Update to trussed-v0.2.0-rc.1

This commit is contained in:
Robin Krahl
2026-06-05 15:36:07 +02:00
parent faeb596778
commit 88950e05a9
6 changed files with 39 additions and 34 deletions
-4
View File
@@ -17,7 +17,3 @@ trussed-core = { version = "0.2", features = ["serde-extensions"] }
[patch.crates-io]
trussed-auth = { path = "extension" }
trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "0b65280d69be541b8771f7756139826332c7d674" }
admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "46f0c4fd9110b7ab68468c8070a5aa290e9654c7" }
apdu-app = { git = "https://github.com/trussed-dev/apdu-dispatch.git", branch = "release" }
+1 -1
View File
@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## Unreleased
-
- Update to `trussed` v0.2.0-rc.1
## [0.1.0][] - 2026-03-23
+5 -3
View File
@@ -14,6 +14,7 @@ repository.workspace = true
serde.workspace = true
trussed-core.workspace = true
cbor-smol = { version = "0.5", features = ["heapless-bytes-v0-5"] }
chacha20poly1305 = { version = "0.10.1", default-features = false, features = ["reduced-round"] }
hkdf = "0.12.3"
hmac = "0.12.1"
@@ -22,14 +23,15 @@ rand_core = "0.6.4"
serde-byte-array = "0.1.2"
sha2 = { version = "0.10.6", default-features = false }
subtle = { version = "2.4.1", default-features = false }
trussed = { version = "0.1.0", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions"] }
trussed = { version = "=0.2.0-rc.1", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions"] }
trussed-auth = "0.5"
[dev-dependencies]
admin-app = { version = "0.1.0", features = ["migration-tests"] }
admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.22", features = ["migration-tests"] }
heapless-bytes = "0.5"
hex-literal = "0.4.1"
quickcheck = { version = "1.0.3", default-features = false }
rand_core = { version = "0.6.4", default-features = false, features = ["getrandom"] }
serde_cbor = { version = "0.11.2", features = ["std"] }
serde_test = "1.0.176"
trussed = { version = "0.1.0", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions", "virt"] }
trussed = { version = "=0.2.0-rc.1", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions", "virt"] }
+12 -13
View File
@@ -5,17 +5,14 @@ use core::ops::Deref;
use chacha20poly1305::ChaCha8Poly1305;
use hmac::{Hmac, Mac};
use littlefs2_core::path;
use littlefs2_core::{path, Path};
use rand_core::{CryptoRng, RngCore};
use serde::{Deserialize, Serialize};
use serde_byte_array::ByteArray;
use sha2::{Digest as _, Sha256};
use subtle::ConstantTimeEq as _;
use trussed::{
platform::{CryptoRng, RngCore},
store::filestore::Filestore,
types::{Location, Path},
Bytes,
};
use trussed::store::Filestore;
use trussed_core::types::{Bytes, Location};
use super::Error;
use trussed_auth::{Pin, PinId, MAX_PIN_LENGTH};
@@ -223,14 +220,14 @@ impl PinData {
.read::<SIZE>(&path, location)
.map_err(|_| Error::ReadFailed)?;
let mut data: Self =
trussed::cbor_deserialize(&data).map_err(|_| Error::DeserializationFailed)?;
cbor_smol::cbor_deserialize(&data).map_err(|_| Error::DeserializationFailed)?;
data.id = id;
Ok(data)
}
pub fn save<S: Filestore>(&self, fs: &mut S, location: Location) -> Result<(), Error> {
let data = trussed::cbor_serialize_bytes::<_, SIZE>(self)
.map_err(|_| Error::SerializationFailed)?;
let mut data: Bytes<SIZE> = Bytes::new();
cbor_smol::cbor_serialize_to(self, &mut data).map_err(|_| Error::SerializationFailed)?;
fs.write(&self.id.path(), location, &data)
.map_err(|_| Error::WriteFailed)
}
@@ -520,7 +517,7 @@ pub(crate) fn get_app_salt<S: Filestore, R: CryptoRng + RngCore>(
pub(crate) fn delete_app_salt<S: Filestore>(
fs: &mut S,
location: Location,
) -> Result<(), trussed::Error> {
) -> Result<(), trussed_core::Error> {
if fs.exists(APP_SALT_PATH, location) {
fs.remove_file(APP_SALT_PATH, location)
} else {
@@ -573,7 +570,8 @@ mod tests {
salt: [u8::MAX; SALT_LEN].into(),
data: KeyOrHash::Hash([u8::MAX; HASH_LEN].into()),
};
let serialized = trussed::cbor_serialize_bytes::<_, 1024>(&data).unwrap();
let mut serialized: Bytes<1024> = Bytes::new();
cbor_smol::cbor_serialize_to(&data, &mut serialized).unwrap();
assert!(serialized.len() <= SIZE);
}
@@ -582,7 +580,8 @@ mod tests {
fn test_salt_size() {
// We allow one byte overhead for byte array serialization
let salt = Salt::from([u8::MAX; SALT_LEN]);
let serialized = trussed::cbor_serialize_bytes::<_, 1024>(&salt).unwrap();
let mut serialized: Bytes<1024> = Bytes::new();
cbor_smol::cbor_serialize_to(&salt, &mut serialized).unwrap();
assert!(serialized.len() <= SALT_LEN + 1, "{}", serialized.len());
}
+9 -7
View File
@@ -31,16 +31,18 @@ use rand_core::{CryptoRng, RngCore};
use sha2::Sha256;
use trussed::{
backend::Backend,
error::Result,
key::{Kind, Secrecy},
platform::Platform,
serde_extensions::ExtensionImpl,
service::{ClientFilestore, Keystore, ServiceResources},
store::{filestore::Filestore, Store},
types::{CoreContext, Location},
Bytes,
service::ServiceResources,
store::{ClientFilestore, Filestore, Keystore, Store},
types::CoreContext,
};
use trussed_auth::{reply, AuthExtension, AuthReply, AuthRequest};
use trussed_core::{
types::{Bytes, Location},
Result,
};
use data::{delete_app_salt, expand_app_key, get_app_salt, Key, PinData, Salt, KEY_LEN, SALT_LEN};
@@ -248,7 +250,7 @@ impl AuthBackend {
}
Ok(fs
.read_dir_first(path!(""), location, &trussed::api::NotBefore::None)?
.read_dir_first(path!(""), location, &trussed_core::types::NotBefore::None)?
.is_some())
}
}
@@ -440,7 +442,7 @@ enum Error {
BadPinType,
}
impl From<Error> for trussed::error::Error {
impl From<Error> for trussed_core::Error {
fn from(error: Error) -> Self {
match error {
Error::NotFound => Self::NoSuchKey,
+12 -6
View File
@@ -3,16 +3,19 @@
mod dispatch {
use trussed::{
api::{reply, request, Reply, Request},
backend::{Backend as _, BackendId},
error::Error,
platform::Platform,
serde_extensions::{ExtensionDispatch, ExtensionId, ExtensionImpl as _},
service::ServiceResources,
types::{Bytes, Context, Location},
types::Context,
};
use trussed_auth::AuthExtension;
use trussed_auth_backend::{AuthBackend, AuthContext, MAX_HW_KEY_LEN};
use trussed_core::{
api::{reply, request, Reply, Request},
types::{Bytes, Location},
Error,
};
pub const BACKENDS: &[BackendId<Backend>] =
&[BackendId::Custom(Backend::Auth), BackendId::Core];
@@ -134,13 +137,16 @@ use littlefs2_core::path;
use rand_core::{OsRng, RngCore as _};
use trussed::{
backend::BackendId,
client::{FilesystemClient, HmacSha256},
syscall, try_syscall,
types::{Bytes, Location, Message, PathBuf},
virt::{self, StoreConfig},
};
use trussed_auth::{AuthClient as _, PinId};
use trussed_auth_backend::MAX_HW_KEY_LEN;
use trussed_core::{
mechanisms::HmacSha256,
syscall, try_syscall,
types::{Bytes, Location, Message, PathBuf},
FilesystemClient,
};
use dispatch::{Backend, Dispatch, BACKENDS};