Hostenv file storage #489
Hostenv file storage #489
Conversation
This allows running ctap2 authenticator application on non-embedded host OS to implement virtual FIDO2 authenticator for QEMU
read_slice(...) can return Cow::Owned buffer to the caller
|
|
||
| if file_len == 0 { | ||
| file.seek(SeekFrom::Start(0))?; | ||
| let buf = vec![0xffu8; options.page_size]; |
There was a problem hiding this comment.
We have generally used 0xFF. Is the u8 annotation is required?
Other instances of this exist below.
There was a problem hiding this comment.
Right, for consistency with the rest of the library let's use 0xff if Rust is able to infer the type.
| @@ -365,6 +365,8 @@ extern crate alloc; | |||
| mod buffer; | |||
| #[cfg(feature = "std")] | |||
| mod driver; | |||
| #[cfg(feature = "std")] | |||
There was a problem hiding this comment.
Does this std condition correctly interact with the rest of the code? We use std for tests and fuzzing only so far. Therefore, I was wondering if you can just compile the OpenSK library with std later for non-testing purposes?
There was a problem hiding this comment.
Yes, std means that we compile with the standard library (and thus an OS). We use std for tests and fuzzing because that's the only reason we need to compile on an OS. And this example is another reason now.
Note that once CTAP is a library we will compile it with std for non-testing purposes too. This library is just one step ahead because it's already a library and doesn't depend on Tock.
| @@ -36,6 +36,13 @@ pub enum StorageError { | |||
| CustomError, | |||
| } | |||
|
|
|||
| #[cfg(feature = "std")] | |||
| impl From<std::io::Error> for StorageError { | |||
There was a problem hiding this comment.
Same here, another use of std that is actually necessary outside of tests.
|
I resolved all of @ia0 's comments since approved. I don't mind merging, just had a nit and an open question about `std``, and if you already tried using this PR in your QEMU project and it all worked. |
|
|
||
| if file_len == 0 { | ||
| file.seek(SeekFrom::Start(0))?; | ||
| let buf = vec![0xffu8; options.page_size]; |
There was a problem hiding this comment.
Right, for consistency with the rest of the library let's use 0xff if Rust is able to infer the type.
| @@ -365,6 +365,8 @@ extern crate alloc; | |||
| mod buffer; | |||
| #[cfg(feature = "std")] | |||
| mod driver; | |||
| #[cfg(feature = "std")] | |||
There was a problem hiding this comment.
Yes, std means that we compile with the standard library (and thus an OS). We use std for tests and fuzzing because that's the only reason we need to compile on an OS. And this example is another reason now.
Note that once CTAP is a library we will compile it with std for non-testing purposes too. This library is just one step ahead because it's already a library and doesn't depend on Tock.
|
Regarding std, I've tested my prototype code: I run However, I've encountered two problems:
Should I change FileStorage::max_word_writes and max_page_erases to return Nat::MAX and 65535 respectively, or change functions in Format to accommodate current FileStorage max values? |
Oops my bad, I forgot about that. Yes, your suggestion sounds good. Let's also document for each of them why we use those values because I'm pretty I'm gonna forget again. fn max_word_writes(&self) -> usize {
// We can write an unlimited amount of times in a file, but the store arithmetic
// uses `Nat` so the value should fit in a `Nat`.
Nat::MAX as usize
}
fn max_page_erases(&self) -> usize {
// We can "erase" an unlimited amount of times in a file, but the store format
// encodes the number of erase cycles on 16 bits.
u16::MAX as usize
} |
Part of implementation for #485
This PR implements a storage, backed by file on host OS, for persisting authenticator data between restarts of OpenSK application used for FIDO2 emulation for QEMU.
After changes to storage API there's no more need for double buffering of storage data.
Current
read_slice()method signature declares storage object as immutable. This conflicts with File object being mutated by read operations (current file position is changed for and after read). To keepread_slice()signature unchanged, interior mutability viaRefCellis used.