Skip to content

Commit

Permalink
Use updated admin-app with factory reset
Browse files Browse the repository at this point in the history
  • Loading branch information
sosthene-nitrokey committed Nov 15, 2023
1 parent 48eee2e commit b149b2e
Show file tree
Hide file tree
Showing 5 changed files with 97 additions and 44 deletions.
13 changes: 10 additions & 3 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ version = "1.6.0-rc.1"

[patch.crates-io]
# forked
admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "4e9e7bd9cd83c729b78c23f738fb05d559b06ab9" }
admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "1adbce18ca884d35a3a4b80a7c5dd8fca9e4bae0" }
ctap-types = { git = "https://github.com/Nitrokey/ctap-types", tag = "v0.1.2-nitrokey.4" }
fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.8" }
flexiber = { git = "https://github.com/Nitrokey/flexiber", tag = "0.1.1.nitrokey" }
Expand All @@ -26,6 +26,7 @@ iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitro
trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "d97c64d0bc5f83ce22b0e0ed034a2b451616b3f9" }
usbd-ctaphid = { git = "https://github.com/Nitrokey/usbd-ctaphid.git", tag = "v0.1.0-nitrokey.2" }
usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
littlefs2 = { git = "https://github.com/trussed-dev/littlefs2", rev = "e6c46e7ba5ae19129e457a2182e40a439c0322fe" }

# unreleased crates
secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", tag = "v0.13.0-rc2" }
Expand Down
2 changes: 2 additions & 0 deletions components/apps/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ trussed = { version = "0.1", features = ["serde-extensions"]}
trussed-usbip = { version = "0.0.1", default-features = false, features = ["ctaphid"], optional = true }
usbd-ctaphid = { version = "0.1", optional = true }
utils = { path = "../utils" }
if_chain = "1.0.2"
littlefs2 = { version = "0.4" }

# Backends
trussed-auth = { version = "0.2.2", optional = true }
Expand Down
106 changes: 68 additions & 38 deletions components/apps/src/dispatch.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ use trussed::{
Platform,
};

use littlefs2::{path, path::Path};

use if_chain::if_chain;
use trussed::{
api::{reply, request},
backend::Backend as _,
Expand All @@ -21,7 +24,9 @@ use embedded_hal::blocking::delay::DelayUs;
#[cfg(feature = "se050")]
use se05x::{se05x::Se05X, t1::I2CForT1};
#[cfg(feature = "se050")]
use trussed_se050_backend::{manage::ManageExtension as Se050ManageExtension , Context as Se050Context, Se050Backend};
use trussed_se050_backend::{
manage::ManageExtension as Se050ManageExtension, Context as Se050Context, Se050Backend,
};

#[cfg(feature = "backend-auth")]
use trussed_auth::{AuthBackend, AuthContext, AuthExtension, MAX_HW_KEY_LEN};
Expand All @@ -30,9 +35,8 @@ use trussed_auth::{AuthBackend, AuthContext, AuthExtension, MAX_HW_KEY_LEN};
use trussed_rsa_alloc::SoftwareRsa;

use trussed_staging::{
streaming::ChunkedExtension, wrap_key_to_file::WrapKeyToFileExtension, StagingBackend,
manage::ManageExtension,
StagingContext,
manage::ManageExtension, streaming::ChunkedExtension, wrap_key_to_file::WrapKeyToFileExtension,
StagingBackend, StagingContext,
};

#[cfg(feature = "webcrypt")]
Expand All @@ -57,31 +61,31 @@ pub struct DispatchContext {
se050: Se050Context,
}

fn should_preserve_file(file: &Path) -> bool {
// We save all "special" objects, with an ID that is representable by a `u8`

const DIRS: &[&Path] = &[path!("x5c"), path!("ctr"), path!("sec"), path!("pub")];

let mut components = file.iter();
if_chain! {
if components.next() == Some("/".into());
if components.next().is_some();
if let Some(intermediary) = components.next();
if DIRS.contains(&&*intermediary);
if let Some(file_name) = components.next();
if components.next().is_none();
if file_name.as_ref().len() <=2;
then {
true
} else {
false
}
}
}

fn build_staging_backend() -> StagingBackend {
let mut backend = StagingBackend::new();
backend.manage.should_preserve_file = |file, location| {
// // We save all "special" objects, with an ID that is representable by a `u8`

// let Some(parent) = file.parent() else {
// return false;
// };

// if &[path!("x5c"), path!("sss")]

// let Some(root) = parent.parent() else {
// return false;
// };

// if root.parent.is_some() {
// return false;
// }


// const PATHS_TO_SAVE: &[&Path] = &[path!("/fido/x5c/00"), path!("fido/sec/00")];

// // if PATHS_TO_SAVE.contains()
false
};
backend.manage.should_preserve_file = |file, _location| should_preserve_file(file);
backend
}

Expand All @@ -95,7 +99,7 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
Self {
#[cfg(feature = "backend-auth")]
auth: AuthBackend::new(auth_location),
staging: StagingBackend::new(),
staging: build_staging_backend(),
#[cfg(feature = "se050")]
se050: se050.map(trussed_se050_backend::Se050Backend::new),
#[cfg(not(feature = "se050"))]
Expand All @@ -111,7 +115,7 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
) -> Self {
Self {
auth: AuthBackend::with_hw_key(auth_location, hw_key),
staging: StagingBackend::new(),
staging: build_staging_backend(),
#[cfg(feature = "se050")]
se050: se050.map(trussed_se050_backend::Se050Backend::new),
#[cfg(not(feature = "se050"))]
Expand Down Expand Up @@ -165,6 +169,7 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
self.staging
.request(&mut ctx.core, &mut ctx.backends.staging, request, resources)
}
Backend::StagingManage => Err(TrussedError::RequestNotAvailable),
#[cfg(feature = "se050")]
Backend::Se050 => self
.se050
Expand Down Expand Up @@ -229,17 +234,27 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
#[allow(unreachable_patterns)]
_ => Err(TrussedError::RequestNotAvailable),
},
Backend::StagingManage => match extension {
Extension::Manage => ExtensionImpl::<ManageExtension>::extension_request_serialized(
&mut self.staging,
&mut ctx.core,
&mut ctx.backends.staging,
request,
resources,
),
_ => Err(TrussedError::RequestNotAvailable),
},
#[cfg(feature = "se050")]
Backend::Se050 => match extension {
Extension::Se050Manage => {
ExtensionImpl::<ManageExtension>::extension_request_serialized(
self.se050.as_mut().ok_or(TrussedError::GeneralError)?,
&mut ctx.core,
&mut ctx.backends.se050,
request,
resources,
)
}
Extension::Se050Manage => ExtensionImpl::<
trussed_se050_backend::manage::ManageExtension,
>::extension_request_serialized(
self.se050.as_mut().ok_or(TrussedError::GeneralError)?,
&mut ctx.core,
&mut ctx.backends.se050,
request,
resources,
),
_ => Err(TrussedError::RequestNotAvailable),
},
_ => Err(TrussedError::RequestNotAvailable),
Expand All @@ -254,6 +269,7 @@ pub enum Backend {
#[cfg(feature = "backend-rsa")]
SoftwareRsa,
Staging,
StagingManage,
#[cfg(feature = "se050")]
Se050,
}
Expand Down Expand Up @@ -344,3 +360,17 @@ impl<T: Twi, D: Delay> ExtensionId<Se050ManageExtension> for Dispatch<T, D> {

const ID: Self::Id = Self::Id::Se050Manage;
}

#[cfg(test)]
mod tests {
use super::*;

#[test]
fn file_preserve() {
assert!(should_preserve_file(path!("/fido/sec/00")));
assert!(should_preserve_file(path!("/fido/x5c/00")));
assert!(should_preserve_file(path!("/fido/sec/01")));
assert!(should_preserve_file(path!("/fido/x5c/01")));
assert!(!should_preserve_file(path!("/fido/dat/sec/00")));
}
}
17 changes: 15 additions & 2 deletions components/apps/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@ use embedded_hal::blocking::delay::DelayUs;
use serde::{Deserialize, Serialize};
use trussed::{
backend::BackendId, client::ClientBuilder, interrupt::InterruptFlag, platform::Syscall,
store::filestore::ClientFilestore, ClientImplementation, Platform, Service,
store::filestore::ClientFilestore, types::Path, ClientImplementation, Platform, Service,
};

use admin_app::ConfigValueMut;
pub use admin_app::Reboot;
use admin_app::{ConfigValueMut, ResetSignalAllocation};
use trussed::types::Location;

#[cfg(feature = "webcrypt")]
Expand Down Expand Up @@ -47,6 +47,18 @@ impl admin_app::Config for Config {
_ => None,
}
}

fn reset_client_id(&self, _key: &str) -> Option<&'static Path> {
None
}

fn reset_signal(&self, _key: &str) -> Option<&'static ResetSignalAllocation> {
None
}

fn can_reset(&self, _client: &str) -> Option<&'static ResetSignalAllocation> {
None
}
}

#[derive(Debug, Default, PartialEq, Deserialize, Serialize)]
Expand Down Expand Up @@ -422,6 +434,7 @@ impl<R: Runner> App<R> for AdminApp<R> {

fn backends(runner: &R, _config: &()) -> &'static [BackendId<Backend>] {
const BACKENDS_ADMIN: &[BackendId<Backend>] = &[
BackendId::Custom(Backend::StagingManage),
#[cfg(feature = "se050-test-app")]
BackendId::Custom(Backend::Se050),
BackendId::Core,
Expand Down

0 comments on commit b149b2e

Please sign in to comment.