trussed-auth 0.4.0

Authentication extension for Trussed
Documentation

A Trussed API extension for authentication.

This crate contains an API extension for Trussed, [AuthExtension][]. The extension currently provides basic PIN handling with retry counters. Applications can access it using the [AuthClient][] trait.

Examples

use heapless_bytes::Bytes;
use trussed_auth::{AuthClient, PinId};
use trussed_core::syscall;

#[repr(u8)]
enum Pin {
    User = 0,
}

impl From<Pin> for PinId {
    fn from(pin: Pin) -> Self {
        (pin as u8).into()
    }
}

fn authenticate_user<C: AuthClient>(client: &mut C, pin: Option<&[u8]>) -> bool {
    if !syscall!(client.has_pin(Pin::User)).has_pin {
        // no PIN set
        return true;
    }
    let Some(pin) = pin else {
        // PIN is set but not provided
        return false;
    };
    let Ok(pin) = Bytes::from_slice(pin) else {
        // provided PIN is too long
        return false;
    };
    // check PIN
    syscall!(client.check_pin(Pin::User, pin)).success
}