The HkdfExtension was previously maintained in a separate repository and
together with a custom backend. Every additional backend adds some
overhead, both in the firmware and for maintenance. Therefore this
patch moves the trussed-hkdf crate with the HkdfExtension as an
extension into this repository and implements it for the StagingBackend,
replacing the HkdfBackend.
This patch also releases trussed-hkdf v0.2.0 and trussed-staging v0.3.0.
Fixes: https://github.com/Nitrokey/trussed-hkdf-backend/issues/6
For some reason, the manage extension is implemented by default by the
trussed-staging backend while the chunked and wrap-key-to-file
extensions have to be specified explicitly. For consistency and to
avoid activating features we don’t need, this patch removes the manage
feature from the default features.
This patch releases v0.2.0 of the trussed-staging backend and v0.1.0 of
the new extension crates trussed-chunked, trussed-manage and
trussed-wrap-key-to-file.
This patch always enables the syscalls that previously were behind the
encrypted-chunked feature. This makes sure that enabling the feature in
one crate does not break another crate that also depends on
trussed-chunked. In practice, the feature is always enabled anyway so
separating the encrypted syscalls does not bring any benefits.
Fixes: https://github.com/trussed-dev/trussed-staging/issues/20
Previously, this repository contained one crate with all extension
definitions and the backend implementation. This is problematic if
semantic versioning is used as a breaking change in the backend or in a
single extension would also affect all users of any other extension.
This patch moves the extensions into separate crates that can be
versioned independently so that clients only have to depend on the
extension crates they really need.
Fixes: https://github.com/trussed-dev/trussed-staging/issues/3
Sosthène Guédon
Robin Krahl
sosthene-nitrokey