From eb1841438ea21d91f072746b8c7274c6c7300088 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin@nitrokey.com>
Date: Fri, 20 Dec 2024 11:12:22 +0100
Subject: [PATCH] Use trussed-core and remove default features for trussed

---
 CHANGELOG.md         |  3 +++
 Cargo.toml           |  6 ++++--
 src/crypto_traits.rs | 28 ++++++++++++++--------------
 src/lib.rs           | 11 +++++++++++
 4 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0ded671..3cad8ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,9 @@ SPDX-License-Identifier: CC0-1.0
 
 [Unreleased]: https://github.com/trussed-dev/trussed-rsa-backend/compare/v0.2.0...HEAD
 
+- Use `trussed-core` and remove default features for `trussed`.
+- Add `SoftwareRsa::MECHANISMS` constant with the implemented mechanisms.
+
 ## [v0.2.1][] (2024-06-21)
 
 [v0.2.1]: https://github.com/trussed-dev/trussed-rsa-backend/compare/v0.2.0...v0.2.1
diff --git a/Cargo.toml b/Cargo.toml
index 6ba5496..78adaf0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,7 +19,8 @@ postcard = { version = "0.7", default-features = false, features = ["heapless"]
 rsa = { version = "0.9", default-features = false, features = ["sha2"]}
 serde = { version = "1.0.152", default-features = false, features = ["derive"] }
 
-trussed = "0.1"
+trussed = { version = "0.1", default-features = false }
+trussed-core = { version = "0.1.0-rc.1", features = ["crypto-client", "rsa2048", "rsa3072", "rsa4096"] }
 
 [dev-dependencies]
 hex-literal = "0.3.4"
@@ -28,6 +29,7 @@ delog = { version = "0.1.6", features = ["std-log"] }
 test-log = "0.2.11"
 env_logger = "0.10.0"
 rand = "0.8.5"
+trussed = { version = "0.1", default-features = false, features = ["certificate-client", "clients-1", "crypto-client"] }
 
 [features]
 
@@ -45,7 +47,7 @@ log-warn = []
 log-error = []
 
 [patch.crates-io]
-trussed = { git = "https://github.com/Nitrokey/trussed", rev = "6b9a43fbaaf34fe8d69fac0021f8130dd9a436c9" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
 
 [profile.dev.package.rsa]
 opt-level = 2
diff --git a/src/crypto_traits.rs b/src/crypto_traits.rs
index ca9d93d..71bfa21 100644
--- a/src/crypto_traits.rs
+++ b/src/crypto_traits.rs
@@ -1,24 +1,24 @@
 // Copyright (C) Nitrokey GmbH
 // SPDX-License-Identifier: Apache-2.0 or MIT
 
-use trussed::{
+use trussed_core::{
     api::{
         reply,
         request::{DeserializeKey, UnsafeInjectKey},
     },
-    client::{ClientError, ClientResult, CryptoClient},
     types::{
         KeyId, KeySerialization, Location, Mechanism, SignatureSerialization, StorageAttributes,
     },
+    ClientError, ClientResult, CryptoClient,
 };
 
 use crate::{RsaImportFormat, RsaPublicParts};
 
 impl<C: CryptoClient> Rsa2048Pkcs1v15 for C {}
 
-/// Helper trait to work with RSA 2048 bit keys through a [`Client`](trussed::Client)
+/// Helper trait to work with RSA 2048 bit keys through a [`CryptoClient`][]
 ///
-/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient)
+/// This trait is implemented by all implementors of [`CryptoClient`][]
 pub trait Rsa2048Pkcs1v15: CryptoClient {
     fn generate_rsa2048pkcs_private_key(
         &mut self,
@@ -45,13 +45,13 @@ pub trait Rsa2048Pkcs1v15: CryptoClient {
 
     /// Serializes an RSA 2048 bit key.
     ///
-    /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
+    /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
     /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts):
     /// ```
     ///# #[cfg(feature = "virt")]
     ///# {
     ///# use trussed_rsa_alloc::*;
-    ///# use trussed::{syscall,types::Location::{Volatile,Internal}};
+    ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}};
     ///# virt::with_ram_client("rsa tests", |mut client| {
     ///# let sk = syscall!(client.generate_rsa2048pkcs_private_key(Internal)).key;
     ///# let pk = syscall!(client.derive_rsa2048pkcs_public_key(sk, Volatile)).key;
@@ -159,9 +159,9 @@ pub trait Rsa2048Pkcs1v15: CryptoClient {
 
 impl<C: CryptoClient> Rsa3072Pkcs1v15 for C {}
 
-/// Helper trait to work with RSA 3072 bit keys through a [`Client`](trussed::Client)
+/// Helper trait to work with RSA 3072 bit keys through a [`CryptoClient`][]
 ///
-/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient)
+/// This trait is implemented by all implementors of [`CryptoClient`][]
 pub trait Rsa3072Pkcs1v15: CryptoClient {
     fn generate_rsa3072pkcs_private_key(
         &mut self,
@@ -188,13 +188,13 @@ pub trait Rsa3072Pkcs1v15: CryptoClient {
 
     /// Serializes an RSA 3072 bit key.
     ///
-    /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
+    /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
     /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts):
     /// ```
     ///# #[cfg(feature = "virt")]
     ///# {
     ///# use trussed_rsa_alloc::*;
-    ///# use trussed::{syscall,types::Location::{Volatile,Internal}};
+    ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}};
     ///# virt::with_ram_client("rsa tests", |mut client| {
     ///# let sk = syscall!(client.generate_rsa3072pkcs_private_key(Internal)).key;
     ///# let pk = syscall!(client.derive_rsa3072pkcs_public_key(sk, Volatile)).key;
@@ -302,9 +302,9 @@ pub trait Rsa3072Pkcs1v15: CryptoClient {
 
 impl<C: CryptoClient> Rsa4096Pkcs1v15 for C {}
 
-/// Helper trait to work with RSA 4096 bit keys through a [`Client`](trussed::Client)
+/// Helper trait to work with RSA 4096 bit keys through a [`CryptoClient`][]
 ///
-/// This trait is implemented by all implementors of [`CryptoClient`](trussed::client::CryptoClient)
+/// This trait is implemented by all implementors of [`CryptoClient`][]
 pub trait Rsa4096Pkcs1v15: CryptoClient {
     fn generate_rsa4096pkcs_private_key(
         &mut self,
@@ -331,13 +331,13 @@ pub trait Rsa4096Pkcs1v15: CryptoClient {
 
     /// Serializes an RSA 4096 bit key.
     ///
-    /// The resulting [`serialized_key`](trussed::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
+    /// The resulting [`serialized_key`](trussed_core::api::reply::SerializeKey::serialized_key) contains a buffer of the parts of the key
     /// as a serialized [`RsaPublicParts`](crate::RsaPublicParts):
     /// ```
     ///# #[cfg(feature = "virt")]
     ///# {
     ///# use trussed_rsa_alloc::*;
-    ///# use trussed::{syscall,types::Location::{Volatile,Internal}};
+    ///# use trussed_core::{syscall,types::Location::{Volatile,Internal}};
     ///# virt::with_ram_client("rsa tests", |mut client| {
     ///# let sk = syscall!(client.generate_rsa4096pkcs_private_key(Internal)).key;
     ///# let pk = syscall!(client.derive_rsa4096pkcs_public_key(sk, Volatile)).key;
diff --git a/src/lib.rs b/src/lib.rs
index 7088991..98f8c85 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -49,6 +49,17 @@ pub use crypto_traits::{Rsa2048Pkcs1v15, Rsa3072Pkcs1v15, Rsa4096Pkcs1v15};
 #[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Debug, Default, Hash)]
 pub struct SoftwareRsa;
 
+impl SoftwareRsa {
+    pub const MECHANISMS: &[Mechanism] = &[
+        Mechanism::Rsa2048Pkcs1v15,
+        Mechanism::Rsa3072Pkcs1v15,
+        Mechanism::Rsa4096Pkcs1v15,
+        Mechanism::Rsa2048Raw,
+        Mechanism::Rsa3072Raw,
+        Mechanism::Rsa4096Raw,
+    ];
+}
+
 /// The bool returned points at wether the mechanism is raw RSA
 fn bits_and_kind_from_mechanism(mechanism: Mechanism) -> Result<(usize, key::Kind, bool), Error> {
     match mechanism {