From 97c21ee5e50cbfdc3dc2449f72ff0b6655f11336 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 20 Dec 2024 11:31:15 +0100 Subject: [PATCH] Use trussed-core --- Cargo.toml | 24 +++++++++++++----------- src/backend.rs | 2 +- src/card.rs | 18 +++++++++++++++--- src/command.rs | 6 +++--- src/command/data.rs | 4 ++-- src/command/gen.rs | 4 ++-- src/command/private_key_template.rs | 4 ++-- src/command/pso.rs | 6 +++--- src/state.rs | 15 ++++++++------- src/types.rs | 3 ++- 10 files changed, 51 insertions(+), 35 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e75fb419..4d47e09b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,6 +24,7 @@ name = "usbip" required-features = ["apdu-dispatch"] [dependencies] +cbor-smol = "0.5" heapless = "0.7" heapless-bytes = "0.3" iso7816 = "0.1.3" @@ -31,8 +32,9 @@ littlefs2-core = "0.1" log = "0.4" serde = { version = "1.0", default-features = false } subtle = { version = "2.4.1", default-features = false } -trussed = "0.1.0" trussed-chunked = "0.1.0" +# TODO: only set RSA features if RSA is enabled? +trussed-core = { version = "0.1.0-rc.1", features = ["aes256-cbc", "brainpoolp256r1", "brainpoolp384r1", "brainpoolp512r1", "chacha8-poly1305", "crypto-client", "ed255", "filesystem-client", "p256", "p384", "p521", "rsa2048", "rsa3072", "rsa4096", "secp256k1", "shared-secret", "ui-client", "x255"] } trussed-rsa-alloc = { version = "0.2.0", optional = true } trussed-wrap-key-to-file = "0.1.0" serde_repr = "0.1" @@ -47,6 +49,7 @@ trussed-staging = { version = "0.3.0", features = ["chunked", "wrap-key-to-file" vpicc = { version = "0.1.0", optional = true } cfg-if = "1.0.0" bitflags = "2.5.0" +trussed = { version = "0.1.0", default-features = false, optional = true } [dev-dependencies] apdu-dispatch = "0.3" @@ -96,16 +99,15 @@ log-error = [] [patch.crates-io] p256-cortex-m4 = { git = "https://github.com/Nitrokey/p256-cortex-m4", tag = "v0.1.0-alpha.6-nitrokey-1" } -trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "316a96f66335eab8b4195e900cda1a768ed1b99e" } -trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth.git", rev = "c030b82ad3441f337af09afe3a69e8a6da5785ea"} -trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "chunked-v0.1.0" } -trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" } -trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", tag = "v0.2.0" } -trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069" } -trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "wrap-key-to-file-v0.1.0" } -trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.5" } -admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.18" } -ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" } +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" } +trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "fc53539536d7658c45a492585041742d8cdc45d0" } +trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "743d9aaa3d8a17d7dbf492bd54dc18ab8fca3dc0" } +trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" } +trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "60c58eb80685f72d80850b850800fc6a660fe50a" } +admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "541d97a2e6493b6b8a45aeca751c851e3bc723b6" } [package.metadata.docs.rs] all-features = true diff --git a/src/backend.rs b/src/backend.rs index 8e6ff15d..a4811e6a 100644 --- a/src/backend.rs +++ b/src/backend.rs @@ -9,7 +9,7 @@ use core::fmt::Debug; -use trussed::try_syscall; +use trussed_core::try_syscall; use crate::error::Error; diff --git a/src/card.rs b/src/card.rs index fa8051a7..1cf08695 100644 --- a/src/card.rs +++ b/src/card.rs @@ -6,9 +6,9 @@ use admin_app::{ResetSignal, ResetSignalAllocation}; use bitflags::bitflags; use hex_literal::hex; use iso7816::Status; -use trussed::types::Location; use trussed_auth::AuthClient; use trussed_chunked::ChunkedClient; +use trussed_core::{types::Location, CryptoClient, FilesystemClient, UiClient}; pub(crate) mod reply; @@ -371,8 +371,20 @@ impl<'a, const R: usize, T: Client> LoadedContext<'a, R, T> { use trussed_wrap_key_to_file::WrapKeyToFileClient; /// Super trait with all trussed extensions required by opcard -pub trait Client: trussed::Client + AuthClient + WrapKeyToFileClient + ChunkedClient {} -impl Client for C {} +pub trait Client: + CryptoClient + FilesystemClient + UiClient + AuthClient + WrapKeyToFileClient + ChunkedClient +{ +} +impl< + C: CryptoClient + + FilesystemClient + + UiClient + + WrapKeyToFileClient + + AuthClient + + ChunkedClient, + > Client for C +{ +} #[cfg(test)] mod tests { diff --git a/src/command.rs b/src/command.rs index ac35977e..451fbbd1 100644 --- a/src/command.rs +++ b/src/command.rs @@ -18,9 +18,9 @@ use crate::state::{ }; use crate::tlv; use crate::types::*; -use trussed::config::MAX_MESSAGE_LENGTH; -use trussed::types::{Location, PathBuf}; -use trussed::{syscall, try_syscall}; +use trussed_core::config::MAX_MESSAGE_LENGTH; +use trussed_core::types::{Location, PathBuf}; +use trussed_core::{syscall, try_syscall}; #[derive(Debug, Eq, PartialEq)] pub enum Command { diff --git a/src/command/data.rs b/src/command/data.rs index c6fc095d..43d83b66 100644 --- a/src/command/data.rs +++ b/src/command/data.rs @@ -4,7 +4,7 @@ use heapless_bytes::Bytes; use hex_literal::hex; use iso7816::Status; -use trussed::{ +use trussed_core::{ try_syscall, types::{KeyId, KeySerialization, Mechanism}, }; @@ -1331,7 +1331,7 @@ mod tests { use super::*; use hex_literal::hex; - use trussed::types::Location; + use trussed_core::types::Location; #[test] fn tags() { diff --git a/src/command/gen.rs b/src/command/gen.rs index a7c02bb3..22c1274e 100644 --- a/src/command/gen.rs +++ b/src/command/gen.rs @@ -3,8 +3,8 @@ use hex_literal::hex; use iso7816::Status; -use trussed::try_syscall; -use trussed::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes}; +use trussed_core::try_syscall; +use trussed_core::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes}; use crate::card::LoadedContext; use crate::state::KeyOrigin; diff --git a/src/command/private_key_template.rs b/src/command/private_key_template.rs index 92be9311..186258ca 100644 --- a/src/command/private_key_template.rs +++ b/src/command/private_key_template.rs @@ -2,8 +2,8 @@ // SPDX-License-Identifier: LGPL-3.0-only use iso7816::Status; -use trussed::try_syscall; -use trussed::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes}; +use trussed_core::try_syscall; +use trussed_core::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes}; use crate::card::LoadedContext; use crate::state::KeyOrigin; diff --git a/src/command/pso.rs b/src/command/pso.rs index 247d2c57..2ff31ea2 100644 --- a/src/command/pso.rs +++ b/src/command/pso.rs @@ -3,9 +3,9 @@ use iso7816::Status; -use trussed::config::MAX_MESSAGE_LENGTH; -use trussed::types::*; -use trussed::{syscall, try_syscall}; +use trussed_core::config::MAX_MESSAGE_LENGTH; +use trussed_core::types::*; +use trussed_core::{syscall, try_syscall}; use crate::card::LoadedContext; use crate::state::KeyRef; diff --git a/src/state.rs b/src/state.rs index 6894dd5d..f230678b 100644 --- a/src/state.rs +++ b/src/state.rs @@ -6,15 +6,15 @@ use core::mem::take; use heapless_bytes::Bytes; use hex_literal::hex; use iso7816::Status; -use littlefs2_core::path; +use littlefs2_core::{path, Path, PathBuf}; use serde::{Deserialize, Deserializer, Serialize, Serializer}; use serde_repr::{Deserialize_repr, Serialize_repr}; -use trussed::api::reply::Metadata; -use trussed::config::MAX_MESSAGE_LENGTH; -use trussed::types::{KeyId, Location, Mechanism, Path, PathBuf, StorageAttributes}; -use trussed::{syscall, try_syscall}; use trussed_chunked::utils::{write_all, EncryptionData}; +use trussed_core::api::reply::Metadata; +use trussed_core::config::MAX_MESSAGE_LENGTH; +use trussed_core::types::{KeyId, Location, Mechanism, Message, StorageAttributes}; +use trussed_core::{syscall, try_syscall}; use crate::card::reply::Reply; use crate::command::{Password, PasswordMode}; @@ -782,7 +782,7 @@ impl Persistent { } pub fn load(client: &mut T, storage: Location) -> Result { if let Some(data) = load_if_exists(client, storage, &Self::path())? { - trussed::cbor_deserialize(&data).map_err(|_err| { + cbor_smol::cbor_deserialize(&data).map_err(|_err| { error!("failed to deserialize persistent state: {_err}"); Error::Loading }) @@ -799,7 +799,8 @@ impl Persistent { client: &mut T, storage: Location, ) -> Result<(), Error> { - let msg = trussed::cbor_serialize_bytes(&self).map_err(|_err| { + let mut msg = Message::new(); + cbor_smol::cbor_serialize_to(&self, &mut msg).map_err(|_err| { error!("Failed to serialize: {_err}"); Error::Saving })?; diff --git a/src/types.rs b/src/types.rs index 6bcfafdd..b1f7bb02 100644 --- a/src/types.rs +++ b/src/types.rs @@ -3,8 +3,9 @@ use hex_literal::hex; use iso7816::Status; +use littlefs2_core::Path; use serde_repr::{Deserialize_repr, Serialize_repr}; -use trussed::types::{Mechanism, Path}; +use trussed_core::types::Mechanism; use crate::card::AllowedAlgorithms; use crate::error::Error;