components/appid/
checker_signature.rs

1// Licensed under the Apache License, Version 2.0 or the MIT License.
2// SPDX-License-Identifier: Apache-2.0 OR MIT
3// Copyright Tock Contributors 2024.
4
5//! Components for signature credential checkers.
6
7use core::mem::MaybeUninit;
8use kernel::component::Component;
9use kernel::hil::{digest, public_key_crypto};
10
11#[macro_export]
12macro_rules! app_checker_signature_component_static {
13    ($S:ty, $H:ty, $HASH_LEN:expr, $SIGNATURE_LEN:expr $(,)?) => {{
14        let hash_buffer = kernel::static_buf!([u8; $HASH_LEN]);
15        let signature_buffer = kernel::static_buf!([u8; $SIGNATURE_LEN]);
16        let checker = kernel::static_buf!(
17            capsules_system::process_checker::signature::AppCheckerSignature<
18                'static,
19                $S,
20                $H,
21                $HASH_LEN,
22                $SIGNATURE_LEN,
23            >
24        );
25
26        (checker, hash_buffer, signature_buffer)
27    };};
28}
29
30pub type AppCheckerSignatureComponentType<S, H, const HASH_LEN: usize, const SIGNATURE_LEN: usize> =
31    capsules_system::process_checker::signature::AppCheckerSignature<
32        'static,
33        S,
34        H,
35        HASH_LEN,
36        SIGNATURE_LEN,
37    >;
38
39pub struct AppCheckerSignatureComponent<
40    S: kernel::hil::public_key_crypto::signature::SignatureVerify<'static, HASH_LEN, SIGNATURE_LEN>
41        + kernel::hil::public_key_crypto::keys::SelectKey<'static>
42        + 'static,
43    H: kernel::hil::digest::DigestDataHash<'static, HASH_LEN> + 'static,
44    const HASH_LEN: usize,
45    const SIGNATURE_LEN: usize,
46> {
47    hasher: &'static H,
48    verifier: &'static S,
49    credential_type: tock_tbf::types::TbfFooterV2CredentialsType,
50}
51
52impl<
53        S: kernel::hil::public_key_crypto::signature::SignatureVerify<
54                'static,
55                HASH_LEN,
56                SIGNATURE_LEN,
57            > + kernel::hil::public_key_crypto::keys::SelectKey<'static>,
58        H: kernel::hil::digest::DigestDataHash<'static, HASH_LEN>,
59        const HASH_LEN: usize,
60        const SIGNATURE_LEN: usize,
61    > AppCheckerSignatureComponent<S, H, HASH_LEN, SIGNATURE_LEN>
62{
63    pub fn new(
64        hasher: &'static H,
65        verifier: &'static S,
66        credential_type: tock_tbf::types::TbfFooterV2CredentialsType,
67    ) -> Self {
68        Self {
69            hasher,
70            verifier,
71            credential_type,
72        }
73    }
74}
75
76impl<
77        S: kernel::hil::public_key_crypto::signature::SignatureVerify<
78                'static,
79                HASH_LEN,
80                SIGNATURE_LEN,
81            > + kernel::hil::public_key_crypto::keys::SelectKey<'static>,
82        H: kernel::hil::digest::DigestDataHash<'static, HASH_LEN>
83            + kernel::hil::digest::Digest<'static, HASH_LEN>,
84        const HASH_LEN: usize,
85        const SIGNATURE_LEN: usize,
86    > Component for AppCheckerSignatureComponent<S, H, HASH_LEN, SIGNATURE_LEN>
87{
88    type StaticInput = (
89        &'static mut MaybeUninit<
90            capsules_system::process_checker::signature::AppCheckerSignature<
91                'static,
92                S,
93                H,
94                HASH_LEN,
95                SIGNATURE_LEN,
96            >,
97        >,
98        &'static mut MaybeUninit<[u8; HASH_LEN]>,
99        &'static mut MaybeUninit<[u8; SIGNATURE_LEN]>,
100    );
101
102    type Output = &'static capsules_system::process_checker::signature::AppCheckerSignature<
103        'static,
104        S,
105        H,
106        HASH_LEN,
107        SIGNATURE_LEN,
108    >;
109
110    fn finalize(self, s: Self::StaticInput) -> Self::Output {
111        let hash_buffer = s.1.write([0; HASH_LEN]);
112        let signature_buffer = s.2.write([0; SIGNATURE_LEN]);
113
114        let checker = s.0.write(
115            capsules_system::process_checker::signature::AppCheckerSignature::new(
116                self.hasher,
117                self.verifier,
118                hash_buffer,
119                signature_buffer,
120                self.credential_type,
121            ),
122        );
123
124        digest::Digest::set_client(self.hasher, checker);
125        kernel::hil::public_key_crypto::keys::SelectKey::set_client(self.verifier, checker);
126        public_key_crypto::signature::SignatureVerify::set_verify_client(self.verifier, checker);
127
128        checker
129    }
130}