### Hubris Integration Traits

- Add `HubrisDigestDevice` trait with concrete associated types
- Implement `HubrisCryptoError` for IDL-compatible error handling
- Support SHA-256/384/512 digest operations with move semantics
- Add HMAC-SHA256/384/512 support with secure key management
- Include one-shot operation convenience methods

### RustCrypto Controller Integration
- Implement `HubrisDigestDevice` for `RustCryptoController`
- Add `SecureOwnedKey` with stack-allocated 128-byte buffer
- Fix unsafe indexing operations with bounds-checked alternatives
- Suppress deprecation warnings for ecosystem compatibility

Author: rusty1968

Cargo.lock

@@ -7,7 +7,7 @@ members = [
     "hal/blocking",
     "hal/async", 
     "hal/nb",
-    "platform/traits",
+    "platform/traits/hubris",
     "platform/impls/baremetal/mock",
     "platform/impls/linux",
     "platform/impls/tock",

Cargo.toml

@@ -1,11 +1,11 @@
 # Licensed under the Apache-2.0 license
 
 [package]
-name = "openprot-platform-hubris"
+name = "openprot-platform-impl-hubris"
 version = "0.1.0"
 edition = "2021"
 description = "Hubris OS platform implementation for OpenPRoT"
 license = "Apache-2.0"
 
 [dependencies]
-openprot-platform-traits = { path = "../../traits" }
+openprot-platform-traits-hubris = { path = "../../traits/hubris" }

platform/impls/hubris/Cargo.toml

@@ -8,4 +8,3 @@ description = "Linux platform implementation for OpenPRoT"
 license = "Apache-2.0"
 
 [dependencies]
-openprot-platform-traits = { path = "../../traits" }

platform/impls/linux/Cargo.toml

@@ -9,6 +9,7 @@ edition.workspace = true
 
 [dependencies]
 openprot-hal-blocking = { path = "../../../hal/blocking" }
+openprot-platform-traits-hubris = { path = "../../traits/hubris" }
 
 # RustCrypto ECDSA crates
 p256 = { version = "0.13", default-features = false, features = ["ecdsa", "arithmetic"] }

platform/impls/rustcrypto/Cargo.toml

@@ -1,5 +1,7 @@
 // Licensed under the Apache-2.0 license
 
+#![allow(deprecated)] // Allow deprecated GenericArray from cipher crate for compatibility
+
 use openprot_hal_blocking::cipher::{
     AeadCipherMode, BlockCipherMode, CipherInit, CipherMode, CipherOp, CipherStatus, Error,
     ErrorKind, ErrorType, SymmetricCipher,

platform/impls/rustcrypto/src/cipher.rs

@@ -17,6 +17,7 @@ use openprot_hal_blocking::mac::{
     Error as MacError, ErrorKind as MacErrorKind, ErrorType as MacErrorType, KeyHandle,
 };
 use openprot_hal_blocking::mac::{HmacSha2_256, HmacSha2_384, HmacSha2_512};
+use openprot_platform_traits_hubris::{HubrisCryptoError, HubrisDigestDevice};
 use sha2::{Digest as Sha2Digest, Sha256, Sha384, Sha512};
 
 /// A type implementing RustCrypto-based hash/digest owned traits.
@@ -114,7 +115,9 @@ impl SecureOwnedKey {
         }
 
         let mut data = [0u8; 128];
-        data[..bytes.len()].copy_from_slice(bytes);
+        data.get_mut(..bytes.len())
+            .ok_or(CryptoError::InvalidKeyLength)?
+            .copy_from_slice(bytes);
 
         Ok(Self {
             data,
@@ -129,14 +132,16 @@ impl SecureOwnedKey {
         }
 
         let mut data = [0u8; 128];
-        data[..N].copy_from_slice(&array);
+        data.get_mut(..N)
+            .ok_or(CryptoError::InvalidKeyLength)?
+            .copy_from_slice(&array);
 
         Ok(Self { data, len: N })
     }
 
     /// Get the key bytes as a slice (only the valid portion)
     pub fn as_bytes(&self) -> &[u8] {
-        &self.data[..self.len]
+        self.data.get(..self.len).unwrap_or(&[])
     }
 
     /// Get the key length
@@ -621,3 +626,55 @@ mod tests {
         assert_eq!(result.unwrap_err(), CryptoError::InvalidKeyLength);
     }
 }
+
+/// Hardware capabilities for RustCrypto software implementation
+// TODO: Uncomment when DigestHardwareCapabilities is available
+// impl DigestHardwareCapabilities for RustCryptoController {
+//     const MAX_CONCURRENT_SESSIONS: usize = 1; // Single-session software implementation
+//     const HAS_HARDWARE_ACCELERATION: bool = false; // Software-only
+//     const PLATFORM_NAME: &'static str = "RustCrypto Software";
+// }
+/// Hubris platform integration for RustCrypto controller
+impl HubrisDigestDevice for RustCryptoController {
+    type DigestContext256 = DigestContext256;
+    type DigestContext384 = DigestContext384;
+    type DigestContext512 = DigestContext512;
+
+    type HmacKey = SecureOwnedKey;
+    type HmacContext256 = MacContext256;
+    type HmacContext384 = MacContext384;
+    type HmacContext512 = MacContext512;
+
+    fn init_digest_sha256(self) -> Result<Self::DigestContext256, HubrisCryptoError> {
+        DigestInit::init(self, Sha2_256).map_err(|_| HubrisCryptoError::HardwareFailure)
+    }
+
+    fn init_digest_sha384(self) -> Result<Self::DigestContext384, HubrisCryptoError> {
+        DigestInit::init(self, Sha2_384).map_err(|_| HubrisCryptoError::HardwareFailure)
+    }
+
+    fn init_digest_sha512(self) -> Result<Self::DigestContext512, HubrisCryptoError> {
+        DigestInit::init(self, Sha2_512).map_err(|_| HubrisCryptoError::HardwareFailure)
+    }
+
+    fn init_hmac_sha256(
+        self,
+        key: Self::HmacKey,
+    ) -> Result<Self::HmacContext256, HubrisCryptoError> {
+        MacInit::init(self, HmacSha2_256, key).map_err(|_| HubrisCryptoError::HardwareFailure)
+    }
+
+    fn init_hmac_sha384(
+        self,
+        key: Self::HmacKey,
+    ) -> Result<Self::HmacContext384, HubrisCryptoError> {
+        MacInit::init(self, HmacSha2_384, key).map_err(|_| HubrisCryptoError::HardwareFailure)
+    }
+
+    fn init_hmac_sha512(
+        self,
+        key: Self::HmacKey,
+    ) -> Result<Self::HmacContext512, HubrisCryptoError> {
+        MacInit::init(self, HmacSha2_512, key).map_err(|_| HubrisCryptoError::HardwareFailure)
+    }
+}

platform/impls/rustcrypto/src/controller.rs

@@ -8,4 +8,3 @@ description = "Tock OS platform implementation for OpenPRoT"
 license = "Apache-2.0"
 
 [dependencies]
-openprot-platform-traits = { path = "../../traits" }

platform/impls/tock/Cargo.toml

@@ -4,7 +4,10 @@
 name = "openprot-platform-traits"
 version = "0.1.0"
 edition = "2021"
-description = "OS abstraction traits for OpenPRoT"
+description = "Platform integration traits for OpenPRoT"
 license = "Apache-2.0"
 
-[dependencies]
+[dependencies]
+openprot-platform-traits-hubris = { path = "../traits-hubris" }
+openprot-platform-traits-tock = { path = "../traits-tock" }
+openprot-platform-traits-linux = { path = "../traits-linux" }

platform/traits/Cargo.toml

@@ -0,0 +1,13 @@
+# Licensed under the Apache-2.0 license
+
+[package]
+name = "openprot-platform-traits-hubris"
+version = "0.1.0"
+edition = "2021"
+description = "Platform integration traits for OpenPRoT on Hubris"
+license = "Apache-2.0"
+
+[dependencies]
+openprot-hal-async = { path = "../../../hal/async" }
+openprot-hal-blocking = { path = "../../../hal/blocking" }
+openprot-hal-nb = { path = "../../../hal/nb" }