Use feature-complete SE050 backend

Nitrokey · Nov 13, 2023 · f0f261d · f0f261d
1 parent 72f0b88
commit f0f261d
Show file tree

Hide file tree

Showing 5 changed files with 138 additions and 27 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,7 +23,7 @@ serde-indexed = { git = "https://github.com/nitrokey/serde-indexed.git", tag = "
 apdu-dispatch = { git = "https://github.com/Nitrokey/apdu-dispatch.git", tag = "v0.1.2-nitrokey.2" }
 ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch.git", tag = "v0.1.1-nitrokey.3" }
 iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitrokey.2"}
-trussed = { git = "https://github.com/Nitrokey/trussed.git", rev = "v0.1.0-nitrokey.14" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "012788c1af5559c5c94dfb17c92332516b5b812e" }
 usbd-ctaphid = { git = "https://github.com/Nitrokey/usbd-ctaphid.git", tag = "v0.1.0-nitrokey.2" }
 usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
 
@@ -32,12 +32,12 @@ secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", tag = "
 webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag = "v0.8.0-rc4"}
 opcard = { git = "https://github.com/Nitrokey/opcard-rs", tag = "v1.2.0" }
 piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator", tag = "v0.3.3" }
-se05x = { git = "https://github.com/Nitrokey/se05x.git", tag = "v0.1.0"} 
-trussed-auth = { git = "https://github.com/Nitrokey/trussed-auth", tag = "v0.2.2-nitrokey.1" }
-trussed-rsa-alloc = { git = "https://github.com/Nitrokey/trussed-rsa-backend.git", tag = "v0.1.0"}
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", branch = "hmacsha256p256" }
+se05x = { git = "https://github.com/Nitrokey/se05x.git", rev = "d09a451246a97446f18f61b58d2b3e569b0e58f3"} 
+trussed-auth = { git = "https://github.com/Nitrokey/trussed-auth", rev = "1826aaee72da5e539c35aa6d9fbc036c30c94d6f" }
+trussed-rsa-alloc = { git = "https://github.com/Nitrokey/trussed-rsa-backend.git", rev = "2088e2f8a8d706276c1559717b4c6b6d4f270253"}
+trussed-staging = { git = "https://github.com/Nitrokey/trussed-staging.git", branch = "hmacsha256p256-rebased" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.3" }
-trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "v0.1.0-test-driver" }
+trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "dc8bea608a5b7d1b18179709c8b6e9ffa9999196" }
 
 [profile.release]
 codegen-units = 1

diff --git a/components/apps/Cargo.toml b/components/apps/Cargo.toml
@@ -29,6 +29,7 @@ provisioner-app = { path = "../provisioner-app", optional = true }
 se05x = { version = "0.0.1", optional = true}
 trussed-se050-backend = { version = "0.1.0", optional = true }
 embedded-hal = "0.2.7"
+littlefs2 = "0.4"
 
 [dev-dependencies]
 cbor-smol = "0.4"
@@ -45,13 +46,13 @@ webcrypt = ["dep:webcrypt", "backend-auth", "backend-rsa", "backend-staging", "t
 fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid"]
 opcard = ["dep:opcard", "backend-rsa", "backend-auth", "backend-staging"]
 piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth", "backend-staging"]
-se050-test-app = ["se050", "admin-app/se050"]
-se050 = ["trussed-se050-backend", "dep:se05x"]
 
 # backends
 backend-auth = ["trussed-auth"]
 backend-rsa = ["trussed-rsa-alloc"]
 backend-staging = ["trussed-staging"]
+se050 = ["trussed-se050-backend", "dep:se05x", "backend-auth"]
+se050-test-app = ["admin-app/se050"]
 
 log-all = ["admin-app/log-all", "fido-authenticator?/log-all", "secrets-app?/log-all", "webcrypt?/log-all", "opcard?/log-all", "provisioner-app?/log-all"]
 

diff --git a/components/apps/src/dispatch.rs b/components/apps/src/dispatch.rs
@@ -64,20 +64,38 @@ pub struct DispatchContext {
     se050: Se050Context,
 }
 
+#[cfg(feature = "se050")]
+const NAMESPACE: trussed_se050_backend::namespacing::Namespace = {
+    use trussed_se050_backend::namespacing::*;
+    use littlefs2::path::Path;
+    use littlefs2::path;
+
+    Namespace(&[
+        NamespaceItem {
+            client: path!("admin"),
+            value: NamespaceValue::Client1,
+        },
+        NamespaceItem {
+            client: path!("opcard"),
+            value: NamespaceValue::Client2,
+        }
+    ])
+};
+
 impl<T: Twi, D: Delay> Dispatch<T, D> {
     pub fn new(
         auth_location: Location,
         #[cfg(feature = "se050")] se050: Option<Se05X<T, D>>,
     ) -> Self {
-        #[cfg(not(feature = "backend-auth"))]
+        #[cfg(not(all(feature = "backend-auth", feature = "se050")))]
         let _ = auth_location;
         Self {
             #[cfg(feature = "backend-auth")]
             auth: AuthBackend::new(auth_location),
             #[cfg(feature = "backend-staging")]
             staging: StagingBackend::new(),
             #[cfg(feature = "se050")]
-            se050: se050.map(trussed_se050_backend::Se050Backend::new),
+            se050: se050.map(|driver| Se050Backend::new(driver, auth_location, None, NAMESPACE)),
             #[cfg(not(feature = "se050"))]
             __: Default::default(),
         }
@@ -89,12 +107,15 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
         hw_key: Bytes<MAX_HW_KEY_LEN>,
         #[cfg(feature = "se050")] se050: Option<Se05X<T, D>>,
     ) -> Self {
+        #[cfg(feature = "se050")]
+        // Should the backend really use the same key?
+        let hw_key_se050 = hw_key.clone();
         Self {
             auth: AuthBackend::with_hw_key(auth_location, hw_key),
             #[cfg(feature = "backend-staging")]
             staging: StagingBackend::new(),
             #[cfg(feature = "se050")]
-            se050: se050.map(trussed_se050_backend::Se050Backend::new),
+            se050: se050.map(|driver| Se050Backend::new(driver, auth_location, Some(hw_key_se050), NAMESPACE)),
             #[cfg(not(feature = "se050"))]
             __: Default::default(),
         }

diff --git a/runners/embedded/Cargo.toml b/runners/embedded/Cargo.toml
@@ -73,7 +73,7 @@ toml = "0.5"
 [features]
 default = ["alloc"]
 
-test = ["apps/test", "utils/test", "se050", "se050-test-app"]
+test = ["apps/test", "utils/test", "se050"]
 develop = ["no-encrypted-storage", "apps/no-reset-time-window", "log-traceP"]
 develop-no-press = ["develop", "no-buttons"]
 provisioner = ["apps/provisioner", "write-undefined-flash", "no-buttons", "apps/no-reset-time-window", "lpc55-hardware-checks"]