Lib.rs

Hardware support
#driver #iso-7816 #session #policy #user-id #se05x

se05x

Driver for the NXP SE05X

by Nitrokey, sosthene-nitrokey

10 releases

0.2.0 Mar 25, 2025
0.1.7 Oct 25, 2024
0.1.5 Jun 6, 2024
0.1.2 Dec 14, 2023
0.1.1 Nov 24, 2023

#144 in Hardware support

Download history 30/week @ 2024-12-17 1/week @ 2024-12-24 11/week @ 2024-12-31 51/week @ 2025-01-07 44/week @ 2025-01-14 74/week @ 2025-01-21 19/week @ 2025-01-28 43/week @ 2025-02-04 70/week @ 2025-02-11 53/week @ 2025-02-18 90/week @ 2025-02-25 294/week @ 2025-03-04 77/week @ 2025-03-11 48/week @ 2025-03-18 160/week @ 2025-03-25 27/week @ 2025-04-01

340 downloads per month

LGPL-3.0-only

345KB
8K SLoC

SE05X driver

This crate contains a Rust driver for the SE05x series of secure elements from NXP. It contains an implementation of the T=1 protocol and the ISO7816-4 APDUs that are used to communicate with the se05x.

use se05x::se05x::commands::*;
use se05x::se05x::policies::*;
use se05x::se05x::*;
let i2c = get_i2c();
let delay = get_delay();
let address = 0x48;
let mut se05x = Se05X::new(i2c, address, delay);
let user_id = ObjectId([0x01, 0x00, 0x00, 0x00]);
let object_id = ObjectId([0x01, 0x02, 0x03, 0x04]);
let buf = &mut [0; 128];

let atr = se05x.enable();

// Running a WriteUserId command:
se05x.run_command(
    &WriteUserId::builder()
        .object_id(user_id)
        .data(b"Some value")
        .build(),
    buf,
)?;

// Creating a file with a policy
let policy = &[Policy {
    object_id: user_id,
    access_rule: ObjectAccessRule::from_flags(ObjectPolicyFlags::ALLOW_READ),
}];

se05x.run_command(
    &WriteBinary::builder()
        .policy(PolicySet(policy))
        .object_id(object_id)
        .file_length(9.into())
        .data(b"Some data")
        .build(),
    buf,
)?;

// Opening a session with teh UserID
let session_id = se05x
    .run_command(&CreateSession { object_id: user_id }, buf)?
    .session_id;

// Verifying the UserId
se05x.run_session_command(
    session_id,
    &VerifySessionUserId {
        user_id: b"Some value",
    },
    buf,
)?;
// Reading the data with the verified session
let data = se05x.run_session_command(
    session_id,
    &ReadObject::builder()
        .object_id(object_id)
        .offset(0.into())
        .length(9.into())
        .build(),
    buf,
)?;

Architecture

T=1

This driver communicates with the se05x over the T=1 protocol over I2C, as described in UM11225.

To do so and be compatible with most embedded controlers, it depends on the I2C Read and Write from embedded-hal.

Embedded HAL v0.2

The traits do not expose the protocol enough, as the T=1 protocol requires detecting I2C NACKs, which are not exposed in this version.

Nacks are exposed in the Error types for each HAL crate. As such an extension to the embedded-hal traits is defined as I2CErrorNack, exposing the missing information. It is implemented for the NRF and LPC55 Hals in src/t1/i2cimpl.rs, gated by the features nrf and lpc55 respectively.

Embedded HAL v1.0

This version exposes the required I2C NACKs. There is no need to use the nrf and lpc55 features.

Iso7816

This driver uses the iso7816 crate to implement serialization of APDUs.

Generation of commands

To simplify implementation, all supported se05x APDUs are described in src/se05x/commands.toml. The python script generate_commands.py parses the command.toml file and generates src/se05x/commands.rs, which implements all the APDUs.

Funding

Logo NLnet: abstract logo of four people seen from above Logo NGI Assure: letterlogo shaped like a tag

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.

Dependencies

~0.9–4MB
~99K SLoC