From c8d1c6c87b8a34f24dcc40a125d461ac63cde4db Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin@nitrokey.com>
Date: Fri, 20 Dec 2024 13:48:15 +0100
Subject: [PATCH] Update dependencies to use trussed-core
This patch updates our dependencies to use trussed-core, including some
related updates.
---
Cargo.lock | 156 ++++++++++++----------
Cargo.toml | 44 +++---
components/apps/Cargo.toml | 29 ++--
components/apps/src/lib.rs | 53 +++++++-
components/boards/Cargo.toml | 8 +-
components/boards/src/init.rs | 2 +-
components/boards/src/runtime.rs | 2 +-
components/lfs-backup/Cargo.toml | 3 +-
components/lfs-backup/src/lfs_backup.rs | 5 +-
components/lfs-backup/src/tests.rs | 4 +-
components/provisioner-app/Cargo.toml | 4 +-
components/provisioner-app/src/apdu.rs | 6 +-
components/provisioner-app/src/ctaphid.rs | 17 +--
components/provisioner-app/src/lib.rs | 5 +-
runners/embedded/Cargo.toml | 4 +-
runners/embedded/src/bin/app-lpc.rs | 2 +-
runners/embedded/src/bin/app-nrf.rs | 2 +-
runners/nkpk/Cargo.toml | 2 +-
runners/nkpk/src/main.rs | 2 +-
19 files changed, 200 insertions(+), 150 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 233b38a7..910eacb0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5,18 +5,21 @@ version = 3
[[package]]
name = "admin-app"
version = "0.1.0"
-source = "git+https://github.com/Nitrokey/admin-app.git?tag=v0.1.0-nitrokey.18#599d205e47a7430dfed1c37263fa565597b6597f"
+source = "git+https://github.com/Nitrokey/admin-app.git?tag=v0.1.0-nitrokey.19#d5f1c6df405e4edeb6524f908c1c713139173e81"
dependencies = [
"apdu-app",
"cbor-smol",
- "ctaphid-dispatch",
+ "ctaphid-app",
"delog",
+ "heapless",
+ "heapless-bytes",
"hex-literal 0.4.1",
"iso7816",
"littlefs2-core",
"serde",
"strum_macros",
"trussed",
+ "trussed-core",
"trussed-manage",
"trussed-se050-manage",
]
@@ -190,6 +193,7 @@ dependencies = [
"trussed",
"trussed-auth",
"trussed-chunked",
+ "trussed-core",
"trussed-fs-info",
"trussed-hkdf",
"trussed-hpke",
@@ -402,7 +406,7 @@ dependencies = [
"systick-monotonic",
"trussed",
"usb-device",
- "usbd-ccid 0.2.0",
+ "usbd-ccid",
"usbd-ctaphid",
"utils",
]
@@ -894,17 +898,28 @@ dependencies = [
"serde_repr",
]
+[[package]]
+name = "ctaphid-app"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fe93489fe96c998488d0843dffea35c02ed9add2585e55228e1d45988727ecc"
+dependencies = [
+ "heapless-bytes",
+ "trussed-core",
+]
+
[[package]]
name = "ctaphid-dispatch"
-version = "0.1.1"
-source = "git+https://github.com/Nitrokey/ctaphid-dispatch.git?tag=v0.1.1-nitrokey.3#7f08ac0229ca49a5e2cd69e001658e1b43bc0a2b"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "27caf0a07de6b0af58ba69562c1834ddf7aa27bc1d1687fed3b18fea1501e59e"
dependencies = [
+ "ctaphid-app",
"delog",
- "heapless",
"heapless-bytes",
"interchange",
"ref-swap",
- "trussed",
+ "trussed-core",
]
[[package]]
@@ -1128,14 +1143,14 @@ checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
[[package]]
name = "encrypted_container"
version = "0.1.0"
-source = "git+https://github.com/Nitrokey/trussed-secrets-app?rev=fae41aabe63fa674042b3d217d734955f1f2aac2#fae41aabe63fa674042b3d217d734955f1f2aac2"
+source = "git+https://github.com/Nitrokey/trussed-secrets-app?rev=01728a5a5cdd825835a1bea00807b8a8e080e2b8#01728a5a5cdd825835a1bea00807b8a8e080e2b8"
dependencies = [
"cbor-smol",
"delog",
"heapless",
"heapless-bytes",
"serde",
- "trussed",
+ "trussed-core",
]
[[package]]
@@ -1180,23 +1195,24 @@ dependencies = [
[[package]]
name = "fido-authenticator"
version = "0.1.1"
-source = "git+https://github.com/Nitrokey/fido-authenticator.git?tag=v0.1.1-nitrokey.24#63a14793877f49e0bd6a99d28834a0013fdb9d64"
+source = "git+https://github.com/Nitrokey/fido-authenticator.git?tag=v0.1.1-nitrokey.25#c9512c7bdff055a5fd9373f1c60c2a14d05ef3ce"
dependencies = [
"apdu-app",
"cbor-smol",
"cosey",
"ctap-types",
- "ctaphid-dispatch",
+ "ctaphid-app",
"delog",
"heapless",
+ "heapless-bytes",
"iso7816",
"littlefs2-core",
"serde",
"serde-indexed",
"serde_bytes",
"sha2",
- "trussed",
"trussed-chunked",
+ "trussed-core",
"trussed-fs-info",
"trussed-hkdf",
]
@@ -1717,6 +1733,7 @@ dependencies = [
"serde",
"serial_test",
"trussed",
+ "trussed-core",
]
[[package]]
@@ -2111,11 +2128,12 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
[[package]]
name = "opcard"
version = "1.5.0"
-source = "git+https://github.com/Nitrokey/opcard-rs?rev=266176ece535e870f6c6c8f0a303ab329d5d26f3#266176ece535e870f6c6c8f0a303ab329d5d26f3"
+source = "git+https://github.com/Nitrokey/opcard-rs?rev=84fd887ac32b59f3451d1fbee21b04a56b07780b#84fd887ac32b59f3451d1fbee21b04a56b07780b"
dependencies = [
"admin-app",
"apdu-app",
"bitflags 2.6.0",
+ "cbor-smol",
"cfg-if",
"delog",
"heapless",
@@ -2127,9 +2145,9 @@ dependencies = [
"serde",
"serde_repr",
"subtle",
- "trussed",
"trussed-auth",
"trussed-chunked",
+ "trussed-core",
"trussed-rsa-alloc",
"trussed-wrap-key-to-file",
]
@@ -2221,9 +2239,10 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "piv-authenticator"
version = "0.3.8"
-source = "git+https://github.com/Nitrokey/piv-authenticator.git?rev=84ebc022ebacbd1b1964f38f6173010a2fd514f8#84ebc022ebacbd1b1964f38f6173010a2fd514f8"
+source = "git+https://github.com/Nitrokey/piv-authenticator.git?rev=95408fceeb8035fa055516d9848519a6e54305c5#95408fceeb8035fa055516d9848519a6e54305c5"
dependencies = [
"apdu-app",
+ "cbor-smol",
"cfg-if",
"delog",
"flexiber",
@@ -2235,9 +2254,9 @@ dependencies = [
"log",
"serde",
"subtle",
- "trussed",
"trussed-auth",
"trussed-chunked",
+ "trussed-core",
"trussed-hpke",
"trussed-rsa-alloc",
"trussed-wrap-key-to-file",
@@ -2367,7 +2386,7 @@ name = "provisioner-app"
version = "0.1.0"
dependencies = [
"apdu-app",
- "ctaphid-dispatch",
+ "ctaphid-app",
"delog",
"heapless",
"heapless-bytes",
@@ -2657,13 +2676,13 @@ dependencies = [
[[package]]
name = "secrets-app"
version = "0.13.0"
-source = "git+https://github.com/Nitrokey/trussed-secrets-app?rev=fae41aabe63fa674042b3d217d734955f1f2aac2#fae41aabe63fa674042b3d217d734955f1f2aac2"
+source = "git+https://github.com/Nitrokey/trussed-secrets-app?rev=01728a5a5cdd825835a1bea00807b8a8e080e2b8#01728a5a5cdd825835a1bea00807b8a8e080e2b8"
dependencies = [
"apdu-app",
"bitflags 2.6.0",
"block-padding",
"cbor-smol",
- "ctaphid-dispatch",
+ "ctaphid-app",
"delog",
"encrypted_container",
"flexiber",
@@ -2673,8 +2692,8 @@ dependencies = [
"iso7816",
"littlefs2-core",
"serde",
- "trussed",
"trussed-auth",
+ "trussed-core",
]
[[package]]
@@ -3177,7 +3196,7 @@ dependencies = [
[[package]]
name = "trussed"
version = "0.1.0"
-source = "git+https://github.com/nitrokey/trussed.git?tag=v0.1.0-nitrokey.24#43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae"
+source = "git+https://github.com/trussed-dev/trussed.git?rev=6bba8fde36d05c0227769eb63345744e87d84b2b#6bba8fde36d05c0227769eb63345744e87d84b2b"
dependencies = [
"aes",
"bitflags 2.6.0",
@@ -3215,7 +3234,7 @@ dependencies = [
[[package]]
name = "trussed-auth"
version = "0.3.0"
-source = "git+https://github.com/trussed-dev/trussed-auth?rev=c030b82ad3441f337af09afe3a69e8a6da5785ea#c030b82ad3441f337af09afe3a69e8a6da5785ea"
+source = "git+https://github.com/trussed-dev/trussed-auth?rev=fc53539536d7658c45a492585041742d8cdc45d0#fc53539536d7658c45a492585041742d8cdc45d0"
dependencies = [
"chacha20poly1305",
"hkdf",
@@ -3227,24 +3246,26 @@ dependencies = [
"sha2",
"subtle",
"trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-chunked"
-version = "0.1.0"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=chunked-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9268d9d812440965ce31684e0115ceafa2636b7a8cc04dc117594567c53ff75e"
dependencies = [
"serde",
"serde-byte-array",
- "trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-core"
version = "0.1.0"
-source = "git+https://github.com/nitrokey/trussed.git?tag=v0.1.0-nitrokey.24#43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "afddad280ae8a5235e1b06408cca909ce9454cdd89f941b94b024c580732b3ce"
dependencies = [
- "heapless",
"heapless-bytes",
"littlefs2-core",
"postcard 0.7.3",
@@ -3255,46 +3276,51 @@ dependencies = [
[[package]]
name = "trussed-fs-info"
-version = "0.1.0"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=fs-info-v0.1.0#72b082002e0869facfc11bf8d76a1272c7ddf4ee"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44822e0abc5a32b3f370f82644ee9cb08aa693847aac0d48f6dc115389157aea"
dependencies = [
"serde",
"serde-byte-array",
- "trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-hkdf"
-version = "0.2.0"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=hkdf-v0.2.0#e016b25fbc49f3ba13272d58a9e9d47a16d8ea14"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "17884daee9214e24c7bb9cf2429d0f53c569cfa4a8d728106e459e60aed5be69"
dependencies = [
"serde",
- "trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-hpke"
-version = "0.1.0"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=hpke-v0.1.0#7c99973187eb9ae2c1e410b5996169ccf2690efa"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d382b3bb98a71862e7db71437204d3e9f1542e42d30c1f18515ba07db4d970a"
dependencies = [
"serde",
"serde-byte-array",
- "trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-manage"
-version = "0.1.0"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=manage-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "47b8d85d7ca4bd11e0508d9874e17f5058faaf5030cfc9efdd6a35ab779b87ca"
dependencies = [
+ "littlefs2-core",
"serde",
- "trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-rsa-alloc"
version = "0.2.1"
-source = "git+https://github.com/trussed-dev/trussed-rsa-backend.git?tag=v0.2.1#655eca355df59e85a9f1d803623bc2efa10a8b5a"
+source = "git+https://github.com/trussed-dev/trussed-rsa-backend.git?rev=743d9aaa3d8a17d7dbf492bd54dc18ab8fca3dc0#743d9aaa3d8a17d7dbf492bd54dc18ab8fca3dc0"
dependencies = [
"delog",
"heapless-bytes",
@@ -3303,14 +3329,14 @@ dependencies = [
"rsa",
"serde",
"trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-se050-backend"
version = "0.3.6"
-source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?rev=9e1570a957b24995e5234d43f24b8f126c5de2e4#9e1570a957b24995e5234d43f24b8f126c5de2e4"
+source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?rev=58b442331e997b0c50525276258d66d069478f15#58b442331e997b0c50525276258d66d069478f15"
dependencies = [
- "admin-app",
"bitflags 2.6.0",
"cbor-smol",
"chacha20poly1305",
@@ -3335,6 +3361,7 @@ dependencies = [
"sha2",
"trussed",
"trussed-auth",
+ "trussed-core",
"trussed-hpke",
"trussed-manage",
"trussed-rsa-alloc",
@@ -3344,17 +3371,18 @@ dependencies = [
[[package]]
name = "trussed-se050-manage"
-version = "0.1.0"
-source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?tag=se050-manage-v0.1.0#d70748efbde217bb6f2a7b1ecd579d2480f7edc0"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "54b1fd8a2ef2691183281ddf81630ef24c27211955c3c3998f83d21572f48673"
dependencies = [
"serde",
- "trussed",
+ "trussed-core",
]
[[package]]
name = "trussed-staging"
version = "0.3.2"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069#53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069"
+source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=1e1ca03a3a62ea9b802f4070ea4bce002eeb4bec#1e1ca03a3a62ea9b802f4070ea4bce002eeb4bec"
dependencies = [
"aead",
"chacha20poly1305",
@@ -3380,7 +3408,7 @@ dependencies = [
[[package]]
name = "trussed-usbip"
version = "0.0.1"
-source = "git+https://github.com/Nitrokey/pc-usbip-runner.git?tag=v0.0.1-nitrokey.5#8d36e78e932b52ae62639bd3fb10ec5c0bae4aed"
+source = "git+https://github.com/trussed-dev/pc-usbip-runner.git?rev=4fe4e4e287dac1d92fcd4f97e8926497bfa9d7a9#4fe4e4e287dac1d92fcd4f97e8926497bfa9d7a9"
dependencies = [
"apdu-dispatch",
"ctaphid-dispatch",
@@ -3388,18 +3416,19 @@ dependencies = [
"log",
"trussed",
"usb-device",
- "usbd-ccid 0.3.0",
+ "usbd-ccid",
"usbd-ctaphid",
"usbip-device",
]
[[package]]
name = "trussed-wrap-key-to-file"
-version = "0.1.0"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=wrap-key-to-file-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b923d89f632ac2b62af4193844f1afb6d0fe4e31af8a1a85053a328da1f512d7"
dependencies = [
"serde",
- "trussed",
+ "trussed-core",
]
[[package]]
@@ -3509,19 +3538,6 @@ version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f6cc3adc849b5292b4075fc0d5fdcf2f24866e88e336dd27a8943090a520508"
-[[package]]
-name = "usbd-ccid"
-version = "0.2.0"
-source = "git+https://github.com/Nitrokey/usbd-ccid?tag=v0.2.0-nitrokey.1#eeea54f85cfa69a43c676b63c030608830ea35ea"
-dependencies = [
- "delog",
- "embedded-time",
- "heapless",
- "interchange",
- "iso7816",
- "usb-device",
-]
-
[[package]]
name = "usbd-ccid"
version = "0.3.0"
@@ -3538,18 +3554,18 @@ dependencies = [
[[package]]
name = "usbd-ctaphid"
-version = "0.1.0"
-source = "git+https://github.com/trussed-dev/usbd-ctaphid.git?rev=dcff9009c3cd1ef9e5b09f8f307aca998fc9a8c8#dcff9009c3cd1ef9e5b09f8f307aca998fc9a8c8"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "092fad7bf817001ecade9272fe6ccbea4e5d0c02f99ca24c4c5ce97fbbff5371"
dependencies = [
"ctaphid-dispatch",
"delog",
"embedded-time",
- "heapless",
"heapless-bytes",
"interchange",
"ref-swap",
"serde",
- "trussed",
+ "trussed-core",
"usb-device",
]
@@ -3698,11 +3714,12 @@ checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96"
[[package]]
name = "webcrypt"
version = "0.8.0"
-source = "git+https://github.com/nitrokey/nitrokey-websmartcard-rust?tag=v0.8.0-rc10#c14c496210d625b815cf613bda161410a93bf18d"
+source = "git+https://github.com/nitrokey/nitrokey-websmartcard-rust?tag=v0.8.0-rc11#539ca26b1e045e27b1489d71784524640119db8b"
dependencies = [
"apdu-app",
"cbor-smol",
"ctap-types",
+ "ctaphid-app",
"ctaphid-dispatch",
"delog",
"generic-array",
@@ -3716,6 +3733,7 @@ dependencies = [
"serde_bytes",
"sha2",
"trussed",
+ "trussed-core",
"trussed-rsa-alloc",
]
diff --git a/Cargo.toml b/Cargo.toml
index f8fefbee..2038868f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -16,34 +16,24 @@ version = "1.8.0"
# components
memory-regions = { path = "components/memory-regions" }
-# forked
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.18" }
-fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.24" }
-trussed = { git = "https://github.com/nitrokey/trussed.git", tag = "v0.1.0-nitrokey.24" }
-
-# unreleased upstream changes
-ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch.git", tag = "v0.1.1-nitrokey.3" }
-usbd-ctaphid = { git = "https://github.com/trussed-dev/usbd-ctaphid.git", rev = "dcff9009c3cd1ef9e5b09f8f307aca998fc9a8c8" }
-usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
+# unreleased libraries
p256-cortex-m4 = { git = "https://github.com/ycrypto/p256-cortex-m4.git", rev = "cdb31e12594b4dc1f045b860a885fdc94d96aee2" }
-
-# unreleased crates
-secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", rev = "fae41aabe63fa674042b3d217d734955f1f2aac2" }
-webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag = "v0.8.0-rc10" }
-opcard = { git = "https://github.com/Nitrokey/opcard-rs", rev = "266176ece535e870f6c6c8f0a303ab329d5d26f3" }
-piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator.git", rev = "84ebc022ebacbd1b1964f38f6173010a2fd514f8" }
-trussed-fs-info = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "fs-info-v0.1.0" }
-trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "chunked-v0.1.0" }
-trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" }
-trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "wrap-key-to-file-v0.1.0" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069" }
-trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "c030b82ad3441f337af09afe3a69e8a6da5785ea" }
-trussed-hkdf = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "hkdf-v0.2.0" }
-trussed-hpke = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "hpke-v0.1.0" }
-trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", tag = "v0.2.1" }
-trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.5" }
-trussed-se050-manage = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "se050-manage-v0.1.0" }
-trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "9e1570a957b24995e5234d43f24b8f126c5de2e4" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
+trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "4fe4e4e287dac1d92fcd4f97e8926497bfa9d7a9" }
+
+# applications
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.19" }
+fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git",tag = "v0.1.1-nitrokey.25" }
+opcard = { git = "https://github.com/Nitrokey/opcard-rs", rev = "84fd887ac32b59f3451d1fbee21b04a56b07780b" }
+piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator.git", rev = "95408fceeb8035fa055516d9848519a6e54305c5" }
+secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", rev = "01728a5a5cdd825835a1bea00807b8a8e080e2b8" }
+webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag = "v0.8.0-rc11" }
+
+# backends
+trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "fc53539536d7658c45a492585041742d8cdc45d0" }
+trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "743d9aaa3d8a17d7dbf492bd54dc18ab8fca3dc0" }
+trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "58b442331e997b0c50525276258d66d069478f15" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "1e1ca03a3a62ea9b802f4070ea4bce002eeb4bec" }
[profile.release]
codegen-units = 1
diff --git a/components/apps/Cargo.toml b/components/apps/Cargo.toml
index de5a0a90..17fbd514 100644
--- a/components/apps/Cargo.toml
+++ b/components/apps/Cargo.toml
@@ -7,15 +7,16 @@ edition = "2021"
delog = "0.1"
apdu-dispatch = "0.3"
bitflags = "2"
-ctaphid-dispatch = "0.1"
+ctaphid-dispatch = "0.2"
embedded-hal = "0.2.7"
heapless = "0.7"
heapless-bytes = "0.3"
se05x = { version = "0.1.1", optional = true}
serde = { version = "1.0.180", default-features = false }
-trussed = { version = "0.1", features = ["serde-extensions"] }
+trussed = { version = "0.1", default-features = false, features = ["crypto-client", "filesystem-client", "management-client", "serde-extensions", "ui-client"] }
+trussed-core = "0.1.0-rc.1"
trussed-usbip = { version = "0.0.1", default-features = false, features = ["ctaphid"], optional = true }
-usbd-ctaphid = { version = "0.1", optional = true }
+usbd-ctaphid = { version = "0.2", optional = true }
utils = { path = "../utils" }
if_chain = "1.0.2"
littlefs2-core = "0.1"
@@ -27,13 +28,13 @@ trussed-se050-backend = { version = "0.3.6", optional = true }
trussed-staging = { version = "0.3.2", features = ["wrap-key-to-file", "chunked", "hkdf", "manage", "fs-info"] }
# Extensions
-trussed-chunked = "0.1.0"
-trussed-hkdf = "0.2.0"
-trussed-manage = "0.1.0"
-trussed-se050-manage = { version = "0.1.0", optional = true }
-trussed-wrap-key-to-file = "0.1.0"
-trussed-fs-info = "0.1.0"
-trussed-hpke = "0.1.0"
+trussed-chunked = "0.2.0"
+trussed-hkdf = "0.3.0"
+trussed-manage = "0.2.0"
+trussed-se050-manage = { version = "0.2.0", optional = true }
+trussed-wrap-key-to-file = "0.2.0"
+trussed-fs-info = "0.2.0"
+trussed-hpke = "0.2.0"
# apps
admin-app = "0.1.0"
@@ -66,11 +67,11 @@ nkpk = ["fido-authenticator", "factory-reset", "trussed/clients-2"]
nkpk-provisioner = ["nkpk", "provisioner-app", "trussed/clients-3"]
# apps
-secrets-app = ["dep:secrets-app", "backend-auth"]
+secrets-app = ["dep:secrets-app", "backend-auth", "trussed/chacha8-poly1305", "trussed/hmac-sha1", "trussed/hmac-sha256", "trussed/sha256"]
webcrypt = ["dep:webcrypt", "backend-auth", "backend-rsa"]
-fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid"]
-opcard = ["dep:opcard", "backend-rsa", "backend-auth"]
-piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth"]
+fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid", "trussed/aes256-cbc", "trussed/certificate-client", "trussed/chacha8-poly1305", "trussed/ed255", "trussed/hmac-sha256", "trussed/p256", "trussed/sha256"]
+opcard = ["dep:opcard", "backend-rsa", "backend-auth", "trussed/aes256-cbc", "trussed/chacha8-poly1305", "trussed/ed255", "trussed/p256", "trussed/shared-secret", "trussed/x255"]
+piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth", "trussed/aes256-cbc", "trussed/chacha8-poly1305", "trussed/ed255", "trussed/p256", "trussed/shared-secret", "trussed/tdes", "trussed/x255"]
se050 = ["dep:se05x", "trussed-se050-backend", "trussed-se050-manage", "admin-app/se050"]
# backends
diff --git a/components/apps/src/lib.rs b/components/apps/src/lib.rs
index 2937afdd..fca03987 100644
--- a/components/apps/src/lib.rs
+++ b/components/apps/src/lib.rs
@@ -8,7 +8,7 @@ const WEBCRYPT_APP_CREDENTIALS_COUNT_LIMIT: u16 = 50;
use apdu_dispatch::{response::SIZE as ApduResponseSize, App as ApduApp};
use bitflags::bitflags;
use core::marker::PhantomData;
-use ctaphid_dispatch::app::App as CtaphidApp;
+use ctaphid_dispatch::{app::App as CtaphidApp, MESSAGE_SIZE as CTAPHID_MESSAGE_SIZE};
#[cfg(feature = "se050")]
use embedded_hal::blocking::delay::DelayUs;
use heapless::Vec;
@@ -32,7 +32,7 @@ use trussed::{
interrupt::InterruptFlag,
platform::Syscall,
store::filestore::ClientFilestore,
- types::{Location, Path},
+ types::{Location, Mechanism, Path},
ClientImplementation, Platform, Service,
};
@@ -409,6 +409,44 @@ pub struct Apps<R: Runner> {
webcrypt: Option<PeekingBypass<'static, FidoApp<R>, WebcryptApp<R>>>,
}
+const fn contains(data: &[Mechanism], item: Mechanism) -> bool {
+ let mut i = 0;
+ while i < data.len() {
+ if data[i].const_eq(item) {
+ return true;
+ }
+ i += 1;
+ }
+ false
+}
+
+/// This function ensures that every mechanism that is enabled in trussed-core is implemented by
+/// at least one backend (trussed or a custom backend). It panics if it finds an enabled but
+/// unimplemented mechanism.
+const fn validate_mechanisms() {
+ let enabled = Mechanism::ENABLED;
+ let mut i = 0;
+ while i < enabled.len() {
+ let mechanism = enabled[i];
+ i += 1;
+
+ if contains(trussed::types::IMPLEMENTED_MECHANISMS, mechanism) {
+ continue;
+ }
+ #[cfg(feature = "backend-rsa")]
+ if contains(trussed_rsa_alloc::MECHANISMS, mechanism) {
+ continue;
+ }
+ #[cfg(feature = "se050")]
+ if contains(trussed_se050_backend::MECHANISMS, mechanism) {
+ continue;
+ }
+
+ // This mechanism is not implemented by Trussed or any of the backends.
+ mechanism.panic();
+ }
+}
+
impl<R: Runner> Apps<R> {
pub fn new<P: Platform>(
runner: &R,
@@ -421,6 +459,10 @@ impl<R: Runner> Apps<R> {
) -> Client<R>,
data: Data<R>,
) -> Self {
+ const {
+ validate_mechanisms();
+ }
+
let _ = (runner, &mut make_client);
let Data {
admin,
@@ -680,9 +722,10 @@ impl<R: Runner> Apps<R> {
pub fn ctaphid_dispatch<F, T>(&mut self, f: F) -> T
where
- F: FnOnce(&mut [&mut dyn CtaphidApp<'static>]) -> T,
+ F: FnOnce(&mut [&mut dyn CtaphidApp<'static, CTAPHID_MESSAGE_SIZE>]) -> T,
{
- let mut apps: Vec<&mut dyn CtaphidApp<'static>, 4> = Default::default();
+ let mut apps: Vec<&mut dyn CtaphidApp<'static, CTAPHID_MESSAGE_SIZE>, 4> =
+ Default::default();
// App 1: webcrypt or fido
#[cfg(feature = "webcrypt")]
@@ -741,7 +784,7 @@ where
fn with_ctaphid_apps<T>(
&mut self,
- f: impl FnOnce(&mut [&mut dyn CtaphidApp<'static>]) -> T,
+ f: impl FnOnce(&mut [&mut dyn CtaphidApp<'static, CTAPHID_MESSAGE_SIZE>]) -> T,
) -> T {
self.ctaphid_dispatch(f)
}
diff --git a/components/boards/Cargo.toml b/components/boards/Cargo.toml
index 198b458a..d5be6cc9 100644
--- a/components/boards/Cargo.toml
+++ b/components/boards/Cargo.toml
@@ -9,7 +9,7 @@ apps = { path = "../apps" }
cortex-m = "0.7"
cortex-m-rtic = "1.0"
cortex-m-rt = "0.6.15"
-ctaphid-dispatch = "0.1"
+ctaphid-dispatch = "0.2"
delog = "0.1"
embedded-hal = "0.2.3"
embedded-time = "0.12"
@@ -23,10 +23,10 @@ rand = { version = "0.8.5", default-features = false }
rand_chacha = { version = "0.3.1", default-features = false }
ref-swap = "0.1.0"
spi-memory = "0.2.0"
-trussed = "0.1"
+trussed = { version = "0.1", default-features = false }
usb-device = "0.2"
-usbd-ccid = "0.2"
-usbd-ctaphid = "0.1"
+usbd-ccid = "0.3"
+usbd-ctaphid = "0.2"
utils = { path = "../utils" }
# soc-lpc55
diff --git a/components/boards/src/init.rs b/components/boards/src/init.rs
index 8d43d49d..654b91e4 100644
--- a/components/boards/src/init.rs
+++ b/components/boards/src/init.rs
@@ -6,7 +6,7 @@ use apdu_dispatch::{
use apps::AUTH_LOCATION;
use apps::{AdminData, Data, Dispatch, FidoData, InitStatus};
-use ctaphid_dispatch::{dispatch::Dispatch as CtaphidDispatch, types::Channel as CtapChannel};
+use ctaphid_dispatch::{Channel as CtapChannel, Dispatch as CtaphidDispatch};
#[cfg(not(feature = "no-delog"))]
use delog::delog;
use interchange::Channel;
diff --git a/components/boards/src/runtime.rs b/components/boards/src/runtime.rs
index b60202e4..2b26b668 100644
--- a/components/boards/src/runtime.rs
+++ b/components/boards/src/runtime.rs
@@ -1,5 +1,5 @@
use apdu_dispatch::dispatch::{ApduDispatch, Interface};
-use ctaphid_dispatch::dispatch::Dispatch as CtaphidDispatch;
+use ctaphid_dispatch::Dispatch as CtaphidDispatch;
use embedded_time::duration::Milliseconds;
use nfc_device::{traits::nfc::Device as NfcDevice, Iso14443};
diff --git a/components/lfs-backup/Cargo.toml b/components/lfs-backup/Cargo.toml
index 30f82277..ac312343 100644
--- a/components/lfs-backup/Cargo.toml
+++ b/components/lfs-backup/Cargo.toml
@@ -15,7 +15,8 @@ heapless = "0.7.16"
serde = { version = "1.0", default-features = false }
postcard = "1.0"
-trussed = "0.1"
+trussed = { version = "0.1", default-features = false }
+trussed-core = "0.1.0-rc.1"
[dev-dependencies]
rand = "0.8.5"
diff --git a/components/lfs-backup/src/lfs_backup.rs b/components/lfs-backup/src/lfs_backup.rs
index a0f73330..210998e1 100644
--- a/components/lfs-backup/src/lfs_backup.rs
+++ b/components/lfs-backup/src/lfs_backup.rs
@@ -11,9 +11,10 @@ use serde::{Deserialize, Serialize};
use heapless::Vec;
use heapless_bytes::Bytes;
-use trussed::config::{MAX_MESSAGE_LENGTH, USER_ATTRIBUTE_NUMBER};
+use trussed::config::USER_ATTRIBUTE_NUMBER;
+use trussed_core::config::MAX_MESSAGE_LENGTH;
-use trussed::types::{Message, UserAttribute};
+use trussed_core::types::{Message, UserAttribute};
pub const MAX_FS_DEPTH: usize = 8;
diff --git a/components/lfs-backup/src/tests.rs b/components/lfs-backup/src/tests.rs
index 75637037..007edc6e 100644
--- a/components/lfs-backup/src/tests.rs
+++ b/components/lfs-backup/src/tests.rs
@@ -6,8 +6,8 @@ use heapless_bytes::Bytes;
use crate::lfs_backup::{BackupBackend, FSBackupError, PathCursor, Result, MAX_FS_DEPTH};
-use trussed::config::USER_ATTRIBUTE_NUMBER;
-use trussed::types::UserAttribute;
+use trussed_core::config::USER_ATTRIBUTE_NUMBER;
+use trussed_core::types::UserAttribute;
use std::{
fs::{remove_file, File},
diff --git a/components/provisioner-app/Cargo.toml b/components/provisioner-app/Cargo.toml
index f961de27..cb8331bc 100644
--- a/components/provisioner-app/Cargo.toml
+++ b/components/provisioner-app/Cargo.toml
@@ -8,14 +8,14 @@ edition = "2018"
[dependencies]
apdu-app = "0.1"
-ctaphid-dispatch = "0.1"
+ctaphid-app = "0.1.0-rc.1"
delog = "0.1"
heapless = "0.7"
heapless-bytes = "0.3"
iso7816 = "0.1"
littlefs2 = "0.5.0"
salty = { version = "0.3", features = ["cose"] }
-trussed = "0.1"
+trussed = { version = "0.1", default-features = false, features = ["crypto-client"] }
p256-cortex-m4 = "0.1.0-alpha.6"
diff --git a/components/provisioner-app/src/apdu.rs b/components/provisioner-app/src/apdu.rs
index c57c11d8..48522488 100644
--- a/components/provisioner-app/src/apdu.rs
+++ b/components/provisioner-app/src/apdu.rs
@@ -2,7 +2,7 @@ use crate::{Error, Provisioner};
use apdu_app::{App, CommandView, Data, Interface, Result, Status};
use core::convert::{TryFrom, TryInto};
use iso7816::{Aid, Instruction};
-use trussed::{client, store::Store, types::LfsStorage, Client};
+use trussed::{client, store::Store, types::LfsStorage};
const SOLO_PROVISIONER_AID: &[u8] = &[0xA0, 0x00, 0x00, 0x08, 0x47, 0x01, 0x00, 0x00, 0x01];
@@ -34,7 +34,7 @@ impl<S, FS, T> iso7816::App for Provisioner<S, FS, T>
where
S: Store,
FS: 'static + LfsStorage,
- T: Client + client::X255 + client::HmacSha256,
+ T: client::CryptoClient,
{
fn aid(&self) -> Aid {
Aid::new(SOLO_PROVISIONER_AID)
@@ -45,7 +45,7 @@ impl<S, FS, T, const R: usize> App<R> for Provisioner<S, FS, T>
where
S: Store,
FS: 'static + LfsStorage,
- T: Client + client::X255 + client::HmacSha256,
+ T: client::CryptoClient,
{
fn select(
&mut self,
diff --git a/components/provisioner-app/src/ctaphid.rs b/components/provisioner-app/src/ctaphid.rs
index 0d791283..b7919e8e 100644
--- a/components/provisioner-app/src/ctaphid.rs
+++ b/components/provisioner-app/src/ctaphid.rs
@@ -1,19 +1,16 @@
use crate::{Instruction, Provisioner};
use core::convert::TryFrom;
-use ctaphid_dispatch::{
- app::App,
- command::{Command, VendorCommand},
- types::{Error, Message},
-};
-use trussed::{client, store::Store, types::LfsStorage, Client};
+use ctaphid_app::{App, Command, Error, VendorCommand};
+use heapless_bytes::Bytes;
+use trussed::{client, store::Store, types::LfsStorage};
const COMMAND_PROVISIONER: VendorCommand = VendorCommand::H71;
-impl<S, FS, T> App<'static> for Provisioner<S, FS, T>
+impl<S, FS, T, const N: usize> App<'_, N> for Provisioner<S, FS, T>
where
S: Store,
FS: 'static + LfsStorage,
- T: Client + client::X255 + client::HmacSha256,
+ T: client::CryptoClient,
{
fn commands(&self) -> &'static [Command] {
&[Command::Vendor(COMMAND_PROVISIONER)]
@@ -22,8 +19,8 @@ where
fn call(
&mut self,
command: Command,
- request: &Message,
- response: &mut Message,
+ request: &[u8],
+ response: &mut Bytes<N>,
) -> Result<(), Error> {
if command != Command::Vendor(COMMAND_PROVISIONER) {
return Err(Error::InvalidCommand);
diff --git a/components/provisioner-app/src/lib.rs b/components/provisioner-app/src/lib.rs
index 7856d3c7..3f93f1ad 100644
--- a/components/provisioner-app/src/lib.rs
+++ b/components/provisioner-app/src/lib.rs
@@ -29,7 +29,6 @@ use trussed::{
store::{self, Store},
syscall,
types::LfsStorage,
- Client,
};
const TESTER_FILENAME_ID: [u8; 2] = [0xe1, 0x01];
@@ -114,7 +113,7 @@ pub struct Provisioner<S, FS, T>
where
S: Store,
FS: 'static + LfsStorage,
- T: Client + client::X255 + client::HmacSha256,
+ T: client::CryptoClient,
{
trussed: T,
@@ -134,7 +133,7 @@ impl<S, FS, T> Provisioner<S, FS, T>
where
S: Store,
FS: 'static + LfsStorage,
- T: Client + client::X255 + client::HmacSha256,
+ T: client::CryptoClient,
{
pub fn new(
trussed: T,
diff --git a/runners/embedded/Cargo.toml b/runners/embedded/Cargo.toml
index 04947fef..593ac7ef 100644
--- a/runners/embedded/Cargo.toml
+++ b/runners/embedded/Cargo.toml
@@ -23,10 +23,10 @@ utils = { path = "../../components/utils", features = ["storage"] }
### protocols and dispatchers
apdu-dispatch = "0.3"
-ctaphid-dispatch = "0.1"
+ctaphid-dispatch = "0.2"
### trussed core
-trussed = "0.1"
+trussed = { version = "0.1", default-features = false }
interchange = "0.3"
### usb machinery
diff --git a/runners/embedded/src/bin/app-lpc.rs b/runners/embedded/src/bin/app-lpc.rs
index 8f46ff13..fec1ef84 100644
--- a/runners/embedded/src/bin/app-lpc.rs
+++ b/runners/embedded/src/bin/app-lpc.rs
@@ -24,7 +24,7 @@ mod app {
soc::lpc55::{self, monotonic::SystickMonotonic},
Apps, Trussed,
};
- use ctaphid_dispatch::dispatch::Dispatch as CtaphidDispatch;
+ use ctaphid_dispatch::Dispatch as CtaphidDispatch;
use embedded_runner_lib::nk3xn;
use lpc55_hal::{
drivers::timer::Elapsed,
diff --git a/runners/embedded/src/bin/app-nrf.rs b/runners/embedded/src/bin/app-nrf.rs
index b5db04de..1821b00b 100644
--- a/runners/embedded/src/bin/app-nrf.rs
+++ b/runners/embedded/src/bin/app-nrf.rs
@@ -15,7 +15,7 @@ mod app {
soc::nrf52::{self, rtic_monotonic::RtcDuration},
store, Apps, Trussed,
};
- use ctaphid_dispatch::dispatch::Dispatch as CtaphidDispatch;
+ use ctaphid_dispatch::Dispatch as CtaphidDispatch;
use interchange::Channel;
use nrf52840_hal::{gpiote::Gpiote, rng::Rng};
diff --git a/runners/nkpk/Cargo.toml b/runners/nkpk/Cargo.toml
index ed7aed7b..3910b7f8 100644
--- a/runners/nkpk/Cargo.toml
+++ b/runners/nkpk/Cargo.toml
@@ -11,7 +11,7 @@ apps = { path = "../../components/apps", features = ["nkpk"] }
boards = { path = "../../components/boards", features = ["board-nkpk"] }
cortex-m = { version = "0.7", features = ["critical-section-single-core"]}
cortex-m-rtic = "1.0"
-ctaphid-dispatch = "0.1"
+ctaphid-dispatch = "0.2"
delog = "0.1"
interchange = "0.3"
nrf52840-hal = "0.15.1"
diff --git a/runners/nkpk/src/main.rs b/runners/nkpk/src/main.rs
index 22fe4395..b69fbb9d 100644
--- a/runners/nkpk/src/main.rs
+++ b/runners/nkpk/src/main.rs
@@ -15,7 +15,7 @@ mod app {
soc::nrf52::{self, rtic_monotonic::RtcDuration},
store, Apps, Trussed,
};
- use ctaphid_dispatch::dispatch::Dispatch as CtaphidDispatch;
+ use ctaphid_dispatch::Dispatch as CtaphidDispatch;
use interchange::Channel;
use nrf52840_hal::{gpiote::Gpiote, rng::Rng};
use utils::Version;