Skip to content

Commit

Permalink
Actually fix #157 correctly (#189)
Browse files Browse the repository at this point in the history
  • Loading branch information
ia0 authored Jul 20, 2023
1 parent 1755f17 commit 6daed6b
Show file tree
Hide file tree
Showing 10 changed files with 188 additions and 47 deletions.
10 changes: 9 additions & 1 deletion crates/board/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
# Changelog

## 0.3.1-git
## 0.4.0-git

### Major

- Change crypto API to mention `Keysize`, `BlockSize`, and `OutputSize`

### Minor

- Add `UnsupportedCrypto` for partially implemented crypto

### Patch

Expand Down
2 changes: 1 addition & 1 deletion crates/board/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion crates/board/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "wasefire-board-api"
version = "0.3.1-git"
version = "0.4.0-git"
authors = ["Julien Cretin <[email protected]>"]
license = "Apache-2.0"
publish = true
Expand Down
194 changes: 164 additions & 30 deletions crates/board/src/crypto.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,10 @@

//! Cryptography interface.

use crypto_common::{BlockSizeUser, Key, KeyInit, KeySizeUser, Output, OutputSizeUser};
use digest::{FixedOutput, HashMarker, MacMarker, Update};
use typenum::{U0, U12, U13, U16, U32, U4, U48};
use crypto_common::{BlockSizeUser, Key, KeyInit, KeySizeUser, Output, OutputSizeUser, Reset};
use digest::{FixedOutput, FixedOutputReset, HashMarker, MacMarker, Update};
use generic_array::ArrayLength;
use typenum::{U12, U128, U13, U16, U32, U4, U48, U64};

use crate::{Support, Unsupported};

Expand All @@ -28,14 +29,31 @@ pub trait Api {
type Aes128Ccm: aead::Api<U16, U13, U4>;
type Aes256Gcm: aead::Api<U32, U12, U16>;

type HmacSha256: Support<bool> + KeyInit + Update + FixedOutput + MacMarker;
type HmacSha384: Support<bool> + KeyInit + Update + FixedOutput + MacMarker;
type HmacSha256: Support<bool> + Hmac<KeySize = U64, OutputSize = U32>;
type HmacSha384: Support<bool> + Hmac<KeySize = U128, OutputSize = U48>;

type P256: Support<bool> + ecc::Api<U32>;
type P384: Support<bool> + ecc::Api<U48>;

type Sha256: Support<bool> + Default + BlockSizeUser + Update + FixedOutput + HashMarker;
type Sha384: Support<bool> + Default + BlockSizeUser + Update + FixedOutput + HashMarker;
type Sha256: Support<bool> + Hash<BlockSize = U64, OutputSize = U32>;
type Sha384: Support<bool> + Hash<BlockSize = U128, OutputSize = U48>;
}

pub trait Hash: Default + BlockSizeUser + Update + FixedOutputReset + HashMarker {}
pub trait Hmac: KeyInit + Update + FixedOutput + MacMarker {}

impl<T: Default + BlockSizeUser + Update + FixedOutputReset + HashMarker> Hash for T {}
impl<T: KeyInit + Update + FixedOutput + MacMarker> Hmac for T {}

pub struct UnsupportedHash<Block: ArrayLength<u8> + 'static, Output: ArrayLength<u8> + 'static> {
_never: !,
_block: Block,
_output: Output,
}
pub struct UnsupportedHmac<Key: ArrayLength<u8> + 'static, Output: ArrayLength<u8> + 'static> {
_never: !,
_key: Key,
_output: Output,
}

pub type Aes128Ccm<B> = <super::Crypto<B> as Api>::Aes128Ccm;
Expand All @@ -47,92 +65,208 @@ pub type P384<B> = <super::Crypto<B> as Api>::P384;
pub type Sha256<B> = <super::Crypto<B> as Api>::Sha256;
pub type Sha384<B> = <super::Crypto<B> as Api>::Sha384;

pub struct UnsupportedCrypto<T: Api>(T);

macro_rules! software {
(#[cfg(feature = $feature:literal)] type $Name:ident = $impl:ty;) => {
(#[cfg(feature = $feature:literal)] type $Name:ident = $impl:ty | $Unsupported:ty;) => {
#[cfg(feature = $feature)]
type $Name = $impl;
#[cfg(not(feature = $feature))]
type $Name = Unsupported;
type $Name = $Unsupported;
};
}

impl Api for Unsupported {
impl<T: Api> Api for UnsupportedCrypto<T> {
software! {
#[cfg(feature = "software-crypto-aes128-ccm")]
type Aes128Ccm = ccm::Ccm<aes::Aes128, U4, U13>;
type Aes128Ccm = ccm::Ccm<aes::Aes128, U4, U13> | Unsupported;
}
software! {
#[cfg(feature = "software-crypto-aes256-gcm")]
type Aes256Gcm = aes_gcm::Aes256Gcm;
type Aes256Gcm = aes_gcm::Aes256Gcm | Unsupported;
}

software! {
#[cfg(feature = "software-crypto-hmac-sha256")]
type HmacSha256 = hmac::SimpleHmac<Self::Sha256>;
type HmacSha256 = hmac::SimpleHmac<T::Sha256> | UnsupportedHmac<U64, U32>;
}
software! {
#[cfg(feature = "software-crypto-hmac-sha384")]
type HmacSha384 = hmac::SimpleHmac<Self::Sha384>;
type HmacSha384 = hmac::SimpleHmac<T::Sha384> | UnsupportedHmac<U128, U48>;
}

software! {
#[cfg(feature = "software-crypto-p256")]
type P256 = ecc::Software<p256::NistP256, Self::Sha256>;
type P256 = ecc::Software<p256::NistP256, T::Sha256> | Unsupported;
}
software! {
#[cfg(feature = "software-crypto-p384")]
type P384 = ecc::Software<p384::NistP384, Self::Sha384>;
type P384 = ecc::Software<p384::NistP384, T::Sha384> | Unsupported;
}

software! {
#[cfg(feature = "software-crypto-sha256")]
type Sha256 = sha2::Sha256;
type Sha256 = sha2::Sha256 | UnsupportedHash<U64, U32>;
}
software! {
#[cfg(feature = "software-crypto-sha384")]
type Sha384 = sha2::Sha384;
type Sha384 = sha2::Sha384 | UnsupportedHash<U128, U48>;
}
}

impl BlockSizeUser for Unsupported {
type BlockSize = U0;
impl Api for Unsupported {
type Aes128Ccm = <UnsupportedCrypto<Self> as Api>::Aes128Ccm;
type Aes256Gcm = <UnsupportedCrypto<Self> as Api>::Aes256Gcm;
type HmacSha256 = <UnsupportedCrypto<Self> as Api>::HmacSha256;
type HmacSha384 = <UnsupportedCrypto<Self> as Api>::HmacSha384;
type P256 = <UnsupportedCrypto<Self> as Api>::P256;
type P384 = <UnsupportedCrypto<Self> as Api>::P384;
type Sha256 = <UnsupportedCrypto<Self> as Api>::Sha256;
type Sha384 = <UnsupportedCrypto<Self> as Api>::Sha384;
}

impl KeySizeUser for Unsupported {
type KeySize = U0;
impl<B, O> BlockSizeUser for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
type BlockSize = B;
}

impl OutputSizeUser for Unsupported {
type OutputSize = U0;
impl<B, O> OutputSizeUser for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
type OutputSize = O;
}

impl HashMarker for Unsupported {}
impl MacMarker for Unsupported {}
impl<B, O> HashMarker for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
}

impl Default for Unsupported {
impl<B, O> Default for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn default() -> Self {
unreachable!()
}
}

impl KeyInit for Unsupported {
impl<B, O> Update for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn update(&mut self, _: &[u8]) {
unreachable!()
}
}

impl<B, O> FixedOutput for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn finalize_into(self, _: &mut Output<Self>) {
unreachable!()
}
}

impl<B, O> FixedOutputReset for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn finalize_into_reset(&mut self, _: &mut Output<Self>) {
unreachable!()
}
}

impl<B, O> Reset for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn reset(&mut self) {
unreachable!()
}
}

impl<B, O> Support<bool> for UnsupportedHash<B, O>
where
B: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
const SUPPORT: bool = false;
}

impl<K, O> KeySizeUser for UnsupportedHmac<K, O>
where
K: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
type KeySize = K;
}

impl<K, O> OutputSizeUser for UnsupportedHmac<K, O>
where
K: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
type OutputSize = O;
}

impl<K, O> MacMarker for UnsupportedHmac<K, O>
where
K: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
}

impl<K, O> KeyInit for UnsupportedHmac<K, O>
where
K: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn new(_: &Key<Self>) -> Self {
unreachable!()
}
}

impl Update for Unsupported {
impl<K, O> Update for UnsupportedHmac<K, O>
where
K: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn update(&mut self, _: &[u8]) {
unreachable!()
}
}

impl FixedOutput for Unsupported {
impl<K, O> FixedOutput for UnsupportedHmac<K, O>
where
K: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
fn finalize_into(self, _: &mut Output<Self>) {
unreachable!()
}
}

impl<K, O> Support<bool> for UnsupportedHmac<K, O>
where
K: ArrayLength<u8> + 'static,
O: ArrayLength<u8> + 'static,
{
const SUPPORT: bool = false;
}

#[cfg(feature = "software-crypto-sha256")]
impl crate::Supported for sha2::Sha256 {}

Expand Down
2 changes: 1 addition & 1 deletion crates/runner-host/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion crates/runner-nordic/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 8 additions & 9 deletions crates/runner-nordic/src/tasks/crypto.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,19 @@
// See the License for the specific language governing permissions and
// limitations under the License.

use wasefire_board_api::crypto::Api;
use wasefire_board_api::Unsupported;
use wasefire_board_api::crypto::{Api, UnsupportedCrypto};

mod ccm;

pub enum Impl {}

impl Api for Impl {
type Aes128Ccm = ccm::Impl;
type Aes256Gcm = Unsupported;
type HmacSha256 = Unsupported;
type HmacSha384 = Unsupported;
type P256 = Unsupported;
type P384 = Unsupported;
type Sha256 = Unsupported;
type Sha384 = Unsupported;
type Aes256Gcm = <UnsupportedCrypto<Self> as Api>::Aes256Gcm;
type HmacSha256 = <UnsupportedCrypto<Self> as Api>::HmacSha256;
type HmacSha384 = <UnsupportedCrypto<Self> as Api>::HmacSha384;
type P256 = <UnsupportedCrypto<Self> as Api>::P256;
type P384 = <UnsupportedCrypto<Self> as Api>::P384;
type Sha256 = <UnsupportedCrypto<Self> as Api>::Sha256;
type Sha384 = <UnsupportedCrypto<Self> as Api>::Sha384;
}
2 changes: 1 addition & 1 deletion crates/scheduler/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,4 @@

## 0.1.0

<!-- Increment to skip CHANGELOG.md test: 10 -->
<!-- Increment to skip CHANGELOG.md test: 11 -->
2 changes: 1 addition & 1 deletion crates/scheduler/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion crates/scheduler/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ digest = { version = "0.10.7", default-features = false, features = ["mac"] }
generic-array = { version = "0.14.7", default-features = false }
typenum = { version = "1.16.0", default-features = false }
wasefire-applet-api = { version = "0.3.0", path = "../api", features = ["host"] }
wasefire-board-api = { version = "0.3.1-git", path = "../board" }
wasefire-board-api = { version = "0.4.0-git", path = "../board" }
wasefire-interpreter = { version = "0.1.2", path = "../interpreter", features = ["toctou"] }
wasefire-logger = { version = "0.1.3-git", path = "../logger" }
wasefire-store = { version = "0.2.0", path = "../store" }
Expand Down

0 comments on commit 6daed6b

Please sign in to comment.