github/sparrow-kata-full
1
0
Fork 0
mirror of https://github.com/AmbiML/sparrow-kata-full.git synced 2025-07-19 16:47:02 +00:00
Code Issues Projects Releases Wiki Activity

Merge "kata-security-coordinator: split impl into fake & sel4"

Browse Source 
GitOrigin-RevId: 397cf136e3375588082b8508fd2060116b3101cd
This commit is contained in:
Sam Leffler 2021-09-21 16:00:51 +00:00
parent 0633ce6761
commit c0a44de935
5 changed files with 303 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/system/components/SecurityCoordinator/kata-security-common/src/lib.rs
View File

@ -125,8 +125,13 @@ pub enum SecurityRequestError {
SreValueInvalid,
SreKeyInvalid,
// Generic errors, mostly used in unit tests
SreEchoFailed,
SreInstallFailed,
SreUninstallFailed,
SreSizeBufferFailed,
SreGetManifestFailed,
SreLoadApplicationFailed,
SreLoadModelFailed,
SreReadFailed,
SreWriteFailed,
SreDeleteFailed,

5
apps/system/components/SecurityCoordinator/kata-security-coordinator/Cargo.toml
View File

@ -3,6 +3,11 @@ name = "kata-security-coordinator"
version = "0.1.0"
edition = "2018"
[features]
default = ["fake"] # TODO(sleffler): sel4 once it exists
fake = []
sel4 = []
[dependencies]
kata-security-common = { path = "../kata-security-common" }
log = "0.4"

152
apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs Normal file
View File

@ -0,0 +1,152 @@
//! Kata OS security coordinator fake support
extern crate alloc;
use alloc::string::ToString;
use kata_security_common::*;
use log::trace;
use postcard;
pub struct FakeSecurityCoordinatorInterface {
// TODO(sleffler): mailbox ipc state
}
impl FakeSecurityCoordinatorInterface {
pub fn new() -> Self {
FakeSecurityCoordinatorInterface {}
}
}
pub type KataSecurityCoordinatorInterface = FakeSecurityCoordinatorInterface;
impl SecurityCoordinatorInterface for FakeSecurityCoordinatorInterface {
fn request(
&mut self,
request_id: SecurityRequest,
request_buffer: &[u8],
reply_buffer: &mut [u8],
) -> Result<(), SecurityRequestError> {
use SecurityRequestError::*;
fn serialize_failure(e: postcard::Error) -> SecurityRequestError {
trace!("serialize failed: {:?}", e);
SreBundleDataInvalid
}
fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
trace!("deserialize failed: {:?}", e);
SreBundleDataInvalid
}
// TODO(sleffler): mailbox ipc
match request_id {
SecurityRequest::SrEcho => {
trace!("ECHO {:?}", request_buffer);
reply_buffer[0..request_buffer.len()].copy_from_slice(&request_buffer[..]);
Ok(())
}
SecurityRequest::SrInstall => {
trace!(
"INSTALL addr {:p} len {}",
request_buffer.as_ptr(),
request_buffer.len()
);
let _ = postcard::to_slice(
&(request_buffer.as_ptr() as usize).to_string(),
reply_buffer,
)
.map_err(serialize_failure)?;
Ok(())
}
SecurityRequest::SrUninstall => {
let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("UNINSTALL {}", request.bundle_id);
Ok(())
}
SecurityRequest::SrSizeBuffer => {
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
let _ = postcard::to_slice(
&0u32, // TODO(sleffler): fill-in
reply_buffer,
)
.map_err(serialize_failure)?;
Ok(())
}
SecurityRequest::SrGetManifest => {
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("GET MANIFEST bundle_id {}", request.bundle_id);
let _ = postcard::to_slice(
"# Comments like this
[Manifest]
BundleId=com.google.cerebra.hw.HelloWorld
[Binaries]
App=HelloWorldBin
Model=NeuralNetworkName
[Storage]
Required=1
", // TODO(sleffler): fill-in
reply_buffer,
)
.map_err(serialize_failure)?;
Ok(())
}
SecurityRequest::SrLoadApplication => {
let request = postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"LOAD APPLICATION bundle_id {} addr {:p}",
request.bundle_id,
request.app_binary
);
Ok(())
}
SecurityRequest::SrLoadModel => {
let request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"LOAD MODEL bundle_id {} model_id {} addr {:p}",
request.bundle_id,
request.model_id,
request.model_binary
);
Ok(())
}
SecurityRequest::SrReadKey => {
let request = postcard::from_bytes::<ReadKeyRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"READ KEY bundle_id {} key {}",
request.bundle_id,
request.key,
);
// TODO(sleffler): fill-in
Err(SreReadFailed)
}
SecurityRequest::SrWriteKey => {
let request = postcard::from_bytes::<WriteKeyRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"WRITE KEY bundle_id {} key {} value {:?}",
request.bundle_id,
request.key,
request.value,
);
// TODO(sleffler): fill-in
Err(SreWriteFailed)
}
SecurityRequest::SrDeleteKey => {
let request = postcard::from_bytes::<DeleteKeyRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"DELETE KEY bundle_id {} key {}",
request.bundle_id,
request.key,
);
// TODO(sleffler): fill-in
Err(SreDeleteFailed)
}
}
}
}

132
apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs Normal file
View File

@ -0,0 +1,132 @@
//! Kata OS security coordinator seL4 support
extern crate alloc;
use kata_security_common::*;
use log::trace;
use postcard;
pub struct SeL4SecurityCoordinatorInterface {
// TODO(sleffler): mailbox ipc state
}
impl SeL4SecurityCoordinatorInterface {
pub fn new() -> Self {
SeL4SecurityCoordinatorInterface {}
}
}
pub type KataSecurityCoordinatorInterface = SeL4SecurityCoordinatorInterface;
impl SecurityCoordinatorInterface for SeL4SecurityCoordinatorInterface {
fn request(
&mut self,
request_id: SecurityRequest,
request_buffer: &[u8],
_reply_buffer: &mut [u8],
) -> Result<(), SecurityRequestError> {
use SecurityRequestError::*;
fn _serialize_failure(e: postcard::Error) -> SecurityRequestError {
trace!("serialize failed: {:?}", e);
SreBundleDataInvalid
}
fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
trace!("deserialize failed: {:?}", e);
SreBundleDataInvalid
}
// TODO(sleffler): mailbox ipc
match request_id {
SecurityRequest::SrEcho => {
trace!("ECHO {:?}", request_buffer);
// TODO(sleffler): fill-in
Err(SreEchoFailed)
}
SecurityRequest::SrInstall => {
trace!(
"INSTALL addr {:p} len {}",
request_buffer.as_ptr(),
request_buffer.len()
);
// TODO(sleffler): fill-in
Err(SreInstallFailed)
}
SecurityRequest::SrUninstall => {
let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("UNINSTALL {}", request.bundle_id);
// TODO(sleffler): fill-in
Err(SreUninstallFailed)
}
SecurityRequest::SrSizeBuffer => {
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
// TODO(sleffler): fill-in
Err(SreSizeBufferFailed)
}
SecurityRequest::SrGetManifest => {
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("GET MANIFEST bundle_id {}", request.bundle_id);
// TODO(sleffler): fill-in
Err(SreGetManifestFailed)
}
SecurityRequest::SrLoadApplication => {
let request = postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"LOAD APPLICATION bundle_id {} addr {:p}",
request.bundle_id,
request.app_binary
);
// TODO(sleffler): fill-in
Err(SreLoadApplicationFailed)
}
SecurityRequest::SrLoadModel => {
let request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"LOAD MODEL bundle_id {} model_id {} addr {:p}",
request.bundle_id,
request.model_id,
request.model_binary
);
// TODO(sleffler): fill-in
Err(SreLoadModelFailed)
}
SecurityRequest::SrReadKey => {
let request = postcard::from_bytes::<ReadKeyRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"READ KEY bundle_id {} key {}",
request.bundle_id,
request.key,
);
// TODO(sleffler): fill-in
Err(SreReadFailed)
}
SecurityRequest::SrWriteKey => {
let request = postcard::from_bytes::<WriteKeyRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"WRITE KEY bundle_id {} key {} value {:?}",
request.bundle_id,
request.key,
request.value,
);
// TODO(sleffler): fill-in
Err(SreWriteFailed)
}
SecurityRequest::SrDeleteKey => {
let request = postcard::from_bytes::<DeleteKeyRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"DELETE KEY bundle_id {} key {}",
request.bundle_id,
request.key,
);
// TODO(sleffler): fill-in
Err(SreDeleteFailed)
}
}
}
}

116
apps/system/components/SecurityCoordinator/kata-security-coordinator/src/lib.rs
View File

@ -6,10 +6,15 @@
extern crate alloc;
use alloc::boxed::Box;
use alloc::string::ToString;
use kata_security_common::*;
use log::trace;
use postcard;
#[cfg(all(feature = "fake", feature = "sel4"))]
compile_error!("features \"fake\" and \"sel4\" are mutually exclusive");
#[cfg_attr(feature = "sel4", path = "impl.rs")]
#[cfg_attr(feature = "fake", path = "fakeimpl/mod.rs")]
mod platform;
pub use platform::KataSecurityCoordinatorInterface;
#[cfg(not(test))]
pub static mut KATA_SECURITY: KataSecurityCoordinator = KataSecurityCoordinator::empty();
@ -20,7 +25,6 @@ pub static mut KATA_SECURITY: KataSecurityCoordinator = KataSecurityCoordinator:
// NB: no locking is done; we assume the caller/user is single-threaded
pub struct KataSecurityCoordinator {
manager: Option<Box<dyn SecurityCoordinatorInterface + Sync>>,
// TODO(sleffler): mailbox ipc state
}
impl KataSecurityCoordinator {
// Constructs a partially-initialized instance; to complete call init().
@ -30,7 +34,7 @@ impl KataSecurityCoordinator {
}
pub fn init(&mut self) {
self.manager = Some(Box::new(KataSecurityCoordinatorInterface));
self.manager = Some(Box::new(KataSecurityCoordinatorInterface::new()));
}
}
impl SecurityCoordinatorInterface for KataSecurityCoordinator {
@ -46,105 +50,3 @@ impl SecurityCoordinatorInterface for KataSecurityCoordinator {
.request(request_id, request_buffer, reply_buffer)
}
}
struct KataSecurityCoordinatorInterface;
// TODO(sleffler): move this to a feature-controlled fake
impl SecurityCoordinatorInterface for KataSecurityCoordinatorInterface {
fn request(
&mut self,
request_id: SecurityRequest,
request_buffer: &[u8],
reply_buffer: &mut [u8],
) -> Result<(), SecurityRequestError> {
fn serialize_failure(e: postcard::Error) -> SecurityRequestError {
trace!("serialize failed: {:?}", e);
SecurityRequestError::SreBundleDataInvalid
}
fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
trace!("deserialize failed: {:?}", e);
SecurityRequestError::SreBundleDataInvalid
}
// TODO(sleffler): mailbox ipc
match request_id {
SecurityRequest::SrEcho => {
trace!("ECHO {:?}", request_buffer);
reply_buffer[0..request_buffer.len()].copy_from_slice(&request_buffer[..]);
Ok(())
}
SecurityRequest::SrInstall => {
trace!(
"INSTALL addr {:p} len {}",
request_buffer.as_ptr(),
request_buffer.len()
);
let _ = postcard::to_slice(
&(request_buffer.as_ptr() as usize).to_string(),
reply_buffer,
)
.map_err(serialize_failure)?;
Ok(())
}
SecurityRequest::SrUninstall => {
let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("UNINSTALL {}", request.bundle_id);
Ok(())
}
SecurityRequest::SrSizeBuffer => {
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
let _ = postcard::to_slice(
&0u32, // TODO(sleffler): fill-in
reply_buffer
).map_err(serialize_failure)?;
Ok(())
}
SecurityRequest::SrGetManifest => {
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!("GET MANIFEST bundle_id {}", request.bundle_id);
let _ = postcard::to_slice(
"# Comments like this
[Manifest]
BundleId=com.google.cerebra.hw.HelloWorld
[Binaries]
App=HelloWorldBin
Model=NeuralNetworkName
[Storage]
Required=1
", // TODO(sleffler): fill-in
reply_buffer
).map_err(serialize_failure)?;
Ok(())
}
SecurityRequest::SrLoadApplication => {
let request = postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"LOAD APPLICATION bundle_id {} addr {:p}",
request.bundle_id,
request.app_binary
);
Ok(())
}
SecurityRequest::SrLoadModel => {
let request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
.map_err(deserialize_failure)?;
trace!(
"LOAD MODEL bundle_id {} model_id {} addr {:p}",
request.bundle_id,
request.model_id,
request.model_binary
);
Ok(())
}
SecurityRequest::SrReadKey => Err(SecurityRequestError::SreReadFailed),
SecurityRequest::SrWriteKey => Err(SecurityRequestError::SreWriteFailed),
SecurityRequest::SrDeleteKey => Err(SecurityRequestError::SreDeleteFailed),
}
}
}