WIP

Cargo.toml

@@ -12,7 +12,7 @@ version = "1.6.0-rc.1"
 
 [patch.crates-io]
 # forked
-admin-app = { git = "https://github.com/Nitrokey/admin-app", tag = "v0.1.0-nitrokey.6" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "4e9e7bd9cd83c729b78c23f738fb05d559b06ab9" }
 ctap-types = { git = "https://github.com/Nitrokey/ctap-types", tag = "v0.1.2-nitrokey.4" }
 fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.8" }
 flexiber = { git = "https://github.com/Nitrokey/flexiber", tag = "0.1.1.nitrokey" }
@@ -23,7 +23,7 @@ serde-indexed = { git = "https://github.com/nitrokey/serde-indexed.git", tag = "
 apdu-dispatch = { git = "https://github.com/Nitrokey/apdu-dispatch.git", tag = "v0.1.2-nitrokey.2" }
 ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch.git", tag = "v0.1.1-nitrokey.3" }
 iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitrokey.2"}
-trussed = { git = "https://github.com/Nitrokey/trussed.git", rev = "v0.1.0-nitrokey.14" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "d97c64d0bc5f83ce22b0e0ed034a2b451616b3f9" }
 usbd-ctaphid = { git = "https://github.com/Nitrokey/usbd-ctaphid.git", tag = "v0.1.0-nitrokey.2" }
 usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
 
@@ -33,9 +33,9 @@ webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag
 opcard = { git = "https://github.com/Nitrokey/opcard-rs", tag = "v1.2.0" }
 piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator", tag = "v0.3.3" }
 se05x = { git = "https://github.com/Nitrokey/se05x.git", tag = "v0.1.0"} 
-trussed-auth = { git = "https://github.com/Nitrokey/trussed-auth", tag = "v0.2.2-nitrokey.1" }
-trussed-rsa-alloc = { git = "https://github.com/Nitrokey/trussed-rsa-backend.git", tag = "v0.1.0"}
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", branch = "hmacsha256p256" }
+trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "1826aaee72da5e539c35aa6d9fbc036c30c94d6f" }
+trussed-rsa-alloc = { git = "https://github.com/Nitrokey/trussed-rsa-backend.git", rev = "2f51478f0861ff8db19fdd5290f023ab6f4c2fb9" }
+trussed-staging = { git = "https://github.com/nitrokey/trussed-staging.git", branch = "hmacsha256p256-rebased" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.3" }
 trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "v0.1.0-test-driver" }
 

components/apps/Cargo.toml

@@ -15,7 +15,7 @@ utils = { path = "../utils" }
 # Backends
 trussed-auth = { version = "0.2.2", optional = true }
 trussed-rsa-alloc = { version = "0.1.0", optional = true }
-trussed-staging = { version = "0.1.0", features = ["wrap-key-to-file", "chunked", "encrypted-chunked"], optional = true }
+trussed-staging = { version = "0.1.0", features = ["wrap-key-to-file", "chunked", "encrypted-chunked", "manage"] }
 
 # apps
 admin-app = "0.1.0"
@@ -41,17 +41,17 @@ provisioner = ["provisioner-app", "trussed/clients-5"]
 
 # apps
 secrets-app = ["dep:secrets-app", "backend-auth"]
-webcrypt = ["dep:webcrypt", "backend-auth", "backend-rsa", "backend-staging", "trussed-staging/hmacsha256p256"]
+backend-staging-hmacsha256p256 = ["trussed-staging/hmacsha256p256"]
+webcrypt = ["dep:webcrypt", "backend-auth", "backend-rsa", "backend-staging-hmacsha256p256"]
 fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid"]
-opcard = ["dep:opcard", "backend-rsa", "backend-auth", "backend-staging"]
-piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth", "backend-staging"]
+opcard = ["dep:opcard", "backend-rsa", "backend-auth"]
+piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth"]
 se050-test-app = ["se050", "admin-app/se050"]
 se050 = ["trussed-se050-backend", "dep:se05x"]
 
 # backends
 backend-auth = ["trussed-auth"]
 backend-rsa = ["trussed-rsa-alloc"]
-backend-staging = ["trussed-staging"]
 
 log-all = ["admin-app/log-all", "fido-authenticator?/log-all", "secrets-app?/log-all", "webcrypt?/log-all", "opcard?/log-all", "provisioner-app?/log-all"]
 

components/apps/src/dispatch.rs

@@ -9,11 +9,6 @@ use trussed::{
     Platform,
 };
 
-#[cfg(any(
-    feature = "backend-auth",
-    feature = "backend-rsa",
-    feature = "backend-staging"
-))]
 use trussed::{
     api::{reply, request},
     backend::Backend as _,
@@ -26,27 +21,26 @@ use embedded_hal::blocking::delay::DelayUs;
 #[cfg(feature = "se050")]
 use se05x::{se05x::Se05X, t1::I2CForT1};
 #[cfg(feature = "se050")]
-use trussed_se050_backend::{manage::ManageExtension, Context as Se050Context, Se050Backend};
+use trussed_se050_backend::{manage::ManageExtension as Se050ManageExtension , Context as Se050Context, Se050Backend};
 
 #[cfg(feature = "backend-auth")]
 use trussed_auth::{AuthBackend, AuthContext, AuthExtension, MAX_HW_KEY_LEN};
 
 #[cfg(feature = "backend-rsa")]
 use trussed_rsa_alloc::SoftwareRsa;
 
-#[cfg(feature = "backend-staging")]
 use trussed_staging::{
     streaming::ChunkedExtension, wrap_key_to_file::WrapKeyToFileExtension, StagingBackend,
+    manage::ManageExtension,
     StagingContext,
 };
 
-#[cfg(all(feature = "webcrypt", feature = "backend-staging"))]
+#[cfg(feature = "webcrypt")]
 use trussed_staging::hmacsha256p256::HmacSha256P256Extension;
 
 pub struct Dispatch<T = (), D = ()> {
     #[cfg(feature = "backend-auth")]
     auth: AuthBackend,
-    #[cfg(feature = "backend-staging")]
     staging: StagingBackend,
     #[cfg(feature = "se050")]
     se050: Option<trussed_se050_backend::Se050Backend<T, D>>,
@@ -58,12 +52,39 @@ pub struct Dispatch<T = (), D = ()> {
 pub struct DispatchContext {
     #[cfg(feature = "backend-auth")]
     auth: AuthContext,
-    #[cfg(feature = "backend-staging")]
     staging: StagingContext,
     #[cfg(feature = "se050")]
     se050: Se050Context,
 }
 
+fn build_staging_backend() -> StagingBackend {
+    let mut backend = StagingBackend::new();
+    backend.manage.should_preserve_file = |file, location| {
+        // // We save all "special" objects, with an ID that is representable by a `u8`
+
+        // let Some(parent) = file.parent() else {
+        //     return false;
+        // };
+
+        // if &[path!("x5c"), path!("sss")]
+
+        // let Some(root) = parent.parent() else {
+        //     return false;
+        // };
+
+        // if root.parent.is_some() {
+        //     return false;   
+        // }
+
+
+        // const PATHS_TO_SAVE: &[&Path] = &[path!("/fido/x5c/00"), path!("fido/sec/00")];
+
+        // // if PATHS_TO_SAVE.contains()
+        false
+    };
+    backend
+}
+
 impl<T: Twi, D: Delay> Dispatch<T, D> {
     pub fn new(
         auth_location: Location,
@@ -74,7 +95,6 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
         Self {
             #[cfg(feature = "backend-auth")]
             auth: AuthBackend::new(auth_location),
-            #[cfg(feature = "backend-staging")]
             staging: StagingBackend::new(),
             #[cfg(feature = "se050")]
             se050: se050.map(trussed_se050_backend::Se050Backend::new),
@@ -91,7 +111,6 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
     ) -> Self {
         Self {
             auth: AuthBackend::with_hw_key(auth_location, hw_key),
-            #[cfg(feature = "backend-staging")]
             staging: StagingBackend::new(),
             #[cfg(feature = "se050")]
             se050: se050.map(trussed_se050_backend::Se050Backend::new),
@@ -142,7 +161,6 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
             }
             #[cfg(feature = "backend-rsa")]
             Backend::SoftwareRsa => SoftwareRsa.request(&mut ctx.core, &mut (), request, resources),
-            #[cfg(feature = "backend-staging")]
             Backend::Staging => {
                 self.staging
                     .request(&mut ctx.core, &mut ctx.backends.staging, request, resources)
@@ -179,7 +197,6 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
             },
             #[cfg(feature = "backend-rsa")]
             Backend::SoftwareRsa => Err(TrussedError::RequestNotAvailable),
-            #[cfg(feature = "backend-staging")]
             Backend::Staging => match extension {
                 Extension::Chunked => {
                     ExtensionImpl::<ChunkedExtension>::extension_request_serialized(
@@ -199,7 +216,7 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
                         resources,
                     )
                 }
-                #[cfg(feature = "webcrypt")]
+                #[cfg(feature = "backend-staging-hmacsha256p256")]
                 Extension::HmacShaP256 => {
                     ExtensionImpl::<HmacSha256P256Extension>::extension_request_serialized(
                         &mut self.staging,
@@ -236,7 +253,6 @@ pub enum Backend {
     Auth,
     #[cfg(feature = "backend-rsa")]
     SoftwareRsa,
-    #[cfg(feature = "backend-staging")]
     Staging,
     #[cfg(feature = "se050")]
     Se050,
@@ -246,11 +262,10 @@ pub enum Backend {
 pub enum Extension {
     #[cfg(feature = "backend-auth")]
     Auth,
-    #[cfg(feature = "backend-staging")]
     Chunked,
-    #[cfg(feature = "backend-staging")]
     WrapKeyToFile,
-    #[cfg(feature = "backend-staging")]
+    Manage,
+    #[cfg(feature = "backend-staging-hmacsha256p256")]
     HmacShaP256,
     #[cfg(feature = "se050")]
     Se050Manage,
@@ -261,14 +276,13 @@ impl From<Extension> for u8 {
         match extension {
             #[cfg(feature = "backend-auth")]
             Extension::Auth => 0,
-            #[cfg(feature = "backend-staging")]
             Extension::Chunked => 1,
-            #[cfg(feature = "backend-staging")]
             Extension::WrapKeyToFile => 2,
-            #[cfg(feature = "backend-staging")]
-            Extension::HmacShaP256 => 3,
+            Extension::Manage => 3,
+            #[cfg(feature = "backend-staging-hmacsha256p256")]
+            Extension::HmacShaP256 => 4,
             #[cfg(feature = "se050")]
-            Extension::Se050Manage => 4,
+            Extension::Se050Manage => 5,
         }
     }
 }
@@ -280,14 +294,13 @@ impl TryFrom<u8> for Extension {
         match id {
             #[cfg(feature = "backend-auth")]
             0 => Ok(Extension::Auth),
-            #[cfg(feature = "backend-staging")]
             1 => Ok(Extension::Chunked),
-            #[cfg(feature = "backend-staging")]
             2 => Ok(Extension::WrapKeyToFile),
-            #[cfg(feature = "backend-staging")]
-            3 => Ok(Extension::HmacShaP256),
+            3 => Ok(Extension::Manage),
+            #[cfg(feature = "backend-staging-hmacsha256p256")]
+            4 => Ok(Extension::HmacShaP256),
             #[cfg(feature = "se050")]
-            4 => Ok(Extension::Se050Manage),
+            5 => Ok(Extension::Se050Manage),
             _ => Err(TrussedError::InternalError),
         }
     }
@@ -300,30 +313,34 @@ impl<T: Twi, D: Delay> ExtensionId<AuthExtension> for Dispatch<T, D> {
     const ID: Self::Id = Self::Id::Auth;
 }
 
-#[cfg(feature = "backend-staging")]
 impl<T: Twi, D: Delay> ExtensionId<ChunkedExtension> for Dispatch<T, D> {
     type Id = Extension;
 
     const ID: Self::Id = Self::Id::Chunked;
 }
 
-#[cfg(feature = "backend-staging")]
 impl<T: Twi, D: Delay> ExtensionId<WrapKeyToFileExtension> for Dispatch<T, D> {
     type Id = Extension;
 
     const ID: Self::Id = Self::Id::WrapKeyToFile;
 }
 
-#[cfg(all(feature = "backend-staging", feature = "webcrypt"))]
+#[cfg(feature = "backend-staging-hmacsha256p256")]
 impl<T: Twi, D: Delay> ExtensionId<HmacSha256P256Extension> for Dispatch<T, D> {
     type Id = Extension;
 
     const ID: Self::Id = Self::Id::HmacShaP256;
 }
 
-#[cfg(feature = "se050")]
 impl<T: Twi, D: Delay> ExtensionId<ManageExtension> for Dispatch<T, D> {
     type Id = Extension;
 
+    const ID: Self::Id = Self::Id::Manage;
+}
+
+#[cfg(feature = "se050")]
+impl<T: Twi, D: Delay> ExtensionId<Se050ManageExtension> for Dispatch<T, D> {
+    type Id = Extension;
+
     const ID: Self::Id = Self::Id::Se050Manage;
 }