From c598333e9b9998f7e90371076aad4c7c9ce65c2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Thu, 28 Aug 2025 17:40:36 +0200 Subject: [PATCH 1/2] Update to heapless 0.9 --- Cargo.toml | 22 +++++++++++++--------- core/src/client/certificate.rs | 2 +- core/src/client/crypto.rs | 30 +++++++++++++++--------------- core/src/mechanisms.rs | 18 +++++++++--------- core/src/serde_extensions.rs | 16 ++++++++++++---- src/lib.rs | 7 +++++-- src/mechanisms/aes256cbc.rs | 6 +++--- src/mechanisms/chacha8poly1305.rs | 6 +++--- src/mechanisms/ed255.rs | 4 ++-- src/mechanisms/hmacblake2s.rs | 2 +- src/mechanisms/hmacsha1.rs | 2 +- src/mechanisms/hmacsha256.rs | 2 +- src/mechanisms/hmacsha512.rs | 2 +- src/mechanisms/p256.rs | 16 ++++++++-------- src/mechanisms/p384.rs | 12 ++++++------ src/mechanisms/p521.rs | 12 ++++++------ src/mechanisms/totp.rs | 2 +- src/mechanisms/x255.rs | 2 +- src/service.rs | 4 ++-- src/service/attest.rs | 2 +- src/store/counterstore.rs | 2 +- src/tests.rs | 2 +- tests/filesystem.rs | 10 +++++----- tests/serde_extensions.rs | 16 ++++++++-------- 24 files changed, 107 insertions(+), 92 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 57dc5f996cd..8ab65a82064 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,7 @@ license = "Apache-2.0 OR MIT" repository = "https://github.com/trussed-dev/trussed" [workspace.dependencies] -heapless-bytes = "0.3" +heapless-bytes = { version = "0.5", features = ["heapless-0.9"]} littlefs2-core = { version = "0.1", features = ["serde"] } postcard = "0.7.0" rand_core = "0.6" @@ -34,9 +34,9 @@ trussed-core = { version = "0.1.0" } bitflags = { version = "2.1" } # const-oid = "0.4.5" cfg-if = "1.0" -flexiber = { version = "0.1.0", features = ["derive", "heapless"] } +flexiber = { version = "0.2.0", features = ["derive", "heapless"] } generic-array = "0.14.4" -heapless = { version = "0.7", features = ["serde"] } +heapless = { version = "0.9", features = ["serde"] } hex-literal = "0.4.1" nb = "1" postcard.workspace = true @@ -50,20 +50,20 @@ aes = { version = "0.8", default-features = false } cbc = "0.1.2" blake2 = { version = "0.10", default-features = false, optional = true } chacha20 = { version = "0.9", default-features = false } -chacha20poly1305 = { version = "0.10", default-features = false, features = ["heapless", "reduced-round"] } +chacha20poly1305 = { version = "0.10", default-features = false, features = ["reduced-round"] } des = { version = "0.8", optional = true } hmac = "0.12" sha-1 = { version = "0.10", default-features = false, optional = true } sha2 = { version = "0.10", default-features = false } # ours -cosey = "0.3" +cosey = "0.4" delog = "0.1.0" -cbor-smol = { version = "0.5", features = ["heapless-bytes-v0-3"] } +cbor-smol = { version = "0.5", features = ["heapless-bytes-v0-5"] } heapless-bytes.workspace = true interchange = "0.3.0" -littlefs2 = { version = "0.6.1", optional = true } -littlefs2-core = { workspace = true, features = ["heapless-bytes03"] } +littlefs2 = "0.7.0" +littlefs2-core = { workspace = true, features = ["heapless-bytes05"] } p256-cortex-m4 = { version = "0.1.0-alpha.6", features = ["prehash", "sec1-signatures"] } salty = { version = "0.3.0", features = ["cose"] } p384 = { version = "0.13.0", optional = true, default-features = false, features = ["sha384", "ecdh", "ecdsa"] } @@ -77,7 +77,7 @@ entropy = "0.4.0" once_cell = "1.13.0" serde_test = "1" trussed-derive = { path = "derive" } -littlefs2 = "0.6" +littlefs2 = "0.7" # Somehow, this is causing a regression. # rand_core = { version = "0.5", features = ["getrandom"] } @@ -203,3 +203,7 @@ rustdoc-args = ["--cfg", "docsrs"] [patch.crates-io] trussed-core.path = "core" + +littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" } +littlefs2-core = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "e9d3a1ca98f80e92cd20ee9b94707067810b9036" } +littlefs2-sys = { git = "https://github.com/trussed-dev/littlefs2-sys", rev = "v0.3.1-nitrokey.1" } diff --git a/core/src/client/certificate.rs b/core/src/client/certificate.rs index 01e2cb221de..fb221e1a10d 100644 --- a/core/src/client/certificate.rs +++ b/core/src/client/certificate.rs @@ -26,7 +26,7 @@ pub trait CertificateClient: PollClient { location: Location, der: &[u8], ) -> ClientResult<'_, reply::WriteCertificate, Self> { - let der = Message::from_slice(der).map_err(|_| ClientError::DataTooLarge)?; + let der = Message::try_from(der).map_err(|_| ClientError::DataTooLarge)?; self.request(request::WriteCertificate { location, der }) } } diff --git a/core/src/client/crypto.rs b/core/src/client/crypto.rs index 31b8a2ddd43..47f3acd95cc 100644 --- a/core/src/client/crypto.rs +++ b/core/src/client/crypto.rs @@ -37,11 +37,11 @@ pub trait CryptoClient: PollClient { nonce: &[u8], tag: &[u8], ) -> ClientResult<'c, reply::Decrypt, Self> { - let message = Message::from_slice(message).map_err(|_| ClientError::DataTooLarge)?; + let message = Message::try_from(message).map_err(|_| ClientError::DataTooLarge)?; let associated_data = - Message::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?; - let nonce = ShortData::from_slice(nonce).map_err(|_| ClientError::DataTooLarge)?; - let tag = ShortData::from_slice(tag).map_err(|_| ClientError::DataTooLarge)?; + Message::try_from(associated_data).map_err(|_| ClientError::DataTooLarge)?; + let nonce = ShortData::try_from(nonce).map_err(|_| ClientError::DataTooLarge)?; + let tag = ShortData::try_from(tag).map_err(|_| ClientError::DataTooLarge)?; self.request(request::Decrypt { mechanism, key, @@ -99,7 +99,7 @@ pub trait CryptoClient: PollClient { attributes: StorageAttributes, ) -> ClientResult<'c, reply::DeserializeKey, Self> { let serialized_key = - SerializedKey::from_slice(serialized_key).map_err(|_| ClientError::DataTooLarge)?; + SerializedKey::try_from(serialized_key).map_err(|_| ClientError::DataTooLarge)?; self.request(request::DeserializeKey { mechanism, serialized_key, @@ -116,9 +116,9 @@ pub trait CryptoClient: PollClient { associated_data: &[u8], nonce: Option, ) -> ClientResult<'c, reply::Encrypt, Self> { - let message = Message::from_slice(message).map_err(|_| ClientError::DataTooLarge)?; + let message = Message::try_from(message).map_err(|_| ClientError::DataTooLarge)?; let associated_data = - ShortData::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?; + ShortData::try_from(associated_data).map_err(|_| ClientError::DataTooLarge)?; self.request(request::Encrypt { mechanism, key, @@ -193,7 +193,7 @@ pub trait CryptoClient: PollClient { self.request(request::Sign { key, mechanism, - message: Bytes::from_slice(data).map_err(|_| ClientError::DataTooLarge)?, + message: Bytes::try_from(data).map_err(|_| ClientError::DataTooLarge)?, format, }) } @@ -209,8 +209,8 @@ pub trait CryptoClient: PollClient { self.request(request::Verify { mechanism, key, - message: Message::from_slice(message).expect("all good"), - signature: Signature::from_slice(signature).expect("all good"), + message: Message::try_from(message).expect("all good"), + signature: Signature::try_from(signature).expect("all good"), format, }) } @@ -224,7 +224,7 @@ pub trait CryptoClient: PollClient { ) -> ClientResult<'_, reply::UnsafeInjectKey, Self> { self.request(request::UnsafeInjectKey { mechanism, - raw_key: SerializedKey::from_slice(raw_key).unwrap(), + raw_key: SerializedKey::try_from(raw_key).unwrap(), attributes: StorageAttributes::new().set_persistence(persistence), format, }) @@ -236,7 +236,7 @@ pub trait CryptoClient: PollClient { location: Location, ) -> ClientResult<'_, reply::UnsafeInjectSharedKey, Self> { self.request(request::UnsafeInjectSharedKey { - raw_key: ShortData::from_slice(raw_key).unwrap(), + raw_key: ShortData::try_from(raw_key).unwrap(), location, }) } @@ -251,8 +251,8 @@ pub trait CryptoClient: PollClient { attributes: StorageAttributes, ) -> ClientResult<'c, reply::UnwrapKey, Self> { let associated_data = - Message::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?; - let nonce = ShortData::from_slice(nonce).map_err(|_| ClientError::DataTooLarge)?; + Message::try_from(associated_data).map_err(|_| ClientError::DataTooLarge)?; + let nonce = ShortData::try_from(nonce).map_err(|_| ClientError::DataTooLarge)?; self.request(request::UnwrapKey { mechanism, wrapping_key, @@ -272,7 +272,7 @@ pub trait CryptoClient: PollClient { nonce: Option, ) -> ClientResult<'_, reply::WrapKey, Self> { let associated_data = - Bytes::from_slice(associated_data).map_err(|_| ClientError::DataTooLarge)?; + Bytes::try_from(associated_data).map_err(|_| ClientError::DataTooLarge)?; self.request(request::WrapKey { mechanism, wrapping_key, diff --git a/core/src/mechanisms.rs b/core/src/mechanisms.rs index 04a48b61a60..10129d6edff 100644 --- a/core/src/mechanisms.rs +++ b/core/src/mechanisms.rs @@ -29,7 +29,7 @@ pub trait Aes256Cbc: CryptoClient { wrapping_key, key, &[], - iv.and_then(|iv| ShortData::from_slice(iv).ok()), + iv.and_then(|iv| ShortData::try_from(iv).ok()), ) } } @@ -66,7 +66,7 @@ pub trait Chacha8Poly1305: CryptoClient { key, message, associated_data, - nonce.and_then(|nonce| ShortData::from_slice(nonce).ok()), + nonce.and_then(|nonce| ShortData::try_from(nonce).ok()), ) } @@ -90,7 +90,7 @@ pub trait Chacha8Poly1305: CryptoClient { self.unwrap_key( Mechanism::Chacha8Poly1305, wrapping_key, - Message::from_slice(wrapped_key).map_err(|_| ClientError::DataTooLarge)?, + Message::try_from(wrapped_key).map_err(|_| ClientError::DataTooLarge)?, associated_data, &[], StorageAttributes::new().set_persistence(location), @@ -109,7 +109,7 @@ pub trait Chacha8Poly1305: CryptoClient { wrapping_key, key, associated_data, - nonce.and_then(|nonce| ShortData::from_slice(nonce).ok()), + nonce.and_then(|nonce| ShortData::try_from(nonce).ok()), ) } } @@ -125,7 +125,7 @@ pub trait HmacBlake2s: CryptoClient { self.derive_key( Mechanism::HmacBlake2s, base_key, - Some(MediumData::from_slice(message).map_err(|_| ClientError::DataTooLarge)?), + Some(MediumData::try_from(message).map_err(|_| ClientError::DataTooLarge)?), StorageAttributes::new().set_persistence(persistence), ) } @@ -155,7 +155,7 @@ pub trait HmacSha1: CryptoClient { self.derive_key( Mechanism::HmacSha1, base_key, - Some(MediumData::from_slice(message).map_err(|_| ClientError::DataTooLarge)?), + Some(MediumData::try_from(message).map_err(|_| ClientError::DataTooLarge)?), StorageAttributes::new().set_persistence(persistence), ) } @@ -185,7 +185,7 @@ pub trait HmacSha256: CryptoClient { self.derive_key( Mechanism::HmacSha256, base_key, - Some(MediumData::from_slice(message).map_err(|_| ClientError::DataTooLarge)?), + Some(MediumData::try_from(message).map_err(|_| ClientError::DataTooLarge)?), StorageAttributes::new().set_persistence(persistence), ) } @@ -215,7 +215,7 @@ pub trait HmacSha512: CryptoClient { self.derive_key( Mechanism::HmacSha512, base_key, - Some(MediumData::from_slice(message).map_err(|_| ClientError::DataTooLarge)?), + Some(MediumData::try_from(message).map_err(|_| ClientError::DataTooLarge)?), StorageAttributes::new().set_persistence(persistence), ) } @@ -579,7 +579,7 @@ pub trait Sha256: CryptoClient { fn hash_sha256<'c>(&'c mut self, message: &[u8]) -> ClientResult<'c, reply::Hash, Self> { self.hash( Mechanism::Sha256, - Message::from_slice(message).map_err(|_| ClientError::DataTooLarge)?, + Message::try_from(message).map_err(|_| ClientError::DataTooLarge)?, ) } } diff --git a/core/src/serde_extensions.rs b/core/src/serde_extensions.rs index fa7bb4509b9..558c362b210 100644 --- a/core/src/serde_extensions.rs +++ b/core/src/serde_extensions.rs @@ -20,6 +20,16 @@ use crate::{ types::Bytes, }; +pub(crate) fn postcard_serialize_bytes( + object: &T, +) -> postcard::Result> { + let mut vec = Bytes::new(); + vec.resize_to_capacity(); + let serialized = postcard::to_slice(object, &mut vec)?.len(); + vec.resize(serialized, 0).unwrap(); + Ok(vec) +} + /// A Trussed API extension. pub trait Extension { /// The requests supported by this extension. @@ -37,8 +47,7 @@ pub trait Extension { id: u8, request: &Self::Request, ) -> Result { - postcard::to_vec(request) - .map(Bytes::from) + postcard_serialize_bytes(request) .map(|request| request::SerdeExtension { id, request }) .map_err(|_| ClientError::SerializationFailed) } @@ -60,8 +69,7 @@ pub trait Extension { /// crate releases. #[inline(never)] fn serialize_reply(reply: &Self::Reply) -> Result { - postcard::to_vec(reply) - .map(Bytes::from) + postcard_serialize_bytes(reply) .map(|reply| reply::SerdeExtension { reply }) .map_err(|_| Error::ReplySerializationFailure) } diff --git a/src/lib.rs b/src/lib.rs index 12132dc0232..b0c19b1b66b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -72,8 +72,11 @@ pub(crate) use postcard::from_bytes as postcard_deserialize; pub(crate) fn postcard_serialize_bytes( object: &T, ) -> postcard::Result> { - let vec = postcard::to_vec(object)?; - Ok(Bytes::from(vec)) + let mut vec = Bytes::new(); + vec.resize_to_capacity(); + let serialized = postcard::to_slice(object, &mut vec)?.len(); + vec.resize(serialized, 0).unwrap(); + Ok(vec) } #[cfg(all(test, feature = "crypto-client", feature = "filesystem-client"))] diff --git a/src/mechanisms/aes256cbc.rs b/src/mechanisms/aes256cbc.rs index 6258a3eadc7..accc30b8bc1 100644 --- a/src/mechanisms/aes256cbc.rs +++ b/src/mechanisms/aes256cbc.rs @@ -54,7 +54,7 @@ impl MechanismImpl for super::Aes256Cbc { .encrypt_padded_mut::(&mut buffer, l) .map_err(|_| Error::MechanismParamInvalid)?; - let ciphertext = Message::from_slice(ciphertext).unwrap(); + let ciphertext = Message::try_from(ciphertext).unwrap(); Ok(reply::Encrypt { ciphertext, nonce: ShortData::new(), @@ -73,7 +73,7 @@ impl MechanismImpl for super::Aes256Cbc { // let message: Message = serialized_key.material.try_to_byte_buf().map_err(|_| Error::InternalError)?; - let message = Message::from_slice( + let message = Message::try_from( keystore .load_key(key::Secrecy::Secret, None, &request.key)? .material @@ -143,7 +143,7 @@ impl MechanismImpl for super::Aes256Cbc { .decrypt_padded_mut::(&mut buffer) .map_err(|_| Error::MechanismParamInvalid)?; // hprintln!("decrypted: {:?}", &plaintext).ok(); - let plaintext = Message::from_slice(plaintext).unwrap(); + let plaintext = Message::try_from(plaintext).unwrap(); Ok(reply::Decrypt { plaintext: Some(plaintext), diff --git a/src/mechanisms/chacha8poly1305.rs b/src/mechanisms/chacha8poly1305.rs index 422a3dd4c71..cb8464ef818 100644 --- a/src/mechanisms/chacha8poly1305.rs +++ b/src/mechanisms/chacha8poly1305.rs @@ -152,8 +152,8 @@ impl MechanismImpl for super::Chacha8Poly1305 { .try_into() .unwrap(); - let nonce = ShortData::from_slice(&nonce).unwrap(); - let tag = ShortData::from_slice(&tag).unwrap(); + let nonce = ShortData::try_from(&nonce).unwrap(); + let tag = ShortData::try_from(&tag).unwrap(); // let ciphertext = Message::from_slice(&ciphertext).unwrap(); Ok(reply::Encrypt { @@ -174,7 +174,7 @@ impl MechanismImpl for super::Chacha8Poly1305 { // TODO: need to check both secret and private keys let serialized_key = keystore.load_key(key::Secrecy::Secret, None, &request.key)?; - let message = Message::from_slice(&serialized_key.serialize()).unwrap(); + let message = Message::try_from(&*serialized_key.serialize()).unwrap(); let encryption_request = request::Encrypt { mechanism: Mechanism::Chacha8Poly1305, diff --git a/src/mechanisms/ed255.rs b/src/mechanisms/ed255.rs index 13136ced79b..5b125fbfae8 100644 --- a/src/mechanisms/ed255.rs +++ b/src/mechanisms/ed255.rs @@ -132,7 +132,7 @@ impl MechanismImpl for super::Ed255 { let cose_pk = cosey::Ed25519PublicKey { // x: Bytes::from_slice(public_key.x_coordinate()).unwrap(), // x: Bytes::from_slice(&buf).unwrap(), - x: Bytes::from_slice(public_key.as_bytes()).unwrap(), + x: Bytes::try_from(public_key.as_bytes()).unwrap(), }; crate::cbor_serialize_bytes(&cose_pk).map_err(|_| Error::CborError)? } @@ -187,7 +187,7 @@ impl MechanismImpl for super::Ed255 { let keypair = load_keypair(keystore, &key_id)?; let native_signature = keypair.sign(&request.message); - let our_signature = Signature::from_slice(&native_signature.to_bytes()).unwrap(); + let our_signature = Signature::try_from(&native_signature.to_bytes()).unwrap(); // hprintln!("Ed255 signature:").ok(); // hprintln!("msg: {:?}", &request.message).ok(); diff --git a/src/mechanisms/hmacblake2s.rs b/src/mechanisms/hmacblake2s.rs index 930568fe5dd..bcf6c4075a1 100644 --- a/src/mechanisms/hmacblake2s.rs +++ b/src/mechanisms/hmacblake2s.rs @@ -60,7 +60,7 @@ impl MechanismImpl for super::HmacBlake2s { mac.update(&request.message); let result = mac.finalize(); - let signature = Signature::from_slice(&result.into_bytes()).unwrap(); + let signature = Signature::try_from(&*result.into_bytes()).unwrap(); Ok(reply::Sign { signature }) } diff --git a/src/mechanisms/hmacsha1.rs b/src/mechanisms/hmacsha1.rs index 4d5259329db..1aaff1ac727 100644 --- a/src/mechanisms/hmacsha1.rs +++ b/src/mechanisms/hmacsha1.rs @@ -61,7 +61,7 @@ impl MechanismImpl for super::HmacSha1 { mac.update(&request.message); let result = mac.finalize(); - let signature = Signature::from_slice(&result.into_bytes()).unwrap(); + let signature = Signature::try_from(&*result.into_bytes()).unwrap(); Ok(reply::Sign { signature }) } diff --git a/src/mechanisms/hmacsha256.rs b/src/mechanisms/hmacsha256.rs index 034aca3a89a..6de7b4ab636 100644 --- a/src/mechanisms/hmacsha256.rs +++ b/src/mechanisms/hmacsha256.rs @@ -66,7 +66,7 @@ impl MechanismImpl for super::HmacSha256 { mac.update(&request.message); let result = mac.finalize(); - let signature = Signature::from_slice(&result.into_bytes()).unwrap(); + let signature = Signature::try_from(&*result.into_bytes()).unwrap(); Ok(reply::Sign { signature }) } diff --git a/src/mechanisms/hmacsha512.rs b/src/mechanisms/hmacsha512.rs index 95a247e5f61..d5d07612a99 100644 --- a/src/mechanisms/hmacsha512.rs +++ b/src/mechanisms/hmacsha512.rs @@ -60,7 +60,7 @@ impl MechanismImpl for super::HmacSha512 { mac.update(&request.message); let result = mac.finalize(); - let signature = Signature::from_slice(&result.into_bytes()).unwrap(); + let signature = Signature::try_from(&*result.into_bytes()).unwrap(); Ok(reply::Sign { signature }) } diff --git a/src/mechanisms/p256.rs b/src/mechanisms/p256.rs index e0e6a2d0c91..6c1bfd246f8 100644 --- a/src/mechanisms/p256.rs +++ b/src/mechanisms/p256.rs @@ -205,15 +205,15 @@ impl MechanismImpl for super::P256 { let serialized_key = match request.format { KeySerialization::EcdhEsHkdf256 => { let cose_pk = cosey::EcdhEsHkdf256PublicKey { - x: Bytes::from_slice(&public_key.x()).unwrap(), - y: Bytes::from_slice(&public_key.y()).unwrap(), + x: Bytes::try_from(&public_key.x()).unwrap(), + y: Bytes::try_from(&public_key.y()).unwrap(), }; crate::cbor_serialize_bytes(&cose_pk).map_err(|_| Error::CborError)? } KeySerialization::Cose => { let cose_pk = cosey::P256PublicKey { - x: Bytes::from_slice(&public_key.x()).unwrap(), - y: Bytes::from_slice(&public_key.y()).unwrap(), + x: Bytes::try_from(&public_key.x()).unwrap(), + y: Bytes::try_from(&public_key.y()).unwrap(), }; crate::cbor_serialize_bytes(&cose_pk).map_err(|_| Error::CborError)? } @@ -267,10 +267,10 @@ impl MechanismImpl for super::P256 { SignatureSerialization::Asn1Der => { let mut buffer = [0u8; 72]; let l = signature.to_sec1_bytes(&mut buffer); - Signature::from_slice(&buffer[..l]).unwrap() + Signature::try_from(&buffer[..l]).unwrap() } SignatureSerialization::Raw => { - Signature::from_slice(&signature.to_untagged_bytes()).unwrap() + Signature::try_from(&signature.to_untagged_bytes()).unwrap() } _ => { return Err(Error::InvalidSerializationFormat); @@ -352,10 +352,10 @@ impl MechanismImpl for super::P256Prehashed { SignatureSerialization::Asn1Der => { let mut buffer = [0u8; 72]; let l = signature.to_sec1_bytes(&mut buffer); - Signature::from_slice(&buffer[..l]).unwrap() + Signature::try_from(&buffer[..l]).unwrap() } SignatureSerialization::Raw => { - Signature::from_slice(&signature.to_untagged_bytes()).unwrap() + Signature::try_from(&signature.to_untagged_bytes()).unwrap() } _ => { return Err(Error::InvalidSerializationFormat); diff --git a/src/mechanisms/p384.rs b/src/mechanisms/p384.rs index 91eaf6b488e..6d639c9a1af 100644 --- a/src/mechanisms/p384.rs +++ b/src/mechanisms/p384.rs @@ -206,9 +206,9 @@ impl MechanismImpl for P384 { let serialized_signature = match request.format { SignatureSerialization::Asn1Der => { let der = signature.to_der(); - Signature::from_slice(der.as_bytes()).unwrap() + Signature::try_from(der.as_bytes()).unwrap() } - SignatureSerialization::Raw => Signature::from_slice(&signature.to_bytes()).unwrap(), + SignatureSerialization::Raw => Signature::try_from(&*signature.to_bytes()).unwrap(), _ => { return Err(Error::InvalidSerializationFormat); } @@ -229,7 +229,7 @@ impl MechanismImpl for P384 { return Err(Error::InvalidSerializationFormat); } - let sk = p384::SecretKey::from_bytes((&**request.raw_key).into()) + let sk = p384::SecretKey::from_bytes((&*request.raw_key).into()) .map_err(|_| Error::InvalidSerializedKey)?; let info = key::Info { @@ -264,7 +264,7 @@ impl MechanismImpl for P384 { return Err(Error::InvalidSerializationFormat); } - let signature_bytes = (&**request.signature).into(); + let signature_bytes = (&*request.signature).into(); let signature = p384::ecdsa::Signature::from_bytes(signature_bytes) .map_err(|_| Error::InvalidSerializedRequest)?; @@ -311,9 +311,9 @@ impl MechanismImpl for P384Prehashed { let serialized_signature = match request.format { SignatureSerialization::Asn1Der => { let der = signature.to_der(); - Signature::from_slice(der.as_bytes()).unwrap() + Signature::try_from(der.as_bytes()).unwrap() } - SignatureSerialization::Raw => Signature::from_slice(&signature.to_bytes()).unwrap(), + SignatureSerialization::Raw => Signature::try_from(&*signature.to_bytes()).unwrap(), _ => { return Err(Error::InvalidSerializationFormat); } diff --git a/src/mechanisms/p521.rs b/src/mechanisms/p521.rs index 227eab2947b..d99163baf11 100644 --- a/src/mechanisms/p521.rs +++ b/src/mechanisms/p521.rs @@ -209,9 +209,9 @@ impl MechanismImpl for P521 { let serialized_signature = match request.format { SignatureSerialization::Asn1Der => { let der = signature.to_der(); - Signature::from_slice(der.as_bytes()).unwrap() + Signature::try_from(der.as_bytes()).unwrap() } - SignatureSerialization::Raw => Signature::from_slice(&signature.to_bytes()).unwrap(), + SignatureSerialization::Raw => Signature::try_from(&*signature.to_bytes()).unwrap(), _ => { return Err(Error::InvalidSerializationFormat); } @@ -232,7 +232,7 @@ impl MechanismImpl for P521 { return Err(Error::InvalidSerializationFormat); } - let sk = p521::SecretKey::from_bytes((&**request.raw_key).into()) + let sk = p521::SecretKey::from_bytes((&*request.raw_key).into()) .map_err(|_| Error::InvalidSerializedKey)?; let info = key::Info { @@ -267,7 +267,7 @@ impl MechanismImpl for P521 { return Err(Error::InvalidSerializationFormat); } - let signature_bytes = (&**request.signature).into(); + let signature_bytes = (&*request.signature).into(); let signature = p521::ecdsa::Signature::from_bytes(signature_bytes) .map_err(|_| Error::InvalidSerializedRequest)?; @@ -314,9 +314,9 @@ impl MechanismImpl for P521Prehashed { let serialized_signature = match request.format { SignatureSerialization::Asn1Der => { let der = signature.to_der(); - Signature::from_slice(der.as_bytes()).unwrap() + Signature::try_from(der.as_bytes()).unwrap() } - SignatureSerialization::Raw => Signature::from_slice(&signature.to_bytes()).unwrap(), + SignatureSerialization::Raw => Signature::try_from(&*signature.to_bytes()).unwrap(), _ => { return Err(Error::InvalidSerializationFormat); } diff --git a/src/mechanisms/totp.rs b/src/mechanisms/totp.rs index e7015af5cc8..67eadfa709f 100644 --- a/src/mechanisms/totp.rs +++ b/src/mechanisms/totp.rs @@ -73,7 +73,7 @@ impl MechanismImpl for super::Totp { // return signature (encode as LE) Ok(reply::Sign { - signature: crate::Bytes::from_slice(totp_material.to_le_bytes().as_ref()).unwrap(), + signature: crate::Bytes::try_from(totp_material.to_le_bytes().as_ref()).unwrap(), }) } diff --git a/src/mechanisms/x255.rs b/src/mechanisms/x255.rs index cf9fe86f13a..ad37262b0f3 100644 --- a/src/mechanisms/x255.rs +++ b/src/mechanisms/x255.rs @@ -195,7 +195,7 @@ impl MechanismImpl for super::X255 { if request.format != KeySerialization::Raw { return Err(Error::InvalidSerializationFormat); } - let seed = (**request.raw_key) + let seed = (*request.raw_key) .try_into() .map_err(|_| Error::InvalidSerializedKey)?; let sk = agreement::SecretKey::from_seed(&seed); diff --git a/src/service.rs b/src/service.rs index 93889e13fca..7764a7d07a0 100644 --- a/src/service.rs +++ b/src/service.rs @@ -364,7 +364,7 @@ impl ServiceResources

{ let size = request.size; let mut keystore = keystore(self, ctx)?; secret_key - .resize_default(request.size) + .resize_zero(request.size) .map_err(|_| Error::ImplementationError)?; keystore.rng().fill_bytes(&mut secret_key[..size]); let key_id = keystore.store_key( @@ -548,7 +548,7 @@ impl ServiceResources

{ Request::RandomBytes(request) => { if request.count <= MAX_MESSAGE_LENGTH { let mut bytes = Message::new(); - bytes.resize_default(request.count).unwrap(); + bytes.resize_zero(request.count).unwrap(); self.rng()?.fill_bytes(&mut bytes); Ok(Reply::RandomBytes(reply::RandomBytes { bytes })) } else { diff --git a/src/service/attest.rs b/src/service/attest.rs index b7feb073573..f5682c345eb 100644 --- a/src/service/attest.rs +++ b/src/service/attest.rs @@ -175,7 +175,7 @@ pub fn try_attest( SerializedSignature::Ed255(signature.as_ref().try_into().unwrap()) } SignatureAlgorithm::P256 => SerializedSignature::P256( - heapless_bytes::Bytes::from_slice( + heapless_bytes::Bytes::try_from( mechanisms::P256 .sign( attn_keystore, diff --git a/src/store/counterstore.rs b/src/store/counterstore.rs index c38e856fc2b..6d0fc8eea38 100644 --- a/src/store/counterstore.rs +++ b/src/store/counterstore.rs @@ -38,7 +38,7 @@ impl ClientCounterstore { fn read_counter(&mut self, location: Location, id: CounterId) -> Result { let path = self.counter_path(id); let mut bytes: crate::Bytes<16> = store::read(&self.store, location, &path)?; - bytes.resize_default(16).ok(); + bytes.resize_zero(16).ok(); Ok(u128::from_le_bytes(bytes.as_slice().try_into().unwrap())) } diff --git a/src/tests.rs b/src/tests.rs index 796250f97dd..bda3f04342d 100644 --- a/src/tests.rs +++ b/src/tests.rs @@ -951,7 +951,7 @@ fn filesystem() { .metadata .is_none(),); - let data = Bytes::from_slice(&[0; 20]).unwrap(); + let data = Bytes::try_from(&[0; 20]).unwrap(); block!(client .write_file(Location::Internal, path.clone(), data.clone(), None,) .expect("no client error")) diff --git a/tests/filesystem.rs b/tests/filesystem.rs index 768910ea47b..3c82f8321b2 100644 --- a/tests/filesystem.rs +++ b/tests/filesystem.rs @@ -60,13 +60,13 @@ fn iterating(location: Location) { syscall!(client.write_file( location, PathBuf::from(path!("foo")), - Bytes::from_slice(b"foo").unwrap(), + Bytes::try_from(b"foo").unwrap(), None )); syscall!(client.write_file( location, PathBuf::from(path!("bar")), - Bytes::from_slice(b"bar").unwrap(), + Bytes::try_from(b"bar").unwrap(), None )); let first_entry = syscall!(client.read_dir_first(location, PathBuf::new(), None)) @@ -134,7 +134,7 @@ fn iterating_first(location: Location) { syscall!(client.write_file( location, PathBuf::from(f), - Bytes::from_slice(f.as_ref().as_bytes()).unwrap(), + Bytes::try_from(f.as_ref().as_bytes()).unwrap(), None )); } @@ -182,7 +182,7 @@ fn iterating_files_and_dirs(location: Location) { syscall!(client.write_file( location, PathBuf::from(f), - Bytes::from_slice(f.as_ref().as_bytes()).unwrap(), + Bytes::try_from(f.as_ref().as_bytes()).unwrap(), None )); } @@ -203,7 +203,7 @@ fn iterating_files_and_dirs(location: Location) { syscall!(client.write_file( location, file_path.clone(), - Bytes::from_slice(file_path.as_ref().as_bytes()).unwrap(), + Bytes::try_from(file_path.as_ref().as_bytes()).unwrap(), None )); } diff --git a/tests/serde_extensions.rs b/tests/serde_extensions.rs index 62172d989d5..51bd1058a52 100644 --- a/tests/serde_extensions.rs +++ b/tests/serde_extensions.rs @@ -384,8 +384,8 @@ pub fn run)>(backends: &'static [BackendId Date: Mon, 1 Sep 2025 15:19:57 +0200 Subject: [PATCH 2/2] Fix clippy warnings --- core/src/mechanisms.rs | 6 +++--- src/mechanisms/chacha8poly1305.rs | 4 ++-- src/mechanisms/ed255.rs | 4 ++-- src/mechanisms/p256.rs | 16 ++++++---------- src/tests.rs | 2 +- tests/filesystem.rs | 4 ++-- tests/serde_extensions.rs | 16 ++++++++-------- 7 files changed, 24 insertions(+), 28 deletions(-) diff --git a/core/src/mechanisms.rs b/core/src/mechanisms.rs index 10129d6edff..9820a6b709d 100644 --- a/core/src/mechanisms.rs +++ b/core/src/mechanisms.rs @@ -29,7 +29,7 @@ pub trait Aes256Cbc: CryptoClient { wrapping_key, key, &[], - iv.and_then(|iv| ShortData::try_from(iv).ok()), + iv.map(ShortData::from), ) } } @@ -66,7 +66,7 @@ pub trait Chacha8Poly1305: CryptoClient { key, message, associated_data, - nonce.and_then(|nonce| ShortData::try_from(nonce).ok()), + nonce.map(ShortData::from), ) } @@ -109,7 +109,7 @@ pub trait Chacha8Poly1305: CryptoClient { wrapping_key, key, associated_data, - nonce.and_then(|nonce| ShortData::try_from(nonce).ok()), + nonce.map(ShortData::from), ) } } diff --git a/src/mechanisms/chacha8poly1305.rs b/src/mechanisms/chacha8poly1305.rs index cb8464ef818..dbe8ec20327 100644 --- a/src/mechanisms/chacha8poly1305.rs +++ b/src/mechanisms/chacha8poly1305.rs @@ -152,8 +152,8 @@ impl MechanismImpl for super::Chacha8Poly1305 { .try_into() .unwrap(); - let nonce = ShortData::try_from(&nonce).unwrap(); - let tag = ShortData::try_from(&tag).unwrap(); + let nonce = ShortData::from(&nonce); + let tag = ShortData::from(&tag); // let ciphertext = Message::from_slice(&ciphertext).unwrap(); Ok(reply::Encrypt { diff --git a/src/mechanisms/ed255.rs b/src/mechanisms/ed255.rs index 5b125fbfae8..11f91fab49d 100644 --- a/src/mechanisms/ed255.rs +++ b/src/mechanisms/ed255.rs @@ -132,7 +132,7 @@ impl MechanismImpl for super::Ed255 { let cose_pk = cosey::Ed25519PublicKey { // x: Bytes::from_slice(public_key.x_coordinate()).unwrap(), // x: Bytes::from_slice(&buf).unwrap(), - x: Bytes::try_from(public_key.as_bytes()).unwrap(), + x: Bytes::from(public_key.as_bytes()), }; crate::cbor_serialize_bytes(&cose_pk).map_err(|_| Error::CborError)? } @@ -187,7 +187,7 @@ impl MechanismImpl for super::Ed255 { let keypair = load_keypair(keystore, &key_id)?; let native_signature = keypair.sign(&request.message); - let our_signature = Signature::try_from(&native_signature.to_bytes()).unwrap(); + let our_signature = Signature::from(&native_signature.to_bytes()); // hprintln!("Ed255 signature:").ok(); // hprintln!("msg: {:?}", &request.message).ok(); diff --git a/src/mechanisms/p256.rs b/src/mechanisms/p256.rs index 6c1bfd246f8..0bb8ff040eb 100644 --- a/src/mechanisms/p256.rs +++ b/src/mechanisms/p256.rs @@ -205,15 +205,15 @@ impl MechanismImpl for super::P256 { let serialized_key = match request.format { KeySerialization::EcdhEsHkdf256 => { let cose_pk = cosey::EcdhEsHkdf256PublicKey { - x: Bytes::try_from(&public_key.x()).unwrap(), - y: Bytes::try_from(&public_key.y()).unwrap(), + x: Bytes::from(&public_key.x()), + y: Bytes::from(&public_key.y()), }; crate::cbor_serialize_bytes(&cose_pk).map_err(|_| Error::CborError)? } KeySerialization::Cose => { let cose_pk = cosey::P256PublicKey { - x: Bytes::try_from(&public_key.x()).unwrap(), - y: Bytes::try_from(&public_key.y()).unwrap(), + x: Bytes::from(&public_key.x()), + y: Bytes::from(&public_key.y()), }; crate::cbor_serialize_bytes(&cose_pk).map_err(|_| Error::CborError)? } @@ -269,9 +269,7 @@ impl MechanismImpl for super::P256 { let l = signature.to_sec1_bytes(&mut buffer); Signature::try_from(&buffer[..l]).unwrap() } - SignatureSerialization::Raw => { - Signature::try_from(&signature.to_untagged_bytes()).unwrap() - } + SignatureSerialization::Raw => Signature::from(&signature.to_untagged_bytes()), _ => { return Err(Error::InvalidSerializationFormat); } @@ -354,9 +352,7 @@ impl MechanismImpl for super::P256Prehashed { let l = signature.to_sec1_bytes(&mut buffer); Signature::try_from(&buffer[..l]).unwrap() } - SignatureSerialization::Raw => { - Signature::try_from(&signature.to_untagged_bytes()).unwrap() - } + SignatureSerialization::Raw => Signature::from(&signature.to_untagged_bytes()), _ => { return Err(Error::InvalidSerializationFormat); } diff --git a/src/tests.rs b/src/tests.rs index bda3f04342d..823a8683d66 100644 --- a/src/tests.rs +++ b/src/tests.rs @@ -951,7 +951,7 @@ fn filesystem() { .metadata .is_none(),); - let data = Bytes::try_from(&[0; 20]).unwrap(); + let data = Bytes::from(&[0; 20]); block!(client .write_file(Location::Internal, path.clone(), data.clone(), None,) .expect("no client error")) diff --git a/tests/filesystem.rs b/tests/filesystem.rs index 3c82f8321b2..5766b47fcc3 100644 --- a/tests/filesystem.rs +++ b/tests/filesystem.rs @@ -60,13 +60,13 @@ fn iterating(location: Location) { syscall!(client.write_file( location, PathBuf::from(path!("foo")), - Bytes::try_from(b"foo").unwrap(), + Bytes::from(b"foo"), None )); syscall!(client.write_file( location, PathBuf::from(path!("bar")), - Bytes::try_from(b"bar").unwrap(), + Bytes::from(b"bar"), None )); let first_entry = syscall!(client.read_dir_first(location, PathBuf::new(), None)) diff --git a/tests/serde_extensions.rs b/tests/serde_extensions.rs index 51bd1058a52..134ffb6d236 100644 --- a/tests/serde_extensions.rs +++ b/tests/serde_extensions.rs @@ -384,8 +384,8 @@ pub fn run)>(backends: &'static [BackendId