From 0862927a09468001d9bc4fbdf372a1a313bfdf43 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 20 Dec 2024 11:12:22 +0100 Subject: [PATCH] Use trussed-core and remove default features for trussed --- CHANGELOG.md | 3 +++ Cargo.toml | 6 ++++-- src/crypto_traits.rs | 28 ++++++++++++++-------------- src/lib.rs | 12 ++++++++++++ 4 files changed, 33 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ded671..3cad8ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,9 @@ SPDX-License-Identifier: CC0-1.0 [Unreleased]: https://github.com/trussed-dev/trussed-rsa-backend/compare/v0.2.0...HEAD +- Use `trussed-core` and remove default features for `trussed`. +- Add `SoftwareRsa::MECHANISMS` constant with the implemented mechanisms. + ## [v0.2.1][] (2024-06-21) [v0.2.1]: https://github.com/trussed-dev/trussed-rsa-backend/compare/v0.2.0...v0.2.1 diff --git a/Cargo.toml b/Cargo.toml index 6ba5496..78adaf0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,8 @@ postcard = { version = "0.7", default-features = false, features = ["heapless"] rsa = { version = "0.9", default-features = false, features = ["sha2"]} serde = { version = "1.0.152", default-features = false, features = ["derive"] } -trussed = "0.1" +trussed = { version = "0.1", default-features = false } +trussed-core = { version = "0.1.0-rc.1", features = ["crypto-client", "rsa2048", "rsa3072", "rsa4096"] } [dev-dependencies] hex-literal = "0.3.4" @@ -28,6 +29,7 @@ delog = { version = "0.1.6", features = ["std-log"] } test-log = "0.2.11" env_logger = "0.10.0" rand = "0.8.5" +trussed = { version = "0.1", default-features = false, features = ["certificate-client", "clients-1", "crypto-client"] } [features] @@ -45,7 +47,7 @@ log-warn = [] log-error = [] [patch.crates-io] -trussed = { git = "https://github.com/Nitrokey/trussed", rev = "6b9a43fbaaf34fe8d69fac0021f8130dd9a436c9" } +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" } [profile.dev.package.rsa] opt-level = 2 diff --git a/src/crypto_traits.rs b/src/crypto_traits.rs index ca9d93d..71bfa21 100644 --- a/src/crypto_traits.rs +++ b/src/crypto_traits.rs @@ -1,24 +1,24 @@ // Copyright (C) Nitrokey GmbH // SPDX-License-Identifier: Apache-2.0 or MIT -use trussed::{ +use trussed_core::{ api::{ reply, request::{DeserializeKey, UnsafeInjectKey}, }, - client::{ClientError, ClientResult, CryptoClient}, types::{ KeyId, KeySerialization, Location, Mechanism, SignatureSerialization, StorageAttributes, }, + ClientError, ClientResult, CryptoClient, }; use crate::{RsaImportFormat, RsaPublicParts}; impl Rsa2048Pkcs1v15 for C {} -/// Helper trait to work with RSA 2048 bit keys through a [`Client`](trussed::Client) +/// Helper trait to work with RSA 2048 bit keys through a [`CryptoClient`][] /// -/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient) +/// This trait is implemented by all implementors of [`CryptoClient`][] pub trait Rsa2048Pkcs1v15: CryptoClient { fn generate_rsa2048pkcs_private_key( &mut self, @@ -45,13 +45,13 @@ pub trait Rsa2048Pkcs1v15: CryptoClient { /// Serializes an RSA 2048 bit key. /// - /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key + /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts): /// ``` ///# #[cfg(feature = "virt")] ///# { ///# use trussed_rsa_alloc::*; - ///# use trussed::{syscall,types::Location::{Volatile,Internal}}; + ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}}; ///# virt::with_ram_client("rsa tests", |mut client| { ///# let sk = syscall!(client.generate_rsa2048pkcs_private_key(Internal)).key; ///# let pk = syscall!(client.derive_rsa2048pkcs_public_key(sk, Volatile)).key; @@ -159,9 +159,9 @@ pub trait Rsa2048Pkcs1v15: CryptoClient { impl Rsa3072Pkcs1v15 for C {} -/// Helper trait to work with RSA 3072 bit keys through a [`Client`](trussed::Client) +/// Helper trait to work with RSA 3072 bit keys through a [`CryptoClient`][] /// -/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient) +/// This trait is implemented by all implementors of [`CryptoClient`][] pub trait Rsa3072Pkcs1v15: CryptoClient { fn generate_rsa3072pkcs_private_key( &mut self, @@ -188,13 +188,13 @@ pub trait Rsa3072Pkcs1v15: CryptoClient { /// Serializes an RSA 3072 bit key. /// - /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key + /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts): /// ``` ///# #[cfg(feature = "virt")] ///# { ///# use trussed_rsa_alloc::*; - ///# use trussed::{syscall,types::Location::{Volatile,Internal}}; + ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}}; ///# virt::with_ram_client("rsa tests", |mut client| { ///# let sk = syscall!(client.generate_rsa3072pkcs_private_key(Internal)).key; ///# let pk = syscall!(client.derive_rsa3072pkcs_public_key(sk, Volatile)).key; @@ -302,9 +302,9 @@ pub trait Rsa3072Pkcs1v15: CryptoClient { impl Rsa4096Pkcs1v15 for C {} -/// Helper trait to work with RSA 4096 bit keys through a [`Client`](trussed::Client) +/// Helper trait to work with RSA 4096 bit keys through a [`CryptoClient`][] /// -/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient) +/// This trait is implemented by all implementors of [`CryptoClient`][] pub trait Rsa4096Pkcs1v15: CryptoClient { fn generate_rsa4096pkcs_private_key( &mut self, @@ -331,13 +331,13 @@ pub trait Rsa4096Pkcs1v15: CryptoClient { /// Serializes an RSA 4096 bit key. /// - /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key + /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts): /// ``` ///# #[cfg(feature = "virt")] ///# { ///# use trussed_rsa_alloc::*; - ///# use trussed::{syscall,types::Location::{Volatile,Internal}}; + ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}}; ///# virt::with_ram_client("rsa tests", |mut client| { ///# let sk = syscall!(client.generate_rsa4096pkcs_private_key(Internal)).key; ///# let pk = syscall!(client.derive_rsa4096pkcs_public_key(sk, Volatile)).key; diff --git a/src/lib.rs b/src/lib.rs index 7088991..52ebbbc 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -43,6 +43,18 @@ pub use types::{RsaImportFormat, RsaPublicParts}; mod crypto_traits; pub use crypto_traits::{Rsa2048Pkcs1v15, Rsa3072Pkcs1v15, Rsa4096Pkcs1v15}; +pub const MECHANISMS: &[Mechanism] = &[ + Mechanism::Rsa2048Pkcs1v15, + Mechanism::Rsa3072Pkcs1v15, + Mechanism::Rsa4096Pkcs1v15, + #[cfg(feature = "raw")] + Mechanism::Rsa2048Raw, + #[cfg(feature = "raw")] + Mechanism::Rsa3072Raw, + #[cfg(feature = "raw")] + Mechanism::Rsa4096Raw, +]; + /// Trussed [`Backend`][] implementation adding support for RSA /// /// This implementation is done in software and requieres an allocator