Crates.io | se05x |
lib.rs | se05x |
version | 0.1.7 |
source | src |
created_at | 2023-08-17 14:29:45.703344 |
updated_at | 2024-10-25 12:05:38.367542 |
description | Driver for the NXP SE05X |
homepage | |
repository | https://github.com/Nitrokey/se05x |
max_upload_size | |
id | 947057 |
size | 414,169 |
This crate contains a Rust driver for the SE05x series of secure elements from NXP. It contains an implementation of the T=1 protocol and the ISO7816-4 APDUs that are used to communicate with the se05x.
use se05x::se05x::commands::*;
use se05x::se05x::policies::*;
use se05x::se05x::*;
let i2c = get_i2c();
let delay = get_delay();
let address = 0x48;
let mut se05x = Se05X::new(i2c, address, delay);
let user_id = ObjectId([0x01, 0x00, 0x00, 0x00]);
let object_id = ObjectId([0x01, 0x02, 0x03, 0x04]);
let buf = &mut [0; 128];
let atr = se05x.enable();
// Running a WriteUserId command:
se05x.run_command(
&WriteUserId::builder()
.object_id(user_id)
.data(b"Some value")
.build(),
buf,
)?;
// Creating a file with a policy
let policy = &[Policy {
object_id: user_id,
access_rule: ObjectAccessRule::from_flags(ObjectPolicyFlags::ALLOW_READ),
}];
se05x.run_command(
&WriteBinary::builder()
.policy(PolicySet(policy))
.object_id(object_id)
.file_length(9.into())
.data(b"Some data")
.build(),
buf,
)?;
// Opening a session with teh UserID
let session_id = se05x
.run_command(&CreateSession { object_id: user_id }, buf)?
.session_id;
// Verifying the UserId
se05x.run_session_command(
session_id,
&VerifySessionUserId {
user_id: b"Some value",
},
buf,
)?;
// Reading the data with the verified session
let data = se05x.run_session_command(
session_id,
&ReadObject::builder()
.object_id(object_id)
.offset(0.into())
.length(9.into())
.build(),
buf,
)?;
This driver communicates with the se05x over the T=1 protocol over I2C, as described in UM11225.
To do so and be compatible with most embedded controlers, it depends on the I2C Read and Write from embedded-hal. However these traits do not expose the enough, as the T=1 protocol requires detecting I2C NACKs, which are not exposed in this protocol.
Nacks are exposed in the Error
types for each HAL
crate. As such an extension to the embedded-hal traits is defined as I2CErrorNack
, exposing the missing information.
It is implemented for the NRF and LPC55 Hals in src/t1/i2cimpl.rs
, gated by the features nrf
and lpc55
respectively.
This may not be necessary with future releases of embedded-hal
, which adds the missing information.
This driver uses the iso7816
crate to implement serialization of APDUs.
To simplify implementation, all supported se05x APDUs are described in src/se05x/commands.toml
.
The python script generate_commands.py
parses the command.toml
file and generates src/se05x/commands.rs
, which implements all the APDUs.
This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.