Add support for FIDO request cancellation

Cargo.toml

@@ -12,27 +12,27 @@ version = "1.5.0-test.20230613"
 
 [patch.crates-io]
 # forked
-admin-app = { git = "https://github.com/Nitrokey/admin-app", tag = "v0.1.0-nitrokey.2" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app", tag = "v0.1.0-nitrokey.3" }
 ctap-types = { git = "https://github.com/Nitrokey/ctap-types", tag = "v0.1.2-nitrokey.1" }
-fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.4" }
+fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.5" }
 lpc55-hal = { git = "https://github.com/Nitrokey/lpc55-hal", tag = "v0.3.0-nitrokey.2" }
-trussed = { git = "https://github.com/Nitrokey/trussed", tag = "v0.1.0-nitrokey.11" }
+trussed = { git = "https://github.com/Nitrokey/trussed", tag = "v0.1.0-nitrokey.12" }
 
 # unreleased upstream changes
-usbd-ctaphid = { git = "https://github.com/trussed-dev/usbd-ctaphid", rev = "2f658fbe84e262037621b15cb867424c4a60b038" }
-usbd-ccid = { git = "https://github.com/trussed-dev/usbd-ccid", rev = "eeea54f85cfa69a43c676b63c030608830ea35ea" }
-ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch", rev = "d9eb980da163b613fdf759f6092b7c3bdcc0a22c" }
-apdu-dispatch = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "b72d5eb9f4d7a3f107a78a2f0e41f3c403f4c7a4" }
+usbd-ctaphid = { git = "https://github.com/Nitrokey/usbd-ctaphid", tag = "v0.1.0-nitrokey.1" }
+usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
+ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch", tag = "v0.1.1-nitrokey.2" }
+apdu-dispatch = { git = "https://github.com/Nitrokey/apdu-dispatch", tag = "v0.1.2-nitrokey.1" }
 
 # unreleased crates
-secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", tag = "0.11.0" }
+secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", tag = "v0.11.0-interrupt.1" }
 opcard = { git = "https://github.com/Nitrokey/opcard-rs", tag = "v1.1.0" }
 piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator", tag = "v0.3.2" }
-trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", tag = "v0.2.2" }
+trussed-auth = { git = "https://github.com/Nitrokey/trussed-auth", tag = "v0.2.2-nitrokey.1" }
 trussed-rsa-alloc = { git = "https://github.com/Nitrokey/trussed-rsa-backend.git", tag = "v0.1.0"}
-trussed-staging = { git = "https://github.com/Nitrokey/trussed-staging.git", tag = "v0.1.0"}
+trussed-staging = { git = "https://github.com/Nitrokey/trussed-staging.git", tag = "v0.1.0-nitrokey.1"}
 iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitrokey.1" }
-trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner", rev = "083fca7693a9a910dd2337d8eaf9d50ccd1987d0" }
+trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner", tag = "v0.0.1-nitrokey.1" }
 
 [profile.release]
 codegen-units = 1

components/apps/Cargo.toml

@@ -20,7 +20,7 @@ trussed-staging = { version = "0.1.0", features = ["wrap-key-to-file", "chunked"
 admin-app = { version = "0.1.0", optional = true }
 fido-authenticator = { version = "0.1.1", features = ["dispatch"], optional = true }
 ndef-app = { path = "../ndef-app", optional = true }
-secrets-app = { version = "0.11.0", features = ["apdu-dispatch", "ctaphid"], optional = true }
+secrets-app = { version = "0.12.0", features = ["apdu-dispatch", "ctaphid"], optional = true }
 opcard = { version = "1.1.0", features = ["apdu-dispatch", "delog", "rsa2048-gen", "rsa4096"], optional = true }
 piv-authenticator = { version = "0.3.1", features = ["apdu-dispatch", "delog"], optional = true }
 provisioner-app = { path = "../provisioner-app", optional = true }

components/apps/src/lib.rs

@@ -8,8 +8,8 @@ use apdu_dispatch::{
 use core::marker::PhantomData;
 use ctaphid_dispatch::app::App as CtaphidApp;
 use trussed::{
-    backend::BackendId, client::ClientBuilder, platform::Syscall, ClientImplementation, Platform,
-    Service,
+    backend::BackendId, client::ClientBuilder, interrupt::InterruptFlag, platform::Syscall,
+    ClientImplementation, Platform, Service,
 };
 
 #[cfg(feature = "admin-app")]
@@ -113,7 +113,11 @@ pub struct Apps<R: Runner> {
 impl<R: Runner> Apps<R> {
     pub fn new(
         runner: &R,
-        mut make_client: impl FnMut(&str, &'static [BackendId<Backend>]) -> Client<R>,
+        mut make_client: impl FnMut(
+            &str,
+            &'static [BackendId<Backend>],
+            Option<&'static InterruptFlag>,
+        ) -> Client<R>,
         data: Data<R>,
     ) -> Self {
         let _ = (runner, &mut make_client);
@@ -153,9 +157,10 @@ impl<R: Runner> Apps<R> {
     {
         Self::new(
             runner,
-            |id, backends| {
+            |id, backends, interrupt| {
                 ClientBuilder::new(id)
                     .backends(backends)
+                    .interrupt(interrupt)
                     .prepare(trussed)
                     .unwrap()
                     .build(R::Syscall::default())
@@ -188,7 +193,7 @@ impl<R: Runner> Apps<R> {
 
     pub fn ctaphid_dispatch<F, T>(&mut self, f: F) -> T
     where
-        F: FnOnce(&mut [&mut dyn CtaphidApp]) -> T,
+        F: FnOnce(&mut [&mut dyn CtaphidApp<'static>]) -> T,
     {
         f(&mut [
             #[cfg(feature = "fido-authenticator")]
@@ -204,7 +209,7 @@ impl<R: Runner> Apps<R> {
 }
 
 #[cfg(feature = "trussed-usbip")]
-impl<R: Runner> trussed_usbip::Apps<Client<R>, Dispatch> for Apps<R> {
+impl<R: Runner> trussed_usbip::Apps<'static, Client<R>, Dispatch> for Apps<R> {
     type Data = (R, Data<R>);
 
     fn new<B>(builder: &B, (runner, data): (R, Data<R>)) -> Self
@@ -213,12 +218,15 @@ impl<R: Runner> trussed_usbip::Apps<Client<R>, Dispatch> for Apps<R> {
     {
         Self::new(
             &runner,
-            move |id, backends| builder.build(id, backends),
+            move |id, backends, _| builder.build(id, backends),
             data,
         )
     }
 
-    fn with_ctaphid_apps<T>(&mut self, f: impl FnOnce(&mut [&mut dyn CtaphidApp]) -> T) -> T {
+    fn with_ctaphid_apps<T>(
+        &mut self,
+        f: impl FnOnce(&mut [&mut dyn CtaphidApp<'static>]) -> T,
+    ) -> T {
         self.ctaphid_dispatch(f)
     }
 
@@ -239,11 +247,19 @@ trait App<R: Runner>: Sized {
 
     fn new(
         runner: &R,
-        make_client: impl FnOnce(&str, &'static [BackendId<Backend>]) -> Client<R>,
+        make_client: impl FnOnce(
+            &str,
+            &'static [BackendId<Backend>],
+            Option<&'static InterruptFlag>,
+        ) -> Client<R>,
         data: Self::Data,
     ) -> Self {
         let backends = Self::backends(runner);
-        Self::with_client(runner, make_client(Self::CLIENT_ID, backends), data)
+        Self::with_client(
+            runner,
+            make_client(Self::CLIENT_ID, backends, Self::interrupt()),
+            data,
+        )
     }
 
     fn with_client(runner: &R, trussed: Client<R>, data: Self::Data) -> Self;
@@ -253,6 +269,10 @@ trait App<R: Runner>: Sized {
         const BACKENDS_DEFAULT: &[BackendId<Backend>] = &[];
         BACKENDS_DEFAULT
     }
+
+    fn interrupt() -> Option<&'static InterruptFlag> {
+        None
+    }
 }
 
 #[cfg(feature = "admin-app")]
@@ -327,6 +347,10 @@ impl<R: Runner> App<R> for AdminApp<R> {
             data.encode(),
         )
     }
+    fn interrupt() -> Option<&'static InterruptFlag> {
+        static INTERRUPT: InterruptFlag = InterruptFlag::new();
+        Some(&INTERRUPT)
+    }
 }
 
 #[cfg(feature = "fido-authenticator")]
@@ -346,6 +370,10 @@ impl<R: Runner> App<R> for FidoApp<R> {
             },
         )
     }
+    fn interrupt() -> Option<&'static InterruptFlag> {
+        static INTERRUPT: InterruptFlag = InterruptFlag::new();
+        Some(&INTERRUPT)
+    }
 }
 
 #[cfg(feature = "secrets-app")]
@@ -371,6 +399,10 @@ impl<R: Runner> App<R> for SecretsApp<R> {
         let _ = runner;
         BACKENDS_OATH
     }
+    fn interrupt() -> Option<&'static InterruptFlag> {
+        static INTERRUPT: InterruptFlag = InterruptFlag::new();
+        Some(&INTERRUPT)
+    }
 }
 
 #[cfg(feature = "opcard")]
@@ -399,6 +431,10 @@ impl<R: Runner> App<R> for OpcardApp<R> {
         let _ = runner;
         BACKENDS_OPCARD
     }
+    fn interrupt() -> Option<&'static InterruptFlag> {
+        static INTERRUPT: InterruptFlag = InterruptFlag::new();
+        Some(&INTERRUPT)
+    }
 }
 
 #[cfg(feature = "piv-authenticator")]
@@ -423,6 +459,10 @@ impl<R: Runner> App<R> for PivApp<R> {
         let _ = runner;
         BACKENDS_PIV
     }
+    fn interrupt() -> Option<&'static InterruptFlag> {
+        static INTERRUPT: InterruptFlag = InterruptFlag::new();
+        Some(&INTERRUPT)
+    }
 }
 
 #[cfg(feature = "provisioner-app")]
@@ -450,4 +490,8 @@ impl<R: Runner> App<R> for ProvisionerApp<R> {
             data.rebooter,
         )
     }
+    fn interrupt() -> Option<&'static InterruptFlag> {
+        static INTERRUPT: InterruptFlag = InterruptFlag::new();
+        Some(&INTERRUPT)
+    }
 }

components/provisioner-app/src/ctaphid.rs

@@ -9,7 +9,7 @@ use trussed::{client, store::Store, types::LfsStorage, Client};
 
 const COMMAND_PROVISIONER: VendorCommand = VendorCommand::H71;
 
-impl<S, FS, T> App for Provisioner<S, FS, T>
+impl<S, FS, T> App<'static> for Provisioner<S, FS, T>
 where
     S: Store,
     FS: 'static + LfsStorage,

runners/embedded/Cargo.toml

@@ -61,6 +61,7 @@ systick-monotonic = { version = "1.0.0", optional = true }
 ### Allocator
 alloc-cortex-m = { version = "0.4.3", optional = true }
 bitflags = "1.3.2"
+ref-swap = "0.1.0"
 
 [build-dependencies]
 cargo-lock = "7"