diff --git a/Cargo.toml b/Cargo.toml index 0dcb81a..f8f93cb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,10 +13,17 @@ repository = "https://github.com/trussed-dev/trussed-auth" [workspace.dependencies] serde = { version = "1", default-features = false } -trussed-core = { version = "0.1.0-rc.1", features = ["serde-extensions"] } +trussed-core = { version = "0.1.0", features = ["serde-extensions"] } [patch.crates-io] trussed-auth = { path = "extension" } -trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" } -admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.19" } +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "1e7b09a983dc8ae64a7ad8401ce541a9a77e5939" } +trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "1e7b09a983dc8ae64a7ad8401ce541a9a77e5939" } +admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "2b3f758016afbc56535d8a65f98a067d5a2d843e" } +littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" } +littlefs2-core = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" } +littlefs2-sys = { git = "https://github.com/trussed-dev/littlefs2-sys", rev = "v0.3.1-nitrokey.1" } +ctaphid-app = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "f11fdcbc62d06b8be23e6cbae21bcfefd52c0661" } +apdu-app = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "931c4269d1d293954fae2012d809e9663cd2cb7e" } +trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "eff09d1613641531630d962f81136f64f3dd2716" } diff --git a/backend/Cargo.toml b/backend/Cargo.toml index 20fcd60..30a1e72 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -32,4 +32,4 @@ quickcheck = { version = "1.0.3", default-features = false } rand_core = { version = "0.6.4", default-features = false, features = ["getrandom"] } serde_cbor = { version = "0.11.2", features = ["std"] } serde_test = "1.0.176" -trussed = { version = "0.1.0", default-features = false, features = ["clients-1", "crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions", "virt"] } +trussed = { version = "0.1.0", default-features = false, features = ["hmac-sha256", "serde-extensions", "virt"] } diff --git a/backend/src/data.rs b/backend/src/data.rs index b3886c8..2d8f7e2 100644 --- a/backend/src/data.rs +++ b/backend/src/data.rs @@ -543,7 +543,7 @@ fn create_app_salt( fn load_app_salt(fs: &mut S, location: Location) -> Result { fs.read(APP_SALT_PATH, location) .map_err(|_| Error::ReadFailed) - .and_then(|b: Bytes| (**b).try_into().map_err(|_| Error::ReadFailed)) + .and_then(|b: Bytes| (*b).try_into().map_err(|_| Error::ReadFailed)) } pub fn expand_app_key(salt: &Salt, application_key: &Key, info: &[u8]) -> Key { diff --git a/backend/src/lib.rs b/backend/src/lib.rs index 7b59adc..75e36c2 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -163,7 +163,7 @@ impl AuthBackend { .or(Err(Error::WriteFailed)) .and(Ok(salt)) }) - .and_then(|b| (**b).try_into().or(Err(Error::ReadFailed))) + .and_then(|b| (*b).try_into().or(Err(Error::ReadFailed))) } fn extract( @@ -172,7 +172,7 @@ impl AuthBackend { ikm: Option>, rng: &mut R, ) -> Result<&Hkdf, Error> { - let ikm: &[u8] = ikm.as_deref().map(|i| &**i).unwrap_or(&[]); + let ikm: &[u8] = ikm.as_deref().map(|i| &*i).unwrap_or(&[]); let salt = self.get_global_salt(global_fs, rng)?; let kdf = Hkdf::new(Some(&*salt), ikm); self.hw_key = HardwareKey::Extracted(kdf); diff --git a/backend/tests/backend.rs b/backend/tests/backend.rs index b788f59..9c36d60 100644 --- a/backend/tests/backend.rs +++ b/backend/tests/backend.rs @@ -214,8 +214,8 @@ fn random_pin() -> trussed_auth::Pin { #[test] fn basic() { run(BACKENDS, |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); let reply = syscall!(client.has_pin(Pin::User)); assert!(!reply.has_pin); @@ -258,8 +258,8 @@ fn basic() { #[test] fn basic_wrapped() { run(BACKENDS, |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); let reply = syscall!(client.has_pin(Pin::User)); assert!(!reply.has_pin); @@ -303,10 +303,10 @@ fn basic_wrapped() { fn hw_key_wrapped() { run_with_hw_key( BACKENDS, - Bytes::from_slice(b"Some HW ikm").unwrap(), + Bytes::try_from(b"Some HW ikm").unwrap(), |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); let reply = syscall!(client.has_pin(Pin::User)); assert!(!reply.has_pin); @@ -350,8 +350,8 @@ fn hw_key_wrapped() { #[test] fn missing_hw_key() { run_with_missing_hw_key(BACKENDS, |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); let reply = syscall!(client.has_pin(Pin::User)); assert!(!reply.has_pin); @@ -400,10 +400,10 @@ fn missing_hw_key() { fn pin_key() { run_with_hw_key( BACKENDS, - Bytes::from_slice(b"Some HW ikm").unwrap(), + Bytes::try_from(b"Some HW ikm").unwrap(), |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), true)); assert!(syscall!(client.get_pin_key(Pin::User, pin2.clone())) @@ -448,11 +448,11 @@ fn pin_key() { fn reset_pin_key() { run_with_hw_key( BACKENDS, - Bytes::from_slice(b"Some HW ikm").unwrap(), + Bytes::try_from(b"Some HW ikm").unwrap(), |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); - let pin3 = Bytes::from_slice(b"1234567890").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); + let pin3 = Bytes::try_from(b"1234567890").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), true)); assert!(syscall!(client.get_pin_key(Pin::User, pin2.clone())) @@ -499,8 +499,8 @@ fn reset_pin_key() { #[test] fn blocked_pin() { run(BACKENDS, |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), false)); @@ -520,8 +520,8 @@ fn blocked_pin() { #[test] fn set_blocked_pin() { run(BACKENDS, |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), Some(1), false)); let reply = syscall!(client.check_pin(Pin::User, pin1.clone())); @@ -541,7 +541,7 @@ fn set_blocked_pin() { fn empty_pin() { run(BACKENDS, |client| { let pin1 = Bytes::new(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), None, false)); let reply = syscall!(client.has_pin(Pin::User)); @@ -577,9 +577,9 @@ fn max_pin_length() { #[test] fn pin_retries() { run(BACKENDS, |client| { - let pin1 = Bytes::from_slice(b"12345678").unwrap(); - let pin2 = Bytes::from_slice(b"123456").unwrap(); - let pin3 = Bytes::from_slice(b"654321").unwrap(); + let pin1 = Bytes::try_from(b"12345678").unwrap(); + let pin2 = Bytes::try_from(b"123456").unwrap(); + let pin3 = Bytes::try_from(b"654321").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), false)); syscall!(client.set_pin(Pin::Admin, pin2.clone(), Some(5), false)); @@ -627,7 +627,7 @@ fn pin_retries() { #[test] fn delete_pin() { run(BACKENDS, |client| { - let pin = Bytes::from_slice(b"123456").unwrap(); + let pin = Bytes::try_from(b"123456").unwrap(); syscall!(client.set_pin(Pin::User, pin.clone(), None, false)); let reply = syscall!(client.has_pin(Pin::User)); @@ -647,8 +647,8 @@ fn delete_pin() { #[test] fn delete_all_pins() { run(BACKENDS, |client| { - let pin1 = Bytes::from_slice(b"123456").unwrap(); - let pin2 = Bytes::from_slice(b"12345678").unwrap(); + let pin1 = Bytes::try_from(b"123456").unwrap(); + let pin2 = Bytes::try_from(b"12345678").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), None, false)); syscall!(client.set_pin(Pin::Admin, pin2.clone(), None, false)); @@ -686,8 +686,8 @@ fn delete_all_pins() { #[test] fn reset_application_key() { run(BACKENDS, |client| { - let info1 = Message::from_slice(b"test1").unwrap(); - let info2 = Message::from_slice(b"test2").unwrap(); + let info1 = Message::try_from(b"test1").unwrap(); + let info2 = Message::try_from(b"test2").unwrap(); let app_key1 = syscall!(client.get_application_key(info1.clone())).key; let app_key2 = syscall!(client.get_application_key(info2)).key; let mac1 = syscall!(client.sign_hmacsha256(app_key1, b"Some data")).signature; @@ -722,8 +722,8 @@ fn reset_application_key() { fn reset_auth_data() { run(BACKENDS, |client| { /* ------- APP KEYS ------- */ - let info1 = Message::from_slice(b"test1").unwrap(); - let info2 = Message::from_slice(b"test2").unwrap(); + let info1 = Message::try_from(b"test1").unwrap(); + let info2 = Message::try_from(b"test2").unwrap(); let app_key1 = syscall!(client.get_application_key(info1.clone())).key; let app_key2 = syscall!(client.get_application_key(info2)).key; let mac1 = syscall!(client.sign_hmacsha256(app_key1, b"Some data")).signature; @@ -737,8 +737,8 @@ fn reset_auth_data() { assert_eq!(mac1, mac1_again); /* ------- PINS ------- */ - let pin1 = Bytes::from_slice(b"123456").unwrap(); - let pin2 = Bytes::from_slice(b"12345678").unwrap(); + let pin1 = Bytes::try_from(b"123456").unwrap(); + let pin2 = Bytes::try_from(b"12345678").unwrap(); syscall!(client.set_pin(Pin::User, pin1.clone(), None, false)); syscall!(client.set_pin(Pin::Admin, pin2.clone(), None, false)); diff --git a/extension/Cargo.toml b/extension/Cargo.toml index 0cd1e9f..f78e822 100644 --- a/extension/Cargo.toml +++ b/extension/Cargo.toml @@ -15,4 +15,4 @@ serde.workspace = true trussed-core.workspace = true [dev-dependencies] -heapless-bytes = "0.3" +heapless-bytes = "0.5" diff --git a/extension/src/lib.rs b/extension/src/lib.rs index cda19f3..33b6f66 100644 --- a/extension/src/lib.rs +++ b/extension/src/lib.rs @@ -47,7 +47,7 @@ //! // PIN is set but not provided //! return false; //! }; -//! let Ok(pin) = Bytes::from_slice(pin) else { +//! let Ok(pin) = Bytes::try_from(pin) else { //! // provided PIN is too long //! return false; //! };