Add reset flag to be controled by the admin app

Nitrokey · Nov 15, 2023 · b8ba8f5 · b8ba8f5
1 parent 1a4a28e
commit b8ba8f5
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 7 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,6 +36,7 @@ trussed-staging = { version = "0.1.0", features = ["wrap-key-to-file", "chunked"
 serde_repr = "0.1"
 hex-literal = "0.4.1"
 trussed-auth = "0.2.1"
+admin-app = "0.1.0"
 
 # optional dependencies
 apdu-dispatch = { version = "0.1", optional = true }
@@ -88,13 +89,15 @@ log-error = []
 [patch.crates-io]
 iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitrokey.1" }
 p256-cortex-m4 = { git = "https://github.com/Nitrokey/p256-cortex-m4", tag = "v0.1.0-alpha.6-nitrokey-1" }
-trussed = { git = "https://github.com/nitrokey/trussed" , tag = "v0.1.0-nitrokey.11" }
-trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth.git", tag = "v0.2.2"}
-trussed-rsa-alloc = { git = "https://github.com/Nitrokey/trussed-rsa-backend", tag = "v0.1.0" }
-trussed-staging = { git = "https://github.com/Nitrokey/trussed-staging", tag = "v0.1.0" }
+trussed = { git = "https://github.com/nitrokey/trussed" , rev = "976372331be2f1b37cab532420cb6c55e0d54473" }
+trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth.git", rev = "4b8191f248c26cb074cdac887c7f3f48f9c449a4"}
+trussed-rsa-alloc = { git = "https://github.com/Nitrokey/trussed-rsa-backend", rev = "baced761b2be0f207d88aca47fbe2fad4736618a" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "10baac2608e98e25ea77ade974a4e26f778d6c8e" }
 apdu-dispatch = { git = "https://github.com/Nitrokey/apdu-dispatch", tag = "v0.1.2-nitrokey.2" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.1" }
 usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "8a9270ddff00c775c9d5d3739e6aa1669cec76f2" }
+ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" }
 
 [package.metadata.docs.rs]
 all-features = true

diff --git a/src/card.rs b/src/card.rs
@@ -1,6 +1,7 @@
 // Copyright (C) 2022 Nitrokey GmbH
 // SPDX-License-Identifier: LGPL-3.0-only
 
+use admin_app::{ResetSignal, ResetSignalAllocation};
 use hex_literal::hex;
 use iso7816::Status;
 use trussed::types::Location;
@@ -43,6 +44,16 @@ impl<T: Client> Card<T> {
         }
     }
 
+    /// Set the reset flag for the application
+    ///
+    /// If this flag is set it is loaded on every command, and a value of `true` will make opcard reject any
+    /// future command.
+    ///
+    /// It is meant as a way to "disable" the application until a reboot, for example to  change its backends
+    pub fn set_reset_signal(&mut self, flag: Option<&'static ResetSignalAllocation>) {
+        self.state.volatile.reset_signal = flag;
+    }
+
     /// Handles an APDU command and writes the response to the given buffer.
     ///
     /// The APDU command must be complete, i. e. chained commands must be resolved by the caller.
@@ -51,6 +62,19 @@ impl<T: Client> Card<T> {
         command: &iso7816::Command<C>,
         reply: &mut heapless::Vec<u8, R>,
     ) -> Result<(), Status> {
+        if let Some(reset_signal) = self.state.volatile.reset_signal {
+            match reset_signal.load() {
+                ResetSignal::None => {}
+                ResetSignal::ConfigChanged => {
+                    return Err(Status::SelectedFileInTerminationState);
+                }
+                ResetSignal::FactoryReset => {
+                    self.state = State::default();
+                    reset_signal.ack_factory_reset();
+                }
+            }
+        }
+
         trace!("Received APDU {:?}", command);
         let card_command = Command::try_from(command).inspect_err_stable(|_err| {
             warn!("Failed to parse command: {command:x?} {_err:?}");

diff --git a/src/state.rs b/src/state.rs
@@ -3,6 +3,7 @@
 
 use core::mem::take;
 
+use admin_app::ResetSignalAllocation;
 use heapless_bytes::Bytes;
 use hex_literal::hex;
 use iso7816::Status;
@@ -161,7 +162,7 @@ pub enum LifeCycle {
     Operational = 0x05,
 }
 
-#[derive(Clone, Debug, Default, Eq, PartialEq)]
+#[derive(Clone, Debug, Default)]
 pub struct State {
     // Persistent state may not be loaded, or may error when loaded
     pub persistent: Option<Persistent>,
@@ -234,7 +235,7 @@ impl State {
     }
 }
 
-#[derive(Debug, Eq, PartialEq)]
+#[derive(Debug)]
 pub struct LoadedState<'s> {
     pub persistent: &'s mut Persistent,
     pub volatile: &'s mut Volatile,
@@ -1307,12 +1308,13 @@ impl Drop for AdminVerified {
     }
 }
 
-#[derive(Debug, Default, Clone, PartialEq, Eq)]
+#[derive(Debug, Default, Clone)]
 pub struct Volatile {
     user: UserVerified,
     admin: AdminVerified,
     pub cur_do: Option<(Tag, Occurrence)>,
     pub keyrefs: KeyRefs,
+    pub reset_signal: Option<&'static ResetSignalAllocation>,
 }
 
 impl Volatile {