From 88950e05a91f2bbdad3ba4ff2e7df68ff93dd91e Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 5 Jun 2026 15:36:07 +0200 Subject: [PATCH] Update to trussed-v0.2.0-rc.1 --- Cargo.toml | 4 ---- backend/CHANGELOG.md | 2 +- backend/Cargo.toml | 8 +++++--- backend/src/data.rs | 25 ++++++++++++------------- backend/src/lib.rs | 16 +++++++++------- backend/tests/backend.rs | 18 ++++++++++++------ 6 files changed, 39 insertions(+), 34 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e13db97..93ef87d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,7 +17,3 @@ trussed-core = { version = "0.2", features = ["serde-extensions"] } [patch.crates-io] trussed-auth = { path = "extension" } - -trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "0b65280d69be541b8771f7756139826332c7d674" } -admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "46f0c4fd9110b7ab68468c8070a5aa290e9654c7" } -apdu-app = { git = "https://github.com/trussed-dev/apdu-dispatch.git", branch = "release" } diff --git a/backend/CHANGELOG.md b/backend/CHANGELOG.md index 0e3d6d5..7afab03 100644 --- a/backend/CHANGELOG.md +++ b/backend/CHANGELOG.md @@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased -- +- Update to `trussed` v0.2.0-rc.1 ## [0.1.0][] - 2026-03-23 diff --git a/backend/Cargo.toml b/backend/Cargo.toml index c76c8ad..30d7d8f 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -14,6 +14,7 @@ repository.workspace = true serde.workspace = true trussed-core.workspace = true +cbor-smol = { version = "0.5", features = ["heapless-bytes-v0-5"] } chacha20poly1305 = { version = "0.10.1", default-features = false, features = ["reduced-round"] } hkdf = "0.12.3" hmac = "0.12.1" @@ -22,14 +23,15 @@ rand_core = "0.6.4" serde-byte-array = "0.1.2" sha2 = { version = "0.10.6", default-features = false } subtle = { version = "2.4.1", default-features = false } -trussed = { version = "0.1.0", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions"] } +trussed = { version = "=0.2.0-rc.1", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions"] } trussed-auth = "0.5" [dev-dependencies] -admin-app = { version = "0.1.0", features = ["migration-tests"] } +admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.22", features = ["migration-tests"] } +heapless-bytes = "0.5" hex-literal = "0.4.1" quickcheck = { version = "1.0.3", default-features = false } rand_core = { version = "0.6.4", default-features = false, features = ["getrandom"] } serde_cbor = { version = "0.11.2", features = ["std"] } serde_test = "1.0.176" -trussed = { version = "0.1.0", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions", "virt"] } +trussed = { version = "=0.2.0-rc.1", default-features = false, features = ["crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions", "virt"] } diff --git a/backend/src/data.rs b/backend/src/data.rs index 2d8f7e2..361acbf 100644 --- a/backend/src/data.rs +++ b/backend/src/data.rs @@ -5,17 +5,14 @@ use core::ops::Deref; use chacha20poly1305::ChaCha8Poly1305; use hmac::{Hmac, Mac}; -use littlefs2_core::path; +use littlefs2_core::{path, Path}; +use rand_core::{CryptoRng, RngCore}; use serde::{Deserialize, Serialize}; use serde_byte_array::ByteArray; use sha2::{Digest as _, Sha256}; use subtle::ConstantTimeEq as _; -use trussed::{ - platform::{CryptoRng, RngCore}, - store::filestore::Filestore, - types::{Location, Path}, - Bytes, -}; +use trussed::store::Filestore; +use trussed_core::types::{Bytes, Location}; use super::Error; use trussed_auth::{Pin, PinId, MAX_PIN_LENGTH}; @@ -223,14 +220,14 @@ impl PinData { .read::(&path, location) .map_err(|_| Error::ReadFailed)?; let mut data: Self = - trussed::cbor_deserialize(&data).map_err(|_| Error::DeserializationFailed)?; + cbor_smol::cbor_deserialize(&data).map_err(|_| Error::DeserializationFailed)?; data.id = id; Ok(data) } pub fn save(&self, fs: &mut S, location: Location) -> Result<(), Error> { - let data = trussed::cbor_serialize_bytes::<_, SIZE>(self) - .map_err(|_| Error::SerializationFailed)?; + let mut data: Bytes = Bytes::new(); + cbor_smol::cbor_serialize_to(self, &mut data).map_err(|_| Error::SerializationFailed)?; fs.write(&self.id.path(), location, &data) .map_err(|_| Error::WriteFailed) } @@ -520,7 +517,7 @@ pub(crate) fn get_app_salt( pub(crate) fn delete_app_salt( fs: &mut S, location: Location, -) -> Result<(), trussed::Error> { +) -> Result<(), trussed_core::Error> { if fs.exists(APP_SALT_PATH, location) { fs.remove_file(APP_SALT_PATH, location) } else { @@ -573,7 +570,8 @@ mod tests { salt: [u8::MAX; SALT_LEN].into(), data: KeyOrHash::Hash([u8::MAX; HASH_LEN].into()), }; - let serialized = trussed::cbor_serialize_bytes::<_, 1024>(&data).unwrap(); + let mut serialized: Bytes<1024> = Bytes::new(); + cbor_smol::cbor_serialize_to(&data, &mut serialized).unwrap(); assert!(serialized.len() <= SIZE); } @@ -582,7 +580,8 @@ mod tests { fn test_salt_size() { // We allow one byte overhead for byte array serialization let salt = Salt::from([u8::MAX; SALT_LEN]); - let serialized = trussed::cbor_serialize_bytes::<_, 1024>(&salt).unwrap(); + let mut serialized: Bytes<1024> = Bytes::new(); + cbor_smol::cbor_serialize_to(&salt, &mut serialized).unwrap(); assert!(serialized.len() <= SALT_LEN + 1, "{}", serialized.len()); } diff --git a/backend/src/lib.rs b/backend/src/lib.rs index ef70b1c..fff7a9a 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -31,16 +31,18 @@ use rand_core::{CryptoRng, RngCore}; use sha2::Sha256; use trussed::{ backend::Backend, - error::Result, key::{Kind, Secrecy}, platform::Platform, serde_extensions::ExtensionImpl, - service::{ClientFilestore, Keystore, ServiceResources}, - store::{filestore::Filestore, Store}, - types::{CoreContext, Location}, - Bytes, + service::ServiceResources, + store::{ClientFilestore, Filestore, Keystore, Store}, + types::CoreContext, }; use trussed_auth::{reply, AuthExtension, AuthReply, AuthRequest}; +use trussed_core::{ + types::{Bytes, Location}, + Result, +}; use data::{delete_app_salt, expand_app_key, get_app_salt, Key, PinData, Salt, KEY_LEN, SALT_LEN}; @@ -248,7 +250,7 @@ impl AuthBackend { } Ok(fs - .read_dir_first(path!(""), location, &trussed::api::NotBefore::None)? + .read_dir_first(path!(""), location, &trussed_core::types::NotBefore::None)? .is_some()) } } @@ -440,7 +442,7 @@ enum Error { BadPinType, } -impl From for trussed::error::Error { +impl From for trussed_core::Error { fn from(error: Error) -> Self { match error { Error::NotFound => Self::NoSuchKey, diff --git a/backend/tests/backend.rs b/backend/tests/backend.rs index 4b78957..05e85db 100644 --- a/backend/tests/backend.rs +++ b/backend/tests/backend.rs @@ -3,16 +3,19 @@ mod dispatch { use trussed::{ - api::{reply, request, Reply, Request}, backend::{Backend as _, BackendId}, - error::Error, platform::Platform, serde_extensions::{ExtensionDispatch, ExtensionId, ExtensionImpl as _}, service::ServiceResources, - types::{Bytes, Context, Location}, + types::Context, }; use trussed_auth::AuthExtension; use trussed_auth_backend::{AuthBackend, AuthContext, MAX_HW_KEY_LEN}; + use trussed_core::{ + api::{reply, request, Reply, Request}, + types::{Bytes, Location}, + Error, + }; pub const BACKENDS: &[BackendId] = &[BackendId::Custom(Backend::Auth), BackendId::Core]; @@ -134,13 +137,16 @@ use littlefs2_core::path; use rand_core::{OsRng, RngCore as _}; use trussed::{ backend::BackendId, - client::{FilesystemClient, HmacSha256}, - syscall, try_syscall, - types::{Bytes, Location, Message, PathBuf}, virt::{self, StoreConfig}, }; use trussed_auth::{AuthClient as _, PinId}; use trussed_auth_backend::MAX_HW_KEY_LEN; +use trussed_core::{ + mechanisms::HmacSha256, + syscall, try_syscall, + types::{Bytes, Location, Message, PathBuf}, + FilesystemClient, +}; use dispatch::{Backend, Dispatch, BACKENDS};