Merge pull request #441 from Nitrokey/space-migrate

Implement optimization migrations
Nitrokey · Apr 9, 2024 · 88b46a2 · 88b46a2
2 parents 7bc131c + 5cbb8d7
commit 88b46a2
Show file tree

Hide file tree

Showing 6 changed files with 208 additions and 84 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -17,38 +17,38 @@ version = "1.7.0-rc.1"
 memory-regions = { path = "components/memory-regions" }
 
 # forked
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.11" }
-cbor-smol = { git = "https://github.com/Nitrokey/cbor-smol.git", tag = "v0.4.0-nitrokey.1" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", rev = "v0.1.0-nitrokey.12" }
+cbor-smol = { git = "https://github.com/Nitrokey/cbor-smol.git", tag = "v0.4.0-nitrokey.3"}
 fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.14" }
 lpc55-hal = { git = "https://github.com/Nitrokey/lpc55-hal", tag = "v0.3.0-nitrokey.2" }
 serde-indexed = { git = "https://github.com/nitrokey/serde-indexed.git", tag = "v0.1.0-nitrokey.2" }
-trussed = { git = "https://github.com/Nitrokey/trussed.git", tag = "v0.1.0-nitrokey.18" }
+trussed = { git = "https://github.com/Nitrokey/trussed.git", rev = "371e8f7a07817c2ed57978bd86e3412bd9877647" }
 
 # unreleased upstream changes
 apdu-dispatch = { git = "https://github.com/Nitrokey/apdu-dispatch.git", tag = "v0.1.2-nitrokey.3" }
 ctap-types = { git = "https://github.com/trussed-dev/ctap-types.git", rev = "a9f8003a1d9f05f9eea39e615b9159bc0613fcb5" }
 ctaphid-dispatch = { git = "https://github.com/Nitrokey/ctaphid-dispatch.git", tag = "v0.1.1-nitrokey.3" }
-littlefs2 = { git = "https://github.com/trussed-dev/littlefs2", rev = "ebd27e49ca321089d01d8c9b169c4aeb58ceeeca" }
+littlefs2 = { git = "https://github.com/trussed-dev/littlefs2.git", rev = "960e57d9fc0d209308c8e15dc26252bbe1ff6ba8" }
 littlefs2-sys = { git = "https://github.com/trussed-dev/littlefs2-sys.git", rev = "39626c0dbc2f6c38b74889a5bf9d5a200614f121" }
 usbd-ctaphid = { git = "https://github.com/trussed-dev/usbd-ctaphid.git", rev = "1db2e014f28669bc484c81ab0406c54b16bba33c" }
 usbd-ccid = { git = "https://github.com/Nitrokey/usbd-ccid", tag = "v0.2.0-nitrokey.1" }
 p256-cortex-m4  = { git = "https://github.com/ycrypto/p256-cortex-m4.git", rev = "cdb31e12594b4dc1f045b860a885fdc94d96aee2" }
 
 # unreleased crates
-secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", tag = "v0.13.0-rc2" }
+secrets-app = { git = "https://github.com/Nitrokey/trussed-secrets-app", rev = "6eff6f9ad65df6875fe1eec31cfe34f591cad303" }
 webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag = "v0.8.0-rc6" }
-opcard = { git = "https://github.com/Nitrokey/opcard-rs", tag = "v1.4.0" }
-piv-authenticator = { git = "https://github.com/trussed-dev/piv-authenticator.git", tag = "v0.4.0" }
+opcard = { git = "https://github.com/Nitrokey/opcard-rs", rev = "70e3f1aa21ecb75c1237b20b733d0e228a966b10" }
+piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator.git", rev = "2d0ae0312170adb9cfffd05f70ebc83af3c14679" }
 trussed-chunked = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "chunked-v0.1.0" }
 trussed-manage = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "manage-v0.1.0" }
 trussed-wrap-key-to-file = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "wrap-key-to-file-v0.1.0" }
 trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "v0.3.0" }
-trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth", rev = "4b8191f248c26cb074cdac887c7f3f48f9c449a4" }
+trussed-auth = { git = "https://github.com/Nitrokey/trussed-auth", tag = "v0.3.0-nitrokey.1" }
 trussed-hkdf = { git = "https://github.com/trussed-dev/trussed-staging.git", tag = "hkdf-v0.2.0" }
 trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "9732a9a3e98af72112286afdc9b7174c66c2869a" }
 trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.3" }
-trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "v0.3.0" }
 trussed-se050-manage = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "se050-manage-v0.1.0" }
+trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "v0.3.1" }
 
 [profile.release]
 codegen-units = 1

diff --git a/components/apps/Cargo.toml b/components/apps/Cargo.toml
@@ -19,7 +19,7 @@ if_chain = "1.0.2"
 littlefs2 = "0.4"
 
 # Backends
-trussed-auth = { version = "0.2.2", optional = true }
+trussed-auth = { version = "0.3.0", optional = true }
 trussed-rsa-alloc = { version = "0.1.0", optional = true }
 trussed-se050-backend = { version = "0.3.0", optional = true }
 trussed-staging = { version = "0.3.0", features = ["wrap-key-to-file", "chunked", "hkdf", "manage"] }
@@ -38,7 +38,7 @@ ndef-app = { path = "../ndef-app", optional = true }
 webcrypt = { version = "0.8.0", optional = true }
 secrets-app = { version = "0.13.0", features = ["apdu-dispatch", "ctaphid"], optional = true }
 opcard = { version = "1.4.0", features = ["apdu-dispatch", "delog", "rsa2048-gen", "rsa4096", "admin-app"], optional = true }
-piv-authenticator = { version = "0.4.0", features = ["apdu-dispatch", "delog", "rsa"], optional = true }
+piv-authenticator = { version = "0.3.4", features = ["apdu-dispatch", "delog", "rsa"], optional = true }
 provisioner-app = { path = "../provisioner-app", optional = true }
 
 [dev-dependencies]

diff --git a/components/apps/src/dispatch.rs b/components/apps/src/dispatch.rs
@@ -39,6 +39,12 @@ use trussed_manage::ManageExtension;
 use trussed_staging::{StagingBackend, StagingContext};
 use trussed_wrap_key_to_file::WrapKeyToFileExtension;
 
+#[cfg(feature = "backend-auth")]
+use super::migrations::TRUSSED_AUTH_FS_LAYOUT;
+
+#[cfg(feature = "se050")]
+use super::migrations::SE050_BACKEND_FS_LAYOUT;
+
 #[cfg(feature = "webcrypt")]
 use webcrypt::hmacsha256p256::{
     Backend as HmacSha256P256Backend, BackendContext as HmacSha256P256Context,
@@ -121,12 +127,20 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
         let _ = auth_location;
         Self {
             #[cfg(feature = "backend-auth")]
-            auth: AuthBackend::new(auth_location),
+            auth: AuthBackend::new(auth_location, TRUSSED_AUTH_FS_LAYOUT),
             #[cfg(feature = "webcrypt")]
             hmacsha256p256: Default::default(),
             staging: build_staging_backend(),
             #[cfg(feature = "se050")]
-            se050: se050.map(|driver| Se050Backend::new(driver, auth_location, None, NAMESPACE)),
+            se050: se050.map(|driver| {
+                Se050Backend::new(
+                    driver,
+                    auth_location,
+                    None,
+                    NAMESPACE,
+                    SE050_BACKEND_FS_LAYOUT,
+                )
+            }),
             #[cfg(not(feature = "se050"))]
             __: Default::default(),
         }
@@ -142,13 +156,19 @@ impl<T: Twi, D: Delay> Dispatch<T, D> {
         // Should the backend really use the same key?
         let hw_key_se050 = hw_key.clone();
         Self {
-            auth: AuthBackend::with_hw_key(auth_location, hw_key),
+            auth: AuthBackend::with_hw_key(auth_location, hw_key, TRUSSED_AUTH_FS_LAYOUT),
             #[cfg(feature = "webcrypt")]
             hmacsha256p256: Default::default(),
             staging: build_staging_backend(),
             #[cfg(feature = "se050")]
             se050: se050.map(|driver| {
-                Se050Backend::new(driver, auth_location, Some(hw_key_se050), NAMESPACE)
+                Se050Backend::new(
+                    driver,
+                    auth_location,
+                    Some(hw_key_se050),
+                    NAMESPACE,
+                    SE050_BACKEND_FS_LAYOUT,
+                )
             }),
             #[cfg(not(feature = "se050"))]
             __: Default::default(),
@@ -195,7 +215,6 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
                 self.auth
                     .request(&mut ctx.core, &mut ctx.backends.auth, request, resources)
             }
-            Backend::Hkdf => Err(TrussedError::RequestNotAvailable),
             #[cfg(feature = "webcrypt")]
             Backend::HmacSha256P256 => Err(TrussedError::RequestNotAvailable),
             #[cfg(feature = "backend-rsa")]
@@ -275,6 +294,13 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
                         resources,
                     )
                 }
+                Extension::Hkdf => ExtensionImpl::<HkdfExtension>::extension_request_serialized(
+                    &mut self.staging,
+                    &mut ctx.core,
+                    &mut ctx.backends.staging,
+                    request,
+                    resources,
+                ),
                 #[allow(unreachable_patterns)]
                 _ => Err(TrussedError::RequestNotAvailable),
             },
@@ -342,7 +368,6 @@ impl<T: Twi, D: Delay> ExtensionDispatch for Dispatch<T, D> {
 pub enum Backend {
     #[cfg(feature = "backend-auth")]
     Auth,
-    Hkdf,
     #[cfg(feature = "webcrypt")]
     HmacSha256P256,
     #[cfg(feature = "backend-rsa")]