Update to heapless 0.9

sosthene-nitrokey · sosthene-nitrokey · commit 2affd208908d · 2025-10-06T22:23:16.000+02:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -11,10 +11,10 @@ description = "FIDO authenticator Trussed app"
 [dependencies]
 cbor-smol = { version = "0.5" }
 ctap-types = { version = "0.4", features = ["get-info-full", "large-blobs", "third-party-payment"] }
-cosey = "0.3"
+cosey = "0.4"
 delog = "0.1.0"
-heapless = "0.7"
-heapless-bytes = "0.3"
+heapless = "0.9"
+heapless-bytes = { version = "0.5", features = ["heapless-0.9"]}
 littlefs2-core = "0.1"
 serde = { version = "1.0", default-features = false }
 serde_bytes = { version = "0.11.14", default-features = false }
@@ -27,7 +27,7 @@ trussed-chunked = { version = "0.2.0", optional = true }
 
 apdu-app = { version = "0.1", optional = true }
 ctaphid-app = { version = "0.1.0-rc.1", optional = true }
-iso7816 = { version = "0.1.2", optional = true }
+iso7816 = { version = "0.2", optional = true }
 
 [features]
 dispatch = ["apdu-dispatch", "ctaphid-dispatch", "iso7816"]
@@ -61,7 +61,7 @@ hex-literal = "0.4.1"
 hmac = "0.12.1"
 interchange = "0.3.0"
 itertools = "0.14.0"
-littlefs2 = "0.6.0"
+littlefs2 = "0.7.0"
 log = "0.4.21"
 p256 = { version = "0.13.2", features = ["ecdh"] }
 rand = "0.8.4"
@@ -78,10 +78,24 @@ x509-parser = "0.16.0"
 features = ["dispatch"]
 
 [patch.crates-io]
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.20" }
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "024e0eca5fb7dbd2457831f7c7bffe4341e08775" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "7922d67e9637a87e5625aaff9e5111f0d4ec0346" }
-trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "504674453c9573a30aa2f155101df49eb2af1ba7" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "1e7b09a983dc8ae64a7ad8401ce541a9a77e5939" }
+trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "1e7b09a983dc8ae64a7ad8401ce541a9a77e5939" }
+trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "eff09d1613641531630d962f81136f64f3dd2716" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "eff09d1613641531630d962f81136f64f3dd2716" }
+trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "eff09d1613641531630d962f81136f64f3dd2716" }
+
+
+littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" }
+littlefs2-core = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" }
+littlefs2-sys = { git = "https://github.com/trussed-dev/littlefs2-sys", rev = "v0.3.1-nitrokey.1" }
+salty = { git = "https://github.com/ycrypto/salty.git", rev = "ae17f04ec965913e08032d266f6a47c001031f06" }
+ctaphid-app = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "f11fdcbc62d06b8be23e6cbae21bcfefd52c0661" }
+ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "f11fdcbc62d06b8be23e6cbae21bcfefd52c0661" }
+apdu-app = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "931c4269d1d293954fae2012d809e9663cd2cb7e" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "2b3f758016afbc56535d8a65f98a067d5a2d843e" }
+trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "0ff1992f15c273c87e0607384e3dd94d341b721e" }
+usbd-ctaphid = { git = "https://github.com/trussed-dev/usbd-ctaphid.git", rev = "94881f83a6b4229a7a3187a5dd7b3ccf6eb6dc00" }
+ctap-types = { git = "https://github.com/trussed-dev/ctap-types", rev = "cff44662b48088511fa8ae30557c457f8252f220"}
 
 [profile.test]
 opt-level = 2
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -24,5 +24,5 @@ doc = false
 bench = false
 
 [patch.crates-io]
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "1e1ca03a3a62ea9b802f4070ea4bce002eeb4bec" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "1e7b09a983dc8ae64a7ad8401ce541a9a77e5939" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "eff09d1613641531630d962f81136f64f3dd2716" }
diff --git a/src/credential.rs b/src/credential.rs
@@ -202,13 +202,14 @@ impl Credential {
 fn deserialize_bytes<E: serde::de::Error, const N: usize>(
     s: &[u8],
 ) -> core::result::Result<Bytes<N>, E> {
-    Bytes::from_slice(s).map_err(|_| E::invalid_length(s.len(), &"a fixed-size sequence of bytes"))
+    Bytes::try_from(s).map_err(|_| E::invalid_length(s.len(), &"a fixed-size sequence of bytes"))
 }
 
 fn deserialize_str<E: serde::de::Error, const N: usize>(
     s: &str,
 ) -> core::result::Result<String<N>, E> {
-    Ok(s.into())
+    s.try_into()
+        .map_err(|_| E::custom("Serialized string doesn't fit "))
 }
 
 #[derive(Clone, Copy, Debug, PartialEq)]
diff --git a/src/ctap1.rs b/src/ctap1.rs
@@ -1,9 +1,7 @@
 //! The `ctap_types::ctap1::Authenticator` implementation.
 
-use ctap_types::{
-    ctap1::{authenticate, register, Authenticator, ControlByte, Error, Result},
-    heapless_bytes::Bytes,
-};
+use ctap_types::ctap1::{authenticate, register, Authenticator, ControlByte, Error, Result};
+use heapless_bytes::Bytes;
 use serde_bytes::ByteArray;
 
 use trussed_core::{
@@ -71,9 +69,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
         syscall!(self.trussed.delete(private_key));
 
         let key = Key::WrappedKey(
-            wrapped_key
-                .to_bytes()
-                .map_err(|_| Error::UnspecifiedCheckingError)?,
+            Bytes::try_from(&*wrapped_key).map_err(|_| Error::UnspecifiedCheckingError)?,
         );
         let nonce = ByteArray::new(self.nonce());
 
@@ -124,14 +120,15 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
             (Some((key, cert)), _aaguid) => {
                 info!("aaguid: {}", hex_str!(&_aaguid));
                 (
-                    syscall!(self.trussed.sign(
-                        Mechanism::P256,
-                        key,
-                        &commitment,
-                        SignatureSerialization::Asn1Der
-                    ))
-                    .signature
-                    .to_bytes()
+                    Bytes::try_from(
+                        &*syscall!(self.trussed.sign(
+                            Mechanism::P256,
+                            key,
+                            &commitment,
+                            SignatureSerialization::Asn1Der
+                        ))
+                        .signature,
+                    )
                     .unwrap(),
                     cert,
                 )
@@ -226,14 +223,15 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
             .unwrap();
         commitment.extend_from_slice(auth.challenge).unwrap();
 
-        let signature = syscall!(self.trussed.sign(
-            Mechanism::P256,
-            key,
-            &commitment,
-            SignatureSerialization::Asn1Der
-        ))
-        .signature
-        .to_bytes()
+        let signature = Bytes::try_from(
+            &*syscall!(self.trussed.sign(
+                Mechanism::P256,
+                key,
+                &commitment,
+                SignatureSerialization::Asn1Der
+            ))
+            .signature,
+        )
         .unwrap();
 
         Ok(authenticate::Response {
diff --git a/src/ctap2.rs b/src/ctap2.rs
@@ -96,7 +96,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
         let mut response = ctap2::get_info::Response::default();
         response.versions = versions;
         response.extensions = Some(extensions);
-        response.aaguid = Bytes::from_slice(&aaguid).unwrap();
+        response.aaguid = Bytes::try_from(&aaguid).unwrap();
         response.options = Some(options);
         response.transports = Some(transports);
         // 1200
@@ -293,7 +293,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
                 // Turns out it's size 92 (enum serialization not optimized yet...)
                 // let mut wrapped_key = Bytes::<60>::new();
                 // wrapped_key.extend_from_slice(&wrapped_key_msg).unwrap();
-                Key::WrappedKey(wrapped_key.to_bytes().map_err(|_| Error::Other)?)
+                Key::WrappedKey(Bytes::try_from(&*wrapped_key).map_err(|_| Error::Other)?)
             }
         };
 
@@ -450,7 +450,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
                         attestation_algorithm.sign(&mut self.trussed, attestation_key, &commitment);
                     let packed = PackedAttestationStatement {
                         alg: attestation_algorithm.into(),
-                        sig: signature.to_bytes().map_err(|_| Error::Other)?,
+                        sig: Bytes::try_from(&*signature).map_err(|_| Error::Other)?,
                         x5c: attestation_maybe.as_ref().map(|attestation| {
                             // See: https://www.w3.org/TR/webauthn-2/#sctn-packed-attestation-cert-requirements
                             let cert = attestation.1.clone();
@@ -1249,7 +1249,7 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
             return Err(Error::PinPolicyViolation);
         }
 
-        pin.resize_default(pin_length).unwrap();
+        pin.resize_zero(pin_length).unwrap();
 
         Ok(pin)
     }
@@ -1286,7 +1286,7 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
 
                 // check pinAuth
                 let mut data: Bytes<{ sizes::MAX_CREDENTIAL_ID_LENGTH_PLUS_256 }> =
-                    Bytes::from_slice(&[parameters.sub_command as u8]).unwrap();
+                    Bytes::try_from(&[parameters.sub_command as u8]).unwrap();
                 let len = 1 + match parameters.sub_command {
                     Subcommand::EnumerateCredentialsBegin
                     | Subcommand::DeleteCredential
@@ -1468,7 +1468,7 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
             let cred_random = syscall!(self.trussed.derive_key(
                 Mechanism::HmacSha256,
                 credential_key,
-                Some(Bytes::from_slice(&[get_assertion_state.uv_performed as u8]).unwrap()),
+                Some(Bytes::try_from(&[get_assertion_state.uv_performed as u8]).unwrap()),
                 StorageAttributes::new().set_persistence(Location::Volatile)
             ))
             .key;
@@ -1515,7 +1515,7 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
 
             shared_secret.delete(&mut self.trussed);
 
-            output.hmac_secret = Some(Bytes::from_slice(&output_enc).unwrap());
+            output.hmac_secret = Some(Bytes::try_from(&*output_enc).unwrap());
         }
 
         if extensions.third_party_payment.unwrap_or_default() {
@@ -1619,10 +1619,8 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
 
         let signing_algorithm =
             SigningAlgorithm::try_from(credential.algorithm()).map_err(|_| Error::Other)?;
-        let signature = signing_algorithm
-            .sign(&mut self.trussed, key, &commitment)
-            .to_bytes()
-            .unwrap();
+        let signature =
+            Bytes::try_from(&*signing_algorithm.sign(&mut self.trussed, key, &commitment)).unwrap();
 
         // select preferred format or skip attestation statement
         let att_stmt_fmt = data
@@ -1645,7 +1643,7 @@ impl<UP: UserPresence, T: TrussedRequirements> crate::Authenticator<UP, T> {
                                 &commitment,
                             );
                             (
-                                signature.to_bytes().map_err(|_| Error::Other)?,
+                                Bytes::try_from(&*signature).map_err(|_| Error::Other)?,
                                 signing_algorithm.into(),
                             )
                         } else {
diff --git a/src/ctap2/pin.rs b/src/ctap2/pin.rs
@@ -106,7 +106,7 @@ impl<T: CryptoClient> PinTokenMut<'_, T> {
     // in spec: encrypt(..., pinUvAuthToken)
     pub fn encrypt(&mut self, shared_secret: &SharedSecret) -> Result<Bytes<48>> {
         let token = shared_secret.wrap(self.trussed, self.pin_token.key_id);
-        Bytes::from_slice(&token).map_err(|_| Error::Other)
+        Bytes::try_from(&*token).map_err(|_| Error::Other)
     }
 }
 
@@ -119,7 +119,7 @@ struct Rp {
 impl Rp {
     fn new<T: CryptoClient>(trussed: &mut T, id: String<256>) -> Self {
         let hash =
-            syscall!(trussed.hash(Mechanism::Sha256, Message::from_slice(id.as_ref()).unwrap()))
+            syscall!(trussed.hash(Mechanism::Sha256, Message::try_from(id.as_bytes()).unwrap()))
                 .hash
                 .as_slice()
                 .try_into()
@@ -366,7 +366,7 @@ impl<'a, T: CryptoClient + HkdfClient + HmacSha256 + P256> PinProtocol<'a, T> {
     // operations.  For simplicity, we store two separate keys instead.
     fn kdf_v2(&mut self, input: KeyId) -> Option<SharedSecret> {
         fn hkdf<T: HkdfClient>(trussed: &mut T, okm: OkmId, info: &[u8]) -> Option<KeyId> {
-            let info = Message::from_slice(info).ok()?;
+            let info = Message::try_from(info).ok()?;
             try_syscall!(trussed.hkdf_expand(okm, info, 32, Location::Volatile))
                 .ok()
                 .map(|reply| reply.key)
@@ -420,11 +420,10 @@ impl SharedSecret {
 
     fn generate_iv<T: CryptoClient>(&self, trussed: &mut T) -> ShortData {
         match self {
-            Self::V1 { .. } => ShortData::from_slice(&[0; 16]).unwrap(),
-            Self::V2 { .. } => syscall!(trussed.random_bytes(16))
-                .bytes
-                .try_convert_into()
-                .unwrap(),
+            Self::V1 { .. } => ShortData::try_from(&[0; 16]).unwrap(),
+            Self::V2 { .. } => {
+                ShortData::try_from(&*syscall!(trussed.random_bytes(16)).bytes).unwrap()
+            }
         }
     }
 
@@ -436,7 +435,10 @@ impl SharedSecret {
             syscall!(trussed.encrypt(Mechanism::Aes256Cbc, key_id, data, &[], Some(iv.clone())))
                 .ciphertext;
         if matches!(self, Self::V2 { .. }) {
-            ciphertext.insert_slice_at(&iv, 0).unwrap();
+            let ciphertext_len = ciphertext.len();
+            ciphertext.resize_zero(iv.len() + ciphertext_len).unwrap();
+            ciphertext.copy_within(..ciphertext_len, iv.len());
+            ciphertext[..iv.len()].copy_from_slice(&iv);
         }
         ciphertext
     }
@@ -454,7 +456,10 @@ impl SharedSecret {
         ))
         .wrapped_key;
         if matches!(self, Self::V2 { .. }) {
-            wrapped_key.insert_slice_at(&iv, 0).unwrap();
+            let wrapped_key_len = wrapped_key.len();
+            wrapped_key.resize_zero(iv.len() + wrapped_key_len).unwrap();
+            wrapped_key.copy_within(..wrapped_key_len, iv.len());
+            wrapped_key[..iv.len()].copy_from_slice(&iv);
         }
         wrapped_key
     }
diff --git a/src/dispatch.rs b/src/dispatch.rs
@@ -8,7 +8,8 @@ use crate::msp;
 use crate::{Authenticator, TrussedRequirements, UserPresence};
 
 use ctap_types::{ctap1, ctap2};
-use iso7816::{command::CommandView, Data, Status};
+use heapless::VecView;
+use iso7816::{command::CommandView, Status};
 
 impl<UP, T> iso7816::App for Authenticator<UP, T>
 where
@@ -21,10 +22,10 @@ where
 
 #[inline(never)]
 /// Deserialize U2F, call authenticator, serialize response *Result*.
-fn handle_ctap1_from_hid<T, UP, const R: usize>(
+fn handle_ctap1_from_hid<T, UP>(
     authenticator: &mut Authenticator<UP, T>,
     data: &[u8],
-    response: &mut Data<R>,
+    response: &mut VecView<u8>,
 ) where
     T: TrussedRequirements,
     UP: UserPresence,
@@ -65,10 +66,10 @@ fn handle_ctap1_from_hid<T, UP, const R: usize>(
 
 #[inline(never)]
 /// Deserialize CBOR, call authenticator, serialize response *Result*.
-fn handle_ctap2<T, UP, const R: usize>(
+fn handle_ctap2<T, UP>(
     authenticator: &mut Authenticator<UP, T>,
     data: &[u8],
-    response: &mut Data<R>,
+    response: &mut VecView<u8>,
 ) where
     T: TrussedRequirements,
     UP: UserPresence,
@@ -89,10 +90,10 @@ fn handle_ctap2<T, UP, const R: usize>(
 }
 
 #[inline(never)]
-fn try_handle_ctap1<T, UP, const R: usize>(
+fn try_handle_ctap1<T, UP>(
     authenticator: &mut Authenticator<UP, T>,
     command: CommandView<'_>,
-    response: &mut Data<R>,
+    response: &mut VecView<u8>,
 ) -> Result<(), Status>
 where
     T: TrussedRequirements,
@@ -124,10 +125,10 @@ where
 }
 
 #[inline(never)]
-fn try_handle_ctap2<T, UP, const R: usize>(
+fn try_handle_ctap2<T, UP>(
     authenticator: &mut Authenticator<UP, T>,
     data: &[u8],
-    response: &mut Data<R>,
+    response: &mut VecView<u8>,
 ) -> Result<(), u8>
 where
     T: TrussedRequirements,
diff --git a/src/dispatch/apdu.rs b/src/dispatch/apdu.rs
diff --git a/src/dispatch/ctaphid.rs b/src/dispatch/ctaphid.rs
