Upgrade signing key generation (#379)

* adds the upgrade signing key generation and the partition offset * use openssl in build.rs instead
2021-09-15 21:25:19 +02:00
parent 7a975acf33
commit 596b47886c
9 changed files with 87 additions and 31 deletions
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -17,7 +17,6 @@ use alloc::string::String;
 use alloc::vec::Vec;
 use arrayref::array_ref;
 use core::convert::TryFrom;
-use core::fmt;
 use crypto::{ecdh, ecdsa};
 #[cfg(test)]
 use enum_iterator::IntoEnumIterator;
@@ -841,30 +840,12 @@ impl TryFrom<CoseKey> for ecdsa::PubKey {
 /// Data structure for receiving a signature.
 ///
 /// See https://datatracker.ietf.org/doc/html/rfc8152#appendix-C.1.1 for reference.
-///
-/// TODO derive Debug and PartialEq with compiler version 1.47
-#[derive(Clone)]
+#[derive(Clone, Debug, PartialEq)]
 pub struct CoseSignature {
    pub algorithm: SignatureAlgorithm,
    pub bytes: [u8; ecdsa::Signature::BYTES_LENGTH],
 }

-impl fmt::Debug for CoseSignature {
-    fn fmt(&self, formatter: &mut fmt::Formatter) -> fmt::Result {
-        formatter
-            .debug_struct("CoseSignature")
-            .field("algorithm", &self.algorithm)
-            .field("bytes", &self.bytes.to_vec())
-            .finish()
-    }
-}
-
-impl PartialEq for CoseSignature {
-    fn eq(&self, other: &CoseSignature) -> bool {
-        self.algorithm == other.algorithm && self.bytes[..] == other.bytes[..]
-    }
-}
-
 impl TryFrom<cbor::Value> for CoseSignature {
    type Error = Ctap2StatusCode;

--- a/src/ctap/key_material.rs
+++ b/src/ctap/key_material.rs
@@ -14,6 +14,9 @@

 pub const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32;
 pub const AAGUID_LENGTH: usize = 16;
+pub const _UPGRADE_PUBLIC_KEY_LENGTH: usize = 77;

 pub const AAGUID: &[u8; AAGUID_LENGTH] =
    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
+pub const _UPGRADE_PUBLIC_KEY: &[u8; _UPGRADE_PUBLIC_KEY_LENGTH] =
+    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_upgrade_pubkey_cbor.bin"));
--- a/src/embedded_flash/buffer_upgrade.rs
+++ b/src/embedded_flash/buffer_upgrade.rs
@@ -57,6 +57,10 @@ impl UpgradeStorage for BufferUpgradeStorage {
        }
    }

+    fn partition_address(&self) -> usize {
+        0x60000
+    }
+
    fn partition_length(&self) -> usize {
        PARTITION_LENGTH
    }
--- a/src/embedded_flash/syscall.rs
+++ b/src/embedded_flash/syscall.rs
@@ -317,6 +317,10 @@ impl UpgradeStorage for SyscallUpgradeStorage {
        }
    }

+    fn partition_address(&self) -> usize {
+        self.partition.start()
+    }
+
    fn partition_length(&self) -> usize {
        self.partition.length()
    }
--- a/src/embedded_flash/upgrade_storage.rs
+++ b/src/embedded_flash/upgrade_storage.rs
@@ -34,6 +34,9 @@ pub trait UpgradeStorage {
    /// Returns [`StorageError::OutOfBounds`] if the data does not fit the partition.
    fn write_partition(&mut self, offset: usize, data: &[u8]) -> StorageResult<()>;

+    /// Returns the address of the partition.
+    fn partition_address(&self) -> usize;
+
    /// Returns the length of the partition.
    fn partition_length(&self) -> usize;