trussed-dev
diff --git a/‎CHANGELOG.md‎
Lines changed: 12 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎Cargo.toml‎
Lines changed: 19 additions & 19 deletions b/‎Cargo.toml‎
Lines changed: 19 additions & 19 deletions
diff --git a/‎fuzz/Cargo.toml‎
Lines changed: 5 additions & 5 deletions b/‎fuzz/Cargo.toml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎fuzz/fuzz_targets/ctap.rs‎
Lines changed: 2 additions & 1 deletion b/‎fuzz/fuzz_targets/ctap.rs‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/credential.rs‎
Lines changed: 21 additions & 20 deletions b/‎src/credential.rs‎
Lines changed: 21 additions & 20 deletions
diff --git a/‎src/ctap1.rs‎
Lines changed: 21 additions & 23 deletions b/‎src/ctap1.rs‎
Lines changed: 21 additions & 23 deletions
@@ -6,7 +6,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
--
+- Update dependencies:
+  - `apdu-app` v0.2
+  - `cosey` v0.4
+  - `ctap-types` v0.5
+  - `ctaphid-app` v0.2
+  - `heapless` v0.9
+  - `heapless-bytes` v0.5
+  - `iso7816` v0.2
+  - `trussed-chunked` v0.3
+  - `trussed-core` v0.2
+  - `trussed-fs-info` v0.3
+  - `trussed-hkdf` v0.4
 
 ## [v0.2.0](https://github.com/trussed-dev/fido-authenticator/releases/tag/v0.2.0) (2025-09-02)
 
 
@@ -9,24 +9,24 @@ documentation = "https://docs.rs/fido-authenticator"
 description = "FIDO authenticator Trussed app"
 
 [dependencies]
-apdu-app = { version = "0.1", optional = true }
+apdu-app = { version = "0.2", optional = true }
 cbor-smol = "0.5"
-cosey = "0.3"
-ctap-types = { version = "0.4", features = ["get-info-full", "large-blobs", "third-party-payment"] }
-ctaphid-app = { version = "0.1", optional = true }
+cosey = "0.4"
+ctap-types = { version = "0.5", features = ["get-info-full", "large-blobs", "third-party-payment"] }
+ctaphid-app = { version = "0.2", optional = true }
 delog = "0.1"
-heapless = "0.7"
-heapless-bytes = "0.3"
-iso7816 = { version = "0.1.2", optional = true }
+heapless = "0.9"
+heapless-bytes = { version = "0.5", features = ["heapless-0.9"]}
+iso7816 = { version = "0.2", optional = true }
 littlefs2-core = "0.1"
 serde = { version = "1.0", default-features = false }
 serde_bytes = { version = "0.11.14", default-features = false }
 serde-indexed = "0.1"
 sha2 = { version = "0.10", default-features = false }
-trussed-chunked = { version = "0.2", optional = true }
-trussed-core = { version = "0.1", features = ["aes256-cbc", "certificate-client", "chacha8-poly1305", "crypto-client", "ed255", "filesystem-client", "hmac-sha256", "management-client", "p256", "sha256", "ui-client"] }
-trussed-fs-info = "0.2"
-trussed-hkdf = "0.3"
+trussed-chunked = { version = "0.3", optional = true }
+trussed-core = { version = "0.2", features = ["aes256-cbc", "certificate-client", "chacha8-poly1305", "crypto-client", "ed255", "filesystem-client", "hmac-sha256", "management-client", "p256", "sha256", "ui-client"] }
+trussed-fs-info = "0.3"
+trussed-hkdf = "0.4"
 
 [features]
 dispatch = ["apdu-dispatch", "ctaphid-dispatch", "dep:iso7816"]
@@ -46,38 +46,38 @@ log-warn = []
 log-error = []
 
 [dev-dependencies]
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.20", features = ["migration-tests"] }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.21", features = ["migration-tests"] }
 aes = "0.8.4"
 cbc = { version = "0.1.2", features = ["alloc"] }
 ciborium = "0.2.2"
 ciborium-io = "0.2.2"
 cipher = "0.4.4"
 ctaphid = { version = "0.3.1", default-features = false }
-ctaphid-dispatch = "0.3"
+ctaphid-dispatch = "0.4"
 delog = { version = "0.1.6", features = ["std-log"] }
 env_logger = "0.11"
 hex-literal = "0.4.1"
 hmac = "0.12.1"
 interchange = "0.3"
 itertools = "0.14"
-littlefs2 = "0.6"
+littlefs2 = "0.7"
 log = "0.4.21"
 p256 = { version = "0.13.2", features = ["ecdh"] }
 rand = "0.8.4"
 rand_chacha = "0.3"
 sha2 = "0.10"
 serde_test = "1.0.176"
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "024e0eca5fb7dbd2457831f7c7bffe4341e08775", features = ["virt"] }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.3.3", features = ["chunked", "hkdf", "virt", "fs-info"] }
-trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "504674453c9573a30aa2f155101df49eb2af1ba7", default-features = false, features = ["ctaphid"] }
-usbd-ctaphid = "0.3"
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "0f8df68be879acdde1f8cf428c11e5d29692a47b", features = ["virt"] }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.4.0", features = ["chunked", "hkdf", "virt", "fs-info"] }
+trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "017921df0930707c4af68882ccb1f8b3f1bbf7c5", default-features = false, features = ["ctaphid"] }
+usbd-ctaphid = "0.4"
 x509-parser = "0.16"
 
 [package.metadata.docs.rs]
 features = ["chunked", "dispatch"]
 
 [patch.crates-io]
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "024e0eca5fb7dbd2457831f7c7bffe4341e08775" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "0f8df68be879acdde1f8cf428c11e5d29692a47b" }
 
 [profile.test]
 opt-level = 2
@@ -8,10 +8,10 @@ edition = "2021"
 cargo-fuzz = true
 
 [dependencies]
-ctap-types = { version = "0.4", features = ["arbitrary"] }
+ctap-types = { version = "0.5", features = ["arbitrary"] }
 libfuzzer-sys = "0.4"
-trussed = { version = "0.1", features = ["clients-1", "certificate-client", "crypto-client", "filesystem-client", "management-client", "aes256-cbc", "ed255", "p256", "sha256"] }
-trussed-staging = { version = "0.3.0", features = ["chunked", "hkdf", "virt", "fs-info"] }
+trussed = { version = "0.1", features = ["certificate-client", "crypto-client", "filesystem-client", "management-client", "aes256-cbc", "ed255", "p256", "sha256"] }
+trussed-staging = { version = "0.4.0", features = ["chunked", "hkdf", "virt", "fs-info"] }
 
 [dependencies.fido-authenticator]
 path = ".."
@@ -24,5 +24,5 @@ doc = false
 bench = false
 
 [patch.crates-io]
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "1e1ca03a3a62ea9b802f4070ea4bce002eeb4bec" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "0f8df68be879acdde1f8cf428c11e5d29692a47b" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.4.0" }
@@ -2,12 +2,13 @@
 
 use ctap_types::{authenticator::Request, ctap1::Authenticator as _, ctap2::Authenticator as _};
 use fido_authenticator::{Authenticator, Config, Conforming};
+use trussed::virt::StoreConfig;
 use trussed_staging::virt;
 
 use libfuzzer_sys::fuzz_target;
 
 fuzz_target!(|requests: Vec<Request<'_>>| {
-    virt::with_ram_client("fido", |client| {
+    virt::with_client(StoreConfig::ram(), "fido", |client| {
         let mut authenticator = Authenticator::new(
             client,
             Conforming {},
 
@@ -202,13 +202,14 @@ impl Credential {
 fn deserialize_bytes<E: serde::de::Error, const N: usize>(
     s: &[u8],
 ) -> core::result::Result<Bytes<N>, E> {
-    Bytes::from_slice(s).map_err(|_| E::invalid_length(s.len(), &"a fixed-size sequence of bytes"))
+    Bytes::try_from(s).map_err(|_| E::invalid_length(s.len(), &"a fixed-size sequence of bytes"))
 }
 
 fn deserialize_str<E: serde::de::Error, const N: usize>(
     s: &str,
 ) -> core::result::Result<String<N>, E> {
-    Ok(s.into())
+    s.try_into()
+        .map_err(|_| E::custom("Serialized string doesn't fit "))
 }
 
 #[derive(Clone, Copy, Debug, PartialEq)]
@@ -794,20 +795,20 @@ mod test {
     fn credential_data() -> CredentialData {
         CredentialData {
             rp: Rp::new(PublicKeyCredentialRpEntity {
-                id: String::from("John Doe"),
+                id: String::try_from("John Doe").unwrap(),
                 name: None,
                 icon: None,
             }),
             user: User::new(PublicKeyCredentialUserEntity {
-                id: Bytes::from_slice(&[1, 2, 3]).unwrap(),
+                id: Bytes::from(&[1, 2, 3]),
                 icon: None,
                 name: None,
                 display_name: None,
             }),
             creation_time: 123,
             use_counter: false,
             algorithm: -7,
-            key: Key::WrappedKey(Bytes::from_slice(&[1, 2, 3]).unwrap()),
+            key: Key::WrappedKey(Bytes::from(&[1, 2, 3])),
             hmac_secret: Some(false),
             cred_protect: None,
             use_short_id: Some(true),
@@ -821,15 +822,15 @@ mod test {
             rp: Rp {
                 format: SerializationFormat::Long,
                 inner: PublicKeyCredentialRpEntity {
-                    id: String::from("John Doe"),
+                    id: String::try_from("John Doe").unwrap(),
                     name: None,
                     icon: None,
                 },
             },
             user: User {
                 format: SerializationFormat::Long,
                 inner: PublicKeyCredentialUserEntity {
-                    id: Bytes::from_slice(&[1, 2, 3]).unwrap(),
+                    id: Bytes::from(&[1, 2, 3]),
                     icon: None,
                     name: None,
                     display_name: None,
@@ -838,7 +839,7 @@ mod test {
             creation_time: 123,
             use_counter: false,
             algorithm: -7,
-            key: Key::WrappedKey(Bytes::from_slice(&[1, 2, 3]).unwrap()),
+            key: Key::WrappedKey(Bytes::from(&[1, 2, 3])),
             hmac_secret: Some(false),
             cred_protect: None,
             use_short_id: None,
@@ -865,7 +866,7 @@ mod test {
         let between = Uniform::from(0..(N + 1));
         let n = between.sample(&mut OsRng);
 
-        bytes.resize_default(n).unwrap();
+        bytes.resize_zero(n).unwrap();
 
         OsRng.fill_bytes(&mut bytes);
         bytes
@@ -1079,7 +1080,7 @@ mod test {
     #[test]
     fn max_credential_id() {
         let rp_id: String<256> = core::iter::repeat_n('?', 256).collect();
-        let key = Bytes::from_slice(&[u8::MAX; 128]).unwrap();
+        let key = Bytes::from(&[u8::MAX; 128]);
         let credential = StrippedCredential {
             ctap: CtapVersion::Fido21Pre,
             creation_time: u32::MAX,
@@ -1160,8 +1161,8 @@ mod test {
 
         fn inner(&self) -> PublicKeyCredentialRpEntity {
             PublicKeyCredentialRpEntity {
-                id: self.id.into(),
-                name: self.name.map(From::from),
+                id: self.id.try_into().unwrap(),
+                name: self.name.map(|n| n.try_into().unwrap()),
                 icon: None,
             }
         }
@@ -1225,10 +1226,10 @@ mod test {
 
         fn inner(&self) -> PublicKeyCredentialUserEntity {
             PublicKeyCredentialUserEntity {
-                id: Bytes::from_slice(self.id).unwrap(),
-                icon: self.icon.map(From::from),
-                name: self.name.map(From::from),
-                display_name: self.display_name.map(From::from),
+                id: Bytes::try_from(self.id).unwrap(),
+                icon: self.icon.map(|v| v.try_into().unwrap()),
+                name: self.name.map(|v| v.try_into().unwrap()),
+                display_name: self.display_name.map(|v| v.try_into().unwrap()),
             }
         }
     }
@@ -1300,7 +1301,7 @@ mod test {
         "
         );
 
-        let credential = FullCredential::deserialize(&Bytes::from_slice(&data).unwrap()).unwrap();
+        let credential = FullCredential::deserialize(&Bytes::from(&data)).unwrap();
         assert!(matches!(credential.ctap, CtapVersion::Fido21Pre));
         assert_eq!(credential.nonce, &hex!("F62CA01ED181A3D03D561FC7"));
         assert_eq!(
@@ -1309,17 +1310,17 @@ mod test {
                 rp: Rp {
                     format: SerializationFormat::Long,
                     inner: PublicKeyCredentialRpEntity {
-                        id: "webauthn.io".into(),
+                        id: "webauthn.io".try_into().unwrap(),
                         name: None,
                         icon: None,
                     },
                 },
                 user: User {
                     format: SerializationFormat::Long,
                     inner: PublicKeyCredentialUserEntity {
-                        id: Bytes::from_slice(&hex!("6447567A644445")).unwrap(),
+                        id: Bytes::from(&hex!("6447567A644445")),
                         icon: None,
-                        name: Some("test1".into()),
+                        name: Some("test1".try_into().unwrap()),
                         display_name: None,
                     },
                 },
 
@@ -1,9 +1,7 @@
 //! The `ctap_types::ctap1::Authenticator` implementation.
 
-use ctap_types::{
-    ctap1::{authenticate, register, Authenticator, ControlByte, Error, Result},
-    heapless_bytes::Bytes,
-};
+use ctap_types::ctap1::{authenticate, register, Authenticator, ControlByte, Error, Result};
+use heapless_bytes::Bytes;
 use serde_bytes::ByteArray;
 
 use trussed_core::{
@@ -71,9 +69,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
         syscall!(self.trussed.delete(private_key));
 
         let key = Key::WrappedKey(
-            wrapped_key
-                .to_bytes()
-                .map_err(|_| Error::UnspecifiedCheckingError)?,
+            Bytes::try_from(&*wrapped_key).map_err(|_| Error::UnspecifiedCheckingError)?,
         );
         let nonce = ByteArray::new(self.nonce());
 
@@ -124,14 +120,15 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
             (Some((key, cert)), _aaguid) => {
                 info!("aaguid: {}", hex_str!(&_aaguid));
                 (
-                    syscall!(self.trussed.sign(
-                        Mechanism::P256,
-                        key,
-                        &commitment,
-                        SignatureSerialization::Asn1Der
-                    ))
-                    .signature
-                    .to_bytes()
+                    Bytes::try_from(
+                        &*syscall!(self.trussed.sign(
+                            Mechanism::P256,
+                            key,
+                            &commitment,
+                            SignatureSerialization::Asn1Der
+                        ))
+                        .signature,
+                    )
                     .unwrap(),
                     cert,
                 )
@@ -226,14 +223,15 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
             .unwrap();
         commitment.extend_from_slice(auth.challenge).unwrap();
 
-        let signature = syscall!(self.trussed.sign(
-            Mechanism::P256,
-            key,
-            &commitment,
-            SignatureSerialization::Asn1Der
-        ))
-        .signature
-        .to_bytes()
+        let signature = Bytes::try_from(
+            &*syscall!(self.trussed.sign(
+                Mechanism::P256,
+                key,
+                &commitment,
+                SignatureSerialization::Asn1Der
+            ))
+            .signature,
+        )
         .unwrap();
 
         Ok(authenticate::Response {