Update to healpess v0.9

Author: sosthene-nitrokey

Cargo.toml

@@ -13,10 +13,23 @@ repository = "https://github.com/trussed-dev/trussed-auth"
 
 [workspace.dependencies]
 serde = { version = "1", default-features = false }
-trussed-core = { version = "0.1.0-rc.1", features = ["serde-extensions"] }
+trussed-core = { version = "0.1.0", features = ["serde-extensions"] }
 
 [patch.crates-io]
 trussed-auth = { path = "extension" }
 
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.19" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "e6bb61a716a3575b3e5d9869a0e1bb1740fe9969" }
+trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "e6bb61a716a3575b3e5d9869a0e1bb1740fe9969" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "2b3f758016afbc56535d8a65f98a067d5a2d843e" }
+heapless-bytes = { git = "https://github.com/trussed-dev/heapless-bytes.git", rev = "038106af58d65dfd34d5e9b6379191bfc842530b" }
+cosey = { git = "https://github.com/trussed-dev/cosey.git", branch = "heapless-bytes-0.5" }
+littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", branch = "update-heapless" }
+littlefs2-core = { git = "https://github.com/trussed-dev/littlefs2.git", branch = "update-heapless" }
+littlefs2-sys = { git = "https://github.com/trussed-dev/littlefs2-sys", rev = "v0.3.1-nitrokey.1" }
+flexiber = { git = "https://github.com/trussed-dev/flexiber.git", branch = "heapless-090" }
+iso7816 = { git = "https://github.com/trussed-dev/iso7816.git", branch = "heapless-09" }
+# cbor-smol = { git = "https://github.com/trussed-dev/cbor-smol.git", branch = "heapless-0.9" }
+cbor-smol = { git = "https://github.com/trussed-dev/cbor-smol.git", branch = "heapless-0.9" }
+ctaphid-app = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", branch = "heapless-0.9" }
+apdu-app = { git = "https://github.com/trussed-dev/apdu-dispatch.git", branch = "heapless-09" }
+trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", branch = "heapless-09" }

backend/Cargo.toml

@@ -32,4 +32,4 @@ quickcheck = { version = "1.0.3", default-features = false }
 rand_core = { version = "0.6.4", default-features = false, features = ["getrandom"] }
 serde_cbor = { version = "0.11.2", features = ["std"] }
 serde_test = "1.0.176"
-trussed = { version = "0.1.0", default-features = false, features = ["clients-1", "crypto-client", "filesystem-client", "hmac-sha256", "serde-extensions", "virt"] }
+trussed = { version = "0.1.0", default-features = false, features = ["hmac-sha256", "serde-extensions", "virt"] }

backend/src/data.rs

@@ -543,7 +543,7 @@ fn create_app_salt<S: Filestore, R: CryptoRng + RngCore>(
 fn load_app_salt<S: Filestore>(fs: &mut S, location: Location) -> Result<Salt, Error> {
     fs.read(APP_SALT_PATH, location)
         .map_err(|_| Error::ReadFailed)
-        .and_then(|b: Bytes<SALT_LEN>| (**b).try_into().map_err(|_| Error::ReadFailed))
+        .and_then(|b: Bytes<SALT_LEN>| (*b).try_into().map_err(|_| Error::ReadFailed))
 }
 
 pub fn expand_app_key(salt: &Salt, application_key: &Key, info: &[u8]) -> Key {

backend/src/lib.rs

@@ -163,7 +163,7 @@ impl AuthBackend {
                     .or(Err(Error::WriteFailed))
                     .and(Ok(salt))
             })
-            .and_then(|b| (**b).try_into().or(Err(Error::ReadFailed)))
+            .and_then(|b| (*b).try_into().or(Err(Error::ReadFailed)))
     }
 
     fn extract<R: CryptoRng + RngCore>(
@@ -172,7 +172,7 @@ impl AuthBackend {
         ikm: Option<Bytes<MAX_HW_KEY_LEN>>,
         rng: &mut R,
     ) -> Result<&Hkdf<Sha256>, Error> {
-        let ikm: &[u8] = ikm.as_deref().map(|i| &**i).unwrap_or(&[]);
+        let ikm: &[u8] = ikm.as_deref().map(|i| &*i).unwrap_or(&[]);
         let salt = self.get_global_salt(global_fs, rng)?;
         let kdf = Hkdf::new(Some(&*salt), ikm);
         self.hw_key = HardwareKey::Extracted(kdf);

backend/tests/backend.rs

@@ -214,8 +214,8 @@ fn random_pin() -> trussed_auth::Pin {
 #[test]
 fn basic() {
     run(BACKENDS, |client| {
-        let pin1 = Bytes::from_slice(b"12345678").unwrap();
-        let pin2 = Bytes::from_slice(b"123456").unwrap();
+        let pin1 = Bytes::try_from(b"12345678").unwrap();
+        let pin2 = Bytes::try_from(b"123456").unwrap();
 
         let reply = syscall!(client.has_pin(Pin::User));
         assert!(!reply.has_pin);
@@ -258,8 +258,8 @@ fn basic() {
 #[test]
 fn basic_wrapped() {
     run(BACKENDS, |client| {
-        let pin1 = Bytes::from_slice(b"12345678").unwrap();
-        let pin2 = Bytes::from_slice(b"123456").unwrap();
+        let pin1 = Bytes::try_from(b"12345678").unwrap();
+        let pin2 = Bytes::try_from(b"123456").unwrap();
 
         let reply = syscall!(client.has_pin(Pin::User));
         assert!(!reply.has_pin);
@@ -303,10 +303,10 @@ fn basic_wrapped() {
 fn hw_key_wrapped() {
     run_with_hw_key(
         BACKENDS,
-        Bytes::from_slice(b"Some HW ikm").unwrap(),
+        Bytes::try_from(b"Some HW ikm").unwrap(),
         |client| {
-            let pin1 = Bytes::from_slice(b"12345678").unwrap();
-            let pin2 = Bytes::from_slice(b"123456").unwrap();
+            let pin1 = Bytes::try_from(b"12345678").unwrap();
+            let pin2 = Bytes::try_from(b"123456").unwrap();
 
             let reply = syscall!(client.has_pin(Pin::User));
             assert!(!reply.has_pin);
@@ -350,8 +350,8 @@ fn hw_key_wrapped() {
 #[test]
 fn missing_hw_key() {
     run_with_missing_hw_key(BACKENDS, |client| {
-        let pin1 = Bytes::from_slice(b"12345678").unwrap();
-        let pin2 = Bytes::from_slice(b"123456").unwrap();
+        let pin1 = Bytes::try_from(b"12345678").unwrap();
+        let pin2 = Bytes::try_from(b"123456").unwrap();
 
         let reply = syscall!(client.has_pin(Pin::User));
         assert!(!reply.has_pin);
@@ -400,10 +400,10 @@ fn missing_hw_key() {
 fn pin_key() {
     run_with_hw_key(
         BACKENDS,
-        Bytes::from_slice(b"Some HW ikm").unwrap(),
+        Bytes::try_from(b"Some HW ikm").unwrap(),
         |client| {
-            let pin1 = Bytes::from_slice(b"12345678").unwrap();
-            let pin2 = Bytes::from_slice(b"123456").unwrap();
+            let pin1 = Bytes::try_from(b"12345678").unwrap();
+            let pin2 = Bytes::try_from(b"123456").unwrap();
 
             syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), true));
             assert!(syscall!(client.get_pin_key(Pin::User, pin2.clone()))
@@ -448,11 +448,11 @@ fn pin_key() {
 fn reset_pin_key() {
     run_with_hw_key(
         BACKENDS,
-        Bytes::from_slice(b"Some HW ikm").unwrap(),
+        Bytes::try_from(b"Some HW ikm").unwrap(),
         |client| {
-            let pin1 = Bytes::from_slice(b"12345678").unwrap();
-            let pin2 = Bytes::from_slice(b"123456").unwrap();
-            let pin3 = Bytes::from_slice(b"1234567890").unwrap();
+            let pin1 = Bytes::try_from(b"12345678").unwrap();
+            let pin2 = Bytes::try_from(b"123456").unwrap();
+            let pin3 = Bytes::try_from(b"1234567890").unwrap();
 
             syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), true));
             assert!(syscall!(client.get_pin_key(Pin::User, pin2.clone()))
@@ -499,8 +499,8 @@ fn reset_pin_key() {
 #[test]
 fn blocked_pin() {
     run(BACKENDS, |client| {
-        let pin1 = Bytes::from_slice(b"12345678").unwrap();
-        let pin2 = Bytes::from_slice(b"123456").unwrap();
+        let pin1 = Bytes::try_from(b"12345678").unwrap();
+        let pin2 = Bytes::try_from(b"123456").unwrap();
 
         syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), false));
 
@@ -520,8 +520,8 @@ fn blocked_pin() {
 #[test]
 fn set_blocked_pin() {
     run(BACKENDS, |client| {
-        let pin1 = Bytes::from_slice(b"12345678").unwrap();
-        let pin2 = Bytes::from_slice(b"123456").unwrap();
+        let pin1 = Bytes::try_from(b"12345678").unwrap();
+        let pin2 = Bytes::try_from(b"123456").unwrap();
 
         syscall!(client.set_pin(Pin::User, pin1.clone(), Some(1), false));
         let reply = syscall!(client.check_pin(Pin::User, pin1.clone()));
@@ -541,7 +541,7 @@ fn set_blocked_pin() {
 fn empty_pin() {
     run(BACKENDS, |client| {
         let pin1 = Bytes::new();
-        let pin2 = Bytes::from_slice(b"123456").unwrap();
+        let pin2 = Bytes::try_from(b"123456").unwrap();
 
         syscall!(client.set_pin(Pin::User, pin1.clone(), None, false));
         let reply = syscall!(client.has_pin(Pin::User));
@@ -577,9 +577,9 @@ fn max_pin_length() {
 #[test]
 fn pin_retries() {
     run(BACKENDS, |client| {
-        let pin1 = Bytes::from_slice(b"12345678").unwrap();
-        let pin2 = Bytes::from_slice(b"123456").unwrap();
-        let pin3 = Bytes::from_slice(b"654321").unwrap();
+        let pin1 = Bytes::try_from(b"12345678").unwrap();
+        let pin2 = Bytes::try_from(b"123456").unwrap();
+        let pin3 = Bytes::try_from(b"654321").unwrap();
 
         syscall!(client.set_pin(Pin::User, pin1.clone(), Some(3), false));
         syscall!(client.set_pin(Pin::Admin, pin2.clone(), Some(5), false));
@@ -627,7 +627,7 @@ fn pin_retries() {
 #[test]
 fn delete_pin() {
     run(BACKENDS, |client| {
-        let pin = Bytes::from_slice(b"123456").unwrap();
+        let pin = Bytes::try_from(b"123456").unwrap();
 
         syscall!(client.set_pin(Pin::User, pin.clone(), None, false));
         let reply = syscall!(client.has_pin(Pin::User));
@@ -647,8 +647,8 @@ fn delete_pin() {
 #[test]
 fn delete_all_pins() {
     run(BACKENDS, |client| {
-        let pin1 = Bytes::from_slice(b"123456").unwrap();
-        let pin2 = Bytes::from_slice(b"12345678").unwrap();
+        let pin1 = Bytes::try_from(b"123456").unwrap();
+        let pin2 = Bytes::try_from(b"12345678").unwrap();
 
         syscall!(client.set_pin(Pin::User, pin1.clone(), None, false));
         syscall!(client.set_pin(Pin::Admin, pin2.clone(), None, false));
@@ -686,8 +686,8 @@ fn delete_all_pins() {
 #[test]
 fn reset_application_key() {
     run(BACKENDS, |client| {
-        let info1 = Message::from_slice(b"test1").unwrap();
-        let info2 = Message::from_slice(b"test2").unwrap();
+        let info1 = Message::try_from(b"test1").unwrap();
+        let info2 = Message::try_from(b"test2").unwrap();
         let app_key1 = syscall!(client.get_application_key(info1.clone())).key;
         let app_key2 = syscall!(client.get_application_key(info2)).key;
         let mac1 = syscall!(client.sign_hmacsha256(app_key1, b"Some data")).signature;
@@ -722,8 +722,8 @@ fn reset_application_key() {
 fn reset_auth_data() {
     run(BACKENDS, |client| {
         /* ------- APP KEYS ------- */
-        let info1 = Message::from_slice(b"test1").unwrap();
-        let info2 = Message::from_slice(b"test2").unwrap();
+        let info1 = Message::try_from(b"test1").unwrap();
+        let info2 = Message::try_from(b"test2").unwrap();
         let app_key1 = syscall!(client.get_application_key(info1.clone())).key;
         let app_key2 = syscall!(client.get_application_key(info2)).key;
         let mac1 = syscall!(client.sign_hmacsha256(app_key1, b"Some data")).signature;
@@ -737,8 +737,8 @@ fn reset_auth_data() {
         assert_eq!(mac1, mac1_again);
 
         /* ------- PINS  ------- */
-        let pin1 = Bytes::from_slice(b"123456").unwrap();
-        let pin2 = Bytes::from_slice(b"12345678").unwrap();
+        let pin1 = Bytes::try_from(b"123456").unwrap();
+        let pin2 = Bytes::try_from(b"12345678").unwrap();
 
         syscall!(client.set_pin(Pin::User, pin1.clone(), None, false));
         syscall!(client.set_pin(Pin::Admin, pin2.clone(), None, false));

extension/Cargo.toml

@@ -15,4 +15,4 @@ serde.workspace = true
 trussed-core.workspace = true
 
 [dev-dependencies]
-heapless-bytes = "0.3"
+heapless-bytes = "0.5"

extension/src/lib.rs

@@ -47,7 +47,7 @@
 //!         // PIN is set but not provided
 //!         return false;
 //!     };
-//!     let Ok(pin) = Bytes::from_slice(pin) else {
+//!     let Ok(pin) = Bytes::try_from(pin) else {
 //!         // provided PIN is too long
 //!         return false;
 //!     };