Merge pull request #31 from Nitrokey/pub-configure

Make configure method public
Nitrokey · Jun 6, 2024 · a8cf2ad · a8cf2ad
2 parents 6b79357 + e239875
commit a8cf2ad
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 22 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,7 +23,7 @@ trussed = { version = "0.1.0", features = ["serde-extensions"] }
 serde.workspace = true
 trussed.workspace = true
 
-se05x = { version  = "0.1.3", features = ["serde", "builder"] }
+se05x = { version  = "0.1.5", features = ["serde", "builder"] }
 trussed-auth = "0.3.0"
 trussed-manage = "0.1.0"
 trussed-se050-manage = "0.1.0"
@@ -51,6 +51,7 @@ bitflags = "2.5.0"
 
 [dev-dependencies]
 admin-app = { version = "0.1.0", features = ["migration-tests"] }
+serde_test = "1.0.176"
 
 [patch.crates-io]
 littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "960e57d9fc0d209308c8e15dc26252bbe1ff6ba8" }

diff --git a/src/core_api.rs b/src/core_api.rs
@@ -3025,8 +3025,6 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> Se050Backend<Twi, D> {
         request: &Request,
         resources: &mut ServiceResources<P>,
     ) -> Result<trussed::Reply, Error> {
-        self.configure()?;
-
         // FIXME: Have a real implementation from trussed
         let mut backend_path = core_ctx.path.clone();
         backend_path.push(&PathBuf::from(BACKEND_DIR));

diff --git a/src/lib.rs b/src/lib.rs
@@ -37,6 +37,9 @@ const BACKEND_DIR: &Path = path!("se050-bak");
 
 pub const GLOBAL_ATTEST_ID: ObjectId = ObjectId(hex!("F0000012"));
 
+/// The version to know wether it should be re-configured
+pub const SE050_CONFIGURE_VERSION: u32 = 1;
+
 pub enum Se05xLocation {
     Persistent,
     Transient,
@@ -69,7 +72,6 @@ pub struct Se050Backend<Twi, D> {
     metadata_location: Location,
     hw_key: HardwareKey,
     ns: Namespace,
-    configured: bool,
     layout: FilesystemLayout,
 }
 
@@ -90,7 +92,6 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> Se050Backend<Twi, D> {
                 Some(k) => HardwareKey::Raw(k),
             },
             ns,
-            configured: false,
             layout,
         }
     }
@@ -126,14 +127,8 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> Se050Backend<Twi, D> {
             }
         }
     }
-
-    fn configure(&mut self) -> Result<(), trussed::Error> {
-        const REQUIRED_CURVES: [CurveInitializer; 2] =
-            [PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER];
+    pub fn configure(&mut self) -> Result<(), trussed::Error> {
         self.enable()?;
-        if self.configured {
-            return Ok(());
-        }
         let buf = &mut [0; 1024];
         let configured_curves = self
             .se
@@ -144,18 +139,18 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> Se050Backend<Twi, D> {
             })?;
         for i in REQUIRED_CURVES {
             if !configured_curves.ids.contains(&i.curve.into()) {
-                self.se.create_and_set_curve_params(&i).map_err(|_err| {
+                self.se.create_and_set_curve_params(i).map_err(|_err| {
                     debug!("Failed to create curve: {_err:?}");
                     trussed::Error::FunctionFailed
                 })?;
             }
         }
-        self.configured = true;
-
         Ok(())
     }
 }
 
+const REQUIRED_CURVES: &[CurveInitializer] = &[PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER];
+
 #[derive(Default, Debug)]
 pub struct Context {
     auth: AuthContext,
@@ -184,3 +179,23 @@ const ID_RANGE: Range<u32> = 0x000000FF..0x7FFF0000;
 pub(crate) fn object_in_range(obj: ObjectId) -> bool {
     ID_RANGE.contains(&u32::from_be_bytes(obj.0))
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn backend_version() {
+        // History of previous SE050_CONFIGURE_VERSION and the curves they used
+        let curves_versions: &[(u32, &[_])] = &[
+            (1, &[PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER]),
+            (0, &[]),
+        ];
+
+        assert_eq!(
+            curves_versions[0],
+            (SE050_CONFIGURE_VERSION, REQUIRED_CURVES),
+            "CONFIGURE VERSION needs to be bumped when the REQUIRED_CURVES are changed"
+        );
+    }
+}
diff --git a/src/manage.rs b/src/manage.rs
@@ -28,11 +28,6 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> ExtensionImpl<Se050ManageExtension> for Se0
         request: &<Se050ManageExtension as Extension>::Request,
         _resources: &mut ServiceResources<P>,
     ) -> Result<<Se050ManageExtension as Extension>::Reply, Error> {
-        self.configure().map_err(|err| {
-            debug!("Failed to enable for management: {err:?}");
-            err
-        })?;
-
         debug!("Runnig manage request: {request:?}");
         match request {
             Se050ManageRequest::Info(InfoRequest) => {

diff --git a/src/staging.rs b/src/staging.rs
@@ -142,7 +142,7 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> ExtensionImpl<ManageExtension> for Se050Bac
                         debug!("Failed to factory reset: {_err:?}");
                         Error::FunctionFailed
                     })?;
-                self.configured = false;
+                self.configure()?;
 
                 // Let the staging backend delete the rest of the data
                 Err(Error::RequestNotAvailable)

diff --git a/src/trussed_auth_impl.rs b/src/trussed_auth_impl.rs
@@ -264,7 +264,6 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> ExtensionImpl<trussed_auth::AuthExtension>
         <trussed_auth::AuthExtension as trussed::serde_extensions::Extension>::Reply,
         trussed::Error,
     > {
-        self.configure()?;
         let backend_ctx = backend_ctx.with_namespace(&self.ns, &core_ctx.path);
         let auth_ctx = backend_ctx.auth;
         let ns = backend_ctx.ns;