Use trussed-core

Cargo.toml

@@ -24,15 +24,17 @@ name = "usbip"
 required-features = ["apdu-dispatch"]
 
 [dependencies]
+cbor-smol = "0.5"
 heapless = "0.7"
 heapless-bytes = "0.3"
 iso7816 = "0.1.3"
 littlefs2-core = "0.1"
 log = "0.4"
 serde = { version = "1.0", default-features = false }
 subtle = { version = "2.4.1", default-features = false }
-trussed = "0.1.0"
 trussed-chunked = "0.1.0"
+# TODO: only set RSA features if RSA is enabled?
+trussed-core = { version = "0.1.0-rc.1", features = ["aes256-cbc", "brainpoolp256r1", "brainpoolp384r1", "brainpoolp512r1", "chacha8-poly1305", "crypto-client", "ed255", "filesystem-client", "p256", "p384", "p521", "rsa2048", "rsa3072", "rsa4096", "secp256k1", "shared-secret", "ui-client", "x255"] }
 trussed-rsa-alloc = { version = "0.2.0", optional = true }
 trussed-wrap-key-to-file = "0.1.0"
 serde_repr = "0.1"
@@ -47,6 +49,7 @@ trussed-staging = { version = "0.3.0", features = ["chunked", "wrap-key-to-file"
 vpicc = { version = "0.1.0", optional = true }
 cfg-if = "1.0.0"
 bitflags = "2.5.0"
+trussed = { version = "0.1.0", default-features = false, optional = true }
 
 [dev-dependencies]
 apdu-dispatch = "0.3"
@@ -96,16 +99,15 @@ log-error = []
 
 [patch.crates-io]
 p256-cortex-m4 = { git = "https://github.com/Nitrokey/p256-cortex-m4", tag = "v0.1.0-alpha.6-nitrokey-1" }
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "316a96f66335eab8b4195e900cda1a768ed1b99e" }
-trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth.git", rev = "c030b82ad3441f337af09afe3a69e8a6da5785ea"}
-trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "chunked-v0.1.0" }
-trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" }
-trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", tag = "v0.2.0" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "53eba84d2cd0bcacc3a7096d4b7a2490dcf6f069" }
-trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "wrap-key-to-file-v0.1.0" }
-trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.5" }
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.18" }
-ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
+trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "fc53539536d7658c45a492585041742d8cdc45d0" }
+trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" }
+trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" }
+trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "743d9aaa3d8a17d7dbf492bd54dc18ab8fca3dc0" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" }
+trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "9355f700831c1a278c334f76382fbf98d82aedcd" }
+trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "60c58eb80685f72d80850b850800fc6a660fe50a" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "541d97a2e6493b6b8a45aeca751c851e3bc723b6" }
 
 [package.metadata.docs.rs]
 all-features = true

src/backend.rs

@@ -9,7 +9,7 @@
 
 use core::fmt::Debug;
 
-use trussed::try_syscall;
+use trussed_core::try_syscall;
 
 use crate::error::Error;
 

src/card.rs

@@ -6,9 +6,9 @@ use admin_app::{ResetSignal, ResetSignalAllocation};
 use bitflags::bitflags;
 use hex_literal::hex;
 use iso7816::Status;
-use trussed::types::Location;
 use trussed_auth::AuthClient;
 use trussed_chunked::ChunkedClient;
+use trussed_core::{types::Location, CryptoClient, FilesystemClient, UiClient};
 
 pub(crate) mod reply;
 
@@ -371,8 +371,20 @@ impl<'a, const R: usize, T: Client> LoadedContext<'a, R, T> {
 use trussed_wrap_key_to_file::WrapKeyToFileClient;
 
 /// Super trait with all trussed extensions required by opcard
-pub trait Client: trussed::Client + AuthClient + WrapKeyToFileClient + ChunkedClient {}
-impl<C: trussed::Client + WrapKeyToFileClient + AuthClient + ChunkedClient> Client for C {}
+pub trait Client:
+    CryptoClient + FilesystemClient + UiClient + AuthClient + WrapKeyToFileClient + ChunkedClient
+{
+}
+impl<
+        C: CryptoClient
+            + FilesystemClient
+            + UiClient
+            + WrapKeyToFileClient
+            + AuthClient
+            + ChunkedClient,
+    > Client for C
+{
+}
 
 #[cfg(test)]
 mod tests {

src/command.rs

@@ -18,9 +18,9 @@ use crate::state::{
 };
 use crate::tlv;
 use crate::types::*;
-use trussed::config::MAX_MESSAGE_LENGTH;
-use trussed::types::{Location, PathBuf};
-use trussed::{syscall, try_syscall};
+use trussed_core::config::MAX_MESSAGE_LENGTH;
+use trussed_core::types::{Location, PathBuf};
+use trussed_core::{syscall, try_syscall};
 
 #[derive(Debug, Eq, PartialEq)]
 pub enum Command {

src/command/data.rs

@@ -4,7 +4,7 @@
 use heapless_bytes::Bytes;
 use hex_literal::hex;
 use iso7816::Status;
-use trussed::{
+use trussed_core::{
     try_syscall,
     types::{KeyId, KeySerialization, Mechanism},
 };
@@ -1331,7 +1331,7 @@ mod tests {
 
     use super::*;
     use hex_literal::hex;
-    use trussed::types::Location;
+    use trussed_core::types::Location;
 
     #[test]
     fn tags() {

src/command/gen.rs

@@ -3,8 +3,8 @@
 
 use hex_literal::hex;
 use iso7816::Status;
-use trussed::try_syscall;
-use trussed::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes};
+use trussed_core::try_syscall;
+use trussed_core::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes};
 
 use crate::card::LoadedContext;
 use crate::state::KeyOrigin;

src/command/private_key_template.rs

@@ -2,8 +2,8 @@
 // SPDX-License-Identifier: LGPL-3.0-only
 
 use iso7816::Status;
-use trussed::try_syscall;
-use trussed::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes};
+use trussed_core::try_syscall;
+use trussed_core::types::{KeyId, KeySerialization, Location, Mechanism, StorageAttributes};
 
 use crate::card::LoadedContext;
 use crate::state::KeyOrigin;

src/command/pso.rs

@@ -3,9 +3,9 @@
 
 use iso7816::Status;
 
-use trussed::config::MAX_MESSAGE_LENGTH;
-use trussed::types::*;
-use trussed::{syscall, try_syscall};
+use trussed_core::config::MAX_MESSAGE_LENGTH;
+use trussed_core::types::*;
+use trussed_core::{syscall, try_syscall};
 
 use crate::card::LoadedContext;
 use crate::state::KeyRef;

src/state.rs

@@ -6,15 +6,15 @@ use core::mem::take;
 use heapless_bytes::Bytes;
 use hex_literal::hex;
 use iso7816::Status;
-use littlefs2_core::path;
+use littlefs2_core::{path, Path, PathBuf};
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
 use serde_repr::{Deserialize_repr, Serialize_repr};
 
-use trussed::api::reply::Metadata;
-use trussed::config::MAX_MESSAGE_LENGTH;
-use trussed::types::{KeyId, Location, Mechanism, Path, PathBuf, StorageAttributes};
-use trussed::{syscall, try_syscall};
 use trussed_chunked::utils::{write_all, EncryptionData};
+use trussed_core::api::reply::Metadata;
+use trussed_core::config::MAX_MESSAGE_LENGTH;
+use trussed_core::types::{KeyId, Location, Mechanism, Message, StorageAttributes};
+use trussed_core::{syscall, try_syscall};
 
 use crate::card::reply::Reply;
 use crate::command::{Password, PasswordMode};
@@ -782,7 +782,7 @@ impl Persistent {
     }
     pub fn load<T: crate::card::Client>(client: &mut T, storage: Location) -> Result<Self, Error> {
         if let Some(data) = load_if_exists(client, storage, &Self::path())? {
-            trussed::cbor_deserialize(&data).map_err(|_err| {
+            cbor_smol::cbor_deserialize(&data).map_err(|_err| {
                 error!("failed to deserialize persistent state: {_err}");
                 Error::Loading
             })
@@ -799,7 +799,8 @@ impl Persistent {
         client: &mut T,
         storage: Location,
     ) -> Result<(), Error> {
-        let msg = trussed::cbor_serialize_bytes(&self).map_err(|_err| {
+        let mut msg = Message::new();
+        cbor_smol::cbor_serialize_to(&self, &mut msg).map_err(|_err| {
             error!("Failed to serialize: {_err}");
             Error::Saving
         })?;

src/types.rs

@@ -3,8 +3,9 @@
 
 use hex_literal::hex;
 use iso7816::Status;
+use littlefs2_core::Path;
 use serde_repr::{Deserialize_repr, Serialize_repr};
-use trussed::types::{Mechanism, Path};
+use trussed_core::types::Mechanism;
 
 use crate::card::AllowedAlgorithms;
 use crate::error::Error;