Struct capsules_extra::hmac::HmacDriver

pub struct HmacDriver<'a, H: Digest<'a, L>, const L: usize> { /* private fields */ }

Implementations

impl<'a, H: Digest<'a, L> + HmacSha256 + HmacSha384 + HmacSha512, const L: usize> HmacDriver<'a, H, L>

pub fn new( hmac: &'a H, data_buffer: &'static mut [u8], dest_buffer: &'static mut [u8; L], grant: Grant<App, UpcallCount<1>, AllowRoCount<{ ro_allow::COUNT }>, AllowRwCount<{ rw_allow::COUNT }>>, ) -> HmacDriver<'a, H, L>

Trait Implementations

impl<'a, H: Digest<'a, L> + HmacSha256 + HmacSha384 + HmacSha512, const L: usize> ClientData<L> for HmacDriver<'a, H, L>

fn add_data_done( &self, _result: Result<(), ErrorCode>, _data: SubSlice<'static, u8>, )

Called when the data has been added to the digest. data is the SubSlice passed in the call to add_data, whose active slice contains the data that was not added. On Ok, data has an active slice of size zero (all data was added). Valid ErrorCode values are:

fn add_mut_data_done( &self, _result: Result<(), ErrorCode>, data: SubSliceMut<'static, u8>, )

Called when the data has been added to the digest. data is the SubSliceMut passed in the call to add_mut_data, whose active slice contains the data that was not added. On Ok, data has an active slice of size zero (all data was added). Valid ErrorCode values are:

impl<'a, H: Digest<'a, L> + HmacSha256 + HmacSha384 + HmacSha512, const L: usize> ClientHash<L> for HmacDriver<'a, H, L>

fn hash_done(&self, result: Result<(), ErrorCode>, digest: &'static mut [u8; L])

Called when a digest is computed. digest is the same reference passed to run() to store the hash value. If result is Ok, digest stores the computed hash. If result is Err, the data stored in digest is undefined and may have any value. Valid ErrorCode values are:

impl<'a, H: Digest<'a, L> + HmacSha256 + HmacSha384 + HmacSha512, const L: usize> ClientVerify<L> for HmacDriver<'a, H, L>

fn verification_done( &self, result: Result<bool, ErrorCode>, compare: &'static mut [u8; L], )

Called when a verification is computed. compare is the reference supplied to verify() and the data stored in compare is unchanged. On Ok the bool indicates if the computed hash matches the value in compare. Valid ErrorCode values are:

impl<'a, H: Digest<'a, L> + HmacSha256 + HmacSha384 + HmacSha512, const L: usize> SyscallDriver for HmacDriver<'a, H, L>

Specify memory regions to be used.

allow_num

• 0: Allow a buffer for storing the key. The kernel will read from this when running This should not be changed after running run until the HMAC has completed
• 1: Allow a buffer for storing the buffer. The kernel will read from this when running This should not be changed after running run until the HMAC has completed
• 2: Allow a buffer for storing the digest. The kernel will fill this with the HMAC digest before calling the hash_done callback.

fn command( &self, command_num: usize, data1: usize, _data2: usize, processid: ProcessId, ) -> CommandReturn

Setup and run the HMAC hardware

We expect userspace to setup buffers for the key, data and digest. These buffers must be allocated and specified to the kernel from the above allow calls.

We expect userspace not to change the value while running. If userspace changes the value we have no guarantee of what is passed to the hardware. This isn’t a security issue, it will just prove the requesting app with invalid data.

The driver will take care of clearing data from the underlying implementation by calling the clear_data() function when the hash_complete() callback is called or if an error is encountered.

command_num

• 0: set_algorithm
• 1: run
• 2: update
• 3: finish

fn allocate_grant(&self, processid: ProcessId) -> Result<(), Error>

Request to allocate a capsule’s grant for a specific process.

fn allow_userspace_readable( &self, app: ProcessId, which: usize, slice: ReadWriteProcessBuffer, ) -> Result<ReadWriteProcessBuffer, (ReadWriteProcessBuffer, ErrorCode)>

System call for a process to pass a buffer (a UserspaceReadableProcessBuffer) to the kernel that the kernel can either read or write. The kernel calls this method only after it checks that the entire buffer is within memory the process can both read and write.