From fd42298e3555ead32fdc7f6f2ebaf740676dc655 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin@nitrokey.com>
Date: Wed, 13 Mar 2024 19:30:55 +0100
Subject: [PATCH] Use extension crates instead of backends

This patch replaces the dependencies on trussed-staging and
trussed-se050-backend with extension crates extracted from these
crates.  See the these PRs for more information:
- https://github.com/trussed-dev/trussed-staging/pull/19
- https://github.com/Nitrokey/trussed-se050-backend/pull/13
---
 Cargo.lock                      | 78 ++++++++++++++++++++++++++-------
 Cargo.toml                      | 18 +++++---
 components/apps/Cargo.toml      | 16 ++++---
 components/apps/src/dispatch.rs | 32 +++++++-------
 4 files changed, 100 insertions(+), 44 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4025d73e..448d1cfc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5,7 +5,7 @@ version = 3
 [[package]]
 name = "admin-app"
 version = "0.1.0"
-source = "git+https://github.com/Nitrokey/admin-app.git?tag=v0.1.0-nitrokey.10#c6c87cfad4d94c4910c87e870bae759330f6f634"
+source = "git+https://github.com/Nitrokey/admin-app.git?branch=extensions#0ba0e766cba65a1fe7b0865f343de589e4202d82"
 dependencies = [
  "apdu-dispatch",
  "cbor-smol",
@@ -17,8 +17,8 @@ dependencies = [
  "serde",
  "strum_macros",
  "trussed",
- "trussed-se050-backend",
- "trussed-staging",
+ "trussed-manage",
+ "trussed-se050-manage",
 ]
 
 [[package]]
@@ -175,11 +175,15 @@ dependencies = [
  "serde",
  "trussed",
  "trussed-auth",
+ "trussed-chunked",
  "trussed-hkdf",
+ "trussed-manage",
  "trussed-rsa-alloc",
  "trussed-se050-backend",
+ "trussed-se050-manage",
  "trussed-staging",
  "trussed-usbip",
+ "trussed-wrap-key-to-file",
  "usbd-ctaphid",
  "utils",
  "webcrypt",
@@ -1175,7 +1179,7 @@ dependencies = [
 [[package]]
 name = "fido-authenticator"
 version = "0.1.1"
-source = "git+https://github.com/Nitrokey/fido-authenticator.git?tag=v0.1.1-nitrokey.12#3db1f6fdba65ede3a05e7f0e4489145e22cde3af"
+source = "git+https://github.com/Nitrokey/fido-authenticator.git?branch=extensions#d55050a2491b0bd6cb6f72d1265ef038b8295c4f"
 dependencies = [
  "apdu-dispatch",
  "ctap-types",
@@ -1188,8 +1192,8 @@ dependencies = [
  "serde_cbor",
  "sha2",
  "trussed",
+ "trussed-chunked",
  "trussed-hkdf",
- "trussed-staging",
 ]
 
 [[package]]
@@ -2108,7 +2112,7 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
 [[package]]
 name = "opcard"
 version = "1.3.0"
-source = "git+https://github.com/Nitrokey/opcard-rs?rev=1c844b74aa5bf245cd8223bc63b74b3a1f1f7b0f#1c844b74aa5bf245cd8223bc63b74b3a1f1f7b0f"
+source = "git+https://github.com/Nitrokey/opcard-rs?branch=extensions#eb9a230db4ad83d2120c697356bed49d4641a504"
 dependencies = [
  "admin-app",
  "apdu-dispatch",
@@ -2124,8 +2128,9 @@ dependencies = [
  "subtle",
  "trussed",
  "trussed-auth",
+ "trussed-chunked",
  "trussed-rsa-alloc",
- "trussed-staging",
+ "trussed-wrap-key-to-file",
 ]
 
 [[package]]
@@ -2221,7 +2226,7 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 [[package]]
 name = "piv-authenticator"
 version = "0.3.4"
-source = "git+https://github.com/Nitrokey/piv-authenticator?tag=v0.3.4#2c948a966f3e410e9a4cee3c351ca20b956383e0"
+source = "git+https://github.com/Nitrokey/piv-authenticator.git?branch=extensions#28b7456760797b20bb6d14bb101f84adfac6143c"
 dependencies = [
  "apdu-dispatch",
  "delog",
@@ -2235,8 +2240,8 @@ dependencies = [
  "subtle",
  "trussed",
  "trussed-auth",
+ "trussed-chunked",
  "trussed-rsa-alloc",
- "trussed-staging",
  "untrusted",
 ]
 
@@ -3251,6 +3256,16 @@ dependencies = [
  "trussed",
 ]
 
+[[package]]
+name = "trussed-chunked"
+version = "0.1.0"
+source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=chunked-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98"
+dependencies = [
+ "serde",
+ "serde-byte-array",
+ "trussed",
+]
+
 [[package]]
 name = "trussed-hkdf"
 version = "0.1.0"
@@ -3266,6 +3281,15 @@ dependencies = [
  "trussed",
 ]
 
+[[package]]
+name = "trussed-manage"
+version = "0.1.0"
+source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=manage-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98"
+dependencies = [
+ "serde",
+ "trussed",
+]
+
 [[package]]
 name = "trussed-rsa-alloc"
 version = "0.1.0"
@@ -3282,8 +3306,8 @@ dependencies = [
 
 [[package]]
 name = "trussed-se050-backend"
-version = "0.2.0"
-source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?tag=v0.2.0#f48a4f2bb2d3f5f9fba5d361401f91cd9c2ee8f1"
+version = "0.3.0"
+source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?branch=release-v0.3.0#af9502a6e1d0359212101558cafa359e7f7bd5a9"
 dependencies = [
  "cbor-smol",
  "crypto-bigint",
@@ -3306,14 +3330,25 @@ dependencies = [
  "sha2",
  "trussed",
  "trussed-auth",
+ "trussed-manage",
  "trussed-rsa-alloc",
- "trussed-staging",
+ "trussed-se050-manage",
+ "trussed-wrap-key-to-file",
 ]
 
 [[package]]
-name = "trussed-staging"
+name = "trussed-se050-manage"
 version = "0.1.0"
-source = "git+https://github.com/trussed-dev/trussed-staging.git?rev=1240154c269cc3875552c46ddcbde2c9aeea5e51#1240154c269cc3875552c46ddcbde2c9aeea5e51"
+source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?tag=se050-manage-v0.1.0#d70748efbde217bb6f2a7b1ecd579d2480f7edc0"
+dependencies = [
+ "serde",
+ "trussed",
+]
+
+[[package]]
+name = "trussed-staging"
+version = "0.2.0"
+source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=v0.2.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98"
 dependencies = [
  "chacha20poly1305",
  "delog",
@@ -3322,6 +3357,9 @@ dependencies = [
  "serde",
  "serde-byte-array",
  "trussed",
+ "trussed-chunked",
+ "trussed-manage",
+ "trussed-wrap-key-to-file",
 ]
 
 [[package]]
@@ -3340,6 +3378,15 @@ dependencies = [
  "usbip-device",
 ]
 
+[[package]]
+name = "trussed-wrap-key-to-file"
+version = "0.1.0"
+source = "git+https://github.com/trussed-dev/trussed-staging.git?tag=wrap-key-to-file-v0.1.0#5fc00717e6aa3f43d4f72fd3bd589f2de3a89b98"
+dependencies = [
+ "serde",
+ "trussed",
+]
+
 [[package]]
 name = "typed-builder"
 version = "0.18.1"
@@ -3623,7 +3670,7 @@ checksum = "4d91413b1c31d7539ba5ef2451af3f0b833a005eb27a631cec32bc0635a8602b"
 [[package]]
 name = "webcrypt"
 version = "0.8.0"
-source = "git+https://github.com/nitrokey/nitrokey-websmartcard-rust?rev=b1502d72035ecde0f16f9fff5c8da06139b90d11#b1502d72035ecde0f16f9fff5c8da06139b90d11"
+source = "git+https://github.com/nitrokey/nitrokey-websmartcard-rust?branch=trussed-staging#d6d70e9f546c7e83b2b872b64bef0684efa252ae"
 dependencies = [
  "apdu-dispatch",
  "cbor-smol",
@@ -3640,7 +3687,6 @@ dependencies = [
  "sha2",
  "trussed",
  "trussed-rsa-alloc",
- "trussed-staging",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 56371a3d..c10484eb 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,9 +17,9 @@ version = "1.7.0-rc.1"
 memory-regions = { path = "components/memory-regions" }
 
 # forked
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.10" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", branch = "extensions" }
 cbor-smol = { git = "https://github.com/Nitrokey/cbor-smol.git", tag = "v0.4.0-nitrokey.1" }
-fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.12" }
+fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", branch = "extensions" }
 flexiber = { git = "https://github.com/Nitrokey/flexiber", tag = "0.1.1.nitrokey" }
 lpc55-hal = { git = "https://github.com/Nitrokey/lpc55-hal", tag = "v0.3.0-nitrokey.2" }
 serde-indexed = { git = "https://github.com/nitrokey/serde-indexed.git", tag = "v0.1.0-nitrokey.2" }
@@ -36,15 +36,19 @@ p256-cortex-m4  = { git = "https://github.com/ycrypto/p256-cortex-m4.git", rev =
 
 # unreleased crates
 secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", tag = "v0.13.0-rc2" }
-webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", rev = "b1502d72035ecde0f16f9fff5c8da06139b90d11" }
-opcard = { git = "https://github.com/Nitrokey/opcard-rs", rev = "1c844b74aa5bf245cd8223bc63b74b3a1f1f7b0f" }
-piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator", tag = "v0.3.4" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "1240154c269cc3875552c46ddcbde2c9aeea5e51" }
+webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", branch = "trussed-staging" }
+opcard = { git = "https://github.com/Nitrokey/opcard-rs", branch = "extensions" }
+piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator.git", branch = "extensions" }
+trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "chunked-v0.1.0" }
+trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" }
+trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "wrap-key-to-file-v0.1.0" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.2.0" }
 trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "4b8191f248c26cb074cdac887c7f3f48f9c449a4" }
 trussed-hkdf = { git = "https://github.com/Nitrokey/trussed-hkdf-backend.git", tag = "v0.1.0" }
 trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "9732a9a3e98af72112286afdc9b7174c66c2869a" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.3" }
-trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "v0.2.0" }
+trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", branch = "release-v0.3.0" }
+trussed-se050-manage = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "se050-manage-v0.1.0" }
 
 [profile.release]
 codegen-units = 1
diff --git a/components/apps/Cargo.toml b/components/apps/Cargo.toml
index 582cb265..0e23c96b 100644
--- a/components/apps/Cargo.toml
+++ b/components/apps/Cargo.toml
@@ -7,7 +7,9 @@ edition = "2021"
 apdu-dispatch = "0.1"
 bitflags = "2"
 ctaphid-dispatch = "0.1"
+embedded-hal = "0.2.7"
 heapless = "0.7"
+se05x = { version = "0.1.1", optional = true}
 serde = { version = "1.0.180", default-features = false }
 trussed = { version = "0.1", features = ["serde-extensions"]}
 trussed-usbip = { version = "0.0.1", default-features = false, features = ["ctaphid"], optional = true }
@@ -20,7 +22,14 @@ littlefs2 = "0.4"
 trussed-auth = { version = "0.2.2", optional = true }
 trussed-hkdf = { version = "0.1.0" }
 trussed-rsa-alloc = { version = "0.1.0", optional = true }
-trussed-staging = { version = "0.1.0", features = ["wrap-key-to-file", "chunked", "encrypted-chunked", "manage"] }
+trussed-se050-backend = { version = "0.3.0", optional = true }
+trussed-staging = { version = "0.2.0", features = ["wrap-key-to-file", "chunked", "manage"] }
+
+# Extensions
+trussed-chunked = "0.1.0"
+trussed-manage = "0.1.0"
+trussed-se050-manage = { version = "0.1.0", optional = true }
+trussed-wrap-key-to-file = "0.1.0"
 
 # apps
 admin-app = "0.1.0"
@@ -31,9 +40,6 @@ secrets-app = { version = "0.13.0", features = ["apdu-dispatch", "ctaphid"], opt
 opcard = { version = "1.1.1", features = ["apdu-dispatch", "delog", "rsa2048-gen", "rsa4096", "admin-app"], optional = true }
 piv-authenticator = { version = "0.3.1", features = ["apdu-dispatch", "delog", "rsa"], optional = true }
 provisioner-app = { path = "../provisioner-app", optional = true }
-se05x = { version = "0.1.1", optional = true}
-trussed-se050-backend = { version = "0.2.0", optional = true }
-embedded-hal = "0.2.7"
 
 [dev-dependencies]
 cbor-smol = "0.4"
@@ -61,7 +67,7 @@ webcrypt = ["dep:webcrypt", "backend-auth", "backend-rsa"]
 fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid"]
 opcard = ["dep:opcard", "backend-rsa", "backend-auth"]
 piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth"]
-se050 = ["dep:se05x", "trussed-se050-backend", "admin-app/se050"]
+se050 = ["dep:se05x", "trussed-se050-backend", "trussed-se050-manage", "admin-app/se050"]
 
 # backends
 backend-auth = ["trussed-auth"]
diff --git a/components/apps/src/dispatch.rs b/components/apps/src/dispatch.rs
index 204241cf..bd40b614 100644
--- a/components/apps/src/dispatch.rs
+++ b/components/apps/src/dispatch.rs
@@ -24,9 +24,9 @@ use embedded_hal::blocking::delay::DelayUs;
 #[cfg(feature = "se050")]
 use se05x::{se05x::Se05X, t1::I2CForT1};
 #[cfg(feature = "se050")]
-use trussed_se050_backend::{
-    manage::ManageExtension as Se050ManageExtension, Context as Se050Context, Se050Backend,
-};
+use trussed_se050_backend::{Context as Se050Context, Se050Backend};
+#[cfg(feature = "se050")]
+use trussed_se050_manage::Se050ManageExtension;
 
 #[cfg(feature = "backend-auth")]
 use trussed_auth::{AuthBackend, AuthContext, AuthExtension, MAX_HW_KEY_LEN};
@@ -34,11 +34,11 @@ use trussed_auth::{AuthBackend, AuthContext, AuthExtension, MAX_HW_KEY_LEN};
 #[cfg(feature = "backend-rsa")]
 use trussed_rsa_alloc::SoftwareRsa;
 
+use trussed_chunked::ChunkedExtension;
 use trussed_hkdf::{HkdfBackend, HkdfExtension};
-use trussed_staging::{
-    manage::ManageExtension, streaming::ChunkedExtension, wrap_key_to_file::WrapKeyToFileExtension,
-    StagingBackend, StagingContext,
-};
+use trussed_manage::ManageExtension;
+use trussed_staging::{StagingBackend, StagingContext};
+use trussed_wrap_key_to_file::WrapKeyToFileExtension;
 
 #[cfg(feature = "webcrypt")]
 use webcrypt::hmacsha256p256::{
@@ -328,15 +328,15 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
                         resources,
                     )
                 }
-                Extension::Se050Manage => ExtensionImpl::<
-                    trussed_se050_backend::manage::ManageExtension,
-                >::extension_request_serialized(
-                    self.se050.as_mut().ok_or(TrussedError::GeneralError)?,
-                    &mut ctx.core,
-                    &mut ctx.backends.se050,
-                    request,
-                    resources,
-                ),
+                Extension::Se050Manage => {
+                    ExtensionImpl::<Se050ManageExtension>::extension_request_serialized(
+                        self.se050.as_mut().ok_or(TrussedError::GeneralError)?,
+                        &mut ctx.core,
+                        &mut ctx.backends.se050,
+                        request,
+                        resources,
+                    )
+                }
                 _ => Err(TrussedError::RequestNotAvailable),
             },
             _ => Err(TrussedError::RequestNotAvailable),