Update trussed

Cargo.toml

@@ -38,6 +38,7 @@ clap = { version = "3.0.0", features = ["cargo", "derive"] }
 clap-num = "1.0.0"
 delog = { version = "0.1.6", features = ["std-log"] }
 fido-authenticator = {version = "0.1.1", features = ["dispatch", "log-all"]}
+trussed-hkdf = { version = "0.1.0" }
 trussed-usbip = { version = "0.0.1", features = ["ctaphid"], default-features = false }
 admin-app = { version = "0.1", features = ["log-all"] }
 
@@ -92,18 +93,20 @@ ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch", tag =
 
 # forked
 admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.8" }
-fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", rev = "162ac6a2e603fb69944ff1679dced9752f0c7cf2" }
+fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.11" }
 serde-indexed = { git = "https://github.com/sosthene-nitrokey/serde-indexed.git", rev = "5005d23cb4ee8622e62188ea0f9466146f851f0d" }
 
 # unreleased upstream changes
 apdu-dispatch = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "915fc237103fcecc29d0f0b73391f19abf6576de" }
-ctap-types = { git = "https://github.com/trussed-dev/ctap-types.git", rev = "7d4ad69e64ad308944c012aef5b9cfd7654d9be8" }
+ctap-types = { git = "https://github.com/trussed-dev/ctap-types.git", rev = "a9f8003a1d9f05f9eea39e615b9159bc0613fcb5" }
 iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitrokey.1" }
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "b1781805a2e33615d2d00b8bec80c0b1f5870ca1" }
+littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "ebd27e49ca321089d01d8c9b169c4aeb58ceeeca" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "cff2e663841b6a68d3a8ce12647d57b2b6fbc36c" }
 usbd-ctaphid = { git = "https://github.com/Nitrokey/usbd-ctaphid", tag = "v0.1.0-nitrokey.1" }
 
 # unreleased crates
 trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "62235294bd63977bbb88eb01e7ac44b8010eb450" }
+trussed-hkdf = { git = "https://github.com/Nitrokey/trussed-hkdf-backend.git", tag = "v0.1.0" }
 trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "2f51478f0861ff8db19fdd5290f023ab6f4c2fb9" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner", tag = "v0.0.1-nitrokey.1" }
 trussed-staging = { git = "https://github.com/Nitrokey/trussed-staging.git", branch = "hmacsha256p256-chunked" }

examples/usbip/main.rs

@@ -7,6 +7,7 @@ use std::path::{Path, PathBuf};
 const LOCATION_FOR_SIMULATION: Location = Location::Internal;
 
 mod dispatch {
+    use trussed_hkdf::HkdfExtension;
     use trussed_staging::hmacsha256p256::HmacSha256P256Extension;
     use trussed_staging::manage::ManageExtension;
     use trussed_staging::StagingBackend;
@@ -46,6 +47,7 @@ mod dispatch {
         Auth,
         HmacShaP256,
         Manage,
+        Hkdf,
     }
 
     impl From<Extension> for u8 {
@@ -54,6 +56,7 @@ mod dispatch {
                 Extension::Auth => 0,
                 Extension::HmacShaP256 => 1,
                 Extension::Manage => 2,
+                Extension::Hkdf => 3,
             }
         }
     }
@@ -66,6 +69,7 @@ mod dispatch {
                 0 => Ok(Extension::Auth),
                 1 => Ok(Extension::HmacShaP256),
                 2 => Ok(Extension::Manage),
+                3 => Ok(Extension::Hkdf),
                 _ => Err(Error::InternalError),
             }
         }
@@ -172,7 +176,7 @@ mod dispatch {
                             resources,
                         )
                     }
-                    Extension::Auth => Err(Error::RequestNotAvailable),
+                    _ => Err(Error::RequestNotAvailable),
                 },
             }
         }
@@ -195,6 +199,12 @@ mod dispatch {
 
         const ID: Self::Id = Self::Id::Manage;
     }
+
+    impl ExtensionId<HkdfExtension> for Dispatch {
+        type Id = Extension;
+
+        const ID: Self::Id = Self::Id::Hkdf;
+    }
 }
 
 #[cfg(feature = "ccid")]
@@ -429,6 +439,7 @@ impl trussed_usbip::Apps<'static, VirtClient, dispatch::Dispatch> for Apps {
                 skip_up_timeout: None,
                 max_resident_credential_count: Some(MAX_RESIDENT_CREDENTIAL_COUNT),
                 large_blobs: None,
+                nfc_transport: false,
             },
         );
         let data = AdminData::new(Variant::Usbip);

src/lib/commands.rs

@@ -176,7 +176,7 @@ where
     let wrapped_key =
         syscall!(w
             .trussed
-            .wrap_key_chacha8poly1305(wrapping_key, private_key, &appid))
+            .wrap_key_chacha8poly1305(wrapping_key, private_key, &appid, None))
         .wrapped_key;
 
     let nonce_2 = syscall!(w.trussed.random_bytes(12));
@@ -770,13 +770,15 @@ where
     .ok_or(Error::FailedLoadingData)?;
 
     // decrypt with shared secret
-    let decrypted = try_syscall!(w.trussed.decrypt_aes256cbc(serialized_reimported, req.data))
-        .map_err(|_e| {
-            error!("Decryption error: {:?}", _e);
-            Error::FailedLoadingData
-        })?
-        .plaintext
-        .ok_or(Error::InternalError)?;
+    let decrypted = try_syscall!(w
+        .trussed
+        .decrypt_aes256cbc(serialized_reimported, req.data, &[]))
+    .map_err(|_e| {
+        error!("Decryption error: {:?}", _e);
+        Error::FailedLoadingData
+    })?
+    .plaintext
+    .ok_or(Error::InternalError)?;
 
     syscall!(w.trussed.delete(shared_secret));
     syscall!(w.trussed.delete(serialized_reimported));