tf_embedded_hal/lib.rs
1//! `tf-embedded-hal` — TrustForge embedded HAL traits (Phase K8).
2//!
3//! These traits are the abstraction surface that downstream embedded
4//! crates (LoRa drivers, BLE stacks, ATECC608 driver shims, ESP32
5//! HW-RNG bindings, etc.) implement. The `tf-core-no-std` crate
6//! consumes these traits to do its job — sign, verify, send, receive
7//! — without taking a hard dependency on any specific transport or
8//! crypto-store backend.
9//!
10//! All traits are object-safe-friendly and `#![no_std]`-clean. Each
11//! has an associated `Error` type so a driver can surface its own
12//! transport-specific failure modes without forcing a single global
13//! error enum.
14//!
15//! Mock implementations live in `adapters` for unit tests and for use
16//! by host-side simulators.
17
18#![no_std]
19#![forbid(unsafe_code)]
20#![deny(missing_debug_implementations)]
21#![warn(rust_2018_idioms)]
22
23pub mod adapters;
24
25use core::fmt::Debug;
26
27/// LoRa-style packet radio. Send/receive are independent so a half-
28/// duplex driver implements both methods.
29pub trait LoraRadio {
30 type Error: Debug;
31 /// Transmit `payload` as a single LoRa frame. Blocks until the
32 /// frame has been handed to the radio's TX queue.
33 fn send(&mut self, payload: &[u8]) -> Result<(), Self::Error>;
34 /// Read the next received frame into `buf` and return its size in
35 /// bytes. Should block until at least one frame is available, or
36 /// return an `Error` on timeout per implementation policy.
37 fn recv(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error>;
38}
39
40/// BLE advertiser, used by TrustForge's BLE-bridge profile to push
41/// short signed packets via advertising payloads.
42pub trait BleAdvertiser {
43 type Error: Debug;
44 fn advertise(&mut self, payload: &[u8]) -> Result<(), Self::Error>;
45}
46
47/// NFC reader / receiver — a one-shot tap-to-pair transport for
48/// constrained-mode capability handover.
49pub trait NfcReader {
50 type Error: Debug;
51 /// Read a single NDEF / raw record into `buf`; returns its size.
52 fn read(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error>;
53}
54
55/// A hardware-backed signing key (e.g. ATECC608 / SE050 / Nitrokey).
56/// The private material never leaves the device; signing happens via
57/// `sign(msg)`.
58pub trait SecureElement {
59 type Error: Debug;
60 /// Sign `msg` and return the 64-byte ed25519 signature.
61 fn sign(&mut self, msg: &[u8]) -> Result<[u8; 64], Self::Error>;
62 /// Return the 32-byte ed25519 public key bound to this element.
63 fn pubkey(&self) -> [u8; 32];
64}
65
66/// Hardware random number generator. Used by `tf-core-no-std`
67/// callers that need fresh nonces / packet IDs without pulling in
68/// `getrandom` (which lacks a default backend on bare metal).
69pub trait Entropy {
70 type Error: Debug;
71 fn fill(&mut self, buf: &mut [u8]) -> Result<(), Self::Error>;
72}