From 775441b98d95575f943085608dd5592492487027 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin@nitrokey.com>
Date: Thu, 4 Apr 2024 12:07:23 +0200
Subject: [PATCH] Fix Trussed imports

---
 src/credential.rs | 14 +++++++-------
 src/ctap2/pin.rs  |  4 ++--
 src/lib.rs        | 26 +++++++++++++-------------
 src/state.rs      | 14 +++++++-------
 4 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/src/credential.rs b/src/credential.rs
index 7612313..a2c56f0 100644
--- a/src/credential.rs
+++ b/src/credential.rs
@@ -31,7 +31,7 @@ pub enum CtapVersion {
 pub struct CredentialId(pub Bytes<MAX_CREDENTIAL_ID_LENGTH>);
 
 impl CredentialId {
-    fn new<T: client::Chacha8Poly1305 + client::Sha256, C: Serialize>(
+    fn new<T: client::mechanisms::Chacha8Poly1305 + client::mechanisms::Sha256, C: Serialize>(
         trussed: &mut T,
         credential: &C,
         key_encryption_key: KeyId,
@@ -115,7 +115,7 @@ pub enum Credential {
 }
 
 impl Credential {
-    pub fn try_from<UP: UserPresence, T: client::Client + client::Chacha8Poly1305>(
+    pub fn try_from<UP: UserPresence, T: client::Client + client::mechanisms::Chacha8Poly1305>(
         authnr: &mut Authenticator<UP, T>,
         rp_id_hash: &Bytes<32>,
         descriptor: &PublicKeyCredentialDescriptorRef,
@@ -123,7 +123,7 @@ impl Credential {
         Self::try_from_bytes(authnr, rp_id_hash, descriptor.id)
     }
 
-    pub fn try_from_bytes<UP: UserPresence, T: client::Client + client::Chacha8Poly1305>(
+    pub fn try_from_bytes<UP: UserPresence, T: client::Client + client::mechanisms::Chacha8Poly1305>(
         authnr: &mut Authenticator<UP, T>,
         rp_id_hash: &Bytes<32>,
         id: &[u8],
@@ -158,7 +158,7 @@ impl Credential {
             .map_err(|_| Error::InvalidCredential)
     }
 
-    pub fn id<T: client::Chacha8Poly1305 + client::Sha256>(
+    pub fn id<T: client::mechanisms::Chacha8Poly1305 + client::mechanisms::Sha256>(
         &self,
         trussed: &mut T,
         key_encryption_key: KeyId,
@@ -371,7 +371,7 @@ impl FullCredential {
     // the ID will stay below 255 bytes.
     //
     // Existing keyhandles can still be decoded
-    pub fn id<T: client::Chacha8Poly1305 + client::Sha256>(
+    pub fn id<T: client::mechanisms::Chacha8Poly1305 + client::mechanisms::Sha256>(
         &self,
         trussed: &mut T,
         key_encryption_key: KeyId,
@@ -468,7 +468,7 @@ impl StrippedCredential {
         }
     }
 
-    pub fn id<T: client::Chacha8Poly1305 + client::Sha256>(
+    pub fn id<T: client::mechanisms::Chacha8Poly1305 + client::mechanisms::Sha256>(
         &self,
         trussed: &mut T,
         key_encryption_key: KeyId,
@@ -499,7 +499,7 @@ mod test {
     use super::*;
     use ctap_types::webauthn::{PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity};
     use trussed::{
-        client::{Chacha8Poly1305, Sha256},
+        client::mechanisms::{Chacha8Poly1305, Sha256},
         types::Location,
     };
 
diff --git a/src/ctap2/pin.rs b/src/ctap2/pin.rs
index 4156d0f..44c4289 100644
--- a/src/ctap2/pin.rs
+++ b/src/ctap2/pin.rs
@@ -1,12 +1,12 @@
 use crate::{cbor_serialize_message, TrussedRequirements};
 use ctap_types::{cose::EcdhEsHkdf256PublicKey, ctap2::client_pin::Permissions, Error, Result};
+use heapless::String;
 use trussed::{
     cbor_deserialize,
-    client::{CryptoClient, HmacSha256, P256},
+    client::{CryptoClient, mechanisms::{HmacSha256, P256}},
     syscall, try_syscall,
     types::{
         Bytes, KeyId, KeySerialization, Location, Mechanism, Message, ShortData, StorageAttributes,
-        String,
     },
 };
 use trussed_hkdf::{KeyOrData, OkmId};
diff --git a/src/lib.rs b/src/lib.rs
index a980785..1d15c16 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -20,7 +20,7 @@ generate_macros!();
 
 use core::time::Duration;
 
-use trussed::{client, syscall, types::Message, Client as TrussedClient};
+use trussed::{client, syscall, types::Message, client::Client as TrussedClient};
 use trussed_hkdf::HkdfClient;
 
 use ctap_types::heapless_bytes::Bytes;
@@ -53,12 +53,12 @@ pub type Result<T> = core::result::Result<T, Error>;
 ///   [`ExtensionRequirements`][].
 pub trait TrussedRequirements:
     client::Client
-    + client::P256
-    + client::Chacha8Poly1305
-    + client::Aes256Cbc
-    + client::Sha256
-    + client::HmacSha256
-    + client::Ed255 // + client::Totp
+    + client::mechanisms::P256
+    + client::mechanisms::Chacha8Poly1305
+    + client::mechanisms::Aes256Cbc
+    + client::mechanisms::Sha256
+    + client::mechanisms::HmacSha256
+    + client::mechanisms::Ed255 // + client::Totp
     + HkdfClient
     + ExtensionRequirements
 {
@@ -66,12 +66,12 @@ pub trait TrussedRequirements:
 
 impl<T> TrussedRequirements for T where
     T: client::Client
-        + client::P256
-        + client::Chacha8Poly1305
-        + client::Aes256Cbc
-        + client::Sha256
-        + client::HmacSha256
-        + client::Ed255 // + client::Totp
+        + client::mechanisms::P256
+        + client::mechanisms::Chacha8Poly1305
+        + client::mechanisms::Aes256Cbc
+        + client::mechanisms::Sha256
+        + client::mechanisms::HmacSha256
+        + client::mechanisms::Ed255 // + client::Totp
         + HkdfClient
         + ExtensionRequirements
 {
diff --git a/src/state.rs b/src/state.rs
index f4e7e48..0800f87 100644
--- a/src/state.rs
+++ b/src/state.rs
@@ -12,7 +12,7 @@ use ctap_types::{
 use trussed::{
     client, syscall, try_syscall,
     types::{KeyId, Location, Mechanism, PathBuf},
-    Client as TrussedClient,
+    client::Client as TrussedClient,
 };
 
 use heapless::binary_heap::{BinaryHeap, Max};
@@ -273,7 +273,7 @@ impl PersistentState {
     const RESET_RETRIES: u8 = 8;
     const FILENAME: &'static [u8] = b"persistent-state.cbor";
 
-    pub fn load<T: client::Client + client::Chacha8Poly1305>(trussed: &mut T) -> Result<Self> {
+    pub fn load<T: client::Client + client::mechanisms::Chacha8Poly1305>(trussed: &mut T) -> Result<Self> {
         // TODO: add "exists_file" method instead?
         let result =
             try_syscall!(trussed.read_file(Location::Internal, PathBuf::from(Self::FILENAME),))
@@ -324,7 +324,7 @@ impl PersistentState {
         self.save(trussed)
     }
 
-    pub fn load_if_not_initialised<T: client::Client + client::Chacha8Poly1305>(
+    pub fn load_if_not_initialised<T: client::Client + client::mechanisms::Chacha8Poly1305>(
         &mut self,
         trussed: &mut T,
     ) {
@@ -349,7 +349,7 @@ impl PersistentState {
         Ok(now)
     }
 
-    pub fn key_encryption_key<T: client::Client + client::Chacha8Poly1305>(
+    pub fn key_encryption_key<T: client::Client + client::mechanisms::Chacha8Poly1305>(
         &mut self,
         trussed: &mut T,
     ) -> Result<KeyId> {
@@ -359,7 +359,7 @@ impl PersistentState {
         }
     }
 
-    pub fn rotate_key_encryption_key<T: client::Client + client::Chacha8Poly1305>(
+    pub fn rotate_key_encryption_key<T: client::Client + client::mechanisms::Chacha8Poly1305>(
         &mut self,
         trussed: &mut T,
     ) -> Result<KeyId> {
@@ -372,7 +372,7 @@ impl PersistentState {
         Ok(key)
     }
 
-    pub fn key_wrapping_key<T: client::Client + client::Chacha8Poly1305>(
+    pub fn key_wrapping_key<T: client::Client + client::mechanisms::Chacha8Poly1305>(
         &mut self,
         trussed: &mut T,
     ) -> Result<KeyId> {
@@ -382,7 +382,7 @@ impl PersistentState {
         }
     }
 
-    pub fn rotate_key_wrapping_key<T: client::Client + client::Chacha8Poly1305>(
+    pub fn rotate_key_wrapping_key<T: client::Client + client::mechanisms::Chacha8Poly1305>(
         &mut self,
         trussed: &mut T,
     ) -> Result<KeyId> {