,16 @@ dependencies = [ [[package]] name = "usbd-ctaphid" version = "0.1.0" -source = "git+https://github.com/trussed-dev/usbd-ctaphid.git?rev=dcff9009c3cd1ef9e5b09f8f307aca998fc9a8c8#dcff9009c3cd1ef9e5b09f8f307aca998fc9a8c8" +source = "git+https://github.com/trussed-dev/usbd-ctaphid.git?branch=trussed-core#8a4449afdcce95c98cf1402f96fd72efb6a47152" dependencies = [ "ctaphid-dispatch", "delog", "embedded-time", - "heapless", "heapless-bytes", "interchange", "ref-swap", "serde", - "trussed", + "trussed-core", "usb-device", ] diff --git a/Cargo.toml b/Cargo.toml index 0cd98cee..24d32331 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,33 +17,35 @@ version = "1.8.0" memory-regions = { path = "components/memory-regions" } # forked -admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.18" } -fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.24" } -trussed = { git = "https://github.com/nitrokey/trussed.git", tag = "v0.1.0-nitrokey.24" } +admin-app = { git = "https://github.com/Nitrokey/admin-app.git", branch = "ctaphid-app" } +fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", branch = "ctaphid-app" } +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "f5d4af2733a33305d044f763f12dc31d417b57ee" } +trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "f5d4af2733a33305d044f763f12dc31d417b57ee" } # unreleased upstream changes -ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch.git", tag = "v0.1.1-nitrokey.3" } -usbd-ctaphid = { git = "https://github.com/trussed-dev/usbd-ctaphid.git", rev = "dcff9009c3cd1ef9e5b09f8f307aca998fc9a8c8" } +ctaphid-app = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", branch = "heapless-bytes" } +ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", branch = "heapless-bytes" } +usbd-ctaphid = { git = "https://github.com/trussed-dev/usbd-ctaphid.git", branch = "trussed-core" } usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" } p256-cortex-m4 = { git = "https://github.com/ycrypto/p256-cortex-m4.git", rev = "cdb31e12594b4dc1f045b860a885fdc94d96aee2" } # unreleased crates -secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", rev = "fae41aabe63fa674042b3d217d734955f1f2aac2" } +secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", branch = "ctaphid-app" } webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag = "v0.8.0-rc10" } -opcard = { git = "https://github.com/Nitrokey/opcard-rs", rev = "1a0d5bf623af114e2adfc8ac89f7b0418ec49349" } -piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator.git", rev = "84ebc022ebacbd1b1964f38f6173010a2fd514f8" } -trussed-fs-info = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "fs-info-v0.1.0" } -trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "chunked-v0.1.0" } -trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" } -trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "wrap-key-to-file-v0.1.0" } -trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069" } -trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "c030b82ad3441f337af09afe3a69e8a6da5785ea" } -trussed-hkdf = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "hkdf-v0.2.0" } -trussed-hpke = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "hpke-v0.1.0" } -trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", tag = "v0.2.1" } -trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.5" } -trussed-se050-manage = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "se050-manage-v0.1.0" } -trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "f4ff60b8aa0f322a424613165f66ed9112c7a94f" } +opcard = { git = "https://github.com/Nitrokey/opcard-rs", branch = "trussed-core" } +piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator.git", branch = "trussed-core" } +trussed-fs-info = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", branch = "trussed-core" } +trussed-hkdf = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-hpke = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", branch = "trussed-core" } +trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", branch = "deps" } +trussed-se050-manage = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", branch = "trussed-core" } +trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", branch = "trussed-core" } [profile.release] codegen-units = 1 diff --git a/components/apps/Cargo.toml b/components/apps/Cargo.toml index de5a0a90..501fc67e 100644 --- a/components/apps/Cargo.toml +++ b/components/apps/Cargo.toml @@ -13,7 +13,8 @@ heapless = "0.7" heapless-bytes = "0.3" se05x = { version = "0.1.1", optional = true} serde = { version = "1.0.180", default-features = false } -trussed = { version = "0.1", features = ["serde-extensions"] } +trussed = { version = "0.1", default-features = false, features = ["crypto-client", "filesystem-client", "management-client", "serde-extensions", "ui-client"] } +trussed-core = "0.1" trussed-usbip = { version = "0.0.1", default-features = false, features = ["ctaphid"], optional = true } usbd-ctaphid = { version = "0.1", optional = true } utils = { path = "../utils" } @@ -66,11 +67,11 @@ nkpk = ["fido-authenticator", "factory-reset", "trussed/clients-2"] nkpk-provisioner = ["nkpk", "provisioner-app", "trussed/clients-3"] # apps -secrets-app = ["dep:secrets-app", "backend-auth"] +secrets-app = ["dep:secrets-app", "backend-auth", "trussed/chacha8-poly1305", "trussed/hmac-sha1", "trussed/hmac-sha256", "trussed/sha256"] webcrypt = ["dep:webcrypt", "backend-auth", "backend-rsa"] -fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid"] -opcard = ["dep:opcard", "backend-rsa", "backend-auth"] -piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth"] +fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid", "trussed/aes256-cbc", "trussed/certificate-client", "trussed/chacha8-poly1305", "trussed/ed255", "trussed/hmac-sha256", "trussed/p256", "trussed/sha256"] +opcard = ["dep:opcard", "backend-rsa", "backend-auth", "trussed/aes256-cbc", "trussed/chacha8-poly1305", "trussed/ed255", "trussed/p256", "trussed/shared-secret", "trussed/x255"] +piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth", "trussed/aes256-cbc", "trussed/chacha8-poly1305", "trussed/ed255", "trussed/p256", "trussed/shared-secret", "trussed/tdes", "trussed/x255"] se050 = ["dep:se05x", "trussed-se050-backend", "trussed-se050-manage", "admin-app/se050"] # backends diff --git a/components/apps/src/lib.rs b/components/apps/src/lib.rs index 846bb7ff..487148f1 100644 --- a/components/apps/src/lib.rs +++ b/components/apps/src/lib.rs @@ -8,7 +8,7 @@ const WEBCRYPT_APP_CREDENTIALS_COUNT_LIMIT: u16 = 50; use apdu_dispatch::{response::SIZE as ApduResponseSize, App as ApduApp}; use bitflags::bitflags; use core::marker::PhantomData; -use ctaphid_dispatch::app::App as CtaphidApp; +use ctaphid_dispatch::{app::App as CtaphidApp, types::MESSAGE_SIZE as CTAPHID_MESSAGE_SIZE}; #[cfg(feature = "se050")] use embedded_hal::blocking::delay::DelayUs; use heapless::Vec; @@ -32,7 +32,7 @@ use trussed::{ interrupt::InterruptFlag, platform::Syscall, store::filestore::ClientFilestore, - types::{Location, Path}, + types::{Location, Mechanism, Path}, ClientImplementation, Platform, Service, }; @@ -409,6 +409,17 @@ pub struct Apps { webcrypt: Option, WebcryptApp>>, } +const fn contains(data: &[Mechanism], item: Mechanism) -> bool { + let mut i = 0; + while i < data.len() { + if data[i].const_eq(item) { + return true; + } + i += 1; + } + false +} + impl Apps { pub fn new( runner: &R, @@ -421,6 +432,33 @@ impl Apps { ) -> Client, data: Data, ) -> Self { + const { + let enabled = Mechanism::ENABLED; + + // Every mechanism that is enabled in trussed-core must be implemented by trussed or + // by a custom backend. + let mut i = 0; + while i < enabled.len() { + let mechanism = enabled[i]; + i += 1; + + if contains(trussed::types::IMPLEMENTED_MECHANISMS, mechanism) { + continue; + } + #[cfg(feature = "backend-rsa")] + if contains(trussed_rsa_alloc::MECHANISMS, mechanism) { + continue; + } + #[cfg(feature = "se050")] + if contains(trussed_se050_backend::MECHANISMS, mechanism) { + continue; + } + + // This mechanism is not implemented by Trussed or any of the backends. + mechanism.panic(); + } + } + let _ = (runner, &mut make_client); let Data { admin, @@ -680,9 +718,9 @@ impl Apps { pub fn ctaphid_dispatch(&mut self, f: F) -> T where - F: FnOnce(&mut [&mut dyn CtaphidApp<'static>]) -> T, + F: FnOnce(&mut [&mut dyn CtaphidApp<'static, CTAPHID_MESSAGE_SIZE>]) -> T, { - let mut apps: Vec<&mut dyn CtaphidApp<'static>, 4> = Default::default(); + let mut apps: Vec<&mut dyn CtaphidApp<'static, CTAPHID_MESSAGE_SIZE>, 4> = Default::default(); // App 1: webcrypt or fido #[cfg(feature = "webcrypt")] @@ -741,7 +779,7 @@ where fn with_ctaphid_apps( &mut self, - f: impl FnOnce(&mut [&mut dyn CtaphidApp<'static>]) -> T, + f: impl FnOnce(&mut [&mut dyn CtaphidApp<'static, CTAPHID_MESSAGE_SIZE>]) -> T, ) -> T { self.ctaphid_dispatch(f) } diff --git a/components/boards/Cargo.toml b/components/boards/Cargo.toml index 198b458a..e59b72ac 100644 --- a/components/boards/Cargo.toml +++ b/components/boards/Cargo.toml @@ -23,7 +23,7 @@ rand = { version = "0.8.5", default-features = false } rand_chacha = { version = "0.3.1", default-features = false } ref-swap = "0.1.0" spi-memory = "0.2.0" -trussed = "0.1" +trussed = { version = "0.1", default-features = false } usb-device = "0.2" usbd-ccid = "0.2" usbd-ctaphid = "0.1" diff --git a/components/lfs-backup/Cargo.toml b/components/lfs-backup/Cargo.toml index 30f82277..d38978dc 100644 --- a/components/lfs-backup/Cargo.toml +++ b/components/lfs-backup/Cargo.toml @@ -15,7 +15,8 @@ heapless = "0.7.16" serde = { version = "1.0", default-features = false } postcard = "1.0" -trussed = "0.1" +trussed = { version = "0.1", default-features = false } +trussed-core = "0.1" [dev-dependencies] rand = "0.8.5" diff --git a/components/lfs-backup/src/lfs_backup.rs b/components/lfs-backup/src/lfs_backup.rs index a0f73330..210998e1 100644 --- a/components/lfs-backup/src/lfs_backup.rs +++ b/components/lfs-backup/src/lfs_backup.rs @@ -11,9 +11,10 @@ use serde::{Deserialize, Serialize}; use heapless::Vec; use heapless_bytes::Bytes; -use trussed::config::{MAX_MESSAGE_LENGTH, USER_ATTRIBUTE_NUMBER}; +use trussed::config::USER_ATTRIBUTE_NUMBER; +use trussed_core::config::MAX_MESSAGE_LENGTH; -use trussed::types::{Message, UserAttribute}; +use trussed_core::types::{Message, UserAttribute}; pub const MAX_FS_DEPTH: usize = 8; diff --git a/components/lfs-backup/src/tests.rs b/components/lfs-backup/src/tests.rs index 75637037..007edc6e 100644 --- a/components/lfs-backup/src/tests.rs +++ b/components/lfs-backup/src/tests.rs @@ -6,8 +6,8 @@ use heapless_bytes::Bytes; use crate::lfs_backup::{BackupBackend, FSBackupError, PathCursor, Result, MAX_FS_DEPTH}; -use trussed::config::USER_ATTRIBUTE_NUMBER; -use trussed::types::UserAttribute; +use trussed_core::config::USER_ATTRIBUTE_NUMBER; +use trussed_core::types::UserAttribute; use std::{ fs::{remove_file, File}, diff --git a/components/provisioner-app/Cargo.toml b/components/provisioner-app/Cargo.toml index f961de27..71b73466 100644 --- a/components/provisioner-app/Cargo.toml +++ b/components/provisioner-app/Cargo.toml @@ -15,7 +15,7 @@ heapless-bytes = "0.3" iso7816 = "0.1" littlefs2 = "0.5.0" salty = { version = "0.3", features = ["cose"] } -trussed = "0.1" +trussed = { version = "0.1", default-features = false, features = ["crypto-client"] } p256-cortex-m4 = "0.1.0-alpha.6" diff --git a/components/provisioner-app/src/apdu.rs b/components/provisioner-app/src/apdu.rs index c57c11d8..48522488 100644 --- a/components/provisioner-app/src/apdu.rs +++ b/components/provisioner-app/src/apdu.rs @@ -2,7 +2,7 @@ use crate::{Error, Provisioner}; use apdu_app::{App, CommandView, Data, Interface, Result, Status}; use core::convert::{TryFrom, TryInto}; use iso7816::{Aid, Instruction}; -use trussed::{client, store::Store, types::LfsStorage, Client}; +use trussed::{client, store::Store, types::LfsStorage}; const SOLO_PROVISIONER_AID: &[u8] = &[0xA0, 0x00, 0x00, 0x08, 0x47, 0x01, 0x00, 0x00, 0x01]; @@ -34,7 +34,7 @@ impl iso7816::App for Provisioner where S: Store, FS: 'static + LfsStorage, - T: Client + client::X255 + client::HmacSha256, + T: client::CryptoClient, { fn aid(&self) -> Aid { Aid::new(SOLO_PROVISIONER_AID) @@ -45,7 +45,7 @@ impl App for Provisioner where S: Store, FS: 'static + LfsStorage, - T: Client + client::X255 + client::HmacSha256, + T: client::CryptoClient, { fn select( &mut self, diff --git a/components/provisioner-app/src/ctaphid.rs b/components/provisioner-app/src/ctaphid.rs index 0d791283..a7103454 100644 --- a/components/provisioner-app/src/ctaphid.rs +++ b/components/provisioner-app/src/ctaphid.rs @@ -5,7 +5,7 @@ use ctaphid_dispatch::{ command::{Command, VendorCommand}, types::{Error, Message}, }; -use trussed::{client, store::Store, types::LfsStorage, Client}; +use trussed::{client, store::Store, types::LfsStorage}; const COMMAND_PROVISIONER: VendorCommand = VendorCommand::H71; @@ -13,7 +13,7 @@ impl App<'static> for Provisioner where S: Store, FS: 'static + LfsStorage, - T: Client + client::X255 + client::HmacSha256, + T: client::CryptoClient, { fn commands(&self) -> &'static [Command] { &[Command::Vendor(COMMAND_PROVISIONER)] diff --git a/components/provisioner-app/src/lib.rs b/components/provisioner-app/src/lib.rs index 7856d3c7..3f93f1ad 100644 --- a/components/provisioner-app/src/lib.rs +++ b/components/provisioner-app/src/lib.rs @@ -29,7 +29,6 @@ use trussed::{ store::{self, Store}, syscall, types::LfsStorage, - Client, }; const TESTER_FILENAME_ID: [u8; 2] = [0xe1, 0x01]; @@ -114,7 +113,7 @@ pub struct Provisioner where S: Store, FS: 'static + LfsStorage, - T: Client + client::X255 + client::HmacSha256, + T: client::CryptoClient, { trussed: T, @@ -134,7 +133,7 @@ impl Provisioner where S: Store, FS: 'static + LfsStorage, - T: Client + client::X255 + client::HmacSha256, + T: client::CryptoClient, { pub fn new( trussed: T, diff --git a/runners/embedded/Cargo.toml b/runners/embedded/Cargo.toml index 04947fef..02ed9443 100644 --- a/runners/embedded/Cargo.toml +++ b/runners/embedded/Cargo.toml @@ -26,7 +26,7 @@ apdu-dispatch = "0.3" ctaphid-dispatch = "0.1" ### trussed core -trussed = "0.1" +trussed = { version = "0.1", default-features = false } interchange = "0.3" ### usb machinery