pub struct Manifest {
pub version: u16,
pub flags: u16,
pub app_name: Stringish<16>,
pub app_version: Stringish<24>,
pub app_len: u32,
pub app_csum: Checksum,
pub meta_kind: u16,
pub meta_len: u16,
pub meta_csum: Checksum,
pub key: PublicKey,
pub sig: Signature,
}
Expand description
Applet manifest, links app and metadata checksums with overall applet signature
Encoding:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MANIFEST_VERSION | MANIFEST_FLAGS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| APP_NAME |
| (16-byte zero padded utf8) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ APP_VERSION /
/ (24-byte zero padded utf8) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| APP_LENGTH (u32) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ APP_CHECKSUM /
/ (256-bit truncated SHA512) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| META_KIND | META_LENGTH (u16) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ META_CHECKSUM /
/ (256-bit truncated SHA512) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ SIGNING KEY /
/ (ED25519 Public Key) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ SIGNATURE /
/ (ED25519 Signature) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fields§
§version: u16
Manifest version (must be 1)
flags: u16
Manifest flags
app_name: Stringish<16>
Application name (utf8, zero-padded)
app_version: Stringish<24>
Application Version (utf8, zero-padded)
app_len: u32
Application binary length
app_csum: Checksum
Application binary checksum (sha512)
meta_kind: u16
Metadata encoding kind
meta_len: u16
Metadata binary length
meta_csum: Checksum
Metadata binary checksum
key: PublicKey
Public key used to sign manifest
For released firmware allowed public keys should be pinned via bootloader, where release keys are not available transient keys will be used to construct a valid manifest object.
sig: Signature
Signature over manifest data, against the specified public key
Implementations§
source§impl Manifest
impl Manifest
sourcepub fn app_version(&self) -> &str
pub fn app_version(&self) -> &str
Fetch app version
sourcepub fn sign<RNG: RngCore + CryptoRng + Default>(
&mut self,
signing_key: PrivateKey
) -> Result<(), ManifestError>
pub fn sign<RNG: RngCore + CryptoRng + Default>(
&mut self,
signing_key: PrivateKey
) -> Result<(), ManifestError>
Sign manifest using provided key
sourcepub fn verify(&self, allowed_keys: &[PublicKey]) -> Result<(), ManifestError>
pub fn verify(&self, allowed_keys: &[PublicKey]) -> Result<(), ManifestError>
Verify manifest signature against allowed keys
sourcepub fn check(&self, app: &[u8], meta: &[u8]) -> Result<(), VerifyError>
pub fn check(&self, app: &[u8], meta: &[u8]) -> Result<(), VerifyError>
Check application and metadata against manifest
sourcepub fn check_precomputed(
&self,
app_csum: &Checksum,
app_len: usize,
meta_csum: &Checksum,
meta_len: usize
) -> Result<(), VerifyError>
pub fn check_precomputed(
&self,
app_csum: &Checksum,
app_len: usize,
meta_csum: &Checksum,
meta_len: usize
) -> Result<(), VerifyError>
Check application and metadata against manifest using pre-computed values
This is useful where the app is not entirely in memory for checksum computations