Merge branch 'main' into refactor-sha2

RELEASE-v0.9.md

@@ -465,6 +465,7 @@ perform the Xous firmware upgrade. This requires running manual update commands,
 - `sigchat` moved to its own repo with AGPL licensing: https://github.com/betrusted-io/sigchat
 - Formatting and contribution standards have been modified. Formatting with `rustfmt` and trailing white space removal is now mandatory for all Xous contributions, see [#477](https://github.com/betrusted-io/xous-core/pull/477) for a discussion of how we got there and why.
 - The repo has gone through a "flag day" where all the crates have been formatted, which means commits before the flag day may be more difficult to undo. The changes are committed on a crate-by-crate basis, so if something is really broken we can undo the formatting for the crate and add an exception to the rustfmt rules.
+- Implement #478: backlight should turn on automatically when a U2F/FIDO packet comes in from the host, allowing users in dark conditions to see the screen and know what they are approving.
 - the `sha2` API has been upgraded from 0.9.9 to 0.10.8. In the process of upgrading this, the `sha2` code is now domiciled in a fork of the `RustCrypto/hashes` repo. This should hopefully make tracking changes on RustCrypto somewhat easier, at the price of some difficulty in maintaining external crate pins (but I think that can be solved with some scripting). In the process of conversion, crates that depend on the 0.9.9 API for acceleration are now not accelerated. In particular, the ed25519-dalek signature check on the gateware at boot now runs with software SHA-512, which means that boot is much slower. This should be fixed before the release is live, but users testing the bleeding edge should be aware of this temporary regression in performance.
 
 

apps/manifest.json

@@ -3,8 +3,11 @@
         "context_name": "App Loader",
         "menu_name": {
             "appmenu.app-loader": {
-            "en": "App Loader",
-            "en-tts": "App Loader"
+                "en": "App Loader",
+                "en-tts": "App Loader",
+                "fr": "App Loader *EN*",
+                "ja": "App Loader *EN*",
+                "zh": "App Loader *EN*"
             }
         },
         "submenu": 2
@@ -21,6 +24,19 @@
             }
         }
     },
+    "chat-test": {
+        "context_name": "Chat UI test",
+        "menu_name": {
+            "appmenu.chat-test": {
+                "en": "Chat UI test",
+                "en-tts": "Chat UI test",
+                "fr": "Chat UI test *EN*",
+                "ja": "Chat UI test *EN*",
+                "zh": "Chat UI test *EN*"
+            }
+        },
+        "submenu": 1
+    },
     "hello": {
         "context_name": "Hello World",
         "menu_name": {
@@ -33,6 +49,19 @@
             }
         }
     },
+    "mtxchat": {
+        "context_name": "[matrix]",
+        "menu_name": {
+            "appmenu.mtxchat": {
+                "en": "[matrix]",
+                "en-tts": "[matrix]",
+                "fr": "[matrix] *EN*",
+                "ja": "[matrix] *EN*",
+                "zh": "[matrix] *EN*"
+            }
+        },
+        "submenu": 1
+    },
     "mtxcli": {
         "context_name": "Matrix cli",
         "menu_name": {
@@ -45,24 +74,6 @@
             }
         }
     },
-    "mtxchat": {
-        "context_name": "[matrix]",
-        "menu_name": {
-            "appmenu.mtxchat": {
-                "en": "[matrix]"
-            }
-        },
-        "submenu": 1
-    },
-    "chat-test": {
-        "context_name": "Chat UI test",
-        "menu_name": {
-            "appmenu.chat-test": {
-                "en": "Chat UI test"
-            }
-        },
-        "submenu": 1
-    },
     "repl": {
         "context_name": "repl demo app",
         "menu_name": {
@@ -79,11 +90,27 @@
         "context_name": "signal",
         "menu_name": {
             "appmenu.sigchat": {
-                "en": "Signal"
+                "en": "Signal",
+                "en-tts": "Signal",
+                "fr": "Signal *EN*",
+                "ja": "Signal *EN*",
+                "zh": "Signal *EN*"
             }
         },
         "submenu": 1
     },
+    "transientdisk": {
+        "context_name": "Transient USB disk",
+        "menu_name": {
+            "appmenu.transientdisk": {
+                "en": "Transient USB disk",
+                "en-tts": "Transient USB disk",
+                "fr": "Transient USB disk *EN*",
+                "ja": "Transient USB disk *EN*",
+                "zh": "Transient USB disk *EN*"
+            }
+        }
+    },
     "vault": {
         "context_name": "Key Vault",
         "menu_name": {
@@ -96,13 +123,5 @@
             }
         },
         "submenu": 1
-    },
-    "transientdisk": {
-        "context_name": "Transient USB disk",
-        "menu_name": {
-            "appmenu.transientdisk": {
-                "en": "Transient USB disk"
-            }
-        }
     }
 }

libs/tls/locales/i18n.json

@@ -1,74 +1,128 @@
 {
     "tls.check_trust_prompt": {
         "en": "Please select trusted certificate authorities.",
-        "en-tts": "Please select trusted certificate authorities."
+        "en-tts": "Please select trusted certificate authorities.",
+        "fr": "Please select trusted certificate authorities. *EN*",
+        "ja": "Please select trusted certificate authorities. *EN*",
+        "zh": "Please select trusted certificate authorities. *EN*"
     },
-    "tls.cmd_help": {
-        "en": "Establishing an encrypted tls connection requires the host to provide a signed Certificate of identity. Each Certificate is signed for authenticity by a Certificate Authority. The CA's Certificate will in-turn be signed by yet another CA. These signed Certificates link into a chain of trust back to a trusted Root CA.\n\nTypically, this all happens automagically because many OS's & browsers incorporate a long list of trusted Root CA Certiicates. And this is OK because you trust the CA's that your OS trusts, right!\n\nOn Precursor, you must explicitly trust one or more root CA Certificates. You can:\nnet tls inspect <host>\n\tto trust a specific CA Certificate, or\nnet tls mozilla\n\tto trust all of the CA Certificates incporporated in the Firefox browser.",
-        "en-tts": "Establishing an encrypted tls connection requires the host to provide a signed Certificate of identity. Each Certificate is signed for authenticity by a Certificate Authority. The CA's Certificate will in-turn be signed by yet another CA. These signed Certificates link into a chain of trust back to a trusted Root CA.\n\nTypically, this all happens automagically because many OS's & browsers incorporate a long list of trusted Root CA Certiicates. And this is OK because you trust the CA's that your OS trusts, right!\n\nOn Precursor, you must explicitly trust one or more root CA Certificates. You can:\nnet tls inspect <host>\n\tto trust a specific CA Certificate, or\nnet tls mozilla\n\tto trust all of the CA Certificates incporporated in the Firefox browser."
-    },        
     "tls.cmd": {
         "en": "net tls <sub-command>",
-        "en-tts": "net tls <sub-command>"
+        "en-tts": "net tls <sub-command>",
+        "fr": "net tls <sub-command> *EN*",
+        "ja": "net tls <sub-command> *EN*",
+        "zh": "net tls <sub-command> *EN*"
+    },
+    "tls.cmd_help": {
+        "en": "Establishing an encrypted tls connection requires the host to provide a signed Certificate of identity. Each Certificate is signed for authenticity by a Certificate Authority. The CA's Certificate will in-turn be signed by yet another CA. These signed Certificates link into a chain of trust back to a trusted Root CA.\n\nTypically, this all happens automagically because many OS's & browsers incorporate a long list of trusted Root CA Certiicates. And this is OK because you trust the CA's that your OS trusts, right!\n\nOn Precursor, you must explicitly trust one or more root CA Certificates. You can:\nnet tls inspect <host>\n\tto trust a specific CA Certificate, or\nnet tls mozilla\n\tto trust all of the CA Certificates incporporated in the Firefox browser.",
+        "en-tts": "Establishing an encrypted tls connection requires the host to provide a signed Certificate of identity. Each Certificate is signed for authenticity by a Certificate Authority. The CA's Certificate will in-turn be signed by yet another CA. These signed Certificates link into a chain of trust back to a trusted Root CA.\n\nTypically, this all happens automagically because many OS's & browsers incorporate a long list of trusted Root CA Certiicates. And this is OK because you trust the CA's that your OS trusts, right!\n\nOn Precursor, you must explicitly trust one or more root CA Certificates. You can:\nnet tls inspect <host>\n\tto trust a specific CA Certificate, or\nnet tls mozilla\n\tto trust all of the CA Certificates incporporated in the Firefox browser.",
+        "fr": "Establishing an encrypted tls connection requires the host to provide a signed Certificate of identity. Each Certificate is signed for authenticity by a Certificate Authority. The CA's Certificate will in-turn be signed by yet another CA. These signed Certificates link into a chain of trust back to a trusted Root CA.\n\nTypically, this all happens automagically because many OS's & browsers incorporate a long list of trusted Root CA Certiicates. And this is OK because you trust the CA's that your OS trusts, right!\n\nOn Precursor, you must explicitly trust one or more root CA Certificates. You can:\nnet tls inspect <host>\n\tto trust a specific CA Certificate, or\nnet tls mozilla\n\tto trust all of the CA Certificates incporporated in the Firefox browser. *EN*",
+        "ja": "Establishing an encrypted tls connection requires the host to provide a signed Certificate of identity. Each Certificate is signed for authenticity by a Certificate Authority. The CA's Certificate will in-turn be signed by yet another CA. These signed Certificates link into a chain of trust back to a trusted Root CA.\n\nTypically, this all happens automagically because many OS's & browsers incorporate a long list of trusted Root CA Certiicates. And this is OK because you trust the CA's that your OS trusts, right!\n\nOn Precursor, you must explicitly trust one or more root CA Certificates. You can:\nnet tls inspect <host>\n\tto trust a specific CA Certificate, or\nnet tls mozilla\n\tto trust all of the CA Certificates incporporated in the Firefox browser. *EN*",
+        "zh": "Establishing an encrypted tls connection requires the host to provide a signed Certificate of identity. Each Certificate is signed for authenticity by a Certificate Authority. The CA's Certificate will in-turn be signed by yet another CA. These signed Certificates link into a chain of trust back to a trusted Root CA.\n\nTypically, this all happens automagically because many OS's & browsers incorporate a long list of trusted Root CA Certiicates. And this is OK because you trust the CA's that your OS trusts, right!\n\nOn Precursor, you must explicitly trust one or more root CA Certificates. You can:\nnet tls inspect <host>\n\tto trust a specific CA Certificate, or\nnet tls mozilla\n\tto trust all of the CA Certificates incporporated in the Firefox browser. *EN*"
     },
     "tls.deleteall_cmd": {
         "en": "delete ALL trusted Certificates",
-        "en-tts": "delete ALL trusted Certificates"
+        "en-tts": "delete ALL trusted Certificates",
+        "fr": "delete ALL trusted Certificates *EN*",
+        "ja": "delete ALL trusted Certificates *EN*",
+        "zh": "delete ALL trusted Certificates *EN*"
     },
     "tls.deleteall_done": {
         "en": "deleted Certificates",
-        "en-tts": "deleted Certificates"
+        "en-tts": "deleted Certificates",
+        "fr": "deleted Certificates *EN*",
+        "ja": "deleted Certificates *EN*",
+        "zh": "deleted Certificates *EN*"
+    },
+    "tls.inspect_cmd": {
+        "en": "save host CA'a if trusted",
+        "en-tts": "save host CA'a if trusted",
+        "fr": "save host CA'a if trusted *EN*",
+        "ja": "save host CA'a if trusted *EN*",
+        "zh": "save host CA'a if trusted *EN*"
+    },
+    "tls.inspect_done": {
+        "en": "trusted CA's",
+        "en-tts": "trusted CA's",
+        "fr": "trusted CA's *EN*",
+        "ja": "trusted CA's *EN*",
+        "zh": "trusted CA's *EN*"
+    },
+    "tls.inspect_fail_servername": {
+        "en": "failed to create server name from",
+        "en-tts": "failed to create server name from",
+        "fr": "failed to create server name from *EN*",
+        "ja": "failed to create server name from *EN*",
+        "zh": "failed to create server name from *EN*"
     },
     "tls.list_cmd": {
         "en": "list trusted CA certificates",
-        "en-tts": "list trusted CA certificates"
+        "en-tts": "list trusted CA certificates",
+        "fr": "list trusted CA certificates *EN*",
+        "ja": "list trusted CA certificates *EN*",
+        "zh": "list trusted CA certificates *EN*"
     },
     "tls.mozilla_cmd": {
         "en": "trust all Root CA's in webpki-roots",
-        "en-tts": "trust all Root CA's in webpki-roots"
-    },
-    "tls.mozilla_progress": {
-        "en": "trusting Mozilla Root CA's",
-        "en-tts": "trusting Mozilla Root CA's"
+        "en-tts": "trust all Root CA's in webpki-roots",
+        "fr": "trust all Root CA's in webpki-roots *EN*",
+        "ja": "trust all Root CA's in webpki-roots *EN*",
+        "zh": "trust all Root CA's in webpki-roots *EN*"
     },
     "tls.mozilla_done": {
         "en": "trusted Root CA's",
-        "en-tts": "trusted Root CA's"
-    },
-    "tls.inspect_cmd": {
-        "en": "save host CA'a if trusted",
-        "en-tts": "save host CA'a if trusted"
+        "en-tts": "trusted Root CA's",
+        "fr": "trusted Root CA's *EN*",
+        "ja": "trusted Root CA's *EN*",
+        "zh": "trusted Root CA's *EN*"
     },
-    "tls.inspect_fail_servername": {
-        "en": "failed to create server name from",
-        "en-tts": "failed to create server name from"
-    },
-    "tls.probe_invalid_certificate": {
-        "en": "Invalid certificate : ",
-        "en-tts": "Invalid certificate : "
+    "tls.mozilla_progress": {
+        "en": "trusting Mozilla Root CA's",
+        "en-tts": "trusting Mozilla Root CA's",
+        "fr": "trusting Mozilla Root CA's *EN*",
+        "ja": "trusting Mozilla Root CA's *EN*",
+        "zh": "trusting Mozilla Root CA's *EN*"
     },
     "tls.probe_help_not_valid_yet": {
         "en": "error maybe caused by an improperly set clock",
-        "en-tts": "error maybe caused by an improperly set clock"
+        "en-tts": "error maybe caused by an improperly set clock",
+        "fr": "error maybe caused by an improperly set clock *EN*",
+        "ja": "error maybe caused by an improperly set clock *EN*",
+        "zh": "error maybe caused by an improperly set clock *EN*"
     },
-    "tls.inspect_done": {
-        "en": "trusted CA's",
-        "en-tts": "trusted CA's"
+    "tls.probe_invalid_certificate": {
+        "en": "Invalid certificate : ",
+        "en-tts": "Invalid certificate : ",
+        "fr": "Invalid certificate :  *EN*",
+        "ja": "Invalid certificate :  *EN*",
+        "zh": "Invalid certificate :  *EN*"
     },
     "tls.test_cmd": {
         "en": "make tls connection to host",
-        "en-tts": "make tls connection to host"
+        "en-tts": "make tls connection to host",
+        "fr": "make tls connection to host *EN*",
+        "ja": "make tls connection to host *EN*",
+        "zh": "make tls connection to host *EN*"
     },
-    "tls.test_success_tcp": {
-        "en": "tcp connected\n",
-        "en-tts": "tcp connected"
+    "tls.test_success_bytes": {
+        "en": "tls received bytes",
+        "en-tts": "tls received bytes",
+        "fr": "tls received bytes *EN*",
+        "ja": "tls received bytes *EN*",
+        "zh": "tls received bytes *EN*"
     },
     "tls.test_success_get": {
         "en": "tls accepted GET\n",
-        "en-tts": "tls accepted GET"
+        "en-tts": "tls accepted GET",
+        "fr": "tls accepted GET\n *EN*",
+        "ja": "tls accepted GET\n *EN*",
+        "zh": "tls accepted GET\n *EN*"
     },
-    "tls.test_success_bytes": {
-        "en": "tls received bytes",
-        "en-tts": "tls received bytes"
+    "tls.test_success_tcp": {
+        "en": "tcp connected\n",
+        "en-tts": "tcp connected",
+        "fr": "tcp connected\n *EN*",
+        "ja": "tcp connected\n *EN*",
+        "zh": "tcp connected\n *EN*"
     }
-}
+}

locales/build.rs

@@ -18,16 +18,30 @@ type Locale = String;
 type Value = String;
 type Translations = HashMap<Key, HashMap<Locale, Value>>;
 
+macro_rules! build_debug {
+    ($($tokens: tt)*) => {
+        println!("cargo:warning={}", format!($($tokens)*))
+    }
+}
+
 fn read_locales() -> Translations {
     let mut translations: Translations = HashMap::new();
 
-    let project_dir = project_root();
+    let mut project_dir = project_root();
     let build_directory = project_dir.to_str().unwrap();
     let locales = format!("{}/**/i18n.json", build_directory);
-    println!("Reading {}", &locales);
-
-    for entry in glob(&locales).expect("Failed to read glob pattern") {
+    build_debug!("Reading {}", &locales);
+    // TODO: once this works, get from external directory/location arguments from xtask script
+    project_dir.pop(); //sibling directory
+    project_dir.push("sigchat");
+    let external_directory = project_dir.to_str().unwrap();
+    let external_locales = format!("{}/**/i18n.json", external_directory);
+    build_debug!("Reading external {}", &external_locales);
+    let paths = glob(&locales).expect("Failed to read glob pattern for in tree fiels");
+    let external_paths = glob(&external_locales).expect("Filed to read glob pattern for external files");
+    for entry in paths.chain(external_paths) {
         let entry = entry.unwrap();
+        build_debug!("{:?}",entry);
         println!("cargo:rerun-if-changed={}", entry.display());
         let file = File::open(entry).expect("Failed to open the file");
         let mut reader = std::io::BufReader::new(file);

services/status/src/main.rs

@@ -223,8 +223,10 @@ fn wrapped_main() -> ! {
     // ------------------ lay out our public API infrastructure
     // ok, now that we have a GID, we can continue on with our merry way
     let status_gid: Gid = Gid::new(canvas_gid);
-    // allow only one connection, from keyboard to us.
-    let status_sid = xns.register_name(SERVER_NAME_STATUS, Some(1)).unwrap();
+    // Expected connections:
+    //   - from keyboard
+    //   - from USB HID
+    let status_sid = xns.register_name(SERVER_NAME_STATUS, Some(2)).unwrap();
     // create a connection for callback hooks
     let cb_cid = xous::connect(status_sid).unwrap();
     unsafe { CB_TO_MAIN_CONN = Some(cb_cid) };
@@ -395,6 +397,9 @@ fn wrapped_main() -> ! {
     kbd.lock()
         .unwrap()
         .register_observer(SERVER_NAME_STATUS, StatusOpcode::Keypress.to_u32().unwrap() as usize);
+    // register the USB U2F event listener - point to the same handler as key press since our intention is to
+    // just toggle the backlight
+    usb_hid.register_u2f_observer(SERVER_NAME_STATUS, StatusOpcode::Keypress.to_u32().unwrap() as usize);
 
     let autobacklight_enabled = Arc::new(Mutex::new(true));
     let (tx, rx): (Sender<BacklightThreadOps>, Receiver<BacklightThreadOps>) = unbounded();

services/usb-device-xous/src/api.rs

@@ -27,6 +27,8 @@ pub(crate) enum Opcode {
     DebugUsbOp = 9,
     /// Set autotype rate
     SetAutotypeRate = 10,
+    /// Register a USB event observer
+    RegisterUsbObserver = 11,
 
     /// Send a U2F message
     U2fTx = 128,
@@ -139,3 +141,10 @@ pub struct UsbSerialBinary {
     pub d: [u8; SERIAL_BINARY_BUFLEN],
     pub len: usize,
 }
+
+/// this structure is used to register a USB listener.
+#[derive(Debug, rkyv::Archive, rkyv::Serialize, rkyv::Deserialize, Copy, Clone)]
+pub(crate) struct UsbListenerRegistration {
+    pub server_name: xous_ipc::String<64>,
+    pub listener_op_id: usize,
+}