capsules_extra/sha.rs
1// Licensed under the Apache License, Version 2.0 or the MIT License.
2// SPDX-License-Identifier: Apache-2.0 OR MIT
3// Copyright Tock Contributors 2022.
4
5//! SHA
6//!
7//! Usage
8//! -----
9//!
10//! ```rust,ignore
11//! let sha = &earlgrey::sha::HMAC;
12//!
13//! let mux_sha = static_init!(MuxSha<'static, lowrisc::sha::Sha>, MuxSha::new(sha));
14//! digest::DigestMut::set_client(&earlgrey::sha::HMAC, mux_sha);
15//!
16//! let virtual_sha_user = static_init!(
17//! VirtualMuxSha<'static, lowrisc::sha::Sha>,
18//! VirtualMuxSha::new(mux_sha)
19//! );
20//! let sha = static_init!(
21//! capsules::sha::ShaDriver<'static, VirtualMuxSha<'static, lowrisc::sha::Sha>>,
22//! capsules::sha::ShaDriver::new(
23//! virtual_sha_user,
24//! board_kernel.create_grant(&memory_allocation_cap),
25//! )
26//! );
27//! digest::DigestMut::set_client(virtual_sha_user, sha);
28//! ```
29
30use capsules_core::driver;
31use kernel::errorcode::into_statuscode;
32
33/// Syscall driver number.
34pub const DRIVER_NUM: usize = driver::NUM::Sha as usize;
35
36/// Ids for read-only allow buffers
37mod ro_allow {
38 pub const DATA: usize = 1;
39 pub const COMPARE: usize = 2;
40 /// The number of allow buffers the kernel stores for this grant
41 pub const COUNT: u8 = 3;
42}
43
44/// Ids for read-write allow buffers
45mod rw_allow {
46 pub const DEST: usize = 2;
47 /// The number of allow buffers the kernel stores for this grant
48 pub const COUNT: u8 = 3;
49}
50
51use core::cell::Cell;
52
53use kernel::grant::{AllowRoCount, AllowRwCount, Grant, UpcallCount};
54use kernel::hil::digest;
55use kernel::processbuffer::{ReadableProcessBuffer, WriteableProcessBuffer};
56use kernel::syscall::{CommandReturn, SyscallDriver};
57use kernel::utilities::cells::{OptionalCell, TakeCell};
58use kernel::utilities::leasable_buffer::SubSlice;
59use kernel::utilities::leasable_buffer::SubSliceMut;
60use kernel::{ErrorCode, ProcessId};
61
62enum ShaOperation {
63 Sha256,
64 Sha384,
65 Sha512,
66}
67
68pub struct ShaDriver<'a, H: digest::Digest<'a, L>, const L: usize> {
69 sha: &'a H,
70
71 active: Cell<bool>,
72
73 apps: Grant<
74 App,
75 UpcallCount<1>,
76 AllowRoCount<{ ro_allow::COUNT }>,
77 AllowRwCount<{ rw_allow::COUNT }>,
78 >,
79 processid: OptionalCell<ProcessId>,
80
81 data_buffer: TakeCell<'static, [u8]>,
82 data_copied: Cell<usize>,
83 dest_buffer: TakeCell<'static, [u8; L]>,
84}
85
86impl<
87 'a,
88 H: digest::Digest<'a, L> + digest::Sha256 + digest::Sha384 + digest::Sha512,
89 const L: usize,
90 > ShaDriver<'a, H, L>
91{
92 pub fn new(
93 sha: &'a H,
94 data_buffer: &'static mut [u8],
95 dest_buffer: &'static mut [u8; L],
96 grant: Grant<
97 App,
98 UpcallCount<1>,
99 AllowRoCount<{ ro_allow::COUNT }>,
100 AllowRwCount<{ rw_allow::COUNT }>,
101 >,
102 ) -> ShaDriver<'a, H, L> {
103 ShaDriver {
104 sha,
105 active: Cell::new(false),
106 apps: grant,
107 processid: OptionalCell::empty(),
108 data_buffer: TakeCell::new(data_buffer),
109 data_copied: Cell::new(0),
110 dest_buffer: TakeCell::new(dest_buffer),
111 }
112 }
113
114 fn run(&self) -> Result<(), ErrorCode> {
115 self.processid.map_or(Err(ErrorCode::RESERVE), |processid| {
116 self.apps
117 .enter(processid, |app, kernel_data| {
118 match app.sha_operation {
119 Some(ShaOperation::Sha256) => self.sha.set_mode_sha256()?,
120 Some(ShaOperation::Sha384) => self.sha.set_mode_sha384()?,
121 Some(ShaOperation::Sha512) => self.sha.set_mode_sha512()?,
122 _ => return Err(ErrorCode::INVAL),
123 }
124
125 kernel_data
126 .get_readonly_processbuffer(ro_allow::DATA)
127 .and_then(|data| {
128 data.enter(|data| {
129 let mut static_buffer_len = 0;
130 self.data_buffer.map(|buf| {
131 // Determine the size of the static buffer we have
132 static_buffer_len = buf.len();
133
134 if static_buffer_len > data.len() {
135 static_buffer_len = data.len()
136 }
137
138 self.data_copied.set(static_buffer_len);
139
140 // Copy the data into the static buffer
141 data[..static_buffer_len]
142 .copy_to_slice(&mut buf[..static_buffer_len]);
143 });
144
145 // Add the data from the static buffer to the HMAC
146 let mut lease_buf = SubSliceMut::new(
147 self.data_buffer.take().ok_or(ErrorCode::RESERVE)?,
148 );
149 lease_buf.slice(0..static_buffer_len);
150 if let Err(e) = self.sha.add_mut_data(lease_buf) {
151 self.data_buffer.replace(e.1.take());
152 return Err(e.0);
153 }
154 Ok(())
155 })
156 })
157 .unwrap_or(Err(ErrorCode::RESERVE))
158 })
159 .unwrap_or_else(|err| Err(err.into()))
160 })
161 }
162
163 fn check_queue(&self) {
164 for appiter in self.apps.iter() {
165 let started_command = appiter.enter(|app, _| {
166 // If an app is already running let it complete
167 if self.processid.is_some() {
168 return true;
169 }
170
171 // If this app has a pending command let's use it.
172 app.pending_run_app.take().is_some_and(|processid| {
173 // Mark this driver as being in use.
174 self.processid.set(processid);
175 // Actually make the buzz happen.
176 self.run() == Ok(())
177 })
178 });
179 if started_command {
180 break;
181 }
182 }
183 }
184
185 fn calculate_digest(&self) -> Result<(), ErrorCode> {
186 self.data_copied.set(0);
187
188 if let Err(e) = self
189 .sha
190 .run(self.dest_buffer.take().ok_or(ErrorCode::RESERVE)?)
191 {
192 // Error, clear the processid and data
193 self.sha.clear_data();
194 self.processid.clear();
195 self.dest_buffer.replace(e.1);
196
197 return Err(e.0);
198 }
199
200 Ok(())
201 }
202
203 fn verify_digest(&self) -> Result<(), ErrorCode> {
204 self.data_copied.set(0);
205
206 if let Err(e) = self
207 .sha
208 .verify(self.dest_buffer.take().ok_or(ErrorCode::RESERVE)?)
209 {
210 // Error, clear the processid and data
211 self.sha.clear_data();
212 self.processid.clear();
213 self.dest_buffer.replace(e.1);
214
215 return Err(e.0);
216 }
217
218 Ok(())
219 }
220}
221
222impl<
223 'a,
224 H: digest::Digest<'a, L> + digest::Sha256 + digest::Sha384 + digest::Sha512,
225 const L: usize,
226 > digest::ClientData<L> for ShaDriver<'a, H, L>
227{
228 // Because data needs to be copied from a userspace buffer into a kernel (RAM) one,
229 // we always pass mut data; this callback should never be invoked.
230 fn add_data_done(&self, _result: Result<(), ErrorCode>, _data: SubSlice<'static, u8>) {}
231
232 fn add_mut_data_done(&self, _result: Result<(), ErrorCode>, data: SubSliceMut<'static, u8>) {
233 self.processid.map(move |id| {
234 self.apps
235 .enter(id, move |app, kernel_data| {
236 let mut data_len = 0;
237 let mut exit = false;
238 let mut static_buffer_len = 0;
239
240 self.data_buffer.replace(data.take());
241
242 self.data_buffer.map(|buf| {
243 let ret = kernel_data
244 .get_readonly_processbuffer(ro_allow::DATA)
245 .and_then(|data| {
246 data.enter(|data| {
247 // Determine the size of the static buffer we have
248 static_buffer_len = buf.len();
249
250 // Determine how much data we have already copied
251 let copied_data = self.data_copied.get();
252
253 data_len = data.len();
254
255 if data_len > copied_data {
256 let remaining_data = &data[copied_data..];
257 let remaining_len = data_len - copied_data;
258
259 if remaining_len < static_buffer_len {
260 remaining_data.copy_to_slice(&mut buf[..remaining_len]);
261 } else {
262 remaining_data[..static_buffer_len].copy_to_slice(buf);
263 }
264 }
265 Ok(())
266 })
267 })
268 .unwrap_or(Err(ErrorCode::RESERVE));
269
270 if ret == Err(ErrorCode::RESERVE) {
271 // No data buffer, clear the processid and data
272 self.sha.clear_data();
273 self.processid.clear();
274 exit = true;
275 }
276 });
277
278 if exit {
279 return;
280 }
281
282 if static_buffer_len > 0 {
283 let copied_data = self.data_copied.get();
284
285 if data_len > copied_data {
286 // Update the amount of data copied
287 self.data_copied.set(copied_data + static_buffer_len);
288
289 let mut lease_buf = SubSliceMut::new(self.data_buffer.take().unwrap());
290
291 // Add the data from the static buffer to the HMAC
292 if data_len < (copied_data + static_buffer_len) {
293 lease_buf.slice(..(data_len - copied_data))
294 }
295
296 if self.sha.add_mut_data(lease_buf).is_err() {
297 // Error, clear the processid and data
298 self.sha.clear_data();
299 self.processid.clear();
300 return;
301 }
302
303 // Return as we don't want to run the digest yet
304 return;
305 }
306 }
307
308 // If we get here we are ready to run the digest, reset the copied data
309 if app.op.get().unwrap() == UserSpaceOp::Run {
310 if let Err(e) = self.calculate_digest() {
311 kernel_data
312 .schedule_upcall(0, (into_statuscode(e.into()), 0, 0))
313 .ok();
314 }
315 } else if app.op.get().unwrap() == UserSpaceOp::Verify {
316 let _ = kernel_data
317 .get_readonly_processbuffer(ro_allow::COMPARE)
318 .and_then(|compare| {
319 compare.enter(|compare| {
320 let mut static_buffer_len = 0;
321 self.dest_buffer.map(|buf| {
322 // Determine the size of the static buffer we have
323 static_buffer_len = buf.len();
324
325 if static_buffer_len > compare.len() {
326 static_buffer_len = compare.len()
327 }
328
329 self.data_copied.set(static_buffer_len);
330
331 // Copy the data into the static buffer
332 compare[..static_buffer_len]
333 .copy_to_slice(&mut buf[..static_buffer_len]);
334 });
335 })
336 });
337
338 if let Err(e) = self.verify_digest() {
339 kernel_data
340 .schedule_upcall(1, (into_statuscode(e.into()), 0, 0))
341 .ok();
342 }
343 } else {
344 kernel_data.schedule_upcall(0, (0, 0, 0)).ok();
345 }
346 })
347 .map_err(|err| {
348 if err == kernel::process::Error::NoSuchApp
349 || err == kernel::process::Error::InactiveApp
350 {
351 self.processid.clear();
352 }
353 })
354 });
355
356 self.check_queue();
357 }
358}
359
360impl<
361 'a,
362 H: digest::Digest<'a, L> + digest::Sha256 + digest::Sha384 + digest::Sha512,
363 const L: usize,
364 > digest::ClientHash<L> for ShaDriver<'a, H, L>
365{
366 fn hash_done(&self, result: Result<(), ErrorCode>, digest: &'static mut [u8; L]) {
367 self.processid.map(|id| {
368 self.apps
369 .enter(id, |_, kernel_data| {
370 self.sha.clear_data();
371
372 let pointer = digest.as_ref()[0] as *mut u8;
373
374 let _ = kernel_data
375 .get_readwrite_processbuffer(rw_allow::DEST)
376 .and_then(|dest| {
377 dest.mut_enter(|dest| {
378 let len = dest.len();
379
380 if len < L {
381 dest.copy_from_slice(&digest[0..len]);
382 } else {
383 dest[0..L].copy_from_slice(digest);
384 }
385 })
386 });
387
388 match result {
389 Ok(()) => kernel_data
390 .schedule_upcall(0, (0, pointer as usize, 0))
391 .ok(),
392 Err(e) => kernel_data
393 .schedule_upcall(0, (into_statuscode(e.into()), pointer as usize, 0))
394 .ok(),
395 };
396
397 // Clear the current processid as it has finished running
398 self.processid.clear();
399 })
400 .map_err(|err| {
401 if err == kernel::process::Error::NoSuchApp
402 || err == kernel::process::Error::InactiveApp
403 {
404 self.processid.clear();
405 }
406 })
407 });
408
409 self.check_queue();
410 self.dest_buffer.replace(digest);
411 }
412}
413
414impl<
415 'a,
416 H: digest::Digest<'a, L> + digest::Sha256 + digest::Sha384 + digest::Sha512,
417 const L: usize,
418 > digest::ClientVerify<L> for ShaDriver<'a, H, L>
419{
420 fn verification_done(&self, result: Result<bool, ErrorCode>, compare: &'static mut [u8; L]) {
421 self.processid.map(|id| {
422 self.apps
423 .enter(id, |_app, kernel_data| {
424 self.sha.clear_data();
425
426 match result {
427 Ok(equal) => kernel_data.schedule_upcall(1, (0, equal as usize, 0)),
428 Err(e) => kernel_data.schedule_upcall(1, (into_statuscode(e.into()), 0, 0)),
429 }
430 .ok();
431
432 // Clear the current processid as it has finished running
433 self.processid.clear();
434 })
435 .map_err(|err| {
436 if err == kernel::process::Error::NoSuchApp
437 || err == kernel::process::Error::InactiveApp
438 {
439 self.processid.clear();
440 }
441 })
442 });
443
444 self.check_queue();
445 self.dest_buffer.replace(compare);
446 }
447}
448
449impl<
450 'a,
451 H: digest::Digest<'a, L> + digest::Sha256 + digest::Sha384 + digest::Sha512,
452 const L: usize,
453 > SyscallDriver for ShaDriver<'a, H, L>
454{
455 /// Setup and run the HMAC hardware
456 ///
457 /// We expect userspace to setup buffers for the key, data and digest.
458 /// These buffers must be allocated and specified to the kernel from the
459 /// above allow calls.
460 ///
461 /// We expect userspace not to change the value while running. If userspace
462 /// changes the value we have no guarantee of what is passed to the
463 /// hardware. This isn't a security issue, it will just prove the requesting
464 /// app with invalid data.
465 ///
466 /// The driver will take care of clearing data from the underlying implementation
467 /// by calling the `clear_data()` function when the `hash_complete()` callback
468 /// is called or if an error is encountered.
469 ///
470 /// ### `command_num`
471 ///
472 /// - `0`: set_algorithm
473 /// - `1`: run
474 /// - `2`: update
475 /// - `3`: finish
476 fn command(
477 &self,
478 command_num: usize,
479 data1: usize,
480 _data2: usize,
481 processid: ProcessId,
482 ) -> CommandReturn {
483 let match_or_empty_or_nonexistant = self.processid.map_or(true, |owning_app| {
484 // We have recorded that an app has ownership of the HMAC.
485
486 // If the HMAC is still active, then we need to wait for the operation
487 // to finish and the app, whether it exists or not (it may have crashed),
488 // still owns this capsule. If the HMAC is not active, then
489 // we need to verify that that application still exists, and remove
490 // it as owner if not.
491 if self.active.get() {
492 owning_app == processid
493 } else {
494 // Check the app still exists.
495 //
496 // If the `.enter()` succeeds, then the app is still valid, and
497 // we can check if the owning app matches the one that called
498 // the command. If the `.enter()` fails, then the owning app no
499 // longer exists and we return `true` to signify the
500 // "or_nonexistant" case.
501 self.apps
502 .enter(owning_app, |_, _| owning_app == processid)
503 .unwrap_or(true)
504 }
505 });
506
507 let app_match = self.processid.map_or(false, |owning_app| {
508 // We have recorded that an app has ownership of the HMAC.
509
510 // If the HMAC is still active, then we need to wait for the operation
511 // to finish and the app, whether it exists or not (it may have crashed),
512 // still owns this capsule. If the HMAC is not active, then
513 // we need to verify that that application still exists, and remove
514 // it as owner if not.
515 if self.active.get() {
516 owning_app == processid
517 } else {
518 // Check the app still exists.
519 //
520 // If the `.enter()` succeeds, then the app is still valid, and
521 // we can check if the owning app matches the one that called
522 // the command. If the `.enter()` fails, then the owning app no
523 // longer exists and we return `true` to signify the
524 // "or_nonexistant" case.
525 self.apps
526 .enter(owning_app, |_, _| owning_app == processid)
527 .unwrap_or(true)
528 }
529 });
530
531 // Try the commands where we want to start an operation *not* entered in
532 // an app grant first.
533 if match_or_empty_or_nonexistant
534 && (command_num == 1 || command_num == 2 || command_num == 4)
535 {
536 self.processid.set(processid);
537
538 let _ = self.apps.enter(processid, |app, _| {
539 if command_num == 1 {
540 // run
541 // Use key and data to compute hash
542 // This will trigger a callback once the digest is generated
543 app.op.set(Some(UserSpaceOp::Run));
544 } else if command_num == 2 {
545 // update
546 // Input key and data, don't compute final hash yet
547 // This will trigger a callback once the data has been added.
548 app.op.set(Some(UserSpaceOp::Update));
549 } else if command_num == 4 {
550 // verify
551 // Use key and data to compute hash and compare it against
552 // the digest
553 app.op.set(Some(UserSpaceOp::Verify));
554 }
555 });
556
557 return if let Err(e) = self.run() {
558 self.sha.clear_data();
559 self.processid.clear();
560 self.check_queue();
561 CommandReturn::failure(e)
562 } else {
563 CommandReturn::success()
564 };
565 }
566
567 self.apps
568 .enter(processid, |app, kernel_data| {
569 match command_num {
570 // set_algorithm
571 0 => {
572 match data1 {
573 // SHA256
574 0 => {
575 app.sha_operation = Some(ShaOperation::Sha256);
576 CommandReturn::success()
577 }
578 // SHA384
579 1 => {
580 app.sha_operation = Some(ShaOperation::Sha384);
581 CommandReturn::success()
582 }
583 // SHA512
584 2 => {
585 app.sha_operation = Some(ShaOperation::Sha512);
586 CommandReturn::success()
587 }
588 _ => CommandReturn::failure(ErrorCode::NOSUPPORT),
589 }
590 }
591
592 // run
593 1 => {
594 // There is an active app, so queue this request (if possible).
595 if app.pending_run_app.is_some() {
596 // No more room in the queue, nowhere to store this
597 // request.
598 CommandReturn::failure(ErrorCode::NOMEM)
599 } else {
600 // We can store this, so lets do it.
601 app.pending_run_app = Some(processid);
602 app.op.set(Some(UserSpaceOp::Run));
603 CommandReturn::success()
604 }
605 }
606
607 // update
608 2 => {
609 // There is an active app, so queue this request (if possible).
610 if app.pending_run_app.is_some() {
611 // No more room in the queue, nowhere to store this
612 // request.
613 CommandReturn::failure(ErrorCode::NOMEM)
614 } else {
615 // We can store this, so lets do it.
616 app.pending_run_app = Some(processid);
617 app.op.set(Some(UserSpaceOp::Update));
618 CommandReturn::success()
619 }
620 }
621
622 // finish
623 // Compute final hash yet, useful after a update command
624 3 => {
625 if app_match {
626 if let Err(e) = self.calculate_digest() {
627 kernel_data
628 .schedule_upcall(0, (into_statuscode(e.into()), 0, 0))
629 .ok();
630 }
631 CommandReturn::success()
632 } else {
633 // We don't queue this request, the user has to call
634 // `update` first.
635 CommandReturn::failure(ErrorCode::OFF)
636 }
637 }
638
639 // verify
640 4 => {
641 // There is an active app, so queue this request (if possible).
642 if app.pending_run_app.is_some() {
643 // No more room in the queue, nowhere to store this
644 // request.
645 CommandReturn::failure(ErrorCode::NOMEM)
646 } else {
647 // We can store this, so lets do it.
648 app.pending_run_app = Some(processid);
649 app.op.set(Some(UserSpaceOp::Verify));
650 CommandReturn::success()
651 }
652 }
653
654 // verify_finish
655 // Use key and data to compute hash and compare it against
656 // the digest, useful after a update command
657 5 => {
658 if app_match {
659 let _ = kernel_data
660 .get_readonly_processbuffer(ro_allow::COMPARE)
661 .and_then(|compare| {
662 compare.enter(|compare| {
663 let mut static_buffer_len = 0;
664 self.dest_buffer.map(|buf| {
665 // Determine the size of the static buffer we have
666 static_buffer_len = buf.len();
667
668 if static_buffer_len > compare.len() {
669 static_buffer_len = compare.len()
670 }
671
672 self.data_copied.set(static_buffer_len);
673
674 // Copy the data into the static buffer
675 compare[..static_buffer_len]
676 .copy_to_slice(&mut buf[..static_buffer_len]);
677 });
678 })
679 });
680
681 if let Err(e) = self.verify_digest() {
682 kernel_data
683 .schedule_upcall(1, (into_statuscode(e.into()), 0, 0))
684 .ok();
685 }
686 CommandReturn::success()
687 } else {
688 // We don't queue this request, the user has to call
689 // `update` first.
690 CommandReturn::failure(ErrorCode::OFF)
691 }
692 }
693
694 // default
695 _ => CommandReturn::failure(ErrorCode::NOSUPPORT),
696 }
697 })
698 .unwrap_or_else(|err| err.into())
699 }
700
701 fn allocate_grant(&self, processid: ProcessId) -> Result<(), kernel::process::Error> {
702 self.apps.enter(processid, |_, _| {})
703 }
704}
705
706#[derive(Copy, Clone, PartialEq)]
707enum UserSpaceOp {
708 Run,
709 Update,
710 Verify,
711}
712
713#[derive(Default)]
714pub struct App {
715 pending_run_app: Option<ProcessId>,
716 sha_operation: Option<ShaOperation>,
717 op: Cell<Option<UserSpaceOp>>,
718}