se05x 0.1.1

Driver for the NXP SE05X
Documentation

SE05X driver

This crate contains a Rust driver for the SE05x series of secure elements from NXP. It contains an implementation of the T=1 protocol and the ISO7816-4 APDUs that are used to communicate with the se05x.

This crate is under heavy development.

let i2c: impl I2CForT1 = todo!();
let delay: impl DelayUs<u32> = todo!();
let mut se05x = se05x::new(i2c, address, delay);
let user_id = ObjectId(hex!("01020304"));

let atr = se05x.enable();

// Running a WriteUserId command:
se05x.run_command(&WriteUserId {
    policy: None,
    max_attempts: None,
    object_id: user_id,
    value: b"Some value"
})?;

// Creating a file with a policy
let policy = &[Policy {
    object_id: user_id,
    access_rule: ObjectAccessRule::from_flags(
        ObjectPolicyFlags::ALLOW_READ,
    ),
}];

se05x.run_command(
    &WriteBinary {
        transient: false,
        policy: Some(PolicySet(policy)),
        object_id,
        offset: None,
        file_length: Some(9.into()),
        data: Some(&b"Some data"),
    },
    &mut buf,
)?;

// Opening a session with teh UserID
let session = se05x.run_command(&CreateSession { object_id: user_id }, &mut buf)?;

// Verifying the UserId
se05x.run_command(
    &ProcessSessionCmd {
        session_id: session.session_id,
        apdu: VerifySessionUserId {
            user_id: b"Some value",
        },
    },
    &mut buf,
)?;
// Reading the data with the verified session
let data = se05x.run_command(
    &ProcessSessionCmd {
        session_id: session.session_id,
        apdu: ReadObject {
            object_id,
            offset: Some(0.into()),
            length: Some(9.into()),
            rsa_key_component: None,
        },
    },
    &mut buf,
)?;

Architecture

T=1

This driver communicates with the se05x over the T=1 protocol over I2C, as described in UM11225.

To do so and be compatible with most embedded controlers, it depends on the I2C Read and Write from embedded-hal. However these traits do not expose the enough, as the T=1 protocol requires detecting I2C NACKs, which are not exposed in this protocol.

Nacks are exposed in the Error types for each HAL crate. As such an extension to the embedded-hal traits is defined as I2CErrorNack, exposing the missing information. It is implemented for the NRF and LPC55 Hals in src/t1/i2cimpl.rs, gated by the features nrf and lpc55 respectively.

This may not be necessary with future releases of embedded-hal, which adds the missing information.

Iso7816

This driver uses the iso7816 crate to implement serialization of APDUs.

Generation of commands

To simplify implementation, all supported se05x APDUs are described in src/se05x/commands.toml. The python script generate_commands.py parses the command.toml file and generates src/se05x/commands.rs, which implements all the APDUs.

Funding

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.