Skip to content

RNG closures #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Flaneur3434 merged 11 commits into from
Mar 24, 2024
Merged

RNG closures #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
2fb0bd5
rng closure traits complete
Flaneur3434 Mar 14, 2024
bac08d5
so tired
Flaneur3434 Mar 14, 2024
ceef610
fixed traits
Flaneur3434 Mar 14, 2024
84cd4a6
changed to RngCore + CryptoRng
Flaneur3434 Mar 14, 2024
450ff3d
removed commented out code
Flaneur3434 Mar 14, 2024
fbb5706
removed testing code
Flaneur3434 Mar 14, 2024
0c40c6b
need to make RngNotUsed public
Flaneur3434 Mar 14, 2024
ec4c2cf
allow private_bounds
Flaneur3434 Mar 14, 2024
a9f439c
added 2 types of FnOnce parameters
Flaneur3434 Mar 14, 2024
1264534
fixed clippy errors
Flaneur3434 Mar 14, 2024
3e65599
changed back to CryptoRngCore
Flaneur3434 Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,5 @@ license = "MIT"
[dependencies]
cortex-m = "0.7.7"
rand_core = "0.6.4"
const-random = { version = "0.1.17" }
const-random = { version = "0.1.17" }
sealed = "0.5.0"
84 changes: 72 additions & 12 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ use core::ptr::{read_volatile, write_volatile};
use core::result::Result;
use cortex_m::asm::delay;
use rand_core::CryptoRngCore;
use sealed::sealed;

extern crate const_random;

// Application Interrupt and Reset Control Register
Expand Down Expand Up @@ -44,6 +46,63 @@ impl From<bool> for SecureBool {
}
}

/// A phantom data type that is used by Rng closure traits
pub struct RngNotUsed {}

#[sealed]
trait RngFnOnce<T, U: CryptoRngCore> {
fn exec(self, rng: &mut U);
}

#[sealed]
trait RngFnMut<T, U: CryptoRngCore> {
fn exec(&mut self, rng: &mut U) -> SecureBool;
}

#[sealed]
impl<F, T> RngFnOnce<T, T> for F
where
F: FnOnce(&mut T),
T: CryptoRngCore,
{
fn exec(self, rng: &mut T) {
(self)(rng)
}
}

#[sealed]
impl<F, T> RngFnOnce<RngNotUsed, T> for F
where
F: FnOnce(),
T: CryptoRngCore,
{
fn exec(self, _: &mut T) {
(self)()
}
}

#[sealed]
impl<F, T> RngFnMut<T, T> for F
where
F: FnMut(&mut T) -> SecureBool,
T: CryptoRngCore,
{
fn exec(&mut self, rng: &mut T) -> SecureBool {
(self)(rng)
}
}

#[sealed]
impl<F, T> RngFnMut<RngNotUsed, T> for F
where
F: FnMut() -> SecureBool,
T: CryptoRngCore,
{
fn exec(&mut self, _: &mut T) -> SecureBool {
(self)()
}
}

/// Secure random delay errors
///
/// # Errors
Expand Down Expand Up @@ -200,12 +259,13 @@ impl FaultInjectionPrevention {
/// Takes a condition closure, a success closure, and a failure closure. The success and failure
/// closures should match the success and failure cases of the code that is being run to ensure
/// maximum protection.
pub fn critical_if(
#[allow(private_bounds)]
pub fn critical_if<FnMutType, FnOnceType1, FnOnceType2, T: CryptoRngCore>(
&self,
mut condition: impl FnMut() -> SecureBool,
success: impl FnOnce(),
failure: impl FnOnce(),
rng: &mut impl CryptoRngCore,
mut condition: impl RngFnMut<FnMutType, T>,
success: impl RngFnOnce<FnOnceType1, T>,
failure: impl RngFnOnce<FnOnceType2, T>,
rng: &mut T,
) {
let mut cond = SecureBool::Error;

Expand All @@ -217,15 +277,15 @@ impl FaultInjectionPrevention {
write_volatile(&mut cond, SecureBool::Error);
}

if black_box(black_box(condition()) == SecureBool::False) {
if black_box(black_box(condition.exec(rng)) == SecureBool::False) {
// SAFETY: cond is non-null and properly aligned since it comes from a
// Rust variable. In addition SecureBool derives the Copy trait, so a
// bit-wise copy is performed
unsafe {
write_volatile(&mut cond, SecureBool::False);
}
} else {
if black_box(black_box(condition()) == SecureBool::False) {
if black_box(black_box(condition.exec(rng)) == SecureBool::False) {
Self::secure_reset_device();
}

Expand All @@ -241,8 +301,8 @@ impl FaultInjectionPrevention {

self.secure_random_delay(rng);

if black_box(black_box(condition()) == SecureBool::False) {
if black_box(black_box(condition()) == SecureBool::True) {
if black_box(black_box(condition.exec(rng)) == SecureBool::False) {
if black_box(black_box(condition.exec(rng)) == SecureBool::True) {
Self::secure_reset_device();
}

Expand All @@ -253,9 +313,9 @@ impl FaultInjectionPrevention {

// Not moving the parentheses to the outside makes smaller code.
#[allow(clippy::unit_arg)]
black_box(failure());
black_box(failure.exec(rng));
} else {
if black_box(black_box(condition()) == SecureBool::False) {
if black_box(black_box(condition.exec(rng)) == SecureBool::False) {
Self::secure_reset_device();
}

Expand All @@ -266,7 +326,7 @@ impl FaultInjectionPrevention {

// Not moving the parentheses to the outside makes smaller code.
#[allow(clippy::unit_arg)]
black_box(success());
black_box(success.exec(rng));
}

helper::dsb();
Expand Down