components/appid/
checker_signature.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
// Licensed under the Apache License, Version 2.0 or the MIT License.
// SPDX-License-Identifier: Apache-2.0 OR MIT
// Copyright Tock Contributors 2024.

//! Components for signature credential checkers.

use core::mem::MaybeUninit;
use kernel::component::Component;
use kernel::hil::{digest, public_key_crypto};

#[macro_export]
macro_rules! app_checker_signature_component_static {
    ($S:ty, $H:ty, $HL:expr, $SL:expr $(,)?) => {{
        let hash_buffer = kernel::static_buf!([u8; $HL]);
        let signature_buffer = kernel::static_buf!([u8; $SL]);
        let checker = kernel::static_buf!(
            capsules_system::process_checker::signature::AppCheckerSignature<
                'static,
                $S,
                $H,
                $HL,
                $SL,
            >
        );

        (checker, hash_buffer, signature_buffer)
    };};
}

pub type AppCheckerSignatureComponentType<S, H, const HL: usize, const SL: usize> =
    capsules_system::process_checker::signature::AppCheckerSignature<'static, S, H, HL, SL>;

pub struct AppCheckerSignatureComponent<
    S: kernel::hil::public_key_crypto::signature::SignatureVerify<'static, HL, SL> + 'static,
    H: kernel::hil::digest::DigestDataHash<'static, HL> + 'static,
    const HL: usize,
    const SL: usize,
> {
    hasher: &'static H,
    verifier: &'static S,
    credential_type: tock_tbf::types::TbfFooterV2CredentialsType,
}

impl<
        S: kernel::hil::public_key_crypto::signature::SignatureVerify<'static, HL, SL>,
        H: kernel::hil::digest::DigestDataHash<'static, HL>,
        const HL: usize,
        const SL: usize,
    > AppCheckerSignatureComponent<S, H, HL, SL>
{
    pub fn new(
        hasher: &'static H,
        verifier: &'static S,
        credential_type: tock_tbf::types::TbfFooterV2CredentialsType,
    ) -> Self {
        Self {
            hasher,
            verifier,
            credential_type,
        }
    }
}

impl<
        S: kernel::hil::public_key_crypto::signature::SignatureVerify<'static, HL, SL>,
        H: kernel::hil::digest::DigestDataHash<'static, HL> + kernel::hil::digest::Digest<'static, HL>,
        const HL: usize,
        const SL: usize,
    > Component for AppCheckerSignatureComponent<S, H, HL, SL>
{
    type StaticInput = (
        &'static mut MaybeUninit<
            capsules_system::process_checker::signature::AppCheckerSignature<'static, S, H, HL, SL>,
        >,
        &'static mut MaybeUninit<[u8; HL]>,
        &'static mut MaybeUninit<[u8; SL]>,
    );

    type Output = &'static capsules_system::process_checker::signature::AppCheckerSignature<
        'static,
        S,
        H,
        HL,
        SL,
    >;

    fn finalize(self, s: Self::StaticInput) -> Self::Output {
        let hash_buffer = s.1.write([0; HL]);
        let signature_buffer = s.2.write([0; SL]);

        let checker = s.0.write(
            capsules_system::process_checker::signature::AppCheckerSignature::new(
                self.hasher,
                self.verifier,
                hash_buffer,
                signature_buffer,
                self.credential_type,
            ),
        );

        digest::Digest::set_client(self.hasher, checker);
        public_key_crypto::signature::SignatureVerify::set_verify_client(self.verifier, checker);

        checker
    }
}