From ef569d2ed38b109f7852586b317a8f194696c2c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Tue, 28 May 2024 09:36:48 +0200 Subject: [PATCH 1/3] Make configure method public This method will now be called in the init process, based on the last configured version --- Cargo.toml | 1 + src/lib.rs | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 80 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 993e1d0..62444ea 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,6 +50,7 @@ admin-app = "0.1.0" [dev-dependencies] admin-app = { version = "0.1.0", features = ["migration-tests"] } +serde_test = "1.0.176" [patch.crates-io] littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "960e57d9fc0d209308c8e15dc26252bbe1ff6ba8" } diff --git a/src/lib.rs b/src/lib.rs index 5253603..48befe7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -37,6 +37,63 @@ const BACKEND_DIR: &Path = path!("se050-bak"); pub const GLOBAL_ATTEST_ID: ObjectId = ObjectId(hex!("F0000012")); +#[derive(PartialEq, Eq, Default, Debug)] +pub struct BackendVersion { + pub major: u8, + pub minor: u8, + pub patch: u8, +} + +impl serde::Serialize for BackendVersion { + fn serialize(&self, serializer: S) -> Result + where + S: serde::Serializer, + { + serializer.serialize_u32(u32::from_be_bytes([0, self.major, self.minor, self.patch])) + } +} + +impl<'de> serde::Deserialize<'de> for BackendVersion { + fn deserialize(deserializer: D) -> Result + where + D: serde::Deserializer<'de>, + { + use serde::de::Error; + let value = u32::deserialize(deserializer)?; + let [zero, major, minor, patch] = value.to_be_bytes(); + if zero != 0 { + return Err(D::Error::custom("Invalid value for BackendVersion")); + } + + Ok(BackendVersion { + major, + minor, + patch, + }) + } +} + +pub const SE050_BACKEND_VERSION: BackendVersion = { + const fn parse_u8(s: &str) -> u8 { + let bytes = s.as_bytes(); + let mut result = 0u8; + let mut i = 0; + while i < bytes.len() { + let Some(digit) = (bytes[i] as char).to_digit(10) else { + panic!("Invalid number"); + }; + result = result * 10 + (digit as u8); + i += 1; + } + result + } + BackendVersion { + major: parse_u8(env!("CARGO_PKG_VERSION_MAJOR")), + minor: parse_u8(env!("CARGO_PKG_VERSION_MINOR")), + patch: parse_u8(env!("CARGO_PKG_VERSION_PATCH")), + } +}; + pub enum Se05xLocation { Persistent, Transient, @@ -127,7 +184,7 @@ impl> Se050Backend { } } - fn configure(&mut self) -> Result<(), trussed::Error> { + pub fn configure(&mut self) -> Result<(), trussed::Error> { const REQUIRED_CURVES: [CurveInitializer; 2] = [PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER]; self.enable()?; @@ -184,3 +241,24 @@ const ID_RANGE: Range = 0x000000FF..0x7FFF0000; pub(crate) fn object_in_range(obj: ObjectId) -> bool { ID_RANGE.contains(&u32::from_be_bytes(obj.0)) } + +#[cfg(test)] +mod tests { + use super::*; + + use serde_test::{assert_tokens, Token}; + + #[test] + fn backend_version() { + // Check that serialization round-trip is correct + assert_tokens( + &SE050_BACKEND_VERSION, + &[Token::U32(u32::from_be_bytes([ + 0, + env!("CARGO_PKG_VERSION_MAJOR").parse().unwrap(), + env!("CARGO_PKG_VERSION_MINOR").parse().unwrap(), + env!("CARGO_PKG_VERSION_PATCH").parse().unwrap(), + ]))], + ); + } +} From fd3d7328e35d0cf85fa620dd7be09c3094ff92bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Tue, 28 May 2024 09:38:34 +0200 Subject: [PATCH 2/3] Remove required configure call --- src/core_api.rs | 2 -- src/lib.rs | 7 ------- src/manage.rs | 5 ----- src/staging.rs | 2 +- src/trussed_auth_impl.rs | 1 - 5 files changed, 1 insertion(+), 16 deletions(-) diff --git a/src/core_api.rs b/src/core_api.rs index d3ee366..4a01fe7 100644 --- a/src/core_api.rs +++ b/src/core_api.rs @@ -2982,8 +2982,6 @@ impl> Se050Backend { request: &Request, resources: &mut ServiceResources

, ) -> Result { - self.configure()?; - // FIXME: Have a real implementation from trussed let mut backend_path = core_ctx.path.clone(); backend_path.push(&PathBuf::from(BACKEND_DIR)); diff --git a/src/lib.rs b/src/lib.rs index 48befe7..7c49434 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -126,7 +126,6 @@ pub struct Se050Backend { metadata_location: Location, hw_key: HardwareKey, ns: Namespace, - configured: bool, layout: FilesystemLayout, } @@ -147,7 +146,6 @@ impl> Se050Backend { Some(k) => HardwareKey::Raw(k), }, ns, - configured: false, layout, } } @@ -188,9 +186,6 @@ impl> Se050Backend { const REQUIRED_CURVES: [CurveInitializer; 2] = [PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER]; self.enable()?; - if self.configured { - return Ok(()); - } let buf = &mut [0; 1024]; let configured_curves = self .se @@ -207,8 +202,6 @@ impl> Se050Backend { })?; } } - self.configured = true; - Ok(()) } } diff --git a/src/manage.rs b/src/manage.rs index 9bd4936..f187ca1 100644 --- a/src/manage.rs +++ b/src/manage.rs @@ -28,11 +28,6 @@ impl> ExtensionImpl for Se0 request: &::Request, _resources: &mut ServiceResources

, ) -> Result<::Reply, Error> { - self.configure().map_err(|err| { - debug!("Failed to enable for management: {err:?}"); - err - })?; - debug!("Runnig manage request: {request:?}"); match request { Se050ManageRequest::Info(InfoRequest) => { diff --git a/src/staging.rs b/src/staging.rs index a1d9432..91aae04 100644 --- a/src/staging.rs +++ b/src/staging.rs @@ -141,7 +141,7 @@ impl> ExtensionImpl for Se050Bac debug!("Failed to factory reset: {_err:?}"); Error::FunctionFailed })?; - self.configured = false; + self.configure()?; // Let the staging backend delete the rest of the data Err(Error::RequestNotAvailable) diff --git a/src/trussed_auth_impl.rs b/src/trussed_auth_impl.rs index bca002b..f8295c7 100644 --- a/src/trussed_auth_impl.rs +++ b/src/trussed_auth_impl.rs @@ -264,7 +264,6 @@ impl> ExtensionImpl ::Reply, trussed::Error, > { - self.configure()?; let backend_ctx = backend_ctx.with_namespace(&self.ns, &core_ctx.path); let auth_ctx = backend_ctx.auth; let ns = backend_ctx.ns; From e239875c32691ba36927a2a3652126958b804a01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Thu, 6 Jun 2024 11:06:56 +0200 Subject: [PATCH 3/3] Use counter instead of custom structure for configuration version --- Cargo.toml | 2 +- src/lib.rs | 86 ++++++++++-------------------------------------------- 2 files changed, 16 insertions(+), 72 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 62444ea..355ea8e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ trussed = { version = "0.1.0", features = ["serde-extensions"] } serde.workspace = true trussed.workspace = true -se05x = { version = "0.1.3", features = ["serde", "builder"] } +se05x = { version = "0.1.5", features = ["serde", "builder"] } trussed-auth = "0.3.0" trussed-manage = "0.1.0" trussed-se050-manage = "0.1.0" diff --git a/src/lib.rs b/src/lib.rs index 7c49434..600f566 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -37,62 +37,8 @@ const BACKEND_DIR: &Path = path!("se050-bak"); pub const GLOBAL_ATTEST_ID: ObjectId = ObjectId(hex!("F0000012")); -#[derive(PartialEq, Eq, Default, Debug)] -pub struct BackendVersion { - pub major: u8, - pub minor: u8, - pub patch: u8, -} - -impl serde::Serialize for BackendVersion { - fn serialize(&self, serializer: S) -> Result - where - S: serde::Serializer, - { - serializer.serialize_u32(u32::from_be_bytes([0, self.major, self.minor, self.patch])) - } -} - -impl<'de> serde::Deserialize<'de> for BackendVersion { - fn deserialize(deserializer: D) -> Result - where - D: serde::Deserializer<'de>, - { - use serde::de::Error; - let value = u32::deserialize(deserializer)?; - let [zero, major, minor, patch] = value.to_be_bytes(); - if zero != 0 { - return Err(D::Error::custom("Invalid value for BackendVersion")); - } - - Ok(BackendVersion { - major, - minor, - patch, - }) - } -} - -pub const SE050_BACKEND_VERSION: BackendVersion = { - const fn parse_u8(s: &str) -> u8 { - let bytes = s.as_bytes(); - let mut result = 0u8; - let mut i = 0; - while i < bytes.len() { - let Some(digit) = (bytes[i] as char).to_digit(10) else { - panic!("Invalid number"); - }; - result = result * 10 + (digit as u8); - i += 1; - } - result - } - BackendVersion { - major: parse_u8(env!("CARGO_PKG_VERSION_MAJOR")), - minor: parse_u8(env!("CARGO_PKG_VERSION_MINOR")), - patch: parse_u8(env!("CARGO_PKG_VERSION_PATCH")), - } -}; +/// The version to know wether it should be re-configured +pub const SE050_CONFIGURE_VERSION: u32 = 1; pub enum Se05xLocation { Persistent, @@ -181,10 +127,7 @@ impl> Se050Backend { } } } - pub fn configure(&mut self) -> Result<(), trussed::Error> { - const REQUIRED_CURVES: [CurveInitializer; 2] = - [PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER]; self.enable()?; let buf = &mut [0; 1024]; let configured_curves = self @@ -196,7 +139,7 @@ impl> Se050Backend { })?; for i in REQUIRED_CURVES { if !configured_curves.ids.contains(&i.curve.into()) { - self.se.create_and_set_curve_params(&i).map_err(|_err| { + self.se.create_and_set_curve_params(i).map_err(|_err| { debug!("Failed to create curve: {_err:?}"); trussed::Error::FunctionFailed })?; @@ -206,6 +149,8 @@ impl> Se050Backend { } } +const REQUIRED_CURVES: &[CurveInitializer] = &[PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER]; + #[derive(Default, Debug)] pub struct Context { auth: AuthContext, @@ -239,19 +184,18 @@ pub(crate) fn object_in_range(obj: ObjectId) -> bool { mod tests { use super::*; - use serde_test::{assert_tokens, Token}; - #[test] fn backend_version() { - // Check that serialization round-trip is correct - assert_tokens( - &SE050_BACKEND_VERSION, - &[Token::U32(u32::from_be_bytes([ - 0, - env!("CARGO_PKG_VERSION_MAJOR").parse().unwrap(), - env!("CARGO_PKG_VERSION_MINOR").parse().unwrap(), - env!("CARGO_PKG_VERSION_PATCH").parse().unwrap(), - ]))], + // History of previous SE050_CONFIGURE_VERSION and the curves they used + let curves_versions: &[(u32, &[_])] = &[ + (1, &[PRIME256V1_INITIALIZER, SECP521R1_INITIALIZER]), + (0, &[]), + ]; + + assert_eq!( + curves_versions[0], + (SE050_CONFIGURE_VERSION, REQUIRED_CURVES), + "CONFIGURE VERSION needs to be bumped when the REQUIRED_CURVES are changed" ); } }