mirror of
https://github.com/AmbiML/sparrow-kata-full.git
synced 2025-07-19 16:47:02 +00:00
Merge "kata-security-coordinator: split impl into fake & sel4"
GitOrigin-RevId: 397cf136e3375588082b8508fd2060116b3101cd
This commit is contained in:
parent
0633ce6761
commit
c0a44de935
@ -125,8 +125,13 @@ pub enum SecurityRequestError {
|
|||||||
SreValueInvalid,
|
SreValueInvalid,
|
||||||
SreKeyInvalid,
|
SreKeyInvalid,
|
||||||
// Generic errors, mostly used in unit tests
|
// Generic errors, mostly used in unit tests
|
||||||
|
SreEchoFailed,
|
||||||
SreInstallFailed,
|
SreInstallFailed,
|
||||||
SreUninstallFailed,
|
SreUninstallFailed,
|
||||||
|
SreSizeBufferFailed,
|
||||||
|
SreGetManifestFailed,
|
||||||
|
SreLoadApplicationFailed,
|
||||||
|
SreLoadModelFailed,
|
||||||
SreReadFailed,
|
SreReadFailed,
|
||||||
SreWriteFailed,
|
SreWriteFailed,
|
||||||
SreDeleteFailed,
|
SreDeleteFailed,
|
||||||
|
@ -3,6 +3,11 @@ name = "kata-security-coordinator"
|
|||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
|
|
||||||
|
[features]
|
||||||
|
default = ["fake"] # TODO(sleffler): sel4 once it exists
|
||||||
|
fake = []
|
||||||
|
sel4 = []
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
kata-security-common = { path = "../kata-security-common" }
|
kata-security-common = { path = "../kata-security-common" }
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
|
@ -0,0 +1,152 @@
|
|||||||
|
//! Kata OS security coordinator fake support
|
||||||
|
|
||||||
|
extern crate alloc;
|
||||||
|
use alloc::string::ToString;
|
||||||
|
use kata_security_common::*;
|
||||||
|
use log::trace;
|
||||||
|
use postcard;
|
||||||
|
|
||||||
|
pub struct FakeSecurityCoordinatorInterface {
|
||||||
|
// TODO(sleffler): mailbox ipc state
|
||||||
|
}
|
||||||
|
impl FakeSecurityCoordinatorInterface {
|
||||||
|
pub fn new() -> Self {
|
||||||
|
FakeSecurityCoordinatorInterface {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
pub type KataSecurityCoordinatorInterface = FakeSecurityCoordinatorInterface;
|
||||||
|
|
||||||
|
impl SecurityCoordinatorInterface for FakeSecurityCoordinatorInterface {
|
||||||
|
fn request(
|
||||||
|
&mut self,
|
||||||
|
request_id: SecurityRequest,
|
||||||
|
request_buffer: &[u8],
|
||||||
|
reply_buffer: &mut [u8],
|
||||||
|
) -> Result<(), SecurityRequestError> {
|
||||||
|
use SecurityRequestError::*;
|
||||||
|
|
||||||
|
fn serialize_failure(e: postcard::Error) -> SecurityRequestError {
|
||||||
|
trace!("serialize failed: {:?}", e);
|
||||||
|
SreBundleDataInvalid
|
||||||
|
}
|
||||||
|
fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
|
||||||
|
trace!("deserialize failed: {:?}", e);
|
||||||
|
SreBundleDataInvalid
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO(sleffler): mailbox ipc
|
||||||
|
match request_id {
|
||||||
|
SecurityRequest::SrEcho => {
|
||||||
|
trace!("ECHO {:?}", request_buffer);
|
||||||
|
reply_buffer[0..request_buffer.len()].copy_from_slice(&request_buffer[..]);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
SecurityRequest::SrInstall => {
|
||||||
|
trace!(
|
||||||
|
"INSTALL addr {:p} len {}",
|
||||||
|
request_buffer.as_ptr(),
|
||||||
|
request_buffer.len()
|
||||||
|
);
|
||||||
|
let _ = postcard::to_slice(
|
||||||
|
&(request_buffer.as_ptr() as usize).to_string(),
|
||||||
|
reply_buffer,
|
||||||
|
)
|
||||||
|
.map_err(serialize_failure)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
SecurityRequest::SrUninstall => {
|
||||||
|
let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!("UNINSTALL {}", request.bundle_id);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
SecurityRequest::SrSizeBuffer => {
|
||||||
|
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
|
||||||
|
let _ = postcard::to_slice(
|
||||||
|
&0u32, // TODO(sleffler): fill-in
|
||||||
|
reply_buffer,
|
||||||
|
)
|
||||||
|
.map_err(serialize_failure)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
SecurityRequest::SrGetManifest => {
|
||||||
|
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!("GET MANIFEST bundle_id {}", request.bundle_id);
|
||||||
|
let _ = postcard::to_slice(
|
||||||
|
"# Comments like this
|
||||||
|
[Manifest]
|
||||||
|
BundleId=com.google.cerebra.hw.HelloWorld
|
||||||
|
|
||||||
|
[Binaries]
|
||||||
|
App=HelloWorldBin
|
||||||
|
Model=NeuralNetworkName
|
||||||
|
|
||||||
|
[Storage]
|
||||||
|
Required=1
|
||||||
|
", // TODO(sleffler): fill-in
|
||||||
|
reply_buffer,
|
||||||
|
)
|
||||||
|
.map_err(serialize_failure)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
SecurityRequest::SrLoadApplication => {
|
||||||
|
let request = postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"LOAD APPLICATION bundle_id {} addr {:p}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.app_binary
|
||||||
|
);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
SecurityRequest::SrLoadModel => {
|
||||||
|
let request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"LOAD MODEL bundle_id {} model_id {} addr {:p}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.model_id,
|
||||||
|
request.model_binary
|
||||||
|
);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
SecurityRequest::SrReadKey => {
|
||||||
|
let request = postcard::from_bytes::<ReadKeyRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"READ KEY bundle_id {} key {}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.key,
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreReadFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrWriteKey => {
|
||||||
|
let request = postcard::from_bytes::<WriteKeyRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"WRITE KEY bundle_id {} key {} value {:?}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.key,
|
||||||
|
request.value,
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreWriteFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrDeleteKey => {
|
||||||
|
let request = postcard::from_bytes::<DeleteKeyRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"DELETE KEY bundle_id {} key {}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.key,
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreDeleteFailed)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,132 @@
|
|||||||
|
//! Kata OS security coordinator seL4 support
|
||||||
|
|
||||||
|
extern crate alloc;
|
||||||
|
use kata_security_common::*;
|
||||||
|
use log::trace;
|
||||||
|
use postcard;
|
||||||
|
|
||||||
|
pub struct SeL4SecurityCoordinatorInterface {
|
||||||
|
// TODO(sleffler): mailbox ipc state
|
||||||
|
}
|
||||||
|
impl SeL4SecurityCoordinatorInterface {
|
||||||
|
pub fn new() -> Self {
|
||||||
|
SeL4SecurityCoordinatorInterface {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
pub type KataSecurityCoordinatorInterface = SeL4SecurityCoordinatorInterface;
|
||||||
|
|
||||||
|
impl SecurityCoordinatorInterface for SeL4SecurityCoordinatorInterface {
|
||||||
|
fn request(
|
||||||
|
&mut self,
|
||||||
|
request_id: SecurityRequest,
|
||||||
|
request_buffer: &[u8],
|
||||||
|
_reply_buffer: &mut [u8],
|
||||||
|
) -> Result<(), SecurityRequestError> {
|
||||||
|
use SecurityRequestError::*;
|
||||||
|
|
||||||
|
fn _serialize_failure(e: postcard::Error) -> SecurityRequestError {
|
||||||
|
trace!("serialize failed: {:?}", e);
|
||||||
|
SreBundleDataInvalid
|
||||||
|
}
|
||||||
|
fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
|
||||||
|
trace!("deserialize failed: {:?}", e);
|
||||||
|
SreBundleDataInvalid
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO(sleffler): mailbox ipc
|
||||||
|
match request_id {
|
||||||
|
SecurityRequest::SrEcho => {
|
||||||
|
trace!("ECHO {:?}", request_buffer);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreEchoFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrInstall => {
|
||||||
|
trace!(
|
||||||
|
"INSTALL addr {:p} len {}",
|
||||||
|
request_buffer.as_ptr(),
|
||||||
|
request_buffer.len()
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreInstallFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrUninstall => {
|
||||||
|
let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!("UNINSTALL {}", request.bundle_id);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreUninstallFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrSizeBuffer => {
|
||||||
|
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreSizeBufferFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrGetManifest => {
|
||||||
|
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!("GET MANIFEST bundle_id {}", request.bundle_id);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreGetManifestFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrLoadApplication => {
|
||||||
|
let request = postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"LOAD APPLICATION bundle_id {} addr {:p}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.app_binary
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreLoadApplicationFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrLoadModel => {
|
||||||
|
let request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"LOAD MODEL bundle_id {} model_id {} addr {:p}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.model_id,
|
||||||
|
request.model_binary
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreLoadModelFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrReadKey => {
|
||||||
|
let request = postcard::from_bytes::<ReadKeyRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"READ KEY bundle_id {} key {}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.key,
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreReadFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrWriteKey => {
|
||||||
|
let request = postcard::from_bytes::<WriteKeyRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"WRITE KEY bundle_id {} key {} value {:?}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.key,
|
||||||
|
request.value,
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreWriteFailed)
|
||||||
|
}
|
||||||
|
SecurityRequest::SrDeleteKey => {
|
||||||
|
let request = postcard::from_bytes::<DeleteKeyRequest>(&request_buffer[..])
|
||||||
|
.map_err(deserialize_failure)?;
|
||||||
|
trace!(
|
||||||
|
"DELETE KEY bundle_id {} key {}",
|
||||||
|
request.bundle_id,
|
||||||
|
request.key,
|
||||||
|
);
|
||||||
|
// TODO(sleffler): fill-in
|
||||||
|
Err(SreDeleteFailed)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -6,10 +6,15 @@
|
|||||||
|
|
||||||
extern crate alloc;
|
extern crate alloc;
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::string::ToString;
|
|
||||||
use kata_security_common::*;
|
use kata_security_common::*;
|
||||||
use log::trace;
|
|
||||||
use postcard;
|
#[cfg(all(feature = "fake", feature = "sel4"))]
|
||||||
|
compile_error!("features \"fake\" and \"sel4\" are mutually exclusive");
|
||||||
|
|
||||||
|
#[cfg_attr(feature = "sel4", path = "impl.rs")]
|
||||||
|
#[cfg_attr(feature = "fake", path = "fakeimpl/mod.rs")]
|
||||||
|
mod platform;
|
||||||
|
pub use platform::KataSecurityCoordinatorInterface;
|
||||||
|
|
||||||
#[cfg(not(test))]
|
#[cfg(not(test))]
|
||||||
pub static mut KATA_SECURITY: KataSecurityCoordinator = KataSecurityCoordinator::empty();
|
pub static mut KATA_SECURITY: KataSecurityCoordinator = KataSecurityCoordinator::empty();
|
||||||
@ -20,7 +25,6 @@ pub static mut KATA_SECURITY: KataSecurityCoordinator = KataSecurityCoordinator:
|
|||||||
// NB: no locking is done; we assume the caller/user is single-threaded
|
// NB: no locking is done; we assume the caller/user is single-threaded
|
||||||
pub struct KataSecurityCoordinator {
|
pub struct KataSecurityCoordinator {
|
||||||
manager: Option<Box<dyn SecurityCoordinatorInterface + Sync>>,
|
manager: Option<Box<dyn SecurityCoordinatorInterface + Sync>>,
|
||||||
// TODO(sleffler): mailbox ipc state
|
|
||||||
}
|
}
|
||||||
impl KataSecurityCoordinator {
|
impl KataSecurityCoordinator {
|
||||||
// Constructs a partially-initialized instance; to complete call init().
|
// Constructs a partially-initialized instance; to complete call init().
|
||||||
@ -30,7 +34,7 @@ impl KataSecurityCoordinator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn init(&mut self) {
|
pub fn init(&mut self) {
|
||||||
self.manager = Some(Box::new(KataSecurityCoordinatorInterface));
|
self.manager = Some(Box::new(KataSecurityCoordinatorInterface::new()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
impl SecurityCoordinatorInterface for KataSecurityCoordinator {
|
impl SecurityCoordinatorInterface for KataSecurityCoordinator {
|
||||||
@ -46,105 +50,3 @@ impl SecurityCoordinatorInterface for KataSecurityCoordinator {
|
|||||||
.request(request_id, request_buffer, reply_buffer)
|
.request(request_id, request_buffer, reply_buffer)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct KataSecurityCoordinatorInterface;
|
|
||||||
// TODO(sleffler): move this to a feature-controlled fake
|
|
||||||
impl SecurityCoordinatorInterface for KataSecurityCoordinatorInterface {
|
|
||||||
fn request(
|
|
||||||
&mut self,
|
|
||||||
request_id: SecurityRequest,
|
|
||||||
request_buffer: &[u8],
|
|
||||||
reply_buffer: &mut [u8],
|
|
||||||
) -> Result<(), SecurityRequestError> {
|
|
||||||
fn serialize_failure(e: postcard::Error) -> SecurityRequestError {
|
|
||||||
trace!("serialize failed: {:?}", e);
|
|
||||||
SecurityRequestError::SreBundleDataInvalid
|
|
||||||
}
|
|
||||||
fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
|
|
||||||
trace!("deserialize failed: {:?}", e);
|
|
||||||
SecurityRequestError::SreBundleDataInvalid
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO(sleffler): mailbox ipc
|
|
||||||
match request_id {
|
|
||||||
SecurityRequest::SrEcho => {
|
|
||||||
trace!("ECHO {:?}", request_buffer);
|
|
||||||
reply_buffer[0..request_buffer.len()].copy_from_slice(&request_buffer[..]);
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
SecurityRequest::SrInstall => {
|
|
||||||
trace!(
|
|
||||||
"INSTALL addr {:p} len {}",
|
|
||||||
request_buffer.as_ptr(),
|
|
||||||
request_buffer.len()
|
|
||||||
);
|
|
||||||
let _ = postcard::to_slice(
|
|
||||||
&(request_buffer.as_ptr() as usize).to_string(),
|
|
||||||
reply_buffer,
|
|
||||||
)
|
|
||||||
.map_err(serialize_failure)?;
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
SecurityRequest::SrUninstall => {
|
|
||||||
let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!("UNINSTALL {}", request.bundle_id);
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
SecurityRequest::SrSizeBuffer => {
|
|
||||||
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
|
|
||||||
let _ = postcard::to_slice(
|
|
||||||
&0u32, // TODO(sleffler): fill-in
|
|
||||||
reply_buffer
|
|
||||||
).map_err(serialize_failure)?;
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
SecurityRequest::SrGetManifest => {
|
|
||||||
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!("GET MANIFEST bundle_id {}", request.bundle_id);
|
|
||||||
let _ = postcard::to_slice(
|
|
||||||
"# Comments like this
|
|
||||||
[Manifest]
|
|
||||||
BundleId=com.google.cerebra.hw.HelloWorld
|
|
||||||
|
|
||||||
[Binaries]
|
|
||||||
App=HelloWorldBin
|
|
||||||
Model=NeuralNetworkName
|
|
||||||
|
|
||||||
[Storage]
|
|
||||||
Required=1
|
|
||||||
", // TODO(sleffler): fill-in
|
|
||||||
reply_buffer
|
|
||||||
).map_err(serialize_failure)?;
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
SecurityRequest::SrLoadApplication => {
|
|
||||||
let request = postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!(
|
|
||||||
"LOAD APPLICATION bundle_id {} addr {:p}",
|
|
||||||
request.bundle_id,
|
|
||||||
request.app_binary
|
|
||||||
);
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
SecurityRequest::SrLoadModel => {
|
|
||||||
let request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!(
|
|
||||||
"LOAD MODEL bundle_id {} model_id {} addr {:p}",
|
|
||||||
request.bundle_id,
|
|
||||||
request.model_id,
|
|
||||||
request.model_binary
|
|
||||||
);
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
SecurityRequest::SrReadKey => Err(SecurityRequestError::SreReadFailed),
|
|
||||||
SecurityRequest::SrWriteKey => Err(SecurityRequestError::SreWriteFailed),
|
|
||||||
SecurityRequest::SrDeleteKey => Err(SecurityRequestError::SreDeleteFailed),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user