This crate contains a Rust driver for the SE05x series of secure elements from NXP. It contains an implementation of the T=1 protocol and the ISO7816-4 APDUs that are used to communicate with the SE050.
This crate is under heavy development.
let i2c: impl I2CForT1 = todo!();
let delay: impl DelayUs<u32> = todo!();
let mut se050 = Se050::new(i2c, address, delay);
let user_id = ObjectId(hex!("01020304"));
let atr = se050.enable();
// Running a WriteUserId command:
se050.run_command(&WriteUserId {
policy: None,
max_attempts: None,
object_id: user_id,
value: b"Some value"
})?;
// Creating a file with a policy
let policy = &[Policy {
object_id: user_id,
access_rule: ObjectAccessRule::from_flags(
ObjectPolicyFlags::ALLOW_READ,
),
}];
se050.run_command(
&WriteBinary {
transient: false,
policy: Some(PolicySet(policy)),
object_id,
offset: None,
file_length: Some(9.into()),
data: Some(&b"Some data"),
},
&mut buf,
)?;
// Opening a session with teh UserID
let session = se050.run_command(&CreateSession { object_id: user_id }, &mut buf)?;
// Verifying the UserId
se050.run_command(
&ProcessSessionCmd {
session_id: session.session_id,
apdu: VerifySessionUserId {
user_id: b"Some value",
},
},
&mut buf,
)?;
// Reading the data with the verified session
let data = se050.run_command(
&ProcessSessionCmd {
session_id: session.session_id,
apdu: ReadObject {
object_id,
offset: Some(0.into()),
length: Some(9.into()),
rsa_key_component: None,
},
},
&mut buf,
)?;This driver communicates with the SE050 over the T=1 protocol over I2C, as described in UM11225.
To do so and be compatible with most embedded controlers, it depends on the I2C Read and Write from embedded-hal. However these traits do not expose the enough, as the T=1 protocol requires detecting I2C NACKs, which are not exposed in this protocol.
Nacks are exposed in the Error types for each HAL crate. As such an extension to the embedded-hal traits is defined as I2CErrorNack, exposing the missing information.
It is implemented for the NRF and LPC55 Hals in src/t1/i2cimpl.rs, gated by the features nrf and lpc55 respectively.
This may not be necessary with future releases of embedded-hal, which adds the missing information.
This driver uses the iso7816 crate to implement serialization of APDUs.
To simplify implementation, all supported SE050 APDUs are described in src/se050/commands.toml.
The python script generate_commands.py parses the command.toml file and generates src/se050/commands.rs, which implements all the APDUs.
This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.