From 74d71e0afed5347d4ebb535ea36dd454568ffd4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Fri, 29 Aug 2025 16:33:54 +0200 Subject: [PATCH 1/3] Update trussed for heapless 0.9 --- Cargo.toml | 6 +++--- extensions/chunked/Cargo.toml | 2 +- extensions/chunked/src/lib.rs | 6 +++--- extensions/chunked/src/utils.rs | 2 +- extensions/fs-info/src/lib.rs | 2 +- extensions/hkdf/src/lib.rs | 2 +- extensions/hpke/src/lib.rs | 2 +- extensions/manage/src/lib.rs | 2 +- extensions/wrap-key-to-file/Cargo.toml | 2 +- extensions/wrap-key-to-file/src/lib.rs | 6 +++--- 10 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 9ab72e4..71d6c8d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -58,7 +58,7 @@ trussed-fs-info = { version = "0.2.0", optional = true } [dev-dependencies] hex-literal = "0.4.0" hmac = "0.12.0" -trussed = { version = "0.1.0", default-features = false, features = ["aes256-cbc", "crypto-client", "filesystem-client", "hmac-sha256", "virt", "x255"] } +trussed = { version = "0.1.0", default-features = false, features = ["aes256-cbc", "hmac-sha256", "virt", "x255"] } [features] default = [] @@ -83,8 +83,8 @@ log-warn = [] log-error = [] [patch.crates-io] -trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "ac106d63ab5e19021b0e37f0efb4313f8168a110" } - +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae" } +trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae"} trussed-chunked = { path = "extensions/chunked" } trussed-hkdf = { path = "extensions/hkdf" } trussed-hpke = { path = "extensions/hpke" } diff --git a/extensions/chunked/Cargo.toml b/extensions/chunked/Cargo.toml index b387e65..f00a803 100644 --- a/extensions/chunked/Cargo.toml +++ b/extensions/chunked/Cargo.toml @@ -13,4 +13,4 @@ license.workspace = true [dependencies] serde.workspace = true serde-byte-array.workspace = true -trussed-core = { workspace = true, features = ["filesystem-client"] } +trussed-core = { workspace = true, features = ["filesystem-client"]} diff --git a/extensions/chunked/src/lib.rs b/extensions/chunked/src/lib.rs index ad408bb..09a4c16 100644 --- a/extensions/chunked/src/lib.rs +++ b/extensions/chunked/src/lib.rs @@ -10,9 +10,9 @@ pub mod utils; use serde::{Deserialize, Serialize}; use serde_byte_array::ByteArray; use trussed_core::{ + client::FilesystemClient, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::{KeyId, Location, Message, PathBuf, UserAttribute}, - FilesystemClient, }; pub const CHACHA8_STREAM_NONCE_LEN: usize = 8; @@ -57,8 +57,8 @@ pub mod request { use super::*; use serde::{Deserialize, Serialize}; use serde_byte_array::ByteArray; + use trussed_core::error::Error; use trussed_core::types::{KeyId, Location, Message, PathBuf, UserAttribute}; - use trussed_core::Error; #[derive(Debug, PartialEq, Eq, Deserialize, Serialize)] pub struct ReadChunk {} @@ -263,8 +263,8 @@ pub mod request { pub mod reply { use super::*; use serde::{Deserialize, Serialize}; + use trussed_core::error::Error; use trussed_core::types::Message; - use trussed_core::Error; #[derive(Debug, PartialEq, Eq, Deserialize, Serialize)] pub struct ReadChunk { diff --git a/extensions/chunked/src/utils.rs b/extensions/chunked/src/utils.rs index 9c749be..5c19e53 100644 --- a/extensions/chunked/src/utils.rs +++ b/extensions/chunked/src/utils.rs @@ -3,9 +3,9 @@ use serde_byte_array::ByteArray; use trussed_core::{ + error::Error, syscall, try_syscall, types::{KeyId, Location, Message, PathBuf, UserAttribute}, - Error, }; use crate::{ChunkedClient, CHACHA8_STREAM_NONCE_LEN}; diff --git a/extensions/fs-info/src/lib.rs b/extensions/fs-info/src/lib.rs index 9170298..25dd9fd 100644 --- a/extensions/fs-info/src/lib.rs +++ b/extensions/fs-info/src/lib.rs @@ -7,9 +7,9 @@ use serde::{Deserialize, Serialize}; use trussed_core::{ + error::Error, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::Location, - Error, }; pub struct FsInfoExtension; diff --git a/extensions/hkdf/src/lib.rs b/extensions/hkdf/src/lib.rs index a4310bd..9371b27 100644 --- a/extensions/hkdf/src/lib.rs +++ b/extensions/hkdf/src/lib.rs @@ -8,9 +8,9 @@ use serde::{Deserialize, Serialize}; use trussed_core::{ config::MAX_MEDIUM_DATA_LENGTH, + error::Error, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::{Bytes, KeyId, Location, Message}, - Error, }; #[derive(Clone, Copy, Debug, Serialize, Deserialize)] diff --git a/extensions/hpke/src/lib.rs b/extensions/hpke/src/lib.rs index acb4c0f..e56c358 100644 --- a/extensions/hpke/src/lib.rs +++ b/extensions/hpke/src/lib.rs @@ -11,9 +11,9 @@ use serde::{Deserialize, Serialize}; use serde_byte_array::ByteArray; +use trussed_core::error::Error; use trussed_core::serde_extensions::{Extension, ExtensionClient, ExtensionResult}; use trussed_core::types::{KeyId, Location, Message, PathBuf, ShortData}; -use trussed_core::Error; #[derive(Deserialize, Serialize)] pub enum HpkeRequest { diff --git a/extensions/manage/src/lib.rs b/extensions/manage/src/lib.rs index 0dab704..e3b1f65 100644 --- a/extensions/manage/src/lib.rs +++ b/extensions/manage/src/lib.rs @@ -8,8 +8,8 @@ use littlefs2_core::{path, Path, PathBuf}; use serde::{Deserialize, Serialize}; use trussed_core::{ + error::Error, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, - Error, }; pub struct ManageExtension; diff --git a/extensions/wrap-key-to-file/Cargo.toml b/extensions/wrap-key-to-file/Cargo.toml index 9bcb1f7..3a2f097 100644 --- a/extensions/wrap-key-to-file/Cargo.toml +++ b/extensions/wrap-key-to-file/Cargo.toml @@ -12,4 +12,4 @@ license.workspace = true [dependencies] serde.workspace = true -trussed-core = { workspace = true, features = ["filesystem-client"] } +trussed-core.workspace = true diff --git a/extensions/wrap-key-to-file/src/lib.rs b/extensions/wrap-key-to-file/src/lib.rs index 826f4e7..48548c1 100644 --- a/extensions/wrap-key-to-file/src/lib.rs +++ b/extensions/wrap-key-to-file/src/lib.rs @@ -7,9 +7,9 @@ use serde::{Deserialize, Serialize}; use trussed_core::{ + client::ClientError, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::{Bytes, KeyId, Location, Mechanism, PathBuf}, - ClientError, }; #[derive(Debug, Default)] @@ -25,8 +25,8 @@ pub enum WrapKeyToFileRequest { pub mod request { use super::*; use serde::{Deserialize, Serialize}; + use trussed_core::error::Error; use trussed_core::types::{KeyId, Location, Mechanism, Message, PathBuf}; - use trussed_core::Error; #[derive(Debug, Deserialize, Serialize)] pub struct WrapKeyToFile { @@ -90,7 +90,7 @@ pub enum WrapKeyToFileReply { pub mod reply { use serde::{Deserialize, Serialize}; - use trussed_core::{types::KeyId, Error}; + use trussed_core::{error::Error, types::KeyId}; use super::*; From a38e2ceb858dcc1796379e36eb1a723a2de2e94c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Mon, 1 Sep 2025 17:31:32 +0200 Subject: [PATCH 2/3] Update to heapless 0.9 --- Cargo.toml | 16 +++++-- extensions/chunked/src/lib.rs | 6 +-- extensions/chunked/src/utils.rs | 6 +-- extensions/fs-info/src/lib.rs | 2 +- extensions/hkdf/src/lib.rs | 2 +- extensions/hpke/src/lib.rs | 2 +- extensions/manage/src/lib.rs | 2 +- extensions/wrap-key-to-file/src/lib.rs | 10 ++-- src/chunked/mod.rs | 63 ++++++++++++++++++++++---- src/chunked/store.rs | 2 +- src/hkdf.rs | 6 +-- src/hpke.rs | 6 +-- src/wrap_key_to_file.rs | 4 +- tests/chunked.rs | 8 ++-- tests/encrypted-chunked.rs | 6 +-- tests/hkdf.rs | 6 +-- tests/hpke.rs | 14 +++--- tests/manage.rs | 30 ++++++------ 18 files changed, 121 insertions(+), 70 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 71d6c8d..f72cf05 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -54,16 +54,18 @@ trussed-hpke = { version = "0.2.0", optional = true } trussed-manage = { version = "0.2.1", optional = true } trussed-wrap-key-to-file = { version = "0.2.0", optional = true } trussed-fs-info = { version = "0.2.0", optional = true } +heapless = { version = "0.9.1", optional = true } +heapless-bytes = { version = "0.5.0", optional = true } [dev-dependencies] hex-literal = "0.4.0" hmac = "0.12.0" -trussed = { version = "0.1.0", default-features = false, features = ["aes256-cbc", "hmac-sha256", "virt", "x255"] } +trussed = { version = "0.1.0", default-features = false, features = ["aes256-cbc", "crypto-client", "filesystem-client", "hmac-sha256", "virt", "x255"] } [features] -default = [] +default = ["chunked"] -chunked = ["trussed-chunked", "chacha20poly1305/stream"] +chunked = ["trussed-chunked", "chacha20poly1305/stream", "dep:heapless", "dep:heapless-bytes"] hkdf = ["trussed-hkdf", "dep:hkdf", "dep:sha2"] hpke = ["trussed-hpke", "dep:hkdf", "dep:sha2", "dep:hex-literal", "dep:aead", "dep:chacha20poly1305"] manage = ["trussed-manage"] @@ -83,8 +85,12 @@ log-warn = [] log-error = [] [patch.crates-io] -trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae" } -trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "43ed1efcb19dc9c8bee45d4a1d3ad7dee2bba5ae"} +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "1e7b09a983dc8ae64a7ad8401ce541a9a77e5939" } +trussed-core = { git = "https://github.com/trussed-dev/trussed.git", rev = "1e7b09a983dc8ae64a7ad8401ce541a9a77e5939"} +littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" } +littlefs2-core = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" } +littlefs2-sys = { git = "https://github.com/trussed-dev/littlefs2-sys", rev = "v0.3.1-nitrokey.1" } + trussed-chunked = { path = "extensions/chunked" } trussed-hkdf = { path = "extensions/hkdf" } trussed-hpke = { path = "extensions/hpke" } diff --git a/extensions/chunked/src/lib.rs b/extensions/chunked/src/lib.rs index 09a4c16..ad408bb 100644 --- a/extensions/chunked/src/lib.rs +++ b/extensions/chunked/src/lib.rs @@ -10,9 +10,9 @@ pub mod utils; use serde::{Deserialize, Serialize}; use serde_byte_array::ByteArray; use trussed_core::{ - client::FilesystemClient, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::{KeyId, Location, Message, PathBuf, UserAttribute}, + FilesystemClient, }; pub const CHACHA8_STREAM_NONCE_LEN: usize = 8; @@ -57,8 +57,8 @@ pub mod request { use super::*; use serde::{Deserialize, Serialize}; use serde_byte_array::ByteArray; - use trussed_core::error::Error; use trussed_core::types::{KeyId, Location, Message, PathBuf, UserAttribute}; + use trussed_core::Error; #[derive(Debug, PartialEq, Eq, Deserialize, Serialize)] pub struct ReadChunk {} @@ -263,8 +263,8 @@ pub mod request { pub mod reply { use super::*; use serde::{Deserialize, Serialize}; - use trussed_core::error::Error; use trussed_core::types::Message; + use trussed_core::Error; #[derive(Debug, PartialEq, Eq, Deserialize, Serialize)] pub struct ReadChunk { diff --git a/extensions/chunked/src/utils.rs b/extensions/chunked/src/utils.rs index 5c19e53..fa5aed5 100644 --- a/extensions/chunked/src/utils.rs +++ b/extensions/chunked/src/utils.rs @@ -3,9 +3,9 @@ use serde_byte_array::ByteArray; use trussed_core::{ - error::Error, syscall, try_syscall, types::{KeyId, Location, Message, PathBuf, UserAttribute}, + Error, }; use crate::{ChunkedClient, CHACHA8_STREAM_NONCE_LEN}; @@ -27,7 +27,7 @@ pub fn write_all( user_attribute: Option, encryption: Option, ) -> Result<(), Error> { - if let (Ok(msg), None) = (Message::from_slice(data), encryption) { + if let (Ok(msg), None) = (Message::try_from(data), encryption) { // Fast path for small files try_syscall!(client.write_file(location, path, msg, user_attribute))?; Ok(()) @@ -63,7 +63,7 @@ fn write_chunked_inner( let msg = Message::new(); let chunk_size = msg.capacity(); let chunks = data.chunks(chunk_size).map(|chunk| { - Message::from_slice(chunk).expect("Iteration over chunks yields maximum of chunk_size") + Message::try_from(chunk).expect("Iteration over chunks yields maximum of chunk_size") }); if let Some(encryption_data) = encryption { try_syscall!(client.start_encrypted_chunked_write( diff --git a/extensions/fs-info/src/lib.rs b/extensions/fs-info/src/lib.rs index 25dd9fd..9170298 100644 --- a/extensions/fs-info/src/lib.rs +++ b/extensions/fs-info/src/lib.rs @@ -7,9 +7,9 @@ use serde::{Deserialize, Serialize}; use trussed_core::{ - error::Error, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::Location, + Error, }; pub struct FsInfoExtension; diff --git a/extensions/hkdf/src/lib.rs b/extensions/hkdf/src/lib.rs index 9371b27..a4310bd 100644 --- a/extensions/hkdf/src/lib.rs +++ b/extensions/hkdf/src/lib.rs @@ -8,9 +8,9 @@ use serde::{Deserialize, Serialize}; use trussed_core::{ config::MAX_MEDIUM_DATA_LENGTH, - error::Error, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::{Bytes, KeyId, Location, Message}, + Error, }; #[derive(Clone, Copy, Debug, Serialize, Deserialize)] diff --git a/extensions/hpke/src/lib.rs b/extensions/hpke/src/lib.rs index e56c358..acb4c0f 100644 --- a/extensions/hpke/src/lib.rs +++ b/extensions/hpke/src/lib.rs @@ -11,9 +11,9 @@ use serde::{Deserialize, Serialize}; use serde_byte_array::ByteArray; -use trussed_core::error::Error; use trussed_core::serde_extensions::{Extension, ExtensionClient, ExtensionResult}; use trussed_core::types::{KeyId, Location, Message, PathBuf, ShortData}; +use trussed_core::Error; #[derive(Deserialize, Serialize)] pub enum HpkeRequest { diff --git a/extensions/manage/src/lib.rs b/extensions/manage/src/lib.rs index e3b1f65..0dab704 100644 --- a/extensions/manage/src/lib.rs +++ b/extensions/manage/src/lib.rs @@ -8,8 +8,8 @@ use littlefs2_core::{path, Path, PathBuf}; use serde::{Deserialize, Serialize}; use trussed_core::{ - error::Error, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, + Error, }; pub struct ManageExtension; diff --git a/extensions/wrap-key-to-file/src/lib.rs b/extensions/wrap-key-to-file/src/lib.rs index 48548c1..df340b5 100644 --- a/extensions/wrap-key-to-file/src/lib.rs +++ b/extensions/wrap-key-to-file/src/lib.rs @@ -7,9 +7,9 @@ use serde::{Deserialize, Serialize}; use trussed_core::{ - client::ClientError, serde_extensions::{Extension, ExtensionClient, ExtensionResult}, types::{Bytes, KeyId, Location, Mechanism, PathBuf}, + ClientError, }; #[derive(Debug, Default)] @@ -25,8 +25,8 @@ pub enum WrapKeyToFileRequest { pub mod request { use super::*; use serde::{Deserialize, Serialize}; - use trussed_core::error::Error; use trussed_core::types::{KeyId, Location, Mechanism, Message, PathBuf}; + use trussed_core::Error; #[derive(Debug, Deserialize, Serialize)] pub struct WrapKeyToFile { @@ -90,7 +90,7 @@ pub enum WrapKeyToFileReply { pub mod reply { use serde::{Deserialize, Serialize}; - use trussed_core::{error::Error, types::KeyId}; + use trussed_core::{types::KeyId, Error}; use super::*; @@ -156,7 +156,7 @@ pub trait WrapKeyToFileClient: ExtensionClient { associated_data: &[u8], ) -> WrapKeyToFileResult<'_, reply::WrapKeyToFile, Self> { let associated_data = - Bytes::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?; + Bytes::try_from(associated_data).map_err(|_| ClientError::DataTooLarge)?; self.extension(request::WrapKeyToFile { mechanism, wrapping_key, @@ -180,7 +180,7 @@ pub trait WrapKeyToFileClient: ExtensionClient { associated_data: &[u8], ) -> WrapKeyToFileResult<'_, reply::UnwrapKeyFromFile, Self> { let associated_data = - Bytes::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?; + Bytes::try_from(associated_data).map_err(|_| ClientError::DataTooLarge)?; self.extension(request::UnwrapKeyFromFile { mechanism, key, diff --git a/src/chunked/mod.rs b/src/chunked/mod.rs index 669a728..fd088af 100644 --- a/src/chunked/mod.rs +++ b/src/chunked/mod.rs @@ -5,6 +5,7 @@ mod store; use store::OpenSeekFrom; use chacha20poly1305::{ + aead, aead::stream::{DecryptorLE31, EncryptorLE31, Nonce as StreamNonce, StreamLE31}, ChaCha8Poly1305, KeyInit, }; @@ -27,6 +28,38 @@ use crate::StagingContext; const POLY1305_TAG_LEN: usize = 16; const CHACHA8_KEY_LEN: usize = 32; +struct HeaplessBuffer<'a, LenT: heapless::LenType>(&'a mut heapless_bytes::BytesView); + +impl<'a, LenT: heapless::LenType, S: heapless_bytes::BytesStorage + ?Sized> + From<&'a mut heapless_bytes::BytesInner> for HeaplessBuffer<'a, LenT> +{ + fn from(value: &'a mut heapless_bytes::BytesInner) -> Self { + Self(value.as_mut_view()) + } +} + +impl<'a, LenT: heapless::LenType> AsMut<[u8]> for HeaplessBuffer<'a, LenT> { + fn as_mut(&mut self) -> &mut [u8] { + &mut self.0 + } +} + +impl<'a, LenT: heapless::LenType> AsRef<[u8]> for HeaplessBuffer<'a, LenT> { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl<'a, LenT: heapless::LenType> aead::Buffer for HeaplessBuffer<'a, LenT> { + fn extend_from_slice(&mut self, other: &[u8]) -> aead::Result<()> { + self.0.extend_from_slice(other).map_err(|_| aead::Error) + } + + fn truncate(&mut self, len: usize) { + self.0.truncate(len); + } +} + #[derive(Debug)] pub struct ChunkedReadState { pub path: PathBuf, @@ -209,7 +242,7 @@ impl ExtensionImpl for super::StagingBackend { let nonce: Bytes = filestore.read(&request.path, request.location)?; let nonce: &StreamNonce> = - (&**nonce).into(); + (&*nonce).into(); let aead = ChaCha8Poly1305::new((&*key.material).into()); let decryptor = DecryptorLE31::::from_aead(aead, nonce); backend_ctx.chunked_io_state = @@ -263,10 +296,13 @@ fn write_chunk( } Some(ChunkedIoState::EncryptedWrite(ref mut write_state)) => { let mut data = - Bytes::<{ MAX_MESSAGE_LENGTH + POLY1305_TAG_LEN }>::from_slice(data).unwrap(); + Bytes::<{ MAX_MESSAGE_LENGTH + POLY1305_TAG_LEN }>::try_from(&**data).unwrap(); write_state .encryptor - .encrypt_next_in_place(write_state.path.as_ref().as_bytes(), &mut *data) + .encrypt_next_in_place( + write_state.path.as_ref().as_bytes(), + &mut HeaplessBuffer::from(&mut data), + ) .map_err(|_err| { error!("Failed to encrypt {:?}", _err); Error::AeadError @@ -303,10 +339,13 @@ fn write_last_chunk( } Some(ChunkedIoState::EncryptedWrite(write_state)) => { let mut data = - Bytes::<{ MAX_MESSAGE_LENGTH + POLY1305_TAG_LEN }>::from_slice(data).unwrap(); + Bytes::<{ MAX_MESSAGE_LENGTH + POLY1305_TAG_LEN }>::try_from(&**data).unwrap(); write_state .encryptor - .encrypt_last_in_place(&[write_state.location as u8], &mut *data) + .encrypt_last_in_place( + &[write_state.location as u8], + &mut HeaplessBuffer::from(&mut data), + ) .map_err(|_err| { error!("Failed to encrypt {:?}", _err); Error::AeadError @@ -354,12 +393,15 @@ fn read_encrypted_chunk( read_state .decryptor - .decrypt_last_in_place(&[read_state.location as u8], &mut *data) + .decrypt_last_in_place( + &[read_state.location as u8], + &mut HeaplessBuffer::from(&mut data), + ) .map_err(|_err| { error!("Failed to decrypt {:?}", _err); Error::AeadError })?; - let data = Bytes::from_slice(&data).expect("decryptor removes the tag"); + let data = Bytes::try_from(&*data).expect("decryptor removes the tag"); Ok(reply::ReadChunk { data, len: chunked_decrypted_len(len)?, @@ -368,12 +410,15 @@ fn read_encrypted_chunk( } else { read_state .decryptor - .decrypt_next_in_place(read_state.path.as_ref().as_bytes(), &mut *data) + .decrypt_next_in_place( + read_state.path.as_ref().as_bytes(), + &mut HeaplessBuffer::from(&mut data), + ) .map_err(|_err| { error!("Failed to decrypt {:?}", _err); Error::AeadError })?; - let data = Bytes::from_slice(&data).expect("decryptor removes the tag"); + let data = Bytes::try_from(&*data).expect("decryptor removes the tag"); Ok(reply::ReadChunk { data, len: chunked_decrypted_len(len)?, diff --git a/src/chunked/store.rs b/src/chunked/store.rs index fa2d100..f12af38 100644 --- a/src/chunked/store.rs +++ b/src/chunked/store.rs @@ -39,7 +39,7 @@ pub fn fs_read_chunk( if length > contents.capacity() { return Err(Error::FilesystemReadFailure); } - contents.resize_default(length).unwrap(); + contents.resize_zero(length).unwrap(); let file_len = fs .open_file_and_then(path, &mut |file| { file.seek(pos.into())?; diff --git a/src/hkdf.rs b/src/hkdf.rs index 4ec0225..0244721 100644 --- a/src/hkdf.rs +++ b/src/hkdf.rs @@ -47,7 +47,7 @@ fn get_mat( warn!("Attempt to HKDF on a private key"); return Err(Error::MechanismInvalid); } - Bytes::from_slice(&key_mat.material).map_err(|_| { + Bytes::try_from(&*key_mat.material).map_err(|_| { warn!("Attempt to HKDF a too large key"); Error::InternalError })? @@ -65,7 +65,7 @@ fn extract( .as_ref() .map(|s| get_mat(s, keystore)) .transpose()?; - let salt_ref = salt.as_deref().map(|d| &**d); + let salt_ref = salt.as_deref().map(|d| &*d); let (prk, _) = Hkdf::::extract(salt_ref, &ikm); assert_eq!(prk.len(), 256 / 8); let key_id = keystore.store_key( @@ -91,7 +91,7 @@ fn expand( Error::InternalError })?; let mut okm = ShortData::new(); - okm.resize_default(req.len).map_err(|_| { + okm.resize_zero(req.len).map_err(|_| { error!("Attempt to run HKDF with too large output"); Error::WrongMessageLength })?; diff --git a/src/hpke.rs b/src/hpke.rs index 7d61ad5..e35f9a7 100644 --- a/src/hpke.rs +++ b/src/hpke.rs @@ -364,7 +364,7 @@ impl ExtensionImpl for StagingBackend { // TODO: need to check both secret and public keys let serialized_key = keystore.load_key(key::Secrecy::Secret, None, &req.key_to_seal)?; - let mut message = Message::from_slice(&serialized_key.serialize()).unwrap(); + let mut message = Message::try_from(&*serialized_key.serialize()).unwrap(); let public_key = load_public_key(&req.public_key, keystore)?; @@ -389,8 +389,8 @@ impl ExtensionImpl for StagingBackend { // TODO: need to check both secret and public keys let serialized_key = keystore.load_key(key::Secrecy::Secret, None, &req.key_to_seal)?; - let mut message = Bytes::<{ MAX_SERIALIZED_KEY_LENGTH + 32 + 16 }>::from_slice( - &serialized_key.serialize(), + let mut message = Bytes::<{ MAX_SERIALIZED_KEY_LENGTH + 32 + 16 }>::try_from( + &*serialized_key.serialize(), ) .unwrap(); diff --git a/src/wrap_key_to_file.rs b/src/wrap_key_to_file.rs index 81b1a6a..307a3a4 100644 --- a/src/wrap_key_to_file.rs +++ b/src/wrap_key_to_file.rs @@ -37,9 +37,9 @@ fn wrap_key_to_file( let serialized_key = keystore.load_key(Secrecy::Secret, None, &request.key)?; - let mut data = Bytes::::from_slice(&serialized_key.serialize()).unwrap(); + let mut data = Bytes::::try_from(&*serialized_key.serialize()).unwrap(); let material_len = data.len(); - data.resize_default(material_len + NONCE_LEN).unwrap(); + data.resize_zero(material_len + NONCE_LEN).unwrap(); let (material, nonce) = data.split_at_mut(material_len); keystore.rng().fill_bytes(nonce); let nonce = (&*nonce).try_into().unwrap(); diff --git a/tests/chunked.rs b/tests/chunked.rs index 95c4654..4268ff3 100644 --- a/tests/chunked.rs +++ b/tests/chunked.rs @@ -59,7 +59,7 @@ fn filesystem() { .metadata .is_none(),); - let data = Bytes::from_slice(b"test data").unwrap(); + let data = Bytes::try_from(b"test data").unwrap(); syscall!(client.write_file( Location::Internal, PathBuf::from(path!("test_file")), @@ -82,9 +82,9 @@ fn filesystem() { assert!(empty_data.data.is_empty()); assert_eq!(empty_data.len, data.len()); - let large_data = Bytes::from_slice(&[0; 1024]).unwrap(); - let large_data2 = Bytes::from_slice(&[1; 1024]).unwrap(); - let more_data = Bytes::from_slice(&[2; 42]).unwrap(); + let large_data = Bytes::try_from(&[0; 1024]).unwrap(); + let large_data2 = Bytes::try_from(&[1; 1024]).unwrap(); + let more_data = Bytes::try_from(&[2; 42]).unwrap(); // ======== CHUNKED WRITES ======== syscall!(client.start_chunked_write( Location::Internal, diff --git a/tests/encrypted-chunked.rs b/tests/encrypted-chunked.rs index 9adc294..de9c89e 100644 --- a/tests/encrypted-chunked.rs +++ b/tests/encrypted-chunked.rs @@ -87,9 +87,9 @@ fn encrypted_filesystem() { .is_none(), ); - let large_data = Bytes::from_slice(&[0; 1024]).unwrap(); - let large_data2 = Bytes::from_slice(&[1; 1024]).unwrap(); - let more_data = Bytes::from_slice(&[2; 42]).unwrap(); + let large_data = Bytes::try_from(&[0; 1024]).unwrap(); + let large_data2 = Bytes::try_from(&[1; 1024]).unwrap(); + let more_data = Bytes::try_from(&[2; 42]).unwrap(); // ======== CHUNKED WRITES ======== syscall!(client.start_encrypted_chunked_write( Location::Internal, diff --git a/tests/hkdf.rs b/tests/hkdf.rs index 2e80caf..0076dda 100644 --- a/tests/hkdf.rs +++ b/tests/hkdf.rs @@ -30,14 +30,14 @@ fn hkdf() { mac.update(MSG); virt::with_client(StoreConfig::ram(), "hkdf_test", |mut client| { let prk = syscall!(client.hkdf_extract( - Data(Bytes::from_slice(IKM).unwrap()), - Some(Data(Bytes::from_slice(SALT).unwrap())), + Data(Bytes::try_from(IKM).unwrap()), + Some(Data(Bytes::try_from(SALT).unwrap())), Location::External, )) .okm; let expanded = syscall!(client.hkdf_expand( prk, - Bytes::from_slice(INFO).unwrap(), + Bytes::try_from(INFO).unwrap(), 16, Location::Volatile )) diff --git a/tests/hpke.rs b/tests/hpke.rs index 1cb3b14..7087872 100644 --- a/tests/hpke.rs +++ b/tests/hpke.rs @@ -41,9 +41,9 @@ fn hpke_message() { let public_key = syscall!(client.derive_x255_public_key(secret_key, Location::Volatile)).key; - let pl = Bytes::from_slice(b"Plaintext").unwrap(); - let aad = Bytes::from_slice(b"AAD").unwrap(); - let info = Bytes::from_slice(b"INFO").unwrap(); + let pl = Bytes::try_from(b"Plaintext").unwrap(); + let aad = Bytes::try_from(b"AAD").unwrap(); + let info = Bytes::try_from(b"INFO").unwrap(); let seal = syscall!(client.hpke_seal( public_key, pl.clone(), @@ -69,8 +69,8 @@ fn hpke_wrap_key() { let key_to_wrap = syscall!(client.generate_secret_key(32, Location::Volatile)).key; - let aad = Bytes::from_slice(b"AAD").unwrap(); - let info = Bytes::from_slice(b"INFO").unwrap(); + let aad = Bytes::try_from(b"AAD").unwrap(); + let info = Bytes::try_from(b"INFO").unwrap(); let seal = syscall!(client.hpke_seal_key(public_key, key_to_wrap, aad.clone(), info.clone())); @@ -96,8 +96,8 @@ fn hpke_wrap_key_to_file() { let key_to_wrap = syscall!(client.generate_secret_key(32, Location::Volatile)).key; let path = path!("WRAPPED_KEY"); - let aad = Bytes::from_slice(b"AAD").unwrap(); - let info = Bytes::from_slice(b"INFO").unwrap(); + let aad = Bytes::try_from(b"AAD").unwrap(); + let info = Bytes::try_from(b"INFO").unwrap(); syscall!(client.hpke_seal_key_to_file( path.into(), Location::Volatile, diff --git a/tests/manage.rs b/tests/manage.rs index 4c827a8..b5260c1 100644 --- a/tests/manage.rs +++ b/tests/manage.rs @@ -27,56 +27,56 @@ fn device_factory_reset() { syscall!(client1.write_file( Location::Internal, path!("to_save_internal").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client1.write_file( Location::External, path!("to_save_external").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client1.write_file( Location::Volatile, path!("to_save_volatile").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None )); syscall!(client1.write_file( Location::Internal, path!("to_delete_internal").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client1.write_file( Location::External, path!("to_delete_external").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client1.write_file( Location::Volatile, path!("to_delete_volatile").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None )); syscall!(client2.write_file( Location::Internal, path!("to_delete_internal").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client2.write_file( Location::External, path!("to_delete_external").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client2.write_file( Location::Volatile, path!("to_delete_volatile").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None )); @@ -140,37 +140,37 @@ fn client_factory_reset() { syscall!(client1.write_file( Location::Internal, path!("to_save_internal").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client1.write_file( Location::External, path!("to_save_external").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client1.write_file( Location::Volatile, path!("to_save_volatile").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None )); syscall!(client2.write_file( Location::Internal, path!("to_delete_internal").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client2.write_file( Location::External, path!("to_delete_external").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None, )); syscall!(client2.write_file( Location::Volatile, path!("to_delete_volatile").into(), - Bytes::from_slice(b"data").unwrap(), + Bytes::try_from(b"data").unwrap(), None )); From eff09d1613641531630d962f81136f64f3dd2716 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Fri, 3 Oct 2025 17:31:47 +0200 Subject: [PATCH 3/3] Fix clippy warnings --- src/chunked/mod.rs | 4 ++-- src/hkdf.rs | 2 +- src/hpke.rs | 2 ++ tests/chunked.rs | 8 ++++---- tests/encrypted-chunked.rs | 6 +++--- tests/hpke.rs | 14 +++++++------- tests/manage.rs | 30 +++++++++++++++--------------- 7 files changed, 34 insertions(+), 32 deletions(-) diff --git a/src/chunked/mod.rs b/src/chunked/mod.rs index fd088af..6b6bb94 100644 --- a/src/chunked/mod.rs +++ b/src/chunked/mod.rs @@ -40,13 +40,13 @@ impl<'a, LenT: heapless::LenType, S: heapless_bytes::BytesStorage + ?Sized> impl<'a, LenT: heapless::LenType> AsMut<[u8]> for HeaplessBuffer<'a, LenT> { fn as_mut(&mut self) -> &mut [u8] { - &mut self.0 + self.0 } } impl<'a, LenT: heapless::LenType> AsRef<[u8]> for HeaplessBuffer<'a, LenT> { fn as_ref(&self) -> &[u8] { - &self.0 + self.0 } } diff --git a/src/hkdf.rs b/src/hkdf.rs index 0244721..076a77f 100644 --- a/src/hkdf.rs +++ b/src/hkdf.rs @@ -65,7 +65,7 @@ fn extract( .as_ref() .map(|s| get_mat(s, keystore)) .transpose()?; - let salt_ref = salt.as_deref().map(|d| &*d); + let salt_ref = salt.as_deref(); let (prk, _) = Hkdf::::extract(salt_ref, &ikm); assert_eq!(prk.len(), 256 / 8); let key_id = keystore.store_key( diff --git a/src/hpke.rs b/src/hpke.rs index e35f9a7..b4c535e 100644 --- a/src/hpke.rs +++ b/src/hpke.rs @@ -122,6 +122,8 @@ trait Aead: TagSize = ::TagSize, > { + // The AEAD_ID is the last 2 bytes of the X25519_HKDF_SHA256_SELF_HPKE_SUITE_ID + #[cfg_attr(not(test), allow(unused))] const AEAD_ID: u16; const X25519_HKDF_SHA256_SELF_HPKE_SUITE_ID: &'static [u8]; } diff --git a/tests/chunked.rs b/tests/chunked.rs index 4268ff3..018d52e 100644 --- a/tests/chunked.rs +++ b/tests/chunked.rs @@ -59,7 +59,7 @@ fn filesystem() { .metadata .is_none(),); - let data = Bytes::try_from(b"test data").unwrap(); + let data = Bytes::from(b"test data"); syscall!(client.write_file( Location::Internal, PathBuf::from(path!("test_file")), @@ -82,9 +82,9 @@ fn filesystem() { assert!(empty_data.data.is_empty()); assert_eq!(empty_data.len, data.len()); - let large_data = Bytes::try_from(&[0; 1024]).unwrap(); - let large_data2 = Bytes::try_from(&[1; 1024]).unwrap(); - let more_data = Bytes::try_from(&[2; 42]).unwrap(); + let large_data = Bytes::from(&[0; 1024]); + let large_data2 = Bytes::from(&[1; 1024]); + let more_data = Bytes::from(&[2; 42]); // ======== CHUNKED WRITES ======== syscall!(client.start_chunked_write( Location::Internal, diff --git a/tests/encrypted-chunked.rs b/tests/encrypted-chunked.rs index de9c89e..2797f08 100644 --- a/tests/encrypted-chunked.rs +++ b/tests/encrypted-chunked.rs @@ -87,9 +87,9 @@ fn encrypted_filesystem() { .is_none(), ); - let large_data = Bytes::try_from(&[0; 1024]).unwrap(); - let large_data2 = Bytes::try_from(&[1; 1024]).unwrap(); - let more_data = Bytes::try_from(&[2; 42]).unwrap(); + let large_data = Bytes::from(&[0; 1024]); + let large_data2 = Bytes::from(&[1; 1024]); + let more_data = Bytes::from(&[2; 42]); // ======== CHUNKED WRITES ======== syscall!(client.start_encrypted_chunked_write( Location::Internal, diff --git a/tests/hpke.rs b/tests/hpke.rs index 7087872..191486f 100644 --- a/tests/hpke.rs +++ b/tests/hpke.rs @@ -41,9 +41,9 @@ fn hpke_message() { let public_key = syscall!(client.derive_x255_public_key(secret_key, Location::Volatile)).key; - let pl = Bytes::try_from(b"Plaintext").unwrap(); - let aad = Bytes::try_from(b"AAD").unwrap(); - let info = Bytes::try_from(b"INFO").unwrap(); + let pl = Bytes::from(b"Plaintext"); + let aad = Bytes::from(b"AAD"); + let info = Bytes::from(b"INFO"); let seal = syscall!(client.hpke_seal( public_key, pl.clone(), @@ -69,8 +69,8 @@ fn hpke_wrap_key() { let key_to_wrap = syscall!(client.generate_secret_key(32, Location::Volatile)).key; - let aad = Bytes::try_from(b"AAD").unwrap(); - let info = Bytes::try_from(b"INFO").unwrap(); + let aad = Bytes::from(b"AAD"); + let info = Bytes::from(b"INFO"); let seal = syscall!(client.hpke_seal_key(public_key, key_to_wrap, aad.clone(), info.clone())); @@ -96,8 +96,8 @@ fn hpke_wrap_key_to_file() { let key_to_wrap = syscall!(client.generate_secret_key(32, Location::Volatile)).key; let path = path!("WRAPPED_KEY"); - let aad = Bytes::try_from(b"AAD").unwrap(); - let info = Bytes::try_from(b"INFO").unwrap(); + let aad = Bytes::from(b"AAD"); + let info = Bytes::from(b"INFO"); syscall!(client.hpke_seal_key_to_file( path.into(), Location::Volatile, diff --git a/tests/manage.rs b/tests/manage.rs index b5260c1..4314fa0 100644 --- a/tests/manage.rs +++ b/tests/manage.rs @@ -27,56 +27,56 @@ fn device_factory_reset() { syscall!(client1.write_file( Location::Internal, path!("to_save_internal").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client1.write_file( Location::External, path!("to_save_external").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client1.write_file( Location::Volatile, path!("to_save_volatile").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None )); syscall!(client1.write_file( Location::Internal, path!("to_delete_internal").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client1.write_file( Location::External, path!("to_delete_external").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client1.write_file( Location::Volatile, path!("to_delete_volatile").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None )); syscall!(client2.write_file( Location::Internal, path!("to_delete_internal").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client2.write_file( Location::External, path!("to_delete_external").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client2.write_file( Location::Volatile, path!("to_delete_volatile").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None )); @@ -140,37 +140,37 @@ fn client_factory_reset() { syscall!(client1.write_file( Location::Internal, path!("to_save_internal").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client1.write_file( Location::External, path!("to_save_external").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client1.write_file( Location::Volatile, path!("to_save_volatile").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None )); syscall!(client2.write_file( Location::Internal, path!("to_delete_internal").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client2.write_file( Location::External, path!("to_delete_external").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None, )); syscall!(client2.write_file( Location::Volatile, path!("to_delete_volatile").into(), - Bytes::try_from(b"data").unwrap(), + Bytes::from(b"data"), None ));