Use improved enums rather than bool

Nitrokey · Mar 28, 2024 · 06d13bb · 06d13bb
1 parent d39f02a
commit 06d13bb
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 59 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -43,12 +43,12 @@ trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git",
 trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" }
 trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "wrap-key-to-file-v0.1.0" }
 trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.3.0" }
-trussed-auth = { git = "https://github.com/Nitrokey/trussed-auth", rev = "f89f8534a88fb1fe96c6ad6e002e6e523e0e7280" }
+trussed-auth = { git = "https://github.com/Nitrokey/trussed-auth", rev = "b792b186378b81e15e1ef9e8d5a08ef0d986e9bb" }
 trussed-hkdf = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "hkdf-v0.2.0" }
 trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "9732a9a3e98af72112286afdc9b7174c66c2869a" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.3" }
 trussed-se050-manage = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "se050-manage-v0.1.0" }
-trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "4158263c4c060be2691cf87ad400187f9ef0b0a3" }
+trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "d5aee1bcff61dc55bcf87efca10cd58cd06714a0" }
 
 [profile.release]
 codegen-units = 1

diff --git a/components/apps/Cargo.toml b/components/apps/Cargo.toml
@@ -67,8 +67,7 @@ webcrypt = ["dep:webcrypt", "backend-auth", "backend-rsa"]
 fido-authenticator = ["dep:fido-authenticator", "usbd-ctaphid"]
 opcard = ["dep:opcard", "backend-rsa", "backend-auth"]
 piv-authenticator = ["dep:piv-authenticator", "backend-rsa", "backend-auth"]
-se050 = ["dep:se05x", "trussed-se050-backend", "trussed-se050-manage", "admin-app/se050", "se050-migration"]
-se050-migration = ["dep:se05x", "trussed-se050-backend"]
+se050 = ["dep:se05x", "trussed-se050-backend", "trussed-se050-manage", "admin-app/se050"]
 
 # backends
 backend-auth = ["trussed-auth"]

diff --git a/components/apps/src/dispatch.rs b/components/apps/src/dispatch.rs
@@ -39,14 +39,18 @@ use trussed_manage::ManageExtension;
 use trussed_staging::{StagingBackend, StagingContext};
 use trussed_wrap_key_to_file::WrapKeyToFileExtension;
 
+#[cfg(feature = "backend-auth")]
+use super::migrations::TRUSSED_AUTH_FS_LAYOUT;
+
+#[cfg(feature = "se05x")]
+use super::migrations::SE050_BACKEND_FS_LAYOUT;
+
 #[cfg(feature = "webcrypt")]
 use webcrypt::hmacsha256p256::{
     Backend as HmacSha256P256Backend, BackendContext as HmacSha256P256Context,
     HmacSha256P256Extension,
 };
 
-use crate::migrations::USE_MIGRATIONS;
-
 pub struct Dispatch<T = (), D = ()> {
     #[cfg(feature = "backend-auth")]
     auth: AuthBackend,
@@ -123,13 +127,19 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
         let _ = auth_location;
         Self {
             #[cfg(feature = "backend-auth")]
-            auth: AuthBackend::new(auth_location, USE_MIGRATIONS),
+            auth: AuthBackend::new(auth_location, TRUSSED_AUTH_FS_LAYOUT),
             #[cfg(feature = "webcrypt")]
             hmacsha256p256: Default::default(),
             staging: build_staging_backend(),
             #[cfg(feature = "se050")]
             se050: se050.map(|driver| {
-                Se050Backend::new(driver, auth_location, None, NAMESPACE, USE_MIGRATIONS)
+                Se050Backend::new(
+                    driver,
+                    auth_location,
+                    None,
+                    NAMESPACE,
+                    SE050_BACKEND_FS_LAYOUT,
+                )
             }),
             #[cfg(not(feature = "se050"))]
             __: Default::default(),
@@ -146,7 +156,7 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
         // Should the backend really use the same key?
         let hw_key_se050 = hw_key.clone();
         Self {
-            auth: AuthBackend::with_hw_key(auth_location, hw_key, USE_MIGRATIONS),
+            auth: AuthBackend::with_hw_key(auth_location, hw_key, TRUSSED_AUTH_FS_LAYOUT),
             #[cfg(feature = "webcrypt")]
             hmacsha256p256: Default::default(),
             staging: build_staging_backend(),
@@ -157,7 +167,7 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
                     auth_location,
                     Some(hw_key_se050),
                     NAMESPACE,
-                    USE_MIGRATIONS,
+                    SE050_BACKEND_FS_LAYOUT,
                 )
             }),
             #[cfg(not(feature = "se050"))]

diff --git a/components/apps/src/lib.rs b/components/apps/src/lib.rs
@@ -35,49 +35,7 @@ fn is_default<T: Default + PartialEq>(value: &T) -> bool {
     value == &Default::default()
 }
 
-#[allow(unused)]
-mod migrations {
-    use admin_app::migrations::Migrator;
-    use littlefs2::path;
-
-    pub(crate) const MIGRATION_VERSION_SPACE_EFFICIENCY: u32 = 1;
-
-    /// set to true to enable migrations for trussed-auth and se050-backend
-    pub(crate) const USE_MIGRATIONS: bool = false;
-
-    // TODO: use when enabling migrations of trussed-auth and se050-backend and of fido-authenticator
-    pub(crate) const MIGRATORS: &[Migrator] = &[
-        // We first migrate the SE050 since this migration deletes data to make sure that the other
-        // migrations succeed even on low block availability
-        #[cfg(feature = "se050-migration")]
-        Migrator {
-            migrate: |ifs, _efs| {
-                trussed_se050_backend::migrate::migrate_remove_all_dat(ifs, &[path!("/opcard")])
-            },
-            version: MIGRATION_VERSION_SPACE_EFFICIENCY,
-        },
-        #[cfg(feature = "backend-auth")]
-        Migrator {
-            migrate: |ifs, _efs| {
-                trussed_auth::migrate::migrate_remove_dat(
-                    ifs,
-                    &[
-                        path!("opcard"),
-                        path!("webcrypt"),
-                        path!("secrets"),
-                        path!("piv"),
-                    ],
-                )
-            },
-            version: MIGRATION_VERSION_SPACE_EFFICIENCY,
-        },
-        Migrator {
-            // FIDO migration
-            migrate: |_ifs, _efs| todo!("Add fido migration"),
-            version: MIGRATION_VERSION_SPACE_EFFICIENCY,
-        },
-    ];
-}
+mod migrations;
 
 #[derive(Debug, Default, PartialEq, Deserialize, Serialize)]
 pub struct Config {

diff --git a/components/apps/src/migrations.rs b/components/apps/src/migrations.rs
@@ -0,0 +1,63 @@
+#![allow(unused)]
+
+use admin_app::migrations::Migrator;
+use littlefs2::path;
+
+pub(crate) const MIGRATION_VERSION_SPACE_EFFICIENCY: u32 = 1;
+
+#[cfg(feature = "backend-auth")]
+pub(crate) const TRUSSED_AUTH_FS_LAYOUT: trussed_auth::FilesystemLayout =
+    trussed_auth::FilesystemLayout::V0;
+#[cfg(feature = "se05x")]
+pub(crate) const SE050_BACKEND_FS_LAYOUT: trussed_se050_backend::FilesystemLayout =
+    trussed_se050_backend::FilesystemLayout::V0;
+
+/// TODO: When enabling the filesystem layout V1, fido-authenticator will also need to be bump and have its migration enabled
+const _: () = {
+    #[cfg(feature = "backend-auth")]
+    assert!(matches!(
+        TRUSSED_AUTH_FS_LAYOUT,
+        trussed_auth::FilesystemLayout::V0
+    ));
+    #[cfg(feature = "se05x")]
+    assert!(matches!(
+        SE050_BACKEND_FS_LAYOUT,
+        trussed_se050_backend::FilesystemLayout::V0
+    ));
+    assert!(MIGRATORS.is_empty());
+};
+
+pub(crate) const MIGRATORS: &[Migrator] = &[];
+
+// TODO: use when enabling migrations of trussed-auth and se050-backend and of fido-authenticator
+const _MIGRATORS: &[Migrator] = &[
+    // We first migrate the SE050 since this migration deletes data to make sure that the other
+    // migrations succeed even on low block availability
+    #[cfg(feature = "se05x")]
+    Migrator {
+        migrate: |ifs, _efs| {
+            trussed_se050_backend::migrate::migrate_remove_all_dat(ifs, &[path!("/opcard")])
+        },
+        version: MIGRATION_VERSION_SPACE_EFFICIENCY,
+    },
+    #[cfg(feature = "backend-auth")]
+    Migrator {
+        migrate: |ifs, _efs| {
+            trussed_auth::migrate::migrate_remove_dat(
+                ifs,
+                &[
+                    path!("opcard"),
+                    path!("webcrypt"),
+                    path!("secrets"),
+                    path!("piv"),
+                ],
+            )
+        },
+        version: MIGRATION_VERSION_SPACE_EFFICIENCY,
+    },
+    Migrator {
+        // FIDO migration
+        migrate: |_ifs, _efs| todo!("Add fido migration"),
+        version: MIGRATION_VERSION_SPACE_EFFICIENCY,
+    },
+];