csv-rs 0.1.0

Library for HYGON CSV and DCU
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

// Copyright (C) Hygon Info Technologies Ltd.
//
// SPDX-License-Identifier: Apache-2.0
//

use crate::{
    certs::{csv::Certificate, Usage, Verifiable},
    crypto::{sig::ecdsa, PublicKey, Signature},
    util::*,
};

use hex::encode;
use log::*;
use serde::{Deserialize, Serialize};
use std::ffi::c_void;
use std::io::Write;

/// A structure representing the body of an attestation report.
/// This is marked with `repr(C)` for C compatibility and can be serialized/deserialized.
#[repr(C)]
#[derive(Debug, Copy, Clone, Serialize, Deserialize)]
pub struct Body {
    /// Version number of the attestation report format
    pub version: u32,
    /// Unique identifier of the hardware chip (16 bytes)
    pub chip_id: [u8; 16],
    /// User data value (64 bytes)
    #[serde(with = "serde_bytes")]
    pub user_data: [u8; 64],
    /// Measurement data (32 bytes)
    pub measure: [u8; 32],
    /// Reserved data (128 bytes)
    #[serde(with = "serde_bytes")]
    pub reserved: [u8; 128],
    /// Indicates the purpose/usage of the signature
    pub sig_usage: u32,
    /// Algorithm used for generating the signature
    pub sig_algo: u32,
}

impl Default for Body {
    /// Creates a default Body with all fields zero-initialized
    fn default() -> Self {
        Self {
            version: Default::default(),
            chip_id: Default::default(),
            user_data: [0u8; 64],
            measure: Default::default(),
            reserved: [0u8; 128],
            sig_usage: Default::default(),
            sig_algo: Default::default(),
        }
    }
}

impl Body {
    /// Prints each field of the `Body` struct in human-readable format
    pub fn print_fields(&self) {
        trace!("Version: {}", self.version);
        trace!("Chip ID: {}", String::from_utf8_lossy(&self.chip_id));
        trace!("User data: {}", encode(self.user_data));
        trace!("Measure: {:?}", self.measure);
        trace!("Signature Usage: {}", self.sig_usage);
        trace!("Signature Algorithm: {}", self.sig_algo);
    }
}

/// This structure contains both the report body and its cryptographic signature.
#[repr(C)]
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct AttestationReport {
    /// The main content of the attestation report
    pub body: Body,
    /// ECDSA signature verifying the report authenticity
    pub sig: ecdsa::Signature,
}

impl AttestationReport {
    /// Prints both the body and signature fields of the attestation report
    pub fn print_report(&self) {
        self.body.print_fields();
        self.sig.print_fields();
    }
}

impl Default for AttestationReport {
    /// Creates a default AttestationReport with empty body and signature
    fn default() -> Self {
        Self {
            body: Default::default(),
            sig: Default::default(),
        }
    }
}

/// Response structure containing the attestation report from the dcu devices
#[repr(C)]
#[derive(Debug, serde::Deserialize)]
pub struct AttestationResponse {
    /// Size of the contained report in bytes
    pub report_size: u32,
    /// Reserved space for future extensions (28 bytes)
    pub reserved: [u8; 28],
    /// The actual attestation report data
    pub report: AttestationReport,
}

impl Default for AttestationResponse {
    /// Creates a default response with zero-sized report and empty fields
    fn default() -> Self {
        Self {
            report_size: 0,
            reserved: [0u8; 28],
            report: AttestationReport::default(),
        }
    }
}

impl AttestationResponse {
    /// Safely constructs a mutable reference from a raw C pointer
    /// # Safety
    /// Caller must ensure the pointer is valid and properly aligned
    pub unsafe fn from_raw<'a>(ptr: *mut c_void) -> Option<&'a mut Self> {
        if ptr.is_null() {
            None
        } else {
            Some(&mut *(ptr as *mut Self))
        }
    }
}

/// Implementation of encoding functionality for AttestationReport
impl codicon::Encoder<crate::Body> for AttestationReport {
    type Error = std::io::Error;

    /// Encodes the report body into the writer
    fn encode(&self, mut writer: impl Write, _: crate::Body) -> Result<(), std::io::Error> {
        writer.save(&self.body)
    }
}

impl TryFrom<&AttestationReport> for Signature {
    type Error = std::io::Error;

    /// Attempts to convert an AttestationReport into a Signature structure
    #[inline]
    fn try_from(value: &AttestationReport) -> Result<Self, std::io::Error> {
        let sig = Vec::try_from(&value.sig)?;
        Ok(Self {
            sig,
            id: None,
            usage: Usage::CEK,
            algo: None,
        })
    }
}

/// Implementation of verification for a certificate and attestation report pair
impl Verifiable for (&Certificate, &AttestationReport) {
    type Output = ();

    /// Verifies the attestation report using the provided certificate
    fn verify(self) -> Result<(), std::io::Error> {
        let key: PublicKey = self.0.try_into()?;
        let sig: Signature = self.1.try_into()?;
        key.verify(
            self.1,
            &self.0.body.data.user_id[..self.0.body.data.uid_size as usize],
            &sig,
        )
    }
}