hyde-macros 0.1.0

Procedural macros for Hyde (#[hyde::protect])
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

extern crate proc_macro;

use proc_macro::TokenStream;
use quote::quote;
use syn::{parse_macro_input, DeriveInput, Fields, Meta, Expr, Lit};

/// Attribute macro that makes a struct protectable by a TEE.
///
/// Generates:
/// - `fn protect(ctx, fields...) -> Result<Protected<Self>>` constructor
/// - `Zeroize` on Drop (if `zeroize = true`, the default)
/// - Derives `Serialize`, `Deserialize` on the struct
///
/// # Example
/// ```ignore
/// #[hyde::protect]
/// struct DocumentKey {
///     key_material: [u8; 32],
/// }
///
/// // Generated API:
/// let protected = DocumentKey::protect(&mut ctx, key_material)?;
/// let doc_key: DocumentKey = protected.unprotect(&mut ctx)?;
/// ```
///
/// # Attributes
/// - `zeroize = false` — disable Zeroize on Drop (default: true)
#[proc_macro_attribute]
pub fn protect(attr: TokenStream, item: TokenStream) -> TokenStream {
    let input = parse_macro_input!(item as DeriveInput);
    let attrs = parse_protect_attrs(attr);

    let name = &input.ident;
    let vis = &input.vis;
    let generics = &input.generics;

    // Extract named fields
    let fields = match &input.data {
        syn::Data::Struct(data) => match &data.fields {
            Fields::Named(named) => &named.named,
            _ => {
                return syn::Error::new_spanned(
                    &input.ident,
                    "#[hyde::protect] only supports structs with named fields",
                )
                .to_compile_error()
                .into();
            }
        },
        _ => {
            return syn::Error::new_spanned(
                &input.ident,
                "#[hyde::protect] can only be applied to structs",
            )
            .to_compile_error()
            .into();
        }
    };

    // Build the `protect()` method parameters and struct construction
    let field_params: Vec<_> = fields
        .iter()
        .map(|f| {
            let fname = &f.ident;
            let fty = &f.ty;
            quote! { #fname: #fty }
        })
        .collect();

    let field_names: Vec<_> = fields.iter().map(|f| &f.ident).collect();

    // Generate Zeroize on Drop if enabled
    let zeroize_impl = if attrs.zeroize {
        let zeroize_fields: Vec<_> = fields
            .iter()
            .map(|f| {
                let fname = &f.ident;
                quote! { zeroize::Zeroize::zeroize(&mut self.#fname); }
            })
            .collect();

        quote! {
            impl #generics Drop for #name #generics {
                fn drop(&mut self) {
                    #(#zeroize_fields)*
                }
            }
        }
    } else {
        quote! {}
    };

    // Keep existing attributes (except our #[hyde::protect])
    let existing_attrs: Vec<_> = input
        .attrs
        .iter()
        .filter(|a| !a.path().is_ident("protect"))
        .collect();

    let expanded = quote! {
        #(#existing_attrs)*
        #[derive(serde::Serialize, serde::Deserialize)]
        #vis struct #name #generics {
            #fields
        }

        impl #generics #name #generics {
            /// Protect this value using a TEE backend.
            ///
            /// Serializes the struct, encrypts it via `HydeContext`, and returns
            /// a `Protected<Self>` that can only be decrypted with the same TEE.
            #vis fn protect(
                ctx: &mut hyde_core::HydeContext,
                #(#field_params),*
            ) -> hyde_core::Result<hyde_core::Protected<Self>> {
                let value = Self { #(#field_names),* };
                hyde_core::Protected::new(ctx, &value)
            }
        }

        #zeroize_impl
    };

    expanded.into()
}

struct ProtectAttrs {
    zeroize: bool,
}

fn parse_protect_attrs(attr: TokenStream) -> ProtectAttrs {
    let mut zeroize = true;

    if !attr.is_empty() {
        let parser = syn::punctuated::Punctuated::<Meta, syn::Token![,]>::parse_terminated;
        if let Ok(metas) = syn::parse::Parser::parse(parser, attr) {
            for meta in metas {
                if let Meta::NameValue(nv) = meta {
                    if nv.path.is_ident("zeroize") {
                        if let Expr::Lit(expr_lit) = &nv.value {
                            if let Lit::Bool(lit_bool) = &expr_lit.lit {
                                zeroize = lit_bool.value;
                            }
                        }
                    }
                }
            }
        }
    }

    ProtectAttrs { zeroize }
}