kernel: create AcceptedCredential type

bradjc · bradjc · commit 13b131746fb5 · 2024-06-21T12:21:25.000-04:00
diff --git a/kernel/src/process.rs b/kernel/src/process.rs
@@ -20,10 +20,10 @@ use crate::storage_permissions;
 use crate::syscall::{self, Syscall, SyscallReturn};
 use crate::upcall::UpcallId;
 use tock_tbf::types::CommandPermissions;
-use tock_tbf::types::TbfFooterV2Credentials;
 
 // Export all process related types via `kernel::process::`.
 pub use crate::process_binary::ProcessBinary;
+pub use crate::process_checker::AcceptedCredential;
 pub use crate::process_checker::{ProcessCheckerMachine, ProcessCheckerMachineClient};
 pub use crate::process_loading::load_processes;
 pub use crate::process_loading::ProcessLoadError;
@@ -340,7 +340,7 @@ pub trait Process {
     /// Return the credential which the credential checker approved if the
     /// credential checker approved a credential. If the process was allowed to
     /// run without credentials, return `None`.
-    fn get_credential(&self) -> Option<(TbfFooterV2Credentials, Option<core::num::NonZeroUsize>)>;
+    fn get_credential(&self) -> Option<AcceptedCredential>;
 
     /// Returns how many times this process has been restarted.
     fn get_restart_count(&self) -> usize;
diff --git a/kernel/src/process_binary.rs b/kernel/src/process_binary.rs
@@ -11,8 +11,8 @@ use core::fmt;
 
 use crate::config;
 use crate::debug;
+use crate::process_checker::AcceptedCredential;
 use crate::utilities::cells::OptionalCell;
-use tock_tbf::types::TbfFooterV2Credentials;
 
 /// Errors resulting from trying to load a process binary structure from flash.
 pub enum ProcessBinaryError {
@@ -129,7 +129,7 @@ pub struct ProcessBinary {
     /// Optional credential that was used to approve this application. This is
     /// set if the process is checked by a credential checker and a specific
     /// credential was used to approve this process. Otherwise this is `None`.
-    pub credential: OptionalCell<(TbfFooterV2Credentials, Option<core::num::NonZeroUsize>)>,
+    pub credential: OptionalCell<AcceptedCredential>,
 }
 
 impl ProcessBinary {
@@ -249,9 +249,7 @@ impl ProcessBinary {
         })
     }
 
-    pub fn get_credential(
-        &self,
-    ) -> Option<(TbfFooterV2Credentials, Option<core::num::NonZeroUsize>)> {
+    pub fn get_credential(&self) -> Option<AcceptedCredential> {
         self.credential.get()
     }
 
diff --git a/kernel/src/process_checker.rs b/kernel/src/process_checker.rs
@@ -83,6 +83,25 @@ pub trait AppCredentialsPolicyClient<'a> {
     );
 }
 
+/// The accepted credential from the credential checker.
+///
+/// This combines both the credential as stored in the TBF footer with an
+/// optional opaque value provided by the checker when it accepted the
+/// credential. This value can be used when assigning an AppID to the
+/// application based on the how the credential was approved. For example, if
+/// the credential checker has a list of valid public keys used to verify
+/// signatures, it might set the optional value to the index of the public key
+/// in this list.
+#[derive(Copy, Clone)]
+pub struct AcceptedCredential {
+    /// The credential stored in the footer that the credential checker
+    /// accepted.
+    pub credential: TbfFooterV2Credentials,
+    /// An optional opaque value set by the credential checker to store metadata
+    /// about the accepted credential. This is credential checker specific.
+    pub metadata: Option<core::num::NonZeroUsize>,
+}
+
 /// Implements a Credentials Checking Policy.
 pub trait AppCredentialsPolicy<'a> {
     /// Set the client which gets notified after the credential check completes.
@@ -187,10 +206,7 @@ pub trait ProcessCheckerMachineClient {
     fn done(
         &self,
         process_binary: ProcessBinary,
-        result: Result<
-            Option<(TbfFooterV2Credentials, Option<core::num::NonZeroUsize>)>,
-            ProcessCheckError,
-        >,
+        result: Result<Option<AcceptedCredential>, ProcessCheckError>,
     );
 }
 
@@ -441,7 +457,13 @@ impl AppCredentialsPolicyClient<'static> for ProcessCheckerMachine {
             Ok(CheckResult::Accept(opaque)) => {
                 self.client.map(|client| {
                     if let Some(pb) = self.process_binary.take() {
-                        client.done(pb, Ok(Some((credentials, opaque))))
+                        client.done(
+                            pb,
+                            Ok(Some(AcceptedCredential {
+                                credential: credentials,
+                                metadata: opaque,
+                            })),
+                        )
                     }
                 });
                 false
diff --git a/kernel/src/process_loading.rs b/kernel/src/process_loading.rs
@@ -23,11 +23,11 @@ use crate::kernel::Kernel;
 use crate::platform::chip::Chip;
 use crate::process::{Process, ShortId};
 use crate::process_binary::{ProcessBinary, ProcessBinaryError};
+use crate::process_checker::AcceptedCredential;
 use crate::process_checker::{AppIdPolicy, ProcessCheckError, ProcessCheckerMachine};
 use crate::process_policies::ProcessFaultPolicy;
 use crate::process_standard::ProcessStandard;
 use crate::utilities::cells::{MapCell, OptionalCell};
-use tock_tbf::types::TbfFooterV2Credentials;
 
 /// Errors that can occur when trying to load and create processes.
 pub enum ProcessLoadError {
@@ -906,10 +906,7 @@ impl<'a, C: Chip> crate::process_checker::ProcessCheckerMachineClient
     fn done(
         &self,
         process_binary: ProcessBinary,
-        result: Result<
-            Option<(TbfFooterV2Credentials, Option<core::num::NonZeroUsize>)>,
-            crate::process_checker::ProcessCheckError,
-        >,
+        result: Result<Option<AcceptedCredential>, crate::process_checker::ProcessCheckError>,
     ) {
         // Check if this process was approved by the checker.
         match result {
diff --git a/kernel/src/process_standard.rs b/kernel/src/process_standard.rs
@@ -28,6 +28,7 @@ use crate::process::{Error, FunctionCall, FunctionCallSource, Process, Task};
 use crate::process::{FaultAction, ProcessCustomGrantIdentifier, ProcessId};
 use crate::process::{ProcessAddresses, ProcessSizes, ShortId};
 use crate::process::{State, StoppedState};
+use crate::process_checker::AcceptedCredential;
 use crate::process_loading::ProcessLoadError;
 use crate::process_policies::ProcessFaultPolicy;
 use crate::processbuffer::{ReadOnlyProcessBuffer, ReadWriteProcessBuffer};
@@ -37,7 +38,6 @@ use crate::upcall::UpcallId;
 use crate::utilities::cells::{MapCell, NumericCellExt, OptionalCell};
 
 use tock_tbf::types::CommandPermissions;
-use tock_tbf::types::TbfFooterV2Credentials;
 
 /// State for helping with debugging apps.
 ///
@@ -189,7 +189,7 @@ pub struct ProcessStandard<'a, C: 'static + Chip> {
 
     /// Credential that was approved for this process, or `None` if the
     /// credential was permitted to run without an accepted credential.
-    credential: Option<(TbfFooterV2Credentials, Option<core::num::NonZeroUsize>)>,
+    credential: Option<AcceptedCredential>,
 
     /// State saved on behalf of the process each time the app switches to the
     /// kernel.
@@ -259,7 +259,7 @@ impl<C: Chip> Process for ProcessStandard<'_, C> {
         }
     }
 
-    fn get_credential(&self) -> Option<(TbfFooterV2Credentials, Option<core::num::NonZeroUsize>)> {
+    fn get_credential(&self) -> Option<AcceptedCredential> {
         self.credential
     }
 
