Lib.rs

AuthenticationTrussed
#pin #extension #trussed #applications #counter #auth-client

trussed-auth

Authentication extension for Trussed

Owned by Nicolas Stalder, Markus Meissner, trussed-dev, Robin Krahl.

1 unstable release

new 0.4.0 Jan 22, 2025

#449 in Authentication

Download history 163/week @ 2025-01-20

163 downloads per month

Apache-2.0 OR MIT

22KB
536 lines

A Trussed API extension for authentication.

This crate contains an API extension for Trussed, AuthExtension. The extension currently provides basic PIN handling with retry counters. Applications can access it using the AuthClient trait.

Examples

use heapless_bytes::Bytes;
use trussed_auth::{AuthClient, PinId};
use trussed_core::syscall;

#[repr(u8)]
enum Pin {
    User = 0,
}

impl From<Pin> for PinId {
    fn from(pin: Pin) -> Self {
        (pin as u8).into()
    }
}

fn authenticate_user<C: AuthClient>(client: &mut C, pin: Option<&[u8]>) -> bool {
    if !syscall!(client.has_pin(Pin::User)).has_pin {
        // no PIN set
        return true;
    }
    let Some(pin) = pin else {
        // PIN is set but not provided
        return false;
    };
    let Ok(pin) = Bytes::from_slice(pin) else {
        // provided PIN is too long
        return false;
    };
    // check PIN
    syscall!(client.check_pin(Pin::User, pin)).success
}

Dependencies

~1.5–2.2MB
~48K SLoC