Use trussed-core and remove default features for trussed

robin-nitrokey · robin-nitrokey · commit 743d9aaa3d8a · 2025-01-07T17:20:41.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,9 @@ SPDX-License-Identifier: CC0-1.0
 
 [Unreleased]: https://github.com/trussed-dev/trussed-rsa-backend/compare/v0.2.0...HEAD
 
+- Use `trussed-core` and remove default features for `trussed`.
+- Add `MECHANISMS` constant with the implemented mechanisms.
+
 ## [v0.2.1][] (2024-06-21)
 
 [v0.2.1]: https://github.com/trussed-dev/trussed-rsa-backend/compare/v0.2.0...v0.2.1
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,7 +19,8 @@ postcard = { version = "0.7", default-features = false, features = ["heapless"]
 rsa = { version = "0.9", default-features = false, features = ["sha2"]}
 serde = { version = "1.0.152", default-features = false, features = ["derive"] }
 
-trussed = "0.1"
+trussed = { version = "0.1", default-features = false }
+trussed-core = { version = "0.1.0-rc.1", features = ["crypto-client", "rsa2048", "rsa3072", "rsa4096"] }
 
 [dev-dependencies]
 hex-literal = "0.3.4"
@@ -28,6 +29,7 @@ delog = { version = "0.1.6", features = ["std-log"] }
 test-log = "0.2.11"
 env_logger = "0.10.0"
 rand = "0.8.5"
+trussed = { version = "0.1", default-features = false, features = ["certificate-client", "clients-1", "crypto-client"] }
 
 [features]
 
@@ -45,7 +47,7 @@ log-warn = []
 log-error = []
 
 [patch.crates-io]
-trussed = { git = "https://github.com/Nitrokey/trussed", rev = "6b9a43fbaaf34fe8d69fac0021f8130dd9a436c9" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
 
 [profile.dev.package.rsa]
 opt-level = 2
diff --git a/src/crypto_traits.rs b/src/crypto_traits.rs
@@ -1,24 +1,24 @@
 // Copyright (C) Nitrokey GmbH
 // SPDX-License-Identifier: Apache-2.0 or MIT
 
-use trussed::{
+use trussed_core::{
     api::{
         reply,
         request::{DeserializeKey, UnsafeInjectKey},
     },
-    client::{ClientError, ClientResult, CryptoClient},
     types::{
         KeyId, KeySerialization, Location, Mechanism, SignatureSerialization, StorageAttributes,
     },
+    ClientError, ClientResult, CryptoClient,
 };
 
 use crate::{RsaImportFormat, RsaPublicParts};
 
 impl<C: CryptoClient> Rsa2048Pkcs1v15 for C {}
 
-/// Helper trait to work with RSA 2048 bit keys through a [`Client`](trussed::Client)
+/// Helper trait to work with RSA 2048 bit keys through a [`CryptoClient`][]
 ///
-/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient)
+/// This trait is implemented by all implementors of [`CryptoClient`][]
 pub trait Rsa2048Pkcs1v15: CryptoClient {
     fn generate_rsa2048pkcs_private_key(
         &mut self,
@@ -45,13 +45,13 @@ pub trait Rsa2048Pkcs1v15: CryptoClient {
 
     /// Serializes an RSA 2048 bit key.
     ///
-    /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
+    /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
     /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts):
     /// ```
     ///# #[cfg(feature = "virt")]
     ///# {
     ///# use trussed_rsa_alloc::*;
-    ///# use trussed::{syscall,types::Location::{Volatile,Internal}};
+    ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}};
     ///# virt::with_ram_client("rsa tests", |mut client| {
     ///# let sk = syscall!(client.generate_rsa2048pkcs_private_key(Internal)).key;
     ///# let pk = syscall!(client.derive_rsa2048pkcs_public_key(sk, Volatile)).key;
@@ -159,9 +159,9 @@ pub trait Rsa2048Pkcs1v15: CryptoClient {
 
 impl<C: CryptoClient> Rsa3072Pkcs1v15 for C {}
 
-/// Helper trait to work with RSA 3072 bit keys through a [`Client`](trussed::Client)
+/// Helper trait to work with RSA 3072 bit keys through a [`CryptoClient`][]
 ///
-/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient)
+/// This trait is implemented by all implementors of [`CryptoClient`][]
 pub trait Rsa3072Pkcs1v15: CryptoClient {
     fn generate_rsa3072pkcs_private_key(
         &mut self,
@@ -188,13 +188,13 @@ pub trait Rsa3072Pkcs1v15: CryptoClient {
 
     /// Serializes an RSA 3072 bit key.
     ///
-    /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
+    /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
     /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts):
     /// ```
     ///# #[cfg(feature = "virt")]
     ///# {
     ///# use trussed_rsa_alloc::*;
-    ///# use trussed::{syscall,types::Location::{Volatile,Internal}};
+    ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}};
     ///# virt::with_ram_client("rsa tests", |mut client| {
     ///# let sk = syscall!(client.generate_rsa3072pkcs_private_key(Internal)).key;
     ///# let pk = syscall!(client.derive_rsa3072pkcs_public_key(sk, Volatile)).key;
@@ -302,9 +302,9 @@ pub trait Rsa3072Pkcs1v15: CryptoClient {
 
 impl<C: CryptoClient> Rsa4096Pkcs1v15 for C {}
 
-/// Helper trait to work with RSA 4096 bit keys through a [`Client`](trussed::Client)
+/// Helper trait to work with RSA 4096 bit keys through a [`CryptoClient`][]
 ///
-/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient)
+/// This trait is implemented by all implementors of [`CryptoClient`][]
 pub trait Rsa4096Pkcs1v15: CryptoClient {
     fn generate_rsa4096pkcs_private_key(
         &mut self,
@@ -331,13 +331,13 @@ pub trait Rsa4096Pkcs1v15: CryptoClient {
 
     /// Serializes an RSA 4096 bit key.
     ///
-    /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
+    /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
     /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts):
     /// ```
     ///# #[cfg(feature = "virt")]
     ///# {
     ///# use trussed_rsa_alloc::*;
-    ///# use trussed::{syscall,types::Location::{Volatile,Internal}};
+    ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}};
     ///# virt::with_ram_client("rsa tests", |mut client| {
     ///# let sk = syscall!(client.generate_rsa4096pkcs_private_key(Internal)).key;
     ///# let pk = syscall!(client.derive_rsa4096pkcs_public_key(sk, Volatile)).key;
diff --git a/src/lib.rs b/src/lib.rs
@@ -43,6 +43,18 @@ pub use types::{RsaImportFormat, RsaPublicParts};
 mod crypto_traits;
 pub use crypto_traits::{Rsa2048Pkcs1v15, Rsa3072Pkcs1v15, Rsa4096Pkcs1v15};
 
+pub const MECHANISMS: &[Mechanism] = &[
+    Mechanism::Rsa2048Pkcs1v15,
+    Mechanism::Rsa3072Pkcs1v15,
+    Mechanism::Rsa4096Pkcs1v15,
+    #[cfg(feature = "raw")]
+    Mechanism::Rsa2048Raw,
+    #[cfg(feature = "raw")]
+    Mechanism::Rsa3072Raw,
+    #[cfg(feature = "raw")]
+    Mechanism::Rsa4096Raw,
+];
+
 /// Trussed [`Backend`][] implementation adding support for RSA
 ///
 /// This implementation is done in software and requieres an allocator
