Skip to main content

csv_rs/certs/csv/
chain.rs

1// Copyright (C) Hygon Info Technologies Ltd.
2//
3// SPDX-License-Identifier: Apache-2.0
4
5//! For operating on the CSV platform certificate chain.
6
7use super::cert::Certificate;
8use super::*;
9use crate::certs::Usage;
10
11use serde::{Deserialize, Serialize};
12use std::io::{Error, ErrorKind, Result};
13
14/// The CSV certificate chain.
15#[repr(C)]
16#[derive(Deserialize, Serialize)]
17pub struct Chain {
18    /// The Platform Diffie-Hellman certificate
19    pub pdh: Certificate,
20
21    /// The certificate for the PEK.
22    pub pek: Certificate,
23
24    /// The certificate for the OCA.
25    pub oca: Certificate,
26
27    /// The certificate for the CEK.
28    pub cek: Certificate,
29}
30
31impl codicon::Decoder<()> for Chain {
32    type Error = Error;
33
34    fn decode(mut reader: impl Read, _: ()) -> Result<Self> {
35        let pdh = Certificate::decode(&mut reader, ())?;
36        if Usage::try_from(&pdh)? != Usage::PDH {
37            return Err(ErrorKind::InvalidInput.into());
38        }
39
40        let pek = Certificate::decode(&mut reader, ())?;
41        if Usage::try_from(&pek)? != Usage::PEK {
42            return Err(ErrorKind::InvalidInput.into());
43        }
44
45        let oca = Certificate::decode(&mut reader, ())?;
46        if Usage::try_from(&oca)? != Usage::OCA {
47            return Err(ErrorKind::InvalidInput.into());
48        }
49
50        let cek = Certificate::decode(&mut reader, ())?;
51        if Usage::try_from(&cek)? != Usage::CEK {
52            return Err(ErrorKind::InvalidInput.into());
53        }
54
55        Ok(Self { pdh, pek, oca, cek })
56    }
57}
58
59impl codicon::Encoder<()> for Chain {
60    type Error = Error;
61
62    fn encode(&self, mut writer: impl Write, _: ()) -> Result<()> {
63        self.pdh.encode(&mut writer, crate::Body)?;
64        self.pek.encode(&mut writer, crate::Body)?;
65        self.oca.encode(&mut writer, crate::Body)?;
66        self.cek.encode(&mut writer, crate::Body)
67    }
68}
69
70impl<'a> Verifiable for &'a Chain {
71    type Output = &'a Certificate;
72
73    fn verify(self) -> Result<Self::Output> {
74        (&self.oca, &self.oca).verify()?;
75        (&self.oca, &self.pek).verify()?;
76        (&self.cek, &self.pek).verify()?;
77        (&self.pek, &self.pdh).verify()?;
78        Ok(&self.pdh)
79    }
80}