Use enum rather than bool

Cargo.toml

@@ -21,7 +21,6 @@ sha2 = { version = "0.10.6", default-features = false }
 subtle = { version = "2.4.1", default-features = false }
 trussed = { version = "0.1.0", features = ["serde-extensions"] }
 littlefs2 = "0.4.0"
-admin-app = "0.1.0"
 
 [dev-dependencies]
 quickcheck = { version = "1.0.3", default-features = false }
@@ -32,7 +31,6 @@ admin-app = { version = "0.1.0", features = ["migration-tests"] }
 [patch.crates-io]
 littlefs2 = { git = "https://github.com/sosthene-nitrokey/littlefs2.git", rev = "2b45a7559ff44260c6dd693e4cb61f54ae5efc53" }
 trussed = { git = "https://github.com/Nitrokey/trussed.git", rev = "be04182e2c74e73599a394e814d353bc4bf79484" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.3.0" }
 trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" }
 apdu-dispatch = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "915fc237103fcecc29d0f0b73391f19abf6576de" }
 ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" }

src/backend.rs

@@ -52,6 +52,15 @@ impl fmt::Debug for HardwareKey {
     }
 }
 
+/// Filesystem layout used
+#[derive(Debug, Clone)]
+pub enum FilesystemLayout {
+    /// The default layout
+    V0,
+    /// The optimized layout, requireing the [`migrate::migrate_remove_dat`]() migration
+    V1,
+}
+
 /// A basic implementation of the [`AuthExtension`][].
 ///
 /// This implementation stores PINs together with their retry counters on the filesystem.  PINs are
@@ -75,28 +84,31 @@ impl fmt::Debug for HardwareKey {
 pub struct AuthBackend {
     location: Location,
     hw_key: HardwareKey,
-    /// If true, get rid of the intermediary `dat` folder created by the filestore
-    use_raw: bool,
+    layout: FilesystemLayout,
 }
 
 impl AuthBackend {
     /// Creates a new `AuthBackend` using the given storage location for the PINs.
-    pub fn new(location: Location, use_raw: bool) -> Self {
+    pub fn new(location: Location, layout: FilesystemLayout) -> Self {
         Self {
             location,
             hw_key: HardwareKey::None,
-            use_raw,
+            layout,
         }
     }
 
     /// Creates a new `AuthBackend` with a given key.
     ///
     /// This key is used to strengthen key generation from the pins
-    pub fn with_hw_key(location: Location, hw_key: Bytes<MAX_HW_KEY_LEN>, use_raw: bool) -> Self {
+    pub fn with_hw_key(
+        location: Location,
+        hw_key: Bytes<MAX_HW_KEY_LEN>,
+        layout: FilesystemLayout,
+    ) -> Self {
         Self {
             location,
             hw_key: HardwareKey::Raw(hw_key),
-            use_raw,
+            layout,
         }
     }
 
@@ -105,11 +117,11 @@ impl AuthBackend {
     /// Contrary to [`new`](Self::new) which uses a default `&[]` key, this will make operations depending on the hardware key to fail:
     /// - [`set_pin`](crate::AuthClient::set_pin) with `derive_key = true`
     /// - All operations on a pin that was created with `derive_key = true`
-    pub fn with_missing_hw_key(location: Location, use_raw: bool) -> Self {
+    pub fn with_missing_hw_key(location: Location, layout: FilesystemLayout) -> Self {
         Self {
             location,
             hw_key: HardwareKey::Missing,
-            use_raw,
+            layout,
         }
     }
 
@@ -222,12 +234,15 @@ impl ExtensionImpl<AuthExtension> for AuthBackend {
         backend_path.push(&PathBuf::from(BACKEND_DIR));
         let mut fs;
         let mut global_fs;
-        if self.use_raw {
-            fs = resources.raw_filestore(backend_path);
-            global_fs = resources.raw_filestore(PathBuf::from(BACKEND_DIR));
-        } else {
-            fs = resources.filestore(backend_path);
-            global_fs = resources.filestore(PathBuf::from(BACKEND_DIR));
+        match self.layout {
+            FilesystemLayout::V0 => {
+                fs = resources.raw_filestore(backend_path);
+                global_fs = resources.raw_filestore(PathBuf::from(BACKEND_DIR));
+            }
+            FilesystemLayout::V1 => {
+                fs = resources.filestore(backend_path);
+                global_fs = resources.filestore(PathBuf::from(BACKEND_DIR));
+            }
         }
 
         let fs = &mut fs;

src/lib.rs

@@ -73,7 +73,7 @@ use trussed::{
     types::{Bytes, PathBuf},
 };
 
-pub use backend::{AuthBackend, AuthContext, MAX_HW_KEY_LEN};
+pub use backend::{AuthBackend, AuthContext, FilesystemLayout, MAX_HW_KEY_LEN};
 pub use extension::{
     reply, request, AuthClient, AuthExtension, AuthReply, AuthRequest, AuthResult,
 };

tests/backend.rs

@@ -55,18 +55,25 @@ mod dispatch {
     impl Dispatch {
         pub fn new() -> Self {
             Self {
-                auth: AuthBackend::new(Location::Internal, false),
+                auth: AuthBackend::new(Location::Internal, trussed_auth::FilesystemLayout::V0),
             }
         }
 
         pub fn with_hw_key(hw_key: Bytes<MAX_HW_KEY_LEN>) -> Self {
             Self {
-                auth: AuthBackend::with_hw_key(Location::Internal, hw_key, false),
+                auth: AuthBackend::with_hw_key(
+                    Location::Internal,
+                    hw_key,
+                    trussed_auth::FilesystemLayout::V0,
+                ),
             }
         }
         pub fn with_missing_hw_key() -> Self {
             Self {
-                auth: AuthBackend::with_missing_hw_key(Location::Internal, false),
+                auth: AuthBackend::with_missing_hw_key(
+                    Location::Internal,
+                    trussed_auth::FilesystemLayout::V0,
+                ),
             }
         }
     }