diff --git a/Cargo.toml b/Cargo.toml index 5e9a3ae..991a2e7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,7 +21,6 @@ sha2 = { version = "0.10.6", default-features = false } subtle = { version = "2.4.1", default-features = false } trussed = { version = "0.1.0", features = ["serde-extensions"] } littlefs2 = "0.4.0" -admin-app = "0.1.0" [dev-dependencies] quickcheck = { version = "1.0.3", default-features = false } @@ -32,7 +31,6 @@ admin-app = { version = "0.1.0", features = ["migration-tests"] } [patch.crates-io] littlefs2 = { git = "https://github.com/sosthene-nitrokey/littlefs2.git", rev = "2b45a7559ff44260c6dd693e4cb61f54ae5efc53" } trussed = { git = "https://github.com/Nitrokey/trussed.git", rev = "be04182e2c74e73599a394e814d353bc4bf79484" } -trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.3.0" } trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" } apdu-dispatch = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "915fc237103fcecc29d0f0b73391f19abf6576de" } ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" } diff --git a/src/backend.rs b/src/backend.rs index 1f6fec6..15b0deb 100644 --- a/src/backend.rs +++ b/src/backend.rs @@ -52,6 +52,15 @@ impl fmt::Debug for HardwareKey { } } +/// Filesystem layout used +#[derive(Debug, Clone)] +pub enum FilesystemLayout { + /// The default layout + V0, + /// The optimized layout, requireing the [`migrate::migrate_remove_dat`]() migration + V1, +} + /// A basic implementation of the [`AuthExtension`][]. /// /// This implementation stores PINs together with their retry counters on the filesystem. PINs are @@ -75,28 +84,31 @@ impl fmt::Debug for HardwareKey { pub struct AuthBackend { location: Location, hw_key: HardwareKey, - /// If true, get rid of the intermediary `dat` folder created by the filestore - use_raw: bool, + layout: FilesystemLayout, } impl AuthBackend { /// Creates a new `AuthBackend` using the given storage location for the PINs. - pub fn new(location: Location, use_raw: bool) -> Self { + pub fn new(location: Location, layout: FilesystemLayout) -> Self { Self { location, hw_key: HardwareKey::None, - use_raw, + layout, } } /// Creates a new `AuthBackend` with a given key. /// /// This key is used to strengthen key generation from the pins - pub fn with_hw_key(location: Location, hw_key: Bytes, use_raw: bool) -> Self { + pub fn with_hw_key( + location: Location, + hw_key: Bytes, + layout: FilesystemLayout, + ) -> Self { Self { location, hw_key: HardwareKey::Raw(hw_key), - use_raw, + layout, } } @@ -105,11 +117,11 @@ impl AuthBackend { /// Contrary to [`new`](Self::new) which uses a default `&[]` key, this will make operations depending on the hardware key to fail: /// - [`set_pin`](crate::AuthClient::set_pin) with `derive_key = true` /// - All operations on a pin that was created with `derive_key = true` - pub fn with_missing_hw_key(location: Location, use_raw: bool) -> Self { + pub fn with_missing_hw_key(location: Location, layout: FilesystemLayout) -> Self { Self { location, hw_key: HardwareKey::Missing, - use_raw, + layout, } } @@ -222,12 +234,15 @@ impl ExtensionImpl for AuthBackend { backend_path.push(&PathBuf::from(BACKEND_DIR)); let mut fs; let mut global_fs; - if self.use_raw { - fs = resources.raw_filestore(backend_path); - global_fs = resources.raw_filestore(PathBuf::from(BACKEND_DIR)); - } else { - fs = resources.filestore(backend_path); - global_fs = resources.filestore(PathBuf::from(BACKEND_DIR)); + match self.layout { + FilesystemLayout::V0 => { + fs = resources.raw_filestore(backend_path); + global_fs = resources.raw_filestore(PathBuf::from(BACKEND_DIR)); + } + FilesystemLayout::V1 => { + fs = resources.filestore(backend_path); + global_fs = resources.filestore(PathBuf::from(BACKEND_DIR)); + } } let fs = &mut fs; diff --git a/src/lib.rs b/src/lib.rs index 89c6ded..2e1cf0f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -73,7 +73,7 @@ use trussed::{ types::{Bytes, PathBuf}, }; -pub use backend::{AuthBackend, AuthContext, MAX_HW_KEY_LEN}; +pub use backend::{AuthBackend, AuthContext, FilesystemLayout, MAX_HW_KEY_LEN}; pub use extension::{ reply, request, AuthClient, AuthExtension, AuthReply, AuthRequest, AuthResult, }; diff --git a/tests/backend.rs b/tests/backend.rs index 764839c..7e0b108 100644 --- a/tests/backend.rs +++ b/tests/backend.rs @@ -55,18 +55,25 @@ mod dispatch { impl Dispatch { pub fn new() -> Self { Self { - auth: AuthBackend::new(Location::Internal, false), + auth: AuthBackend::new(Location::Internal, trussed_auth::FilesystemLayout::V0), } } pub fn with_hw_key(hw_key: Bytes) -> Self { Self { - auth: AuthBackend::with_hw_key(Location::Internal, hw_key, false), + auth: AuthBackend::with_hw_key( + Location::Internal, + hw_key, + trussed_auth::FilesystemLayout::V0, + ), } } pub fn with_missing_hw_key() -> Self { Self { - auth: AuthBackend::with_missing_hw_key(Location::Internal, false), + auth: AuthBackend::with_missing_hw_key( + Location::Internal, + trussed_auth::FilesystemLayout::V0, + ), } } }