From f68027a6a04ad3f047c56fdc611301dc7019508d Mon Sep 17 00:00:00 2001 From: Brad Campbell Date: Mon, 17 Jun 2024 11:22:14 -0400 Subject: [PATCH] kernel: create AcceptedCredential type --- kernel/src/process.rs | 4 ++-- kernel/src/process_binary.rs | 8 +++----- kernel/src/process_checker.rs | 32 +++++++++++++++++++++++++++----- kernel/src/process_loading.rs | 7 ++----- kernel/src/process_standard.rs | 6 +++--- 5 files changed, 37 insertions(+), 20 deletions(-) diff --git a/kernel/src/process.rs b/kernel/src/process.rs index 8ef3cf225b..70bfc1fcfa 100644 --- a/kernel/src/process.rs +++ b/kernel/src/process.rs @@ -20,10 +20,10 @@ use crate::storage_permissions; use crate::syscall::{self, Syscall, SyscallReturn}; use crate::upcall::UpcallId; use tock_tbf::types::CommandPermissions; -use tock_tbf::types::TbfFooterV2Credentials; // Export all process related types via `kernel::process::`. pub use crate::process_binary::ProcessBinary; +pub use crate::process_checker::AcceptedCredential; pub use crate::process_checker::{ProcessCheckerMachine, ProcessCheckerMachineClient}; pub use crate::process_loading::load_processes; pub use crate::process_loading::ProcessLoadError; @@ -340,7 +340,7 @@ pub trait Process { /// Return the credential which the credential checker approved if the /// credential checker approved a credential. If the process was allowed to /// run without credentials, return `None`. - fn get_credential(&self) -> Option<(TbfFooterV2Credentials, Option)>; + fn get_credential(&self) -> Option; /// Returns how many times this process has been restarted. fn get_restart_count(&self) -> usize; diff --git a/kernel/src/process_binary.rs b/kernel/src/process_binary.rs index 4302394bbf..16d750ae52 100644 --- a/kernel/src/process_binary.rs +++ b/kernel/src/process_binary.rs @@ -11,8 +11,8 @@ use core::fmt; use crate::config; use crate::debug; +use crate::process_checker::AcceptedCredential; use crate::utilities::cells::OptionalCell; -use tock_tbf::types::TbfFooterV2Credentials; /// Errors resulting from trying to load a process binary structure from flash. pub enum ProcessBinaryError { @@ -129,7 +129,7 @@ pub struct ProcessBinary { /// Optional credential that was used to approve this application. This is /// set if the process is checked by a credential checker and a specific /// credential was used to approve this process. Otherwise this is `None`. - pub credential: OptionalCell<(TbfFooterV2Credentials, Option)>, + pub credential: OptionalCell, } impl ProcessBinary { @@ -249,9 +249,7 @@ impl ProcessBinary { }) } - pub fn get_credential( - &self, - ) -> Option<(TbfFooterV2Credentials, Option)> { + pub fn get_credential(&self) -> Option { self.credential.get() } diff --git a/kernel/src/process_checker.rs b/kernel/src/process_checker.rs index b362c825fb..8e36730cd3 100644 --- a/kernel/src/process_checker.rs +++ b/kernel/src/process_checker.rs @@ -83,6 +83,25 @@ pub trait AppCredentialsPolicyClient<'a> { ); } +/// The accepted credential from the credential checker. +/// +/// This combines both the credential as stored in the TBF footer with an +/// optional opaque value provided by the checker when it accepted the +/// credential. This value can be used when assigning an AppID to the +/// application based on the how the credential was approved. For example, if +/// the credential checker has a list of valid public keys used to verify +/// signatures, it might set the optional value to the index of the public key +/// in this list. +#[derive(Copy, Clone)] +pub struct AcceptedCredential { + /// The credential stored in the footer that the credential checker + /// accepted. + pub credential: TbfFooterV2Credentials, + /// An optional opaque value set by the credential checker to store metadata + /// about the accepted credential. This is credential checker specific. + pub metadata: Option, +} + /// Implements a Credentials Checking Policy. pub trait AppCredentialsPolicy<'a> { /// Set the client which gets notified after the credential check completes. @@ -187,10 +206,7 @@ pub trait ProcessCheckerMachineClient { fn done( &self, process_binary: ProcessBinary, - result: Result< - Option<(TbfFooterV2Credentials, Option)>, - ProcessCheckError, - >, + result: Result, ProcessCheckError>, ); } @@ -441,7 +457,13 @@ impl AppCredentialsPolicyClient<'static> for ProcessCheckerMachine { Ok(CheckResult::Accept(opaque)) => { self.client.map(|client| { if let Some(pb) = self.process_binary.take() { - client.done(pb, Ok(Some((credentials, opaque)))) + client.done( + pb, + Ok(Some(AcceptedCredential { + credential: credentials, + metadata: opaque, + })), + ) } }); false diff --git a/kernel/src/process_loading.rs b/kernel/src/process_loading.rs index 2417b203a3..cd9dd39243 100644 --- a/kernel/src/process_loading.rs +++ b/kernel/src/process_loading.rs @@ -23,11 +23,11 @@ use crate::kernel::Kernel; use crate::platform::chip::Chip; use crate::process::{Process, ShortId}; use crate::process_binary::{ProcessBinary, ProcessBinaryError}; +use crate::process_checker::AcceptedCredential; use crate::process_checker::{AppIdPolicy, ProcessCheckError, ProcessCheckerMachine}; use crate::process_policies::ProcessFaultPolicy; use crate::process_standard::ProcessStandard; use crate::utilities::cells::{MapCell, OptionalCell}; -use tock_tbf::types::TbfFooterV2Credentials; /// Errors that can occur when trying to load and create processes. pub enum ProcessLoadError { @@ -906,10 +906,7 @@ impl<'a, C: Chip> crate::process_checker::ProcessCheckerMachineClient fn done( &self, process_binary: ProcessBinary, - result: Result< - Option<(TbfFooterV2Credentials, Option)>, - crate::process_checker::ProcessCheckError, - >, + result: Result, crate::process_checker::ProcessCheckError>, ) { // Check if this process was approved by the checker. match result { diff --git a/kernel/src/process_standard.rs b/kernel/src/process_standard.rs index c03a02afb7..dd6403f17d 100644 --- a/kernel/src/process_standard.rs +++ b/kernel/src/process_standard.rs @@ -28,6 +28,7 @@ use crate::process::{Error, FunctionCall, FunctionCallSource, Process, Task}; use crate::process::{FaultAction, ProcessCustomGrantIdentifier, ProcessId}; use crate::process::{ProcessAddresses, ProcessSizes, ShortId}; use crate::process::{State, StoppedState}; +use crate::process_checker::AcceptedCredential; use crate::process_loading::ProcessLoadError; use crate::process_policies::ProcessFaultPolicy; use crate::processbuffer::{ReadOnlyProcessBuffer, ReadWriteProcessBuffer}; @@ -37,7 +38,6 @@ use crate::upcall::UpcallId; use crate::utilities::cells::{MapCell, NumericCellExt, OptionalCell}; use tock_tbf::types::CommandPermissions; -use tock_tbf::types::TbfFooterV2Credentials; /// State for helping with debugging apps. /// @@ -189,7 +189,7 @@ pub struct ProcessStandard<'a, C: 'static + Chip> { /// Credential that was approved for this process, or `None` if the /// credential was permitted to run without an accepted credential. - credential: Option<(TbfFooterV2Credentials, Option)>, + credential: Option, /// State saved on behalf of the process each time the app switches to the /// kernel. @@ -256,7 +256,7 @@ impl Process for ProcessStandard<'_, C> { } } - fn get_credential(&self) -> Option<(TbfFooterV2Credentials, Option)> { + fn get_credential(&self) -> Option { self.credential }