1 // Copyright 2023, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! This module implements a retry version for multiple DICE functions that
16 //! require preallocated output buffer. As the retry functions require
17 //! memory allocation on heap, currently we only expose these functions in
18 //! std environment.
19
20 use crate::bcc::{bcc_format_config_descriptor, bcc_main_flow, DiceConfigValues};
21 use crate::dice::{
22 dice_main_flow, Cdi, CdiValues, DiceArtifacts, InputValues, CDI_SIZE, PRIVATE_KEY_SEED_SIZE,
23 };
24 use crate::error::{DiceError, Result};
25 use crate::ops::generate_certificate;
26 #[cfg(feature = "alloc")]
27 use alloc::vec::Vec;
28 #[cfg(feature = "serde_derive")]
29 use serde_derive::{Deserialize, Serialize};
30
31 /// Artifacts stores a set of dice artifacts comprising CDI_ATTEST, CDI_SEAL,
32 /// and the BCC formatted attestation certificate chain.
33 /// As we align with the DICE standards today, this is the certificate chain
34 /// is also called DICE certificate chain.
35 #[derive(Debug)]
36 #[cfg_attr(feature = "serde_derive", derive(Serialize, Deserialize))]
37 pub struct OwnedDiceArtifacts {
38 /// CDI Values.
39 cdi_values: CdiValues,
40 /// Boot Certificate Chain.
41 bcc: Vec<u8>,
42 }
43
44 impl DiceArtifacts for OwnedDiceArtifacts {
cdi_attest(&self) -> &[u8; CDI_SIZE]45 fn cdi_attest(&self) -> &[u8; CDI_SIZE] {
46 &self.cdi_values.cdi_attest
47 }
48
cdi_seal(&self) -> &[u8; CDI_SIZE]49 fn cdi_seal(&self) -> &[u8; CDI_SIZE] {
50 &self.cdi_values.cdi_seal
51 }
52
bcc(&self) -> Option<&[u8]>53 fn bcc(&self) -> Option<&[u8]> {
54 Some(&self.bcc)
55 }
56 }
57
58 /// Retries the given function with bigger measured buffer size.
retry_with_measured_buffer<F>(mut f: F) -> Result<Vec<u8>> where F: FnMut(&mut Vec<u8>) -> Result<usize>,59 fn retry_with_measured_buffer<F>(mut f: F) -> Result<Vec<u8>>
60 where
61 F: FnMut(&mut Vec<u8>) -> Result<usize>,
62 {
63 let mut buffer = Vec::new();
64 match f(&mut buffer) {
65 Err(DiceError::BufferTooSmall(actual_size)) => {
66 buffer.resize(actual_size, 0);
67 f(&mut buffer)?;
68 }
69 Err(e) => return Err(e),
70 Ok(_) => {}
71 };
72 Ok(buffer)
73 }
74
75 /// Formats a configuration descriptor following the BCC's specification.
retry_bcc_format_config_descriptor(values: &DiceConfigValues) -> Result<Vec<u8>>76 pub fn retry_bcc_format_config_descriptor(values: &DiceConfigValues) -> Result<Vec<u8>> {
77 retry_with_measured_buffer(|buffer| bcc_format_config_descriptor(values, buffer))
78 }
79
80 /// Executes the main BCC flow.
81 ///
82 /// Given a full set of input values along with the current BCC and CDI values,
83 /// computes the next CDI values and matching updated BCC.
retry_bcc_main_flow( current_cdi_attest: &Cdi, current_cdi_seal: &Cdi, bcc: &[u8], input_values: &InputValues, ) -> Result<OwnedDiceArtifacts>84 pub fn retry_bcc_main_flow(
85 current_cdi_attest: &Cdi,
86 current_cdi_seal: &Cdi,
87 bcc: &[u8],
88 input_values: &InputValues,
89 ) -> Result<OwnedDiceArtifacts> {
90 let mut next_cdi_values = CdiValues::default();
91 let next_bcc = retry_with_measured_buffer(|next_bcc| {
92 bcc_main_flow(
93 current_cdi_attest,
94 current_cdi_seal,
95 bcc,
96 input_values,
97 &mut next_cdi_values,
98 next_bcc,
99 )
100 })?;
101 Ok(OwnedDiceArtifacts { cdi_values: next_cdi_values, bcc: next_bcc })
102 }
103
104 /// Executes the main DICE flow.
105 ///
106 /// Given a full set of input values and the current CDI values, computes the
107 /// next CDI values and a matching certificate.
retry_dice_main_flow( current_cdi_attest: &Cdi, current_cdi_seal: &Cdi, input_values: &InputValues, ) -> Result<(CdiValues, Vec<u8>)>108 pub fn retry_dice_main_flow(
109 current_cdi_attest: &Cdi,
110 current_cdi_seal: &Cdi,
111 input_values: &InputValues,
112 ) -> Result<(CdiValues, Vec<u8>)> {
113 let mut next_cdi_values = CdiValues::default();
114 let next_cdi_certificate = retry_with_measured_buffer(|next_cdi_certificate| {
115 dice_main_flow(
116 current_cdi_attest,
117 current_cdi_seal,
118 input_values,
119 next_cdi_certificate,
120 &mut next_cdi_values,
121 )
122 })?;
123 Ok((next_cdi_values, next_cdi_certificate))
124 }
125
126 /// Generates an X.509 certificate from the given `subject_private_key_seed` and
127 /// `input_values`, and signed by `authority_private_key_seed`.
128 /// The subject private key seed is supplied here so the implementation can choose
129 /// between asymmetric mechanisms, for example ECDSA vs Ed25519.
130 /// Returns the generated certificate.
retry_generate_certificate( subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE], authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE], input_values: &InputValues, ) -> Result<Vec<u8>>131 pub fn retry_generate_certificate(
132 subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
133 authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
134 input_values: &InputValues,
135 ) -> Result<Vec<u8>> {
136 retry_with_measured_buffer(|certificate| {
137 generate_certificate(
138 subject_private_key_seed,
139 authority_private_key_seed,
140 input_values,
141 certificate,
142 )
143 })
144 }
145