From 6c2c181d233279dfab7d85d72ef2f7e7e1fab107 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Mon, 30 Mar 2026 11:00:42 +0200 Subject: [PATCH 1/7] Remove cross-module re-exports --- src/client.rs | 3 +-- src/key.rs | 3 +-- src/platform.rs | 10 +++++----- src/service.rs | 15 +++++++-------- src/types.rs | 3 --- src/virt/ui.rs | 6 +++++- 6 files changed, 19 insertions(+), 21 deletions(-) diff --git a/src/client.rs b/src/client.rs index 3b49195b396..b626127f770 100644 --- a/src/client.rs +++ b/src/client.rs @@ -82,8 +82,7 @@ use crate::backend::CoreOnly; use crate::error::{Error, Result}; use crate::interrupt::InterruptFlag; use crate::pipe::TrussedRequester; - -pub use crate::platform::Syscall; +use crate::platform::Syscall; #[cfg(feature = "crypto-client")] pub mod mechanisms; diff --git a/src/key.rs b/src/key.rs index f32f093bd95..d99045eb2df 100644 --- a/src/key.rs +++ b/src/key.rs @@ -4,10 +4,9 @@ use core::sync::atomic; use serde::{de::Visitor, ser::SerializeMap, Deserialize, Serialize}; use zeroize::Zeroize; -pub use crate::Bytes; use crate::{ config::{MAX_KEY_MATERIAL_LENGTH, MAX_SERIALIZED_KEY_LENGTH}, - Error, + Bytes, Error, }; pub type Material = Bytes; diff --git a/src/platform.rs b/src/platform.rs index dc27033e2e3..fd6a0314564 100644 --- a/src/platform.rs +++ b/src/platform.rs @@ -6,11 +6,11 @@ //! //! TODO: Currently, `Platform::R` lacks the `CryptoRng` bound. -// pub use rand_core::{CryptoRng, RngCore}; -pub use crate::store::Store; -pub use crate::types::consent; -pub use crate::types::{reboot, ui}; -pub use rand_core::{CryptoRng, RngCore}; +use rand_core::{CryptoRng, RngCore}; + +use crate::store::Store; +use crate::types::consent; +use crate::types::{reboot, ui}; pub trait UserInterface { /// Check if the user has indicated their presence so as to give diff --git a/src/service.rs b/src/service.rs index 03177a1bf3f..893fc047ecd 100644 --- a/src/service.rs +++ b/src/service.rs @@ -6,20 +6,19 @@ use crate::api::{reply, request, Reply, Request}; use crate::backend::{BackendId, CoreOnly, Dispatch}; use crate::config::MAX_MESSAGE_LENGTH; use crate::error::{Error, Result}; -pub use crate::key; +use crate::key; #[cfg(feature = "crypto-client")] use crate::mechanisms; -pub use crate::pipe::ServiceEndpoint; -use crate::platform::{consent, ui, Platform, UserInterface}; -pub use crate::store::{ - self, +use crate::pipe::ServiceEndpoint; +use crate::platform::{Platform, UserInterface}; +use crate::store::{ certstore::{Certstore as _, ClientCertstore}, counterstore::{ClientCounterstore, Counterstore as _}, - filestore::{ClientFilestore, Filestore, ReadDirFilesState, ReadDirState}, + filestore::{ClientFilestore, Filestore}, keystore::{ClientKeystore, Keystore}, }; -use crate::types::ui::Status; -use crate::types::{Context, CoreContext, Location, Mechanism, MediumData, Message}; +use crate::types::ui::{self, Status}; +use crate::types::{consent, Context, CoreContext, Location, Mechanism, MediumData, Message}; use crate::Bytes; #[cfg(feature = "attestation-client")] diff --git a/src/types.rs b/src/types.rs index a1f03307c79..620151f7920 100644 --- a/src/types.rs +++ b/src/types.rs @@ -13,9 +13,6 @@ pub use trussed_core::types::{ use crate::interrupt::InterruptFlag; use crate::store::filestore::{ReadDirFilesState, ReadDirState}; -pub use crate::client::FutureResult; -pub use crate::platform::Platform; - /// An empty struct not storing any data. #[derive(Clone, Copy, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] pub struct NoData; diff --git a/src/virt/ui.rs b/src/virt/ui.rs index 954ebda18ed..0120448ab8e 100644 --- a/src/virt/ui.rs +++ b/src/virt/ui.rs @@ -1,6 +1,10 @@ -use crate::platform::{self, consent::Level, reboot::To, ui::Status}; use std::time::{Duration, Instant}; +use crate::{ + platform, + types::{consent::Level, reboot::To, ui::Status}, +}; + pub struct UserInterface { start_time: Instant, user_presence_level: Level, From 0da7031cdd36f47a9ca98ab600b2bcb2c773f1f4 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Mon, 30 Mar 2026 19:56:09 +0200 Subject: [PATCH 2/7] Remove re-exports from trussed_core --- derive/Cargo.toml | 1 + derive/examples/dispatch.rs | 4 +- derive/examples/extension-dispatch.rs | 9 ++-- derive/src/dispatch.rs | 4 +- derive/src/extension_dispatch.rs | 16 +++--- derive/src/extension_id.rs | 4 +- src/api.rs | 2 - src/backend.rs | 7 ++- src/client.rs | 46 ++++++---------- src/client/mechanisms.rs | 2 +- src/error.rs | 1 - src/interrupt.rs | 1 - src/key.rs | 6 +-- src/lib.rs | 16 ++---- src/mechanisms/aes256cbc.rs | 9 ++-- src/mechanisms/ed255.rs | 10 ++-- src/mechanisms/hmacblake2s.rs | 9 ++-- src/mechanisms/hmacsha1.rs | 9 ++-- src/mechanisms/hmacsha256.rs | 9 ++-- src/mechanisms/hmacsha512.rs | 9 ++-- src/mechanisms/p256.rs | 11 ++-- src/mechanisms/p384.rs | 10 ++-- src/mechanisms/p521.rs | 10 ++-- src/mechanisms/sha256.rs | 9 ++-- src/mechanisms/shared_secret.rs | 9 ++-- src/mechanisms/tdes.rs | 6 ++- src/mechanisms/totp.rs | 10 ++-- src/mechanisms/trng.rs | 6 ++- src/mechanisms/x255.rs | 8 +-- src/pipe.rs | 8 +-- src/platform.rs | 4 +- src/serde_extensions.rs | 12 ++--- src/service.rs | 12 +++-- src/service/attest.rs | 13 +++-- src/store.rs | 6 ++- src/store/certstore.rs | 8 +-- src/store/counterstore.rs | 12 ++--- src/store/filestore.rs | 15 +++--- src/store/keystore.rs | 7 +-- src/tests.rs | 26 ++++----- src/types.rs | 14 +---- src/virt.rs | 6 +-- src/virt/ui.rs | 7 ++- tests/aes256cbc.rs | 11 ++-- tests/backends.rs | 15 +++--- tests/certificate.rs | 2 +- tests/counter.rs | 2 +- tests/filesystem.rs | 5 +- tests/interchange_size.rs | 2 +- tests/key_confusion.rs | 15 +++--- tests/p256.rs | 12 ++--- tests/serde_extensions.rs | 77 +++++++++++++-------------- tests/tdes.rs | 12 ++--- tests/virt.rs | 6 +-- tests/x255.rs | 12 ++--- 55 files changed, 284 insertions(+), 290 deletions(-) delete mode 100644 src/api.rs delete mode 100644 src/error.rs delete mode 100644 src/interrupt.rs diff --git a/derive/Cargo.toml b/derive/Cargo.toml index 8cd0e8a50a7..586996db6c5 100644 --- a/derive/Cargo.toml +++ b/derive/Cargo.toml @@ -18,3 +18,4 @@ syn = "2.0.53" [dev-dependencies] serde = { version = "1.0", default-features = false } trussed = { path = "..", features = ["serde-extensions", "virt"] } +trussed-core = { path = "../core", features = ["serde-extensions"] } diff --git a/derive/examples/dispatch.rs b/derive/examples/dispatch.rs index c0e75b166e6..c4df2800cad 100644 --- a/derive/examples/dispatch.rs +++ b/derive/examples/dispatch.rs @@ -22,11 +22,9 @@ struct Dispatch { fn main() { use trussed::{ backend::BackendId, - client::CryptoClient, - try_syscall, virt::{self, StoreConfig}, - Error, }; + use trussed_core::{try_syscall, CryptoClient, Error}; fn run(backends: &'static [BackendId], expected: Option) { virt::with_platform(StoreConfig::ram(), |platform| { diff --git a/derive/examples/extension-dispatch.rs b/derive/examples/extension-dispatch.rs index 4f7e4ba7e06..e57c8239981 100644 --- a/derive/examples/extension-dispatch.rs +++ b/derive/examples/extension-dispatch.rs @@ -1,4 +1,4 @@ -use trussed::Error; +use trussed_core::Error; mod backends { use super::extensions::{ @@ -6,8 +6,9 @@ mod backends { }; use trussed::{ backend::Backend, platform::Platform, serde_extensions::ExtensionImpl, - service::ServiceResources, types::CoreContext, Error, + service::ServiceResources, types::CoreContext, }; + use trussed_core::Error; #[derive(Default)] pub struct ABackend; @@ -50,7 +51,7 @@ mod backends { mod extensions { use serde::{Deserialize, Serialize}; - use trussed::{ + use trussed_core::{ serde_extensions::{Extension, ExtensionClient, ExtensionResult}, Error, }; @@ -138,9 +139,9 @@ fn main() { use extensions::TestClient; use trussed::{ backend::BackendId, - try_syscall, virt::{self, StoreConfig}, }; + use trussed_core::try_syscall; fn run(backends: &'static [BackendId], expected: Option) { virt::with_platform(StoreConfig::ram(), |platform| { diff --git a/derive/src/dispatch.rs b/derive/src/dispatch.rs index ff600297d5b..cefc108647f 100644 --- a/derive/src/dispatch.rs +++ b/derive/src/dispatch.rs @@ -50,9 +50,9 @@ impl Dispatch { &mut self, backend: &Self::BackendId, ctx: &mut ::trussed::types::Context, - request: &::trussed::api::Request, + request: &::trussed_core::api::Request, resources: &mut ::trussed::service::ServiceResources

, - ) -> ::core::result::Result<::trussed::api::Reply, ::trussed::error::Error> { + ) -> ::core::result::Result<::trussed_core::api::Reply, ::trussed_core::Error> { match backend { #(#requests)* } diff --git a/derive/src/extension_dispatch.rs b/derive/src/extension_dispatch.rs index 47f1a0abf30..d16a73854dd 100644 --- a/derive/src/extension_dispatch.rs +++ b/derive/src/extension_dispatch.rs @@ -95,9 +95,9 @@ impl ExtensionDispatch { &mut self, backend: &Self::BackendId, ctx: &mut ::trussed::types::Context, - request: &::trussed::api::Request, + request: &::trussed_core::api::Request, resources: &mut ::trussed::service::ServiceResources

, - ) -> ::core::result::Result<::trussed::api::Reply, ::trussed::error::Error> { + ) -> ::core::result::Result<::trussed_core::api::Reply, ::trussed_core::Error> { match backend { #(#requests)* #(#delegated_requests)* @@ -109,9 +109,9 @@ impl ExtensionDispatch { backend: &Self::BackendId, extension: &Self::ExtensionId, ctx: &mut ::trussed::types::Context, - request: &::trussed::api::request::SerdeExtension, + request: &::trussed_core::api::request::SerdeExtension, resources: &mut ::trussed::service::ServiceResources

, - ) -> ::core::result::Result<::trussed::api::reply::SerdeExtension, ::trussed::error::Error> { + ) -> ::core::result::Result<::trussed_core::api::reply::SerdeExtension, ::trussed_core::Error> { match backend { #(#extension_requests)* #(#delegated_extension_requests)* @@ -289,7 +289,7 @@ impl Backend { let id = &self.id; let request = if self.no_core { quote! { - Err(::trussed::Error::RequestNotAvailable) + Err(::trussed_core::Error::RequestNotAvailable) } } else { let Self { index, field, .. } = self; @@ -312,7 +312,7 @@ impl Backend { quote! { Self::BackendId::#id => match extension { #(#extension_requests)* - _ => Err(::trussed::error::Error::RequestNotAvailable), + _ => Err(::trussed_core::Error::RequestNotAvailable), } } } @@ -366,7 +366,7 @@ impl DelegatedBackend { let id = &self.id; let request = if self.no_core { quote! { - Err(::trussed::Error::RequestNotAvailable) + Err(::trussed_core::Error::RequestNotAvailable) } } else { let Self { backend, field, .. } = self; @@ -403,7 +403,7 @@ impl DelegatedBackend { let _ = self.#field; match extension { #(#extension_requests)* - _ => Err(::trussed::error::Error::RequestNotAvailable), + _ => Err(::trussed_core::Error::RequestNotAvailable), } } } diff --git a/derive/src/extension_id.rs b/derive/src/extension_id.rs index 8c63ecec08d..73a7c5658ad 100644 --- a/derive/src/extension_id.rs +++ b/derive/src/extension_id.rs @@ -44,12 +44,12 @@ impl ExtensionId { } impl #impl_generics ::core::convert::TryFrom for #name #ty_generics #where_clause { - type Error = ::trussed::Error; + type Error = ::trussed_core::Error; fn try_from(value: u8) -> ::core::result::Result { match value { #(#try_from)* - _ => Err(::trussed::Error::InternalError), + _ => Err(::trussed_core::Error::InternalError), } } } diff --git a/src/api.rs b/src/api.rs deleted file mode 100644 index a543edaf632..00000000000 --- a/src/api.rs +++ /dev/null @@ -1,2 +0,0 @@ -pub use trussed_core::api::*; -pub use trussed_core::types::NotBefore; diff --git a/src/backend.rs b/src/backend.rs index 98c7e024bce..c772512c374 100644 --- a/src/backend.rs +++ b/src/backend.rs @@ -8,9 +8,12 @@ //! Backends can also implement API extensions to provide additional syscalls (see the //! [`serde_extensions`][`crate::serde_extensions`] module). -use crate::{ +use trussed_core::{ api::{Reply, Request}, - error::Error, + Error, +}; + +use crate::{ platform::Platform, service::ServiceResources, types::{Context, CoreContext}, diff --git a/src/client.rs b/src/client.rs index b626127f770..3801ab8315b 100644 --- a/src/client.rs +++ b/src/client.rs @@ -77,39 +77,27 @@ //! use core::{marker::PhantomData, task::Poll}; -use crate::api::{Reply, RequestVariant}; +use trussed_core::{ + api::{Reply, RequestVariant}, + ClientError, ClientResult, Error, FutureResult, InterruptFlag, PollClient, Result, +}; + use crate::backend::CoreOnly; -use crate::error::{Error, Result}; -use crate::interrupt::InterruptFlag; use crate::pipe::TrussedRequester; use crate::platform::Syscall; #[cfg(feature = "crypto-client")] pub mod mechanisms; -#[cfg(feature = "crypto-client")] -pub use mechanisms::*; - -pub use trussed_core::{ClientError, ClientResult, FutureResult, PollClient}; - -#[cfg(feature = "attestation-client")] -pub use trussed_core::AttestationClient; -#[cfg(feature = "certificate-client")] -pub use trussed_core::CertificateClient; -#[cfg(feature = "counter-client")] -pub use trussed_core::CounterClient; -#[cfg(feature = "crypto-client")] -pub use trussed_core::CryptoClient; -#[cfg(feature = "filesystem-client")] -pub use trussed_core::FilesystemClient; -#[cfg(feature = "management-client")] -pub use trussed_core::ManagementClient; -#[cfg(feature = "ui-client")] -pub use trussed_core::UiClient; /// All-in-one trait bounding on the sub-traits. #[cfg(feature = "all-clients")] pub trait Client: - CertificateClient + CryptoClient + CounterClient + FilesystemClient + ManagementClient + UiClient + trussed_core::CertificateClient + + trussed_core::CryptoClient + + trussed_core::CounterClient + + trussed_core::FilesystemClient + + trussed_core::ManagementClient + + trussed_core::UiClient { } @@ -222,14 +210,14 @@ where } #[cfg(feature = "certificate-client")] -impl CertificateClient for ClientImplementation<'_, S, E> {} +impl trussed_core::CertificateClient for ClientImplementation<'_, S, E> {} #[cfg(feature = "crypto-client")] -impl CryptoClient for ClientImplementation<'_, S, E> {} +impl trussed_core::CryptoClient for ClientImplementation<'_, S, E> {} #[cfg(feature = "counter-client")] -impl CounterClient for ClientImplementation<'_, S, E> {} +impl trussed_core::CounterClient for ClientImplementation<'_, S, E> {} #[cfg(feature = "filesystem-client")] -impl FilesystemClient for ClientImplementation<'_, S, E> {} +impl trussed_core::FilesystemClient for ClientImplementation<'_, S, E> {} #[cfg(feature = "management-client")] -impl ManagementClient for ClientImplementation<'_, S, E> {} +impl trussed_core::ManagementClient for ClientImplementation<'_, S, E> {} #[cfg(feature = "ui-client")] -impl UiClient for ClientImplementation<'_, S, E> {} +impl trussed_core::UiClient for ClientImplementation<'_, S, E> {} diff --git a/src/client/mechanisms.rs b/src/client/mechanisms.rs index 12f635b3c7d..2e82de75817 100644 --- a/src/client/mechanisms.rs +++ b/src/client/mechanisms.rs @@ -1,7 +1,7 @@ use super::ClientImplementation; use crate::platform::Syscall; -pub use trussed_core::mechanisms::*; +use trussed_core::mechanisms::*; #[cfg(feature = "aes256-cbc")] impl Aes256Cbc for ClientImplementation<'_, S, E> {} diff --git a/src/error.rs b/src/error.rs deleted file mode 100644 index 0efde2b47ef..00000000000 --- a/src/error.rs +++ /dev/null @@ -1 +0,0 @@ -pub use trussed_core::{Error, Result}; diff --git a/src/interrupt.rs b/src/interrupt.rs deleted file mode 100644 index 9b918c6be88..00000000000 --- a/src/interrupt.rs +++ /dev/null @@ -1 +0,0 @@ -pub use trussed_core::{FromU8Error, InterruptFlag, InterruptState}; diff --git a/src/key.rs b/src/key.rs index d99045eb2df..04913905a5d 100644 --- a/src/key.rs +++ b/src/key.rs @@ -2,12 +2,10 @@ use core::ptr::write_volatile; use core::sync::atomic; use serde::{de::Visitor, ser::SerializeMap, Deserialize, Serialize}; +use trussed_core::{types::Bytes, Error}; use zeroize::Zeroize; -use crate::{ - config::{MAX_KEY_MATERIAL_LENGTH, MAX_SERIALIZED_KEY_LENGTH}, - Bytes, Error, -}; +use crate::config::{MAX_KEY_MATERIAL_LENGTH, MAX_SERIALIZED_KEY_LENGTH}; pub type Material = Bytes; pub type SerializedKeyBytes = Bytes; diff --git a/src/lib.rs b/src/lib.rs index 385115d493a..775bc618493 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -24,12 +24,9 @@ generate_macros!(); pub use interchange::Interchange; -pub mod api; pub mod backend; pub mod client; pub mod config; -pub mod error; -pub mod interrupt; pub mod key; #[cfg(feature = "crypto-client")] mod mechanisms; @@ -44,24 +41,19 @@ pub mod types; #[cfg(feature = "virt")] pub mod virt; -pub use api::Reply; #[cfg(feature = "all-clients")] pub use client::Client; pub use client::ClientImplementation; -pub use error::Error; /// The trait that platforms need to implement to use Trussed. pub use platform::Platform; pub use service::Service; -pub use trussed_core::{block, syscall, try_syscall}; - pub use cbor_smol::cbor_deserialize; -pub use heapless_bytes::Bytes; pub fn cbor_serialize_bytes( object: &T, -) -> cbor_smol::Result> { - let mut data = Bytes::new(); +) -> cbor_smol::Result> { + let mut data = heapless_bytes::Bytes::new(); cbor_smol::cbor_serialize_to(object, &mut data)?; Ok(data) } @@ -70,8 +62,8 @@ pub(crate) use postcard::from_bytes as postcard_deserialize; pub(crate) fn postcard_serialize_bytes( object: &T, -) -> postcard::Result> { - let mut vec = Bytes::new(); +) -> postcard::Result> { + let mut vec = heapless_bytes::Bytes::new(); vec.resize_to_capacity(); let serialized = postcard::to_slice(object, &mut vec)?.len(); vec.resize(serialized, 0).unwrap(); diff --git a/src/mechanisms/aes256cbc.rs b/src/mechanisms/aes256cbc.rs index accc30b8bc1..f5c08982b9d 100644 --- a/src/mechanisms/aes256cbc.rs +++ b/src/mechanisms/aes256cbc.rs @@ -1,9 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::{Mechanism, Message, ShortData}, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::{Mechanism, Message, ShortData}; const AES256_KEY_SIZE: usize = 32; diff --git a/src/mechanisms/ed255.rs b/src/mechanisms/ed255.rs index 11f91fab49d..f3f6bbdefbb 100644 --- a/src/mechanisms/ed255.rs +++ b/src/mechanisms/ed255.rs @@ -1,13 +1,13 @@ use rand_core::RngCore; +use trussed_core::{ + api::{reply, request}, + types::{Bytes, KeyId, KeySerialization, SerializedKey, Signature, SignatureSerialization}, + Error, +}; -use crate::api::{reply, request}; -use crate::error::Error; use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::{ - Bytes, KeyId, KeySerialization, SerializedKey, Signature, SignatureSerialization, -}; #[inline(never)] fn load_public_key( diff --git a/src/mechanisms/hmacblake2s.rs b/src/mechanisms/hmacblake2s.rs index bcf6c4075a1..b3d529df9ac 100644 --- a/src/mechanisms/hmacblake2s.rs +++ b/src/mechanisms/hmacblake2s.rs @@ -1,9 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::Signature, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::Signature; impl MechanismImpl for super::HmacBlake2s { #[inline(never)] diff --git a/src/mechanisms/hmacsha1.rs b/src/mechanisms/hmacsha1.rs index 1aaff1ac727..7bf757e8cbc 100644 --- a/src/mechanisms/hmacsha1.rs +++ b/src/mechanisms/hmacsha1.rs @@ -1,9 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::Signature, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::Signature; impl MechanismImpl for super::HmacSha1 { #[inline(never)] diff --git a/src/mechanisms/hmacsha256.rs b/src/mechanisms/hmacsha256.rs index 6de7b4ab636..d19d0be3a97 100644 --- a/src/mechanisms/hmacsha256.rs +++ b/src/mechanisms/hmacsha256.rs @@ -1,9 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::Signature, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::Signature; impl MechanismImpl for super::HmacSha256 { #[inline(never)] diff --git a/src/mechanisms/hmacsha512.rs b/src/mechanisms/hmacsha512.rs index d5d07612a99..81dfea9c2ab 100644 --- a/src/mechanisms/hmacsha512.rs +++ b/src/mechanisms/hmacsha512.rs @@ -1,9 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::Signature, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::Signature; impl MechanismImpl for super::HmacSha512 { #[inline(never)] diff --git a/src/mechanisms/p256.rs b/src/mechanisms/p256.rs index 0bb8ff040eb..dae466b6ad2 100644 --- a/src/mechanisms/p256.rs +++ b/src/mechanisms/p256.rs @@ -1,11 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::{Bytes, KeyId, KeySerialization, SerializedKey, Signature, SignatureSerialization}, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::{ - Bytes, KeyId, KeySerialization, SerializedKey, Signature, SignatureSerialization, -}; #[inline(never)] fn load_secret_key( diff --git a/src/mechanisms/p384.rs b/src/mechanisms/p384.rs index 0c90354ccec..012caf4bab5 100644 --- a/src/mechanisms/p384.rs +++ b/src/mechanisms/p384.rs @@ -7,17 +7,15 @@ use p384::{ elliptic_curve::sec1::ToEncodedPoint, SecretKey, }; - -use super::{P384Prehashed, P384}; -use crate::{ +use trussed_core::{ api::{reply, request}, - key, - service::MechanismImpl, - store::keystore::Keystore, types::{Bytes, KeyId, KeySerialization, SerializedKey, Signature, SignatureSerialization}, Error, }; +use super::{P384Prehashed, P384}; +use crate::{key, service::MechanismImpl, store::keystore::Keystore}; + const SCALAR_SIZE: usize = 48; #[inline(never)] diff --git a/src/mechanisms/p521.rs b/src/mechanisms/p521.rs index 49f2945d231..a95b1b22bf5 100644 --- a/src/mechanisms/p521.rs +++ b/src/mechanisms/p521.rs @@ -7,17 +7,15 @@ use p521::{ elliptic_curve::sec1::ToEncodedPoint, SecretKey, }; - -use super::{P521Prehashed, P521}; -use crate::{ +use trussed_core::{ api::{reply, request}, - key, - service::MechanismImpl, - store::keystore::Keystore, types::{Bytes, KeyId, KeySerialization, SerializedKey, Signature, SignatureSerialization}, Error, }; +use super::{P521Prehashed, P521}; +use crate::{key, service::MechanismImpl, store::keystore::Keystore}; + const SCALAR_SIZE: usize = 66; #[inline(never)] diff --git a/src/mechanisms/sha256.rs b/src/mechanisms/sha256.rs index a2e2213a3cf..0f457683358 100644 --- a/src/mechanisms/sha256.rs +++ b/src/mechanisms/sha256.rs @@ -1,9 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::ShortData, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::ShortData; impl MechanismImpl for super::Sha256 { #[inline(never)] diff --git a/src/mechanisms/shared_secret.rs b/src/mechanisms/shared_secret.rs index 76097bc52d8..3e009994cd2 100644 --- a/src/mechanisms/shared_secret.rs +++ b/src/mechanisms/shared_secret.rs @@ -1,9 +1,12 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::{KeySerialization, SerializedKey}, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::{KeySerialization, SerializedKey}; impl MechanismImpl for super::SharedSecret { #[inline(never)] diff --git a/src/mechanisms/tdes.rs b/src/mechanisms/tdes.rs index 829de59549d..293ba45688b 100644 --- a/src/mechanisms/tdes.rs +++ b/src/mechanisms/tdes.rs @@ -8,9 +8,11 @@ // needed to even get ::new() from des... use des::cipher::{BlockDecrypt, BlockEncrypt, KeyInit}; use generic_array::GenericArray; +use trussed_core::{ + api::{reply, request}, + Error, +}; -use crate::api::{reply, request}; -use crate::error::Error; use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; diff --git a/src/mechanisms/totp.rs b/src/mechanisms/totp.rs index 67eadfa709f..ed8c507159b 100644 --- a/src/mechanisms/totp.rs +++ b/src/mechanisms/totp.rs @@ -1,5 +1,9 @@ -use crate::api::{reply, request}; -use crate::error::Error; +use trussed_core::{ + api::{reply, request}, + types::Bytes, + Error, +}; + use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; @@ -73,7 +77,7 @@ impl MechanismImpl for super::Totp { // return signature (encode as LE) Ok(reply::Sign { - signature: crate::Bytes::try_from(totp_material.to_le_bytes().as_ref()).unwrap(), + signature: Bytes::try_from(totp_material.to_le_bytes().as_ref()).unwrap(), }) } diff --git a/src/mechanisms/trng.rs b/src/mechanisms/trng.rs index a2ba95cdd77..cece46fe319 100644 --- a/src/mechanisms/trng.rs +++ b/src/mechanisms/trng.rs @@ -1,7 +1,9 @@ use rand_core::RngCore; +use trussed_core::{ + api::{reply, request}, + Error, +}; -use crate::api::{reply, request}; -use crate::error::Error; use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; diff --git a/src/mechanisms/x255.rs b/src/mechanisms/x255.rs index ad37262b0f3..c8ea9035905 100644 --- a/src/mechanisms/x255.rs +++ b/src/mechanisms/x255.rs @@ -1,12 +1,14 @@ use rand_core::RngCore; use salty::agreement; +use trussed_core::{ + api::{reply, request}, + types::{KeyId, KeySerialization, SerializedKey}, + Error, +}; -use crate::api::{reply, request}; -use crate::error::Error; use crate::key; use crate::service::MechanismImpl; use crate::store::keystore::Keystore; -use crate::types::{KeyId, KeySerialization, SerializedKey}; fn load_public_key( keystore: &mut impl Keystore, diff --git a/src/pipe.rs b/src/pipe.rs index 721b82bf34a..f30c1500067 100644 --- a/src/pipe.rs +++ b/src/pipe.rs @@ -3,10 +3,12 @@ #![allow(clippy::derive_partial_eq_without_eq)] use interchange::{Channel, Requester, Responder}; +use trussed_core::{ + api::{Reply, Request}, + Error, +}; -use crate::api::{Reply, Request}; use crate::backend::BackendId; -use crate::error::Error; use crate::types::{Context, CoreContext}; pub type TrussedChannel = Channel>; @@ -50,8 +52,8 @@ impl<'a, I: 'static, C: Default> ServiceEndpoint<'a, I, C> { #[cfg(test)] mod tests { use super::TrussedChannel; - use crate::api::{Reply, Request}; use core::mem; + use trussed_core::api::{Reply, Request}; // The following checks are used to ensure that we don’t accidentally increase the interchange // size. Bumping the size is not a breaking change but should only be done if really diff --git a/src/platform.rs b/src/platform.rs index fd6a0314564..1c0e93e8c5d 100644 --- a/src/platform.rs +++ b/src/platform.rs @@ -7,10 +7,10 @@ //! TODO: Currently, `Platform::R` lacks the `CryptoRng` bound. use rand_core::{CryptoRng, RngCore}; +use trussed_core::types::{consent, reboot}; use crate::store::Store; -use crate::types::consent; -use crate::types::{reboot, ui}; +use crate::types::ui; pub trait UserInterface { /// Check if the user has indicated their presence so as to give diff --git a/src/serde_extensions.rs b/src/serde_extensions.rs index 9ff6c4d7ccd..5ab012f2318 100644 --- a/src/serde_extensions.rs +++ b/src/serde_extensions.rs @@ -13,20 +13,20 @@ //! //! See `tests/serde_extensions.rs` for an example. -use crate::{ +use trussed_core::{ api::{reply, request, Reply, Request}, + serde_extensions::{Extension, ExtensionClient}, + Error, +}; + +use crate::{ backend::{Backend, CoreOnly, Dispatch, NoId, OptionalBackend}, client::ClientImplementation, - error::Error, platform::{Platform, Syscall}, service::ServiceResources, types::{self, Context, CoreContext}, }; -pub use trussed_core::serde_extensions::{ - Extension, ExtensionClient, ExtensionFutureResult, ExtensionResult, -}; - /// Dispatches extension requests to custom backends. pub trait ExtensionDispatch { /// The ID type for the custom backends used by this dispatch implementation. diff --git a/src/service.rs b/src/service.rs index 893fc047ecd..dba7061c919 100644 --- a/src/service.rs +++ b/src/service.rs @@ -1,11 +1,14 @@ use littlefs2_core::{path, PathBuf}; use rand_chacha::ChaCha8Rng; pub use rand_core::{RngCore, SeedableRng}; +use trussed_core::{ + api::{reply, request, Reply, Request}, + config::MAX_MESSAGE_LENGTH, + types::{consent, Bytes, Location, Mechanism, MediumData, Message}, + Error, Result, +}; -use crate::api::{reply, request, Reply, Request}; use crate::backend::{BackendId, CoreOnly, Dispatch}; -use crate::config::MAX_MESSAGE_LENGTH; -use crate::error::{Error, Result}; use crate::key; #[cfg(feature = "crypto-client")] use crate::mechanisms; @@ -18,8 +21,7 @@ use crate::store::{ keystore::{ClientKeystore, Keystore}, }; use crate::types::ui::{self, Status}; -use crate::types::{consent, Context, CoreContext, Location, Mechanism, MediumData, Message}; -use crate::Bytes; +use crate::types::{Context, CoreContext}; #[cfg(feature = "attestation-client")] pub mod attest; diff --git a/src/service/attest.rs b/src/service/attest.rs index 939bf0bf8cf..a0d12444d0a 100644 --- a/src/service/attest.rs +++ b/src/service/attest.rs @@ -4,18 +4,17 @@ use flexiber::{ }; use hex_literal::hex; use rand_core::RngCore; - -use crate::{ +use trussed_core::{ api::{reply::Attest as AttestReply, request, request::Attest as AttestRequest}, - error::Error, - key, mechanisms, - service::MechanismImpl, - store::certstore::Certstore, - store::keystore::Keystore, types::{ KeyId, KeySerialization, Location, Mechanism, Message, SignatureSerialization, StorageAttributes, }, + Error, +}; + +use crate::{ + key, mechanisms, service::MechanismImpl, store::certstore::Certstore, store::keystore::Keystore, }; #[cfg(not(feature = "test-attestation-cert-ids"))] diff --git a/src/store.rs b/src/store.rs index ac030a7f8d9..12608d146f6 100644 --- a/src/store.rs +++ b/src/store.rs @@ -72,9 +72,11 @@ //! - Alternative: subdirectory <==> RP hash, everything else in flat files //! - In any case need to "list dirs excluding . and .." or similar -use crate::error::Error; -use crate::types::{Bytes, Location}; use littlefs2_core::{path, DirEntry, Metadata, Path}; +use trussed_core::{ + types::{Bytes, Location}, + Error, +}; pub use littlefs2_core::{DynFile, DynFilesystem}; diff --git a/src/store/certstore.rs b/src/store/certstore.rs index 69b184f25f3..9c7d9a943c0 100644 --- a/src/store/certstore.rs +++ b/src/store/certstore.rs @@ -1,12 +1,12 @@ use littlefs2_core::{path, PathBuf}; use rand_chacha::ChaCha8Rng; - -use crate::{ - error::{Error, Result}, - store::{self, Store}, +use trussed_core::{ types::{CertId, Location, Message}, + Error, Result, }; +use crate::store::{self, Store}; + pub struct ClientCertstore where S: Store, diff --git a/src/store/counterstore.rs b/src/store/counterstore.rs index 6d0fc8eea38..d01bf948217 100644 --- a/src/store/counterstore.rs +++ b/src/store/counterstore.rs @@ -1,12 +1,12 @@ use littlefs2_core::{path, PathBuf}; use rand_chacha::ChaCha8Rng; - -use crate::{ - error::{Error, Result}, - store::{self, Store}, - types::{CounterId, Location}, +use trussed_core::{ + types::{Bytes, CounterId, Location}, + Error, Result, }; +use crate::store::{self, Store}; + pub struct ClientCounterstore where S: Store, @@ -37,7 +37,7 @@ impl ClientCounterstore { fn read_counter(&mut self, location: Location, id: CounterId) -> Result { let path = self.counter_path(id); - let mut bytes: crate::Bytes<16> = store::read(&self.store, location, &path)?; + let mut bytes: Bytes<16> = store::read(&self.store, location, &path)?; bytes.resize_zero(16).ok(); Ok(u128::from_le_bytes(bytes.as_slice().try_into().unwrap())) } diff --git a/src/store/filestore.rs b/src/store/filestore.rs index f9a5635710e..7b00b896f52 100644 --- a/src/store/filestore.rs +++ b/src/store/filestore.rs @@ -1,14 +1,13 @@ use core::cmp::Ordering; -use crate::{ - api::NotBefore, - error::{Error, Result}, - // service::ReadDirState, - store::{self, DynFilesystem, Store}, - types::{Location, Message, UserAttribute}, - Bytes, -}; use littlefs2_core::{path, DirEntry, Metadata, Path, PathBuf}; +use trussed_core::{ + types::NotBefore, + types::{Bytes, Location, Message, UserAttribute}, + Error, Result, +}; + +use crate::store::{self, DynFilesystem, Store}; #[derive(Clone)] pub struct ReadDirState { diff --git a/src/store/keystore.rs b/src/store/keystore.rs index 76ae8979243..463990c4e14 100644 --- a/src/store/keystore.rs +++ b/src/store/keystore.rs @@ -1,13 +1,14 @@ use littlefs2_core::{path, PathBuf}; use rand_chacha::ChaCha8Rng; +use trussed_core::{ + types::{Bytes, KeyId, Location}, + Error, Result, +}; use crate::{ config::MAX_KEY_MATERIAL_LENGTH, - error::{Error, Result}, key, store::{self, Store}, - types::{KeyId, Location}, - Bytes, }; pub type ClientId = PathBuf; diff --git a/src/tests.rs b/src/tests.rs index 1721607d77f..f6a79150290 100644 --- a/src/tests.rs +++ b/src/tests.rs @@ -7,13 +7,15 @@ use littlefs2::const_ram_storage; use littlefs2::fs::{Allocation, Filesystem}; use littlefs2_core::path; use rand_core::{CryptoRng, RngCore}; - #[cfg(any(feature = "p256", feature = "p384", feature = "p521",))] -use crate::types::{Mechanism, SignatureSerialization, StorageAttributes}; +use trussed_core::types::{Mechanism, SignatureSerialization, StorageAttributes}; +use trussed_core::{ + api, block, + types::{consent, reboot, Bytes, Location, PathBuf}, + CryptoClient as _, Error, FilesystemClient as _, +}; -use crate::client::{CryptoClient as _, FilesystemClient as _}; -use crate::types::{consent, reboot, ui, Bytes, Location, PathBuf}; -use crate::{api, block, platform, store, Error}; +use crate::{platform, store, types::ui}; pub struct MockRng(ChaCha20); @@ -268,7 +270,7 @@ fn sign_ed255() { // let mut client = setup!(); setup!(client); - use crate::client::mechanisms::{Ed255, P256}; + use trussed_core::mechanisms::{Ed255, P256}; let future = client .generate_ed255_private_key(Location::Internal) .expect("no client error"); @@ -319,7 +321,7 @@ fn sign_ed255() { #[test] #[serial] fn sign_p256() { - use crate::client::mechanisms::P256 as _; + use trussed_core::mechanisms::P256 as _; // let mut client = setup!(); setup!(client); let private_key = block!(client @@ -360,7 +362,7 @@ fn sign_p256() { #[serial] fn agree_p256() { // let mut client = setup!(); - use crate::client::mechanisms::P256; + use trussed_core::mechanisms::P256; setup!(client); let plat_private_key = block!(client .generate_p256_private_key(Location::Volatile) @@ -442,7 +444,7 @@ fn agree_p256() { #[test] #[serial] fn sign_p384() { - use crate::client::mechanisms::P384 as _; + use trussed_core::mechanisms::P384 as _; // let mut client = setup!(); setup!(client); let private_key = block!(client @@ -483,7 +485,7 @@ fn sign_p384() { #[serial] fn agree_p384() { // let mut client = setup!(); - use crate::client::mechanisms::P384; + use trussed_core::mechanisms::P384; setup!(client); let plat_private_key = block!(client .generate_p384_private_key(Location::Volatile) @@ -565,7 +567,7 @@ fn agree_p384() { #[test] #[serial] fn sign_p521() { - use crate::client::mechanisms::P521 as _; + use trussed_core::mechanisms::P521 as _; // let mut client = setup!(); setup!(client); let private_key = block!(client @@ -606,7 +608,7 @@ fn sign_p521() { #[serial] fn agree_p521() { // let mut client = setup!(); - use crate::client::mechanisms::P521; + use trussed_core::mechanisms::P521; setup!(client); let plat_private_key = block!(client .generate_p521_private_key(Location::Volatile) diff --git a/src/types.rs b/src/types.rs index 620151f7920..ababfd8f1b6 100644 --- a/src/types.rs +++ b/src/types.rs @@ -1,17 +1,9 @@ pub use generic_array::GenericArray; -pub use crate::Bytes; - pub use littlefs2_core::{DirEntry, Metadata, Path, PathBuf, Result as LfsResult}; -pub use trussed_core::types::{ - reboot, CertId, CounterId, Id, KeyId, KeySerialization, Location, Mechanism, MediumData, - Message, ObjectId, SerializedKey, ShortData, Signature, SignatureSerialization, SpecialId, - StorageAttributes, UserAttribute, -}; - -use crate::interrupt::InterruptFlag; use crate::store::filestore::{ReadDirFilesState, ReadDirState}; +use trussed_core::InterruptFlag; /// An empty struct not storing any data. #[derive(Clone, Copy, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] @@ -33,10 +25,6 @@ pub mod ui { } } -pub mod consent { - pub use trussed_core::types::consent::{Error, Level, Result}; -} - /// The context for a syscall (per client). /// /// The context stores the state used by the standard syscall implementations, see diff --git a/src/virt.rs b/src/virt.rs index 69bdc98b6cc..a1eb419b5ff 100644 --- a/src/virt.rs +++ b/src/virt.rs @@ -58,9 +58,9 @@ where /// Const generics are used to allow easy deconstruction in the callback arguments /// /// ```rust -///# use trussed::client::{Ed255, CryptoClient}; -///# use trussed::types::{Location, Mechanism}; -///# use trussed::syscall; +///# use trussed_core::{mechanisms::Ed255, CryptoClient}; +///# use trussed_core::types::{Location, Mechanism}; +///# use trussed_core::syscall; ///# use trussed::virt::{with_clients, StoreConfig}; /// with_clients(StoreConfig::ram(), ["client1", "client2"], |[mut client1, mut client2]| { /// let key = syscall!(client1.generate_ed255_private_key(Location::Internal)).key; diff --git a/src/virt/ui.rs b/src/virt/ui.rs index 0120448ab8e..c7732032a5a 100644 --- a/src/virt/ui.rs +++ b/src/virt/ui.rs @@ -1,9 +1,8 @@ use std::time::{Duration, Instant}; -use crate::{ - platform, - types::{consent::Level, reboot::To, ui::Status}, -}; +use trussed_core::types::{consent::Level, reboot::To}; + +use crate::{platform, types::ui::Status}; pub struct UserInterface { start_time: Instant, diff --git a/tests/aes256cbc.rs b/tests/aes256cbc.rs index ef70836b537..c41a7b1da99 100644 --- a/tests/aes256cbc.rs +++ b/tests/aes256cbc.rs @@ -1,14 +1,13 @@ -use trussed::client::CryptoClient; -use trussed::syscall; - mod client; -use trussed::types::Location::*; -use trussed::types::{Mechanism, StorageAttributes}; - use aes::Aes256; use cbc::cipher::{block_padding::ZeroPadding, BlockEncryptMut, KeyIvInit}; use sha2::digest::Digest; +use trussed_core::{ + syscall, + types::{Location::*, Mechanism, StorageAttributes}, + CryptoClient, +}; #[test] fn aes256cbc() { diff --git a/tests/backends.rs b/tests/backends.rs index 5c6d80166b9..24711f19cb0 100644 --- a/tests/backends.rs +++ b/tests/backends.rs @@ -1,14 +1,17 @@ use littlefs2_core::path; use trussed::{ - api::{reply::ReadFile, Reply, Request}, backend::{self, BackendId}, - client::FilesystemClient as _, - error::Error, platform, service::ServiceResources, - types::{CoreContext, Location, Message, PathBuf}, + types::CoreContext, virt::{self, StoreConfig}, }; +use trussed_core::{ + api::{reply::ReadFile, Reply, Request}, + syscall, try_syscall, + types::{Location, Message, PathBuf}, + Error, FilesystemClient as _, +}; type Client<'a> = virt::Client<'a, Dispatch>; @@ -60,11 +63,11 @@ fn run)>(backends: &'static [BackendId], f: F fn override_syscall() { let path = PathBuf::from(path!("test")); run(&[], |client| { - assert!(trussed::try_syscall!(client.read_file(Location::Internal, path.clone())).is_err()); + assert!(try_syscall!(client.read_file(Location::Internal, path.clone())).is_err()); }); run(BACKENDS_TEST, |client| { assert_eq!( - trussed::syscall!(client.read_file(Location::Internal, path.clone())).data, + syscall!(client.read_file(Location::Internal, path.clone())).data, &[0xff] ); }) diff --git a/tests/certificate.rs b/tests/certificate.rs index a1edf22095c..b211ca18978 100644 --- a/tests/certificate.rs +++ b/tests/certificate.rs @@ -1,6 +1,6 @@ mod client; -use trussed::{client::CertificateClient as _, syscall, try_syscall, types::Location::*}; +use trussed_core::{syscall, try_syscall, types::Location::*, CertificateClient as _}; #[test] fn certificate_client() { diff --git a/tests/counter.rs b/tests/counter.rs index 2927024d4ea..12501403c29 100644 --- a/tests/counter.rs +++ b/tests/counter.rs @@ -1,6 +1,6 @@ mod client; -use trussed::{client::CounterClient as _, syscall, types::Location::*}; +use trussed_core::{syscall, types::Location::*, CounterClient as _}; // #[test] // fn counter_implementation() { diff --git a/tests/filesystem.rs b/tests/filesystem.rs index f8c1ee068b5..ab5ab6a0480 100644 --- a/tests/filesystem.rs +++ b/tests/filesystem.rs @@ -1,11 +1,10 @@ use std::assert_eq; use littlefs2_core::path; -use trussed::{ - client::{CryptoClient, FilesystemClient}, - error::Error, +use trussed_core::{ syscall, try_syscall, types::{Bytes, Location, Mechanism, PathBuf, StorageAttributes}, + CryptoClient, Error, FilesystemClient, }; mod client; diff --git a/tests/interchange_size.rs b/tests/interchange_size.rs index 7640baf6e3c..ccfae701538 100644 --- a/tests/interchange_size.rs +++ b/tests/interchange_size.rs @@ -1,6 +1,6 @@ use std::mem::size_of; -use trussed::api::{Reply, Request}; +use trussed_core::api::{Reply, Request}; // Used to keep track #[test] diff --git a/tests/key_confusion.rs b/tests/key_confusion.rs index d09fcb88e90..f8b6b8f9653 100644 --- a/tests/key_confusion.rs +++ b/tests/key_confusion.rs @@ -1,13 +1,12 @@ -use serial_test::serial; -use trussed::client::mechanisms::{P256, X255}; -use trussed::client::CryptoClient; -use trussed::error::Error; -use trussed::types::{KeyId, Mechanism, SignatureSerialization}; -use trussed::{syscall, try_syscall}; - mod client; -use trussed::types::Location::*; +use serial_test::serial; +use trussed_core::{ + mechanisms::{P256, X255}, + syscall, try_syscall, + types::{KeyId, Location::*, Mechanism, SignatureSerialization}, + CryptoClient, Error, +}; fn assert_sign_mechanims_reject(key: KeyId, client: &mut impl CryptoClient) { for m in [ diff --git a/tests/p256.rs b/tests/p256.rs index 4a565853b5d..3025d18db7c 100644 --- a/tests/p256.rs +++ b/tests/p256.rs @@ -1,11 +1,11 @@ -use trussed::client::mechanisms::{HmacSha256, P256}; -use trussed::client::CryptoClient; -use trussed::types::{KeySerialization, Mechanism, StorageAttributes}; -use trussed::{syscall, try_syscall}; - mod client; -use trussed::types::Location::*; +use trussed_core::{ + mechanisms::{HmacSha256, P256}, + syscall, try_syscall, + types::{KeySerialization, Location::*, Mechanism, StorageAttributes}, + CryptoClient, +}; #[test] fn p256_agree() { diff --git a/tests/serde_extensions.rs b/tests/serde_extensions.rs index 134ffb6d236..ed9ad491e0d 100644 --- a/tests/serde_extensions.rs +++ b/tests/serde_extensions.rs @@ -26,9 +26,9 @@ use trussed::{ backend::BackendId, - types::ShortData, virt::{self, StoreConfig}, }; +use trussed_core::{syscall, try_syscall, types::ShortData}; use runner::Backends; @@ -36,10 +36,10 @@ type Client<'a> = virt::Client<'a, Backends>; mod extensions { use serde::{Deserialize, Serialize}; - use trussed::{ - error::Error, + use trussed_core::{ serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::ShortData, + Error, }; pub struct TestExtension; @@ -214,13 +214,10 @@ mod backends { }; use trussed::{ - backend::Backend, - error::Error, - platform::Platform, - serde_extensions::ExtensionImpl, - service::ServiceResources, - types::{CoreContext, ShortData}, + backend::Backend, platform::Platform, serde_extensions::ExtensionImpl, + service::ServiceResources, types::CoreContext, }; + use trussed_core::{types::ShortData, Error}; #[derive(Default)] pub struct TestContext { @@ -387,20 +384,20 @@ fn test_extension() { let msg = ShortData::from(&[0x01, 0x02, 0x03]); let rev = ShortData::from(&[0x03, 0x02, 0x01]); run(&[], |client| { - assert!(trussed::try_syscall!(client.reverse(msg.clone())).is_err()); + assert!(try_syscall!(client.reverse(msg.clone())).is_err()); }); run(runner::BACKENDS_TEST1, |client| { - assert_eq!(trussed::syscall!(client.test_calls()).calls, 0); - assert_eq!(trussed::syscall!(client.reverse(msg.clone())).s, rev); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 1); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 1); - assert_eq!(trussed::syscall!(client.reverse(msg.clone())).s, rev); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 2); + assert_eq!(syscall!(client.test_calls()).calls, 0); + assert_eq!(syscall!(client.reverse(msg.clone())).s, rev); + assert_eq!(syscall!(client.test_calls()).calls, 1); + assert_eq!(syscall!(client.test_calls()).calls, 1); + assert_eq!(syscall!(client.reverse(msg.clone())).s, rev); + assert_eq!(syscall!(client.test_calls()).calls, 2); }); run(runner::BACKENDS_TEST2, |client| { - assert_eq!(trussed::syscall!(client.test_calls()).calls, 0); - assert_eq!(trussed::syscall!(client.reverse(msg.clone())).s, rev); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 1); + assert_eq!(syscall!(client.test_calls()).calls, 0); + assert_eq!(syscall!(client.reverse(msg.clone())).s, rev); + assert_eq!(syscall!(client.test_calls()).calls, 1); }); } @@ -413,25 +410,25 @@ fn sample_extension() { let rev = ShortData::from(&[4, 3, 2, 1]); let trunc = ShortData::from(&[1, 2, 3]); run(&[], |client| { - assert!(trussed::try_syscall!(client.truncate(msg.clone())).is_err()); + assert!(try_syscall!(client.truncate(msg.clone())).is_err()); }); run(runner::BACKENDS_SAMPLE1, |client| { - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 0); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 0); - assert_eq!(trussed::syscall!(client.reverse(msg.clone())).s, rev); - assert_eq!(trussed::syscall!(client.truncate(msg.clone())).s, trunc); + assert_eq!(syscall!(client.sample_calls()).calls, 0); + assert_eq!(syscall!(client.test_calls()).calls, 0); + assert_eq!(syscall!(client.reverse(msg.clone())).s, rev); + assert_eq!(syscall!(client.truncate(msg.clone())).s, trunc); // the sample backend has but one context that is shared for its // implementation of the extensions, so the calls increment together. - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 2); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 2); - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 2); - assert_eq!(trussed::syscall!(client.truncate(msg.clone())).s, trunc); - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 3); + assert_eq!(syscall!(client.sample_calls()).calls, 2); + assert_eq!(syscall!(client.test_calls()).calls, 2); + assert_eq!(syscall!(client.sample_calls()).calls, 2); + assert_eq!(syscall!(client.truncate(msg.clone())).s, trunc); + assert_eq!(syscall!(client.sample_calls()).calls, 3); }); run(runner::BACKENDS_SAMPLE2, |client| { - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 0); - assert_eq!(trussed::syscall!(client.truncate(msg.clone())).s, trunc); - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 1); + assert_eq!(syscall!(client.sample_calls()).calls, 0); + assert_eq!(syscall!(client.truncate(msg.clone())).s, trunc); + assert_eq!(syscall!(client.sample_calls()).calls, 1); }); } @@ -444,16 +441,16 @@ fn mixed_extension() { let rev = ShortData::from(&[4, 3, 2, 1]); let trunc = ShortData::from(&[1, 2, 3]); run(runner::BACKENDS_MIXED, |client| { - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 0); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 0); - assert_eq!(trussed::syscall!(client.reverse(msg.clone())).s, rev); - assert_eq!(trussed::syscall!(client.truncate(msg.clone())).s, trunc); + assert_eq!(syscall!(client.sample_calls()).calls, 0); + assert_eq!(syscall!(client.test_calls()).calls, 0); + assert_eq!(syscall!(client.reverse(msg.clone())).s, rev); + assert_eq!(syscall!(client.truncate(msg.clone())).s, trunc); // the test backend is placed before the sample backend here, // and so it "catches" the reverse call, leading to single incrementations // of each call counter. - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 1); - assert_eq!(trussed::syscall!(client.test_calls()).calls, 1); - assert_eq!(trussed::syscall!(client.truncate(msg.clone())).s, trunc); - assert_eq!(trussed::syscall!(client.sample_calls()).calls, 2); + assert_eq!(syscall!(client.sample_calls()).calls, 1); + assert_eq!(syscall!(client.test_calls()).calls, 1); + assert_eq!(syscall!(client.truncate(msg.clone())).s, trunc); + assert_eq!(syscall!(client.sample_calls()).calls, 2); }); } diff --git a/tests/tdes.rs b/tests/tdes.rs index b5e01869122..5cd862fd8d8 100644 --- a/tests/tdes.rs +++ b/tests/tdes.rs @@ -1,13 +1,11 @@ -use trussed::client::CryptoClient; -use trussed::syscall; - mod client; -use trussed::types::KeySerialization; -use trussed::types::Location::*; -use trussed::types::Mechanism; - use hex_literal::hex; +use trussed_core::{ + syscall, + types::{KeySerialization, Location::*, Mechanism}, + CryptoClient, +}; #[test] fn tdes() { diff --git a/tests/virt.rs b/tests/virt.rs index 135a8f7c6d6..a0ec93a2956 100644 --- a/tests/virt.rs +++ b/tests/virt.rs @@ -1,10 +1,10 @@ use littlefs2_core::path; use std::time::Duration; -use trussed::{ - client::{FilesystemClient as _, ManagementClient as _}, +use trussed::virt; +use trussed_core::{ syscall, types::{Bytes, Location, PathBuf}, - virt, + FilesystemClient as _, ManagementClient as _, }; fn run_test(data: u8) { diff --git a/tests/x255.rs b/tests/x255.rs index d23d9870450..e97adedaa2f 100644 --- a/tests/x255.rs +++ b/tests/x255.rs @@ -1,11 +1,11 @@ -use trussed::client::mechanisms::{HmacSha256, X255}; -use trussed::client::CryptoClient; -use trussed::types::{KeySerialization, Mechanism, StorageAttributes}; -use trussed::{syscall, try_syscall}; - mod client; -use trussed::types::Location::*; +use trussed_core::{ + mechanisms::{HmacSha256, X255}, + syscall, try_syscall, + types::{KeySerialization, Location::*, Mechanism, StorageAttributes}, + CryptoClient, +}; #[test] fn x255_agree() { From e4a6719328771663a3dd9916156b318e236585e5 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 5 Jun 2026 09:54:16 +0200 Subject: [PATCH 3/7] Remove unused GenericArray reexport MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We don’t use GenericArray in our public API. --- src/types.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/types.rs b/src/types.rs index ababfd8f1b6..bc191958a23 100644 --- a/src/types.rs +++ b/src/types.rs @@ -1,5 +1,3 @@ -pub use generic_array::GenericArray; - pub use littlefs2_core::{DirEntry, Metadata, Path, PathBuf, Result as LfsResult}; use crate::store::filestore::{ReadDirFilesState, ReadDirState}; From cc32295f4c44829613f2b13d61a02deb013033ca Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 5 Jun 2026 10:39:39 +0200 Subject: [PATCH 4/7] Remove cbor-smol reexport cbor-smol is only an implementation detail of the ed255 and p256 mechanisms and should not be part of the public API. --- src/lib.rs | 4 +--- src/mechanisms/p256.rs | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 775bc618493..cf506e654c3 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -48,9 +48,7 @@ pub use client::ClientImplementation; pub use platform::Platform; pub use service::Service; -pub use cbor_smol::cbor_deserialize; - -pub fn cbor_serialize_bytes( +fn cbor_serialize_bytes( object: &T, ) -> cbor_smol::Result> { let mut data = heapless_bytes::Bytes::new(); diff --git a/src/mechanisms/p256.rs b/src/mechanisms/p256.rs index dae466b6ad2..f22754fff7a 100644 --- a/src/mechanisms/p256.rs +++ b/src/mechanisms/p256.rs @@ -115,7 +115,7 @@ impl MechanismImpl for super::P256 { KeySerialization::Cose => { // TODO: this should all be done upstream let cose_public_key: cosey::P256PublicKey = - crate::cbor_deserialize(&request.serialized_key) + cbor_smol::cbor_deserialize(&request.serialized_key) .map_err(|_| Error::CborError)?; let mut serialized_key = [0u8; 64]; if cose_public_key.x.len() != 32 || cose_public_key.y.len() != 32 { @@ -132,7 +132,7 @@ impl MechanismImpl for super::P256 { KeySerialization::EcdhEsHkdf256 => { // TODO: this should all be done upstream let cose_public_key: cosey::EcdhEsHkdf256PublicKey = - crate::cbor_deserialize(&request.serialized_key) + cbor_smol::cbor_deserialize(&request.serialized_key) .map_err(|_| Error::CborError)?; let mut serialized_key = [0u8; 64]; if cose_public_key.x.len() != 32 || cose_public_key.y.len() != 32 { From 565f29f48c8d49f9bbaabc0e219c26882ef9beac Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 5 Jun 2026 10:12:21 +0200 Subject: [PATCH 5/7] Flatten (public) module structure --- src/client.rs | 2 +- src/lib.rs | 7 ++++--- src/mechanisms/aead.rs | 2 +- src/mechanisms/aes256cbc.rs | 2 +- src/mechanisms/aes256gcm.rs | 2 +- src/mechanisms/chacha8poly1305.rs | 2 +- src/mechanisms/ed255.rs | 2 +- src/mechanisms/hmacblake2s.rs | 2 +- src/mechanisms/hmacsha1.rs | 2 +- src/mechanisms/hmacsha256.rs | 2 +- src/mechanisms/hmacsha512.rs | 2 +- src/mechanisms/p256.rs | 2 +- src/mechanisms/p384.rs | 2 +- src/mechanisms/p521.rs | 2 +- src/mechanisms/sha256.rs | 2 +- src/mechanisms/shared_secret.rs | 2 +- src/mechanisms/tdes.rs | 2 +- src/mechanisms/totp.rs | 2 +- src/mechanisms/trng.rs | 2 +- src/mechanisms/x255.rs | 2 +- src/service.rs | 6 ++---- src/service/attest.rs | 4 +++- src/store.rs | 13 +++++++++---- src/store/keystore.rs | 2 -- src/types.rs | 2 +- 25 files changed, 38 insertions(+), 34 deletions(-) diff --git a/src/client.rs b/src/client.rs index 3801ab8315b..c2a78014e86 100644 --- a/src/client.rs +++ b/src/client.rs @@ -87,7 +87,7 @@ use crate::pipe::TrussedRequester; use crate::platform::Syscall; #[cfg(feature = "crypto-client")] -pub mod mechanisms; +mod mechanisms; /// All-in-one trait bounding on the sub-traits. #[cfg(feature = "all-clients")] diff --git a/src/lib.rs b/src/lib.rs index cf506e654c3..63f4b3597b7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -24,12 +24,13 @@ generate_macros!(); pub use interchange::Interchange; +mod client; +#[cfg(feature = "crypto-client")] +mod mechanisms; + pub mod backend; -pub mod client; pub mod config; pub mod key; -#[cfg(feature = "crypto-client")] -mod mechanisms; pub mod pipe; pub mod platform; #[cfg(feature = "serde-extensions")] diff --git a/src/mechanisms/aead.rs b/src/mechanisms/aead.rs index bca171f33ff..3a05871f735 100644 --- a/src/mechanisms/aead.rs +++ b/src/mechanisms/aead.rs @@ -9,7 +9,7 @@ use trussed_core::{ Error, }; -use crate::{key, store::keystore::Keystore}; +use crate::{key, store::Keystore}; pub struct Aead { mechanism: Mechanism, diff --git a/src/mechanisms/aes256cbc.rs b/src/mechanisms/aes256cbc.rs index f5c08982b9d..b84c8135a79 100644 --- a/src/mechanisms/aes256cbc.rs +++ b/src/mechanisms/aes256cbc.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; const AES256_KEY_SIZE: usize = 32; diff --git a/src/mechanisms/aes256gcm.rs b/src/mechanisms/aes256gcm.rs index b7724a3a34c..9b1eede83a5 100644 --- a/src/mechanisms/aes256gcm.rs +++ b/src/mechanisms/aes256gcm.rs @@ -5,7 +5,7 @@ use trussed_core::{ Error, }; -use crate::{service::MechanismImpl, store::keystore::Keystore}; +use crate::{service::MechanismImpl, store::Keystore}; type KeyNonceSize = U44; type Aead = super::aead::Aead; diff --git a/src/mechanisms/chacha8poly1305.rs b/src/mechanisms/chacha8poly1305.rs index f1e74684e1c..1ba9865caa3 100644 --- a/src/mechanisms/chacha8poly1305.rs +++ b/src/mechanisms/chacha8poly1305.rs @@ -5,7 +5,7 @@ use trussed_core::{ Error, }; -use crate::{service::MechanismImpl, store::keystore::Keystore}; +use crate::{service::MechanismImpl, store::Keystore}; type KeyNonceSize = U44; type Aead = super::aead::Aead; diff --git a/src/mechanisms/ed255.rs b/src/mechanisms/ed255.rs index f3f6bbdefbb..e390ed40c4c 100644 --- a/src/mechanisms/ed255.rs +++ b/src/mechanisms/ed255.rs @@ -7,7 +7,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; #[inline(never)] fn load_public_key( diff --git a/src/mechanisms/hmacblake2s.rs b/src/mechanisms/hmacblake2s.rs index b3d529df9ac..c8091d46d69 100644 --- a/src/mechanisms/hmacblake2s.rs +++ b/src/mechanisms/hmacblake2s.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; impl MechanismImpl for super::HmacBlake2s { #[inline(never)] diff --git a/src/mechanisms/hmacsha1.rs b/src/mechanisms/hmacsha1.rs index 7bf757e8cbc..d99ce6103bc 100644 --- a/src/mechanisms/hmacsha1.rs +++ b/src/mechanisms/hmacsha1.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; impl MechanismImpl for super::HmacSha1 { #[inline(never)] diff --git a/src/mechanisms/hmacsha256.rs b/src/mechanisms/hmacsha256.rs index d19d0be3a97..472c18f5787 100644 --- a/src/mechanisms/hmacsha256.rs +++ b/src/mechanisms/hmacsha256.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; impl MechanismImpl for super::HmacSha256 { #[inline(never)] diff --git a/src/mechanisms/hmacsha512.rs b/src/mechanisms/hmacsha512.rs index 81dfea9c2ab..6f2564c2e76 100644 --- a/src/mechanisms/hmacsha512.rs +++ b/src/mechanisms/hmacsha512.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; impl MechanismImpl for super::HmacSha512 { #[inline(never)] diff --git a/src/mechanisms/p256.rs b/src/mechanisms/p256.rs index f22754fff7a..62f3b6fdd9f 100644 --- a/src/mechanisms/p256.rs +++ b/src/mechanisms/p256.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; #[inline(never)] fn load_secret_key( diff --git a/src/mechanisms/p384.rs b/src/mechanisms/p384.rs index 012caf4bab5..a1eb9b7f8dc 100644 --- a/src/mechanisms/p384.rs +++ b/src/mechanisms/p384.rs @@ -14,7 +14,7 @@ use trussed_core::{ }; use super::{P384Prehashed, P384}; -use crate::{key, service::MechanismImpl, store::keystore::Keystore}; +use crate::{key, service::MechanismImpl, store::Keystore}; const SCALAR_SIZE: usize = 48; diff --git a/src/mechanisms/p521.rs b/src/mechanisms/p521.rs index a95b1b22bf5..8d177be6a91 100644 --- a/src/mechanisms/p521.rs +++ b/src/mechanisms/p521.rs @@ -14,7 +14,7 @@ use trussed_core::{ }; use super::{P521Prehashed, P521}; -use crate::{key, service::MechanismImpl, store::keystore::Keystore}; +use crate::{key, service::MechanismImpl, store::Keystore}; const SCALAR_SIZE: usize = 66; diff --git a/src/mechanisms/sha256.rs b/src/mechanisms/sha256.rs index 0f457683358..e43ed627cee 100644 --- a/src/mechanisms/sha256.rs +++ b/src/mechanisms/sha256.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; impl MechanismImpl for super::Sha256 { #[inline(never)] diff --git a/src/mechanisms/shared_secret.rs b/src/mechanisms/shared_secret.rs index 3e009994cd2..58a6d0edac9 100644 --- a/src/mechanisms/shared_secret.rs +++ b/src/mechanisms/shared_secret.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; impl MechanismImpl for super::SharedSecret { #[inline(never)] diff --git a/src/mechanisms/tdes.rs b/src/mechanisms/tdes.rs index 293ba45688b..322b2b1567c 100644 --- a/src/mechanisms/tdes.rs +++ b/src/mechanisms/tdes.rs @@ -15,7 +15,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; const TDES_KEY_SIZE: usize = 24; diff --git a/src/mechanisms/totp.rs b/src/mechanisms/totp.rs index ed8c507159b..d46b11a5eae 100644 --- a/src/mechanisms/totp.rs +++ b/src/mechanisms/totp.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; // code copied from https://github.com/avacariu/rust-oath diff --git a/src/mechanisms/trng.rs b/src/mechanisms/trng.rs index cece46fe319..b700a1dea8a 100644 --- a/src/mechanisms/trng.rs +++ b/src/mechanisms/trng.rs @@ -6,7 +6,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; impl MechanismImpl for super::Trng { fn generate_key( diff --git a/src/mechanisms/x255.rs b/src/mechanisms/x255.rs index c8ea9035905..e0a6c963c0a 100644 --- a/src/mechanisms/x255.rs +++ b/src/mechanisms/x255.rs @@ -8,7 +8,7 @@ use trussed_core::{ use crate::key; use crate::service::MechanismImpl; -use crate::store::keystore::Keystore; +use crate::store::Keystore; fn load_public_key( keystore: &mut impl Keystore, diff --git a/src/service.rs b/src/service.rs index dba7061c919..83feb5653c1 100644 --- a/src/service.rs +++ b/src/service.rs @@ -15,10 +15,8 @@ use crate::mechanisms; use crate::pipe::ServiceEndpoint; use crate::platform::{Platform, UserInterface}; use crate::store::{ - certstore::{Certstore as _, ClientCertstore}, - counterstore::{ClientCounterstore, Counterstore as _}, - filestore::{ClientFilestore, Filestore}, - keystore::{ClientKeystore, Keystore}, + Certstore as _, ClientCertstore, ClientCounterstore, ClientFilestore, ClientKeystore, + Counterstore as _, Filestore, Keystore, }; use crate::types::ui::{self, Status}; use crate::types::{Context, CoreContext}; diff --git a/src/service/attest.rs b/src/service/attest.rs index a0d12444d0a..53d314527e3 100644 --- a/src/service/attest.rs +++ b/src/service/attest.rs @@ -14,7 +14,9 @@ use trussed_core::{ }; use crate::{ - key, mechanisms, service::MechanismImpl, store::certstore::Certstore, store::keystore::Keystore, + key, mechanisms, + service::MechanismImpl, + store::{Certstore, Keystore}, }; #[cfg(not(feature = "test-attestation-cert-ids"))] diff --git a/src/store.rs b/src/store.rs index 12608d146f6..1105229267c 100644 --- a/src/store.rs +++ b/src/store.rs @@ -80,10 +80,15 @@ use trussed_core::{ pub use littlefs2_core::{DynFile, DynFilesystem}; -pub mod certstore; -pub mod counterstore; -pub mod filestore; -pub mod keystore; +mod certstore; +mod counterstore; +mod filestore; +mod keystore; + +pub use certstore::{Certstore, ClientCertstore}; +pub use counterstore::{ClientCounterstore, Counter, Counterstore}; +pub use filestore::{ClientFilestore, Filestore, ReadDirFilesState, ReadDirState}; +pub use keystore::{ClientKeystore, Keystore}; // pub type FileContents = Bytes; diff --git a/src/store/keystore.rs b/src/store/keystore.rs index 463990c4e14..fe8dcc0bbef 100644 --- a/src/store/keystore.rs +++ b/src/store/keystore.rs @@ -32,8 +32,6 @@ impl ClientKeystore { } } -pub const SERIALIZATION_VERSION: u8 = 0; - /// Trait intended for use by mechanism implementations. pub trait Keystore { // fn store(&self, key: Key, location: Location) -> Result; diff --git a/src/types.rs b/src/types.rs index bc191958a23..6aa63bcf788 100644 --- a/src/types.rs +++ b/src/types.rs @@ -1,6 +1,6 @@ pub use littlefs2_core::{DirEntry, Metadata, Path, PathBuf, Result as LfsResult}; -use crate::store::filestore::{ReadDirFilesState, ReadDirState}; +use crate::store::{ReadDirFilesState, ReadDirState}; use trussed_core::InterruptFlag; /// An empty struct not storing any data. From 60eab87d301b1a889704794f8196535b8b95bce5 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 5 Jun 2026 10:37:31 +0200 Subject: [PATCH 6/7] Remove unused dependencies and make dependencies optional if possible --- Cargo.toml | 62 +++++++++++++++++++++++++++--------------------------- src/lib.rs | 1 + 2 files changed, 32 insertions(+), 31 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b76f92a6fe4..c7d50a8832c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,12 +32,8 @@ trussed-core = "0.2.2" # general bitflags = { version = "2.1" } -# const-oid = "0.4.5" -cfg-if = "1.0" -flexiber = { version = "0.2.0", features = ["derive", "heapless"] } -generic-array = "0.14.4" -hex-literal = "0.4.1" -nb = "1" +generic-array = { version = "0.14.4", optional = true } +hex-literal = { version = "0.4.1", optional = true } postcard.workspace = true rand_core.workspace = true serde.workspace = true @@ -46,38 +42,42 @@ rand_chacha = { version = "0.3.1", default-features = false } # RustCrypto aead = { version = "0.5", default-features = false, optional = true } -aes = { version = "0.8", default-features = false } +aes = { version = "0.8", default-features = false, optional = true } aes-gcm = { version = "0.10", default-features = false, features = ["aes"], optional = true } -cbc = "0.1.2" +cbc = { version = "0.1.2", optional = true } cipher = { version = "0.4", optional = true } blake2 = { version = "0.10", default-features = false, optional = true } -chacha20 = { version = "0.9", default-features = false } -chacha20poly1305 = { version = "0.10", default-features = false, features = ["reduced-round"] } +chacha20poly1305 = { version = "0.10", default-features = false, features = ["reduced-round"], optional = true } des = { version = "0.8", optional = true } -hmac = "0.12" +hmac = { version = "0.12", optional = true } sha-1 = { version = "0.10", default-features = false, optional = true } -sha2 = { version = "0.10", default-features = false } +sha2 = { version = "0.10", default-features = false, optional = true } # ours -cosey = "0.4" +cbor-smol = { version = "0.5", features = ["heapless-bytes-v0-5"], optional = true } +cosey = { version = "0.4", optional = true } delog = "0.1.0" -cbor-smol = { version = "0.5", features = ["heapless-bytes-v0-5"] } +flexiber = { version = "0.2.0", features = ["derive", "heapless"], optional = true } heapless-bytes = { workspace = true, features = ["heapless-0.9"] } interchange = "0.3.0" littlefs2 = "0.7.0" littlefs2-core = { workspace = true, features = ["heapless-bytes05"] } -p256-cortex-m4 = { version = "0.1.0-alpha.6", features = ["prehash", "sec1-signatures"] } -salty = "0.3" +p256-cortex-m4 = { version = "0.1.0-alpha.6", features = ["prehash", "sec1-signatures"], optional = true } +salty = { version = "0.3", optional = true } p384 = { version = "0.13.0", optional = true, default-features = false, features = ["sha384", "ecdh", "ecdsa"] } p521 = { version = "0.13.3", optional = true, default-features = false, features = ["sha512", "ecdh", "ecdsa"] } ecdsa = { version = "0.16.9", optional = true, default-features = false } [dev-dependencies] # Testing +chacha20 = { version = "0.9", default-features = false } serial_test = { version = "2" } entropy = "0.4.0" +generic-array = "0.14.4" +hex-literal = "0.4.1" once_cell = "1.13.0" serde_test = "1" +sha2 = { version = "0.10", default-features = false } trussed-derive = { path = "derive" } littlefs2 = "0.7" # Somehow, this is causing a regression. @@ -89,7 +89,7 @@ serde-extensions = ["trussed-core/serde-extensions"] std = [] verbose-tests = ["littlefs2/ll-assertions"] verbose-lfs = ["littlefs2/ll-assertions", "littlefs2/ll-trace"] -virt = ["std", "littlefs2/alloc"] +virt = ["std", "littlefs2/alloc", "dep:generic-array"] log-all = [] log-none = [] @@ -118,23 +118,23 @@ default-mechanisms = [ "totp", "trng", ] -aes256-cbc = ["trussed-core/aes256-cbc"] +aes256-cbc = ["trussed-core/aes256-cbc", "dep:aes", "dep:cbc"] aes256-gcm = ["trussed-core/aes256-gcm", "dep:aead", "dep:aes-gcm", "dep:cipher"] -chacha8-poly1305 = ["trussed-core/chacha8-poly1305", "dep:aead", "dep:cipher"] -ed255 = ["trussed-core/ed255"] -x255 = ["trussed-core/x255"] -hmac-blake2s = ["trussed-core/hmac-blake2s", "blake2"] -hmac-sha1 = ["trussed-core/hmac-sha1", "sha-1"] -hmac-sha256 = ["trussed-core/hmac-sha256"] -hmac-sha512 = ["trussed-core/hmac-sha512"] -p256 = ["trussed-core/p256"] +chacha8-poly1305 = ["trussed-core/chacha8-poly1305", "dep:aead", "dep:chacha20poly1305", "dep:cipher"] +ed255 = ["trussed-core/ed255", "dep:cbor-smol", "dep:cosey", "dep:salty"] +x255 = ["trussed-core/x255", "dep:salty"] +hmac-blake2s = ["trussed-core/hmac-blake2s", "dep:blake2", "dep:hmac"] +hmac-sha1 = ["trussed-core/hmac-sha1", "dep:hmac", "dep:sha-1"] +hmac-sha256 = ["trussed-core/hmac-sha256", "dep:hmac", "dep:sha2"] +hmac-sha512 = ["trussed-core/hmac-sha512", "dep:hmac", "dep:sha2"] +p256 = ["trussed-core/p256", "dep:cbor-smol", "dep:cosey", "dep:p256-cortex-m4"] p384 = ["trussed-core/p384", "dep:p384"] p521 = ["trussed-core/p521", "dep:p521", "dep:ecdsa"] -sha256 = ["trussed-core/sha256"] +sha256 = ["trussed-core/sha256", "dep:sha2"] shared-secret = ["trussed-core/shared-secret"] -tdes = ["trussed-core/tdes", "des"] -totp = ["trussed-core/totp", "sha-1"] -trng = ["trussed-core/trng", "sha-1"] +tdes = ["trussed-core/tdes", "dep:des", "dep:generic-array"] +totp = ["trussed-core/totp", "dep:hmac", "dep:sha-1"] +trng = ["trussed-core/trng", "dep:sha-1"] # clients all-clients = [ @@ -146,7 +146,7 @@ all-clients = [ "management-client", "ui-client", ] -attestation-client = ["crypto-client", "ed255", "p256", "trussed-core/attestation-client"] +attestation-client = ["crypto-client", "ed255", "p256", "trussed-core/attestation-client", "dep:flexiber", "dep:hex-literal"] certificate-client = ["trussed-core/certificate-client"] crypto-client = ["trussed-core/crypto-client"] counter-client = ["trussed-core/counter-client"] diff --git a/src/lib.rs b/src/lib.rs index 63f4b3597b7..e5a24822b71 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -49,6 +49,7 @@ pub use client::ClientImplementation; pub use platform::Platform; pub use service::Service; +#[cfg(any(feature = "ed255", feature = "p256"))] fn cbor_serialize_bytes( object: &T, ) -> cbor_smol::Result> { From 93f82f7c4e5811b9e0b6ef445dfc08be9cc821d7 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 5 Jun 2026 10:46:59 +0200 Subject: [PATCH 7/7] Release v0.2.0-rc.1 --- CHANGELOG.md | 11 +++++++++-- Cargo.toml | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5bf5ea2fd26..462d92a0359 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +[Unreleased]: https://github.com/trussed-dev/trussed/compare/v0.2.0-rc.1...HEAD + +- + +## [0.2.0-rc.1] - 2026-06-05 + +[0.2.0-rc.1]: https://github.com/trussed-dev/trussed/releases/tag/v0.2.0-rc.1 + ### Added - Added `init_raw` constructor for types generated by the `store!` macro. @@ -102,5 +110,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Initial release. -[Unreleased]: https://github.com/trussed-dev/trussed/compare/0.1.0...HEAD -[0.1.0]: https://github.com/trussed-dev/trussed/releases/tag/v0.1.0 +[0.1.0]: https://github.com/trussed-dev/trussed/releases/tag/0.1.0 diff --git a/Cargo.toml b/Cargo.toml index c7d50a8832c..74c2c397489 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,7 +17,7 @@ serde = { version = "1.0", default-features = false, features = ["derive"] } [package] name = "trussed" -version = "0.1.0" +version = "0.2.0-rc.1" description = "Modern Cryptographic Firmware" readme = "README.md"