// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // https://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // This is a DiceGenerateCertificate implementation that generates a CWT-style // CBOR certificate. The function DiceCoseEncodePublicKey depends on the // signature algorithm type, and must be implemented elsewhere. #include #include #include #include "dice/cbor_writer.h" #include "dice/config/cose_key_config.h" #include "dice/dice.h" #include "dice/ops.h" #include "dice/ops/trait/cose.h" #include "dice/utils.h" // Max size of COSE_Key encoding. #define DICE_MAX_PUBLIC_KEY_SIZE (DICE_PUBLIC_KEY_BUFFER_SIZE + 32) // Max size of the COSE_Sign1 protected attributes. #define DICE_MAX_PROTECTED_ATTRIBUTES_SIZE 16 static DiceResult EncodeProtectedAttributes(void* context, DicePrincipal principal, size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { // Constants per RFC 8152. const int64_t kCoseHeaderAlgLabel = 1; struct CborOut out; CborOutInit(buffer, buffer_size, &out); CborWriteMap(/*num_elements=*/1, &out); // Add the algorithm. DiceKeyParam key_param; DiceResult result = DiceGetKeyParam(context, principal, &key_param); if (result != kDiceResultOk) { return result; } CborWriteInt(kCoseHeaderAlgLabel, &out); CborWriteInt(key_param.cose_key_algorithm, &out); *encoded_size = CborOutSize(&out); if (CborOutOverflowed(&out)) { return kDiceResultBufferTooSmall; } return kDiceResultOk; } static DiceResult EncodeCoseTbs(const uint8_t* protected_attributes, size_t protected_attributes_size, size_t payload_size, const uint8_t* aad, size_t aad_size, size_t buffer_size, uint8_t* buffer, uint8_t** payload, size_t* encoded_size) { struct CborOut out; CborOutInit(buffer, buffer_size, &out); // TBS is an array of four elements. CborWriteArray(/*num_elements=*/4, &out); // Context string field. CborWriteTstr("Signature1", &out); // Protected attributes from COSE_Sign1. CborWriteBstr(protected_attributes_size, protected_attributes, &out); // Additional authenticated data. CborWriteBstr(aad_size, aad, &out); // Space for the payload, to be filled in by the caller. *payload = CborAllocBstr(payload_size, &out); *encoded_size = CborOutSize(&out); if (CborOutOverflowed(&out)) { return kDiceResultBufferTooSmall; } return kDiceResultOk; } static DiceResult EncodeCoseSign1( void* context, const uint8_t* protected_attributes, size_t protected_attributes_size, const uint8_t* payload, size_t payload_size, bool move_payload, const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE], size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { struct CborOut out; CborOutInit(buffer, buffer_size, &out); // COSE_Sign1 is an array of four elements. CborWriteArray(/*num_elements=*/4, &out); // Protected attributes. CborWriteBstr(protected_attributes_size, protected_attributes, &out); // Empty map for unprotected attributes. CborWriteMap(/*num_pairs=*/0, &out); // Payload. if (move_payload) { // The payload is already present in the buffer, so we can move it into // place. uint8_t* payload_alloc = CborAllocBstr(payload_size, &out); if (payload_alloc) { // We're assuming what we've written above is small enough that it doesn't // overwrite the payload. Check in case that stops being true. if (payload < payload_alloc) { return kDiceResultPlatformError; } memmove(payload_alloc, payload, payload_size); } } else { CborWriteBstr(payload_size, payload, &out); } DiceKeyParam key_param; DiceResult result = DiceGetKeyParam(context, kDicePrincipalAuthority, &key_param); if (result != kDiceResultOk) { return result; } // Signature. CborWriteBstr(/*num_elements=*/key_param.signature_size, signature, &out); *encoded_size = CborOutSize(&out); if (CborOutOverflowed(&out)) { return kDiceResultBufferTooSmall; } return kDiceResultOk; } DiceResult DiceCoseSignAndEncodeSign1( void* context, const uint8_t* payload, size_t payload_size, const uint8_t* aad, size_t aad_size, const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE], size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { DiceResult result; *encoded_size = 0; // The encoded protected attributes are used in the TBS and the final // COSE_Sign1 structure. uint8_t protected_attributes[DICE_MAX_PROTECTED_ATTRIBUTES_SIZE]; size_t protected_attributes_size = 0; result = EncodeProtectedAttributes( context, kDicePrincipalAuthority, sizeof(protected_attributes), protected_attributes, &protected_attributes_size); if (result != kDiceResultOk) { return kDiceResultPlatformError; } // Construct a To-Be-Signed (TBS) structure based on the relevant fields of // the COSE_Sign1. uint8_t* payload_buffer; result = EncodeCoseTbs(protected_attributes, protected_attributes_size, payload_size, aad, aad_size, buffer_size, buffer, &payload_buffer, encoded_size); if (result != kDiceResultOk) { // Check how big the buffer needs to be in total. size_t final_encoded_size = 0; EncodeCoseSign1(context, protected_attributes, protected_attributes_size, payload, payload_size, /*move_payload=*/false, /*signature=*/NULL, /*buffer_size=*/0, /*buffer=*/NULL, &final_encoded_size); if (*encoded_size < final_encoded_size) { *encoded_size = final_encoded_size; } return result; } memcpy(payload_buffer, payload, payload_size); // Sign the TBS with the authority key. uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]; result = DiceSign(context, buffer, *encoded_size, private_key, signature); if (result != kDiceResultOk) { return result; } // The final certificate is an untagged COSE_Sign1 structure. return EncodeCoseSign1(context, protected_attributes, protected_attributes_size, payload, payload_size, /*move_payload=*/false, signature, buffer_size, buffer, encoded_size); } // Encodes a CBOR Web Token (CWT) with an issuer, subject, and additional // fields. static DiceResult EncodeCwt(void* context, const DiceInputValues* input_values, const char* authority_id_hex, const char* subject_id_hex, const uint8_t* encoded_public_key, size_t encoded_public_key_size, size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { // Constants per RFC 8392. const int64_t kCwtIssuerLabel = 1; const int64_t kCwtSubjectLabel = 2; // Constants per the Open Profile for DICE specification. const int64_t kCodeHashLabel = -4670545; const int64_t kCodeDescriptorLabel = -4670546; const int64_t kConfigHashLabel = -4670547; const int64_t kConfigDescriptorLabel = -4670548; const int64_t kAuthorityHashLabel = -4670549; const int64_t kAuthorityDescriptorLabel = -4670550; const int64_t kModeLabel = -4670551; const int64_t kSubjectPublicKeyLabel = -4670552; const int64_t kKeyUsageLabel = -4670553; const int64_t kProfileNameLabel = -4670554; // Key usage constant per RFC 5280. const uint8_t kKeyUsageCertSign = 32; // Count the number of entries. uint32_t map_pairs = 7; if (input_values->code_descriptor_size > 0) { map_pairs += 1; } if (input_values->config_type == kDiceConfigTypeDescriptor) { map_pairs += 2; } else { map_pairs += 1; } if (input_values->authority_descriptor_size > 0) { map_pairs += 1; } DiceKeyParam key_param; DiceResult result = DiceGetKeyParam(context, kDicePrincipalSubject, &key_param); if (result != kDiceResultOk) { return result; } if (key_param.profile_name) { map_pairs += 1; } struct CborOut out; CborOutInit(buffer, buffer_size, &out); CborWriteMap(map_pairs, &out); // Add the issuer. CborWriteInt(kCwtIssuerLabel, &out); CborWriteTstr(authority_id_hex, &out); // Add the subject. CborWriteInt(kCwtSubjectLabel, &out); CborWriteTstr(subject_id_hex, &out); // Add the code hash. CborWriteInt(kCodeHashLabel, &out); CborWriteBstr(DICE_HASH_SIZE, input_values->code_hash, &out); // Add the code descriptor, if provided. if (input_values->code_descriptor_size > 0) { CborWriteInt(kCodeDescriptorLabel, &out); CborWriteBstr(input_values->code_descriptor_size, input_values->code_descriptor, &out); } // Add the config inputs. if (input_values->config_type == kDiceConfigTypeDescriptor) { uint8_t config_descriptor_hash[DICE_HASH_SIZE]; // Skip hashing if we're not going to use the answer. if (!CborOutOverflowed(&out)) { result = DiceHash(context, input_values->config_descriptor, input_values->config_descriptor_size, config_descriptor_hash); if (result != kDiceResultOk) { return result; } } // Add the config descriptor. CborWriteInt(kConfigDescriptorLabel, &out); CborWriteBstr(input_values->config_descriptor_size, input_values->config_descriptor, &out); // Add the Config hash. CborWriteInt(kConfigHashLabel, &out); CborWriteBstr(DICE_HASH_SIZE, config_descriptor_hash, &out); } else if (input_values->config_type == kDiceConfigTypeInline) { // Add the inline config. CborWriteInt(kConfigDescriptorLabel, &out); CborWriteBstr(DICE_INLINE_CONFIG_SIZE, input_values->config_value, &out); } // Add the authority inputs. CborWriteInt(kAuthorityHashLabel, &out); CborWriteBstr(DICE_HASH_SIZE, input_values->authority_hash, &out); if (input_values->authority_descriptor_size > 0) { CborWriteInt(kAuthorityDescriptorLabel, &out); CborWriteBstr(input_values->authority_descriptor_size, input_values->authority_descriptor, &out); } uint8_t mode_byte = input_values->mode; uint8_t key_usage = kKeyUsageCertSign; // Add the mode input. CborWriteInt(kModeLabel, &out); CborWriteBstr(/*data_sisze=*/1, &mode_byte, &out); // Add the subject public key. CborWriteInt(kSubjectPublicKeyLabel, &out); CborWriteBstr(encoded_public_key_size, encoded_public_key, &out); // Add the key usage. CborWriteInt(kKeyUsageLabel, &out); CborWriteBstr(/*data_size=*/1, &key_usage, &out); // Add the profile name if (key_param.profile_name) { CborWriteInt(kProfileNameLabel, &out); CborWriteTstr(key_param.profile_name, &out); } *encoded_size = CborOutSize(&out); if (CborOutOverflowed(&out)) { return kDiceResultBufferTooSmall; } return kDiceResultOk; } DiceResult DiceGenerateCertificate( void* context, const uint8_t subject_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE], const uint8_t authority_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE], const DiceInputValues* input_values, size_t certificate_buffer_size, uint8_t* certificate, size_t* certificate_actual_size) { DiceResult result = kDiceResultOk; *certificate_actual_size = 0; if (input_values->config_type != kDiceConfigTypeDescriptor && input_values->config_type != kDiceConfigTypeInline) { return kDiceResultInvalidInput; } // Declare buffers which are cleared on 'goto out'. uint8_t subject_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]; uint8_t authority_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]; // Derive keys and IDs from the private key seeds. uint8_t subject_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]; result = DiceKeypairFromSeed(context, kDicePrincipalSubject, subject_private_key_seed, subject_public_key, subject_private_key); if (result != kDiceResultOk) { goto out; } DiceKeyParam subject_key_param; DiceKeyParam authority_key_param; result = DiceGetKeyParam(context, kDicePrincipalSubject, &subject_key_param); if (result != kDiceResultOk) { goto out; } result = DiceGetKeyParam(context, kDicePrincipalAuthority, &authority_key_param); if (result != kDiceResultOk) { goto out; } uint8_t subject_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, subject_public_key, subject_key_param.public_key_size, subject_id); if (result != kDiceResultOk) { goto out; } char subject_id_hex[41]; DiceHexEncode(subject_id, sizeof(subject_id), subject_id_hex, sizeof(subject_id_hex)); subject_id_hex[sizeof(subject_id_hex) - 1] = '\0'; uint8_t authority_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]; result = DiceKeypairFromSeed(context, kDicePrincipalAuthority, authority_private_key_seed, authority_public_key, authority_private_key); if (result != kDiceResultOk) { goto out; } uint8_t authority_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, authority_public_key, authority_key_param.public_key_size, authority_id); if (result != kDiceResultOk) { goto out; } char authority_id_hex[41]; DiceHexEncode(authority_id, sizeof(authority_id), authority_id_hex, sizeof(authority_id_hex)); authority_id_hex[sizeof(authority_id_hex) - 1] = '\0'; // The public key encoded as a COSE_Key structure is embedded in the CWT. uint8_t encoded_public_key[DICE_MAX_PUBLIC_KEY_SIZE]; size_t encoded_public_key_size = 0; result = DiceCoseEncodePublicKey( context, kDicePrincipalSubject, subject_public_key, sizeof(encoded_public_key), encoded_public_key, &encoded_public_key_size); if (result != kDiceResultOk) { result = kDiceResultPlatformError; goto out; } // The encoded protected attributes are used in the TBS and the final // COSE_Sign1 structure. uint8_t protected_attributes[DICE_MAX_PROTECTED_ATTRIBUTES_SIZE]; size_t protected_attributes_size = 0; result = EncodeProtectedAttributes( context, kDicePrincipalAuthority, sizeof(protected_attributes), protected_attributes, &protected_attributes_size); if (result != kDiceResultOk) { result = kDiceResultPlatformError; goto out; } // Find out how big the CWT will be. size_t cwt_size; EncodeCwt(context, input_values, authority_id_hex, subject_id_hex, encoded_public_key, encoded_public_key_size, /*buffer_size=*/0, /*buffer=*/NULL, &cwt_size); // We need space to assemble the TBS. The size of the buffer needed depends on // the size of the CWT, which is outside our control (e.g. it might have a // very large config descriptor). So we use the certificate buffer as // temporary storage; if we run out of space we will make sure the caller // knows the size we actually need for this. // Encode the TBS, leaving space for the final payload (the CWT). uint8_t* cwt_ptr; size_t tbs_size; result = EncodeCoseTbs(protected_attributes, protected_attributes_size, cwt_size, /*aad=*/NULL, /*aad_size=*/0, certificate_buffer_size, certificate, &cwt_ptr, &tbs_size); if (result != kDiceResultOk) { // There wasn't enough space to put together the TBS. The total buffer size // we need is either the amount needed for the TBS, or the amount needed for // encoded payload and signature. size_t final_encoded_size = 0; EncodeCoseSign1(context, protected_attributes, protected_attributes_size, cwt_ptr, cwt_size, /*move_payload=*/false, /*signature=*/NULL, /*buffer_size=*/0, /*buffer=*/NULL, &final_encoded_size); *certificate_actual_size = final_encoded_size > tbs_size ? final_encoded_size : tbs_size; result = kDiceResultBufferTooSmall; goto out; } // Now we can encode the payload directly into the allocated BSTR in the TBS. size_t final_cwt_size; result = EncodeCwt(context, input_values, authority_id_hex, subject_id_hex, encoded_public_key, encoded_public_key_size, cwt_size, cwt_ptr, &final_cwt_size); if (result == kDiceResultBufferTooSmall || final_cwt_size != cwt_size) { result = kDiceResultPlatformError; } if (result != kDiceResultOk) { goto out; } // Sign the now-complete TBS. uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]; result = DiceSign(context, certificate, tbs_size, authority_private_key, signature); if (result != kDiceResultOk) { goto out; } // And now we can produce the complete CoseSign1, including the signature, and // moving the payload into place as we do it. result = EncodeCoseSign1( context, protected_attributes, protected_attributes_size, cwt_ptr, cwt_size, /*move_payload=*/true, signature, certificate_buffer_size, certificate, certificate_actual_size); out: DiceClearMemory(context, sizeof(subject_private_key), subject_private_key); DiceClearMemory(context, sizeof(authority_private_key), authority_private_key); return result; } DiceResult DiceCoseEncodePublicKey( void* context, DicePrincipal principal, const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE], size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { DiceKeyParam key_param; DiceResult result = DiceGetKeyParam(context, principal, &key_param); if (result != kDiceResultOk) { return result; } struct CborOut out; CborOutInit(buffer, buffer_size, &out); if (key_param.cose_key_type == kCoseKeyKtyOkp) { CborWriteMap(/*num_pairs=*/5, &out); } else if (key_param.cose_key_type == kCoseKeyKtyEc2) { CborWriteMap(/*num_pairs=*/6, &out); } else { return kDiceResultInvalidInput; } // Add the key type. CborWriteInt(kCoseKeyKtyLabel, &out); CborWriteInt(key_param.cose_key_type, &out); // Add the algorithm. CborWriteInt(kCoseKeyAlgLabel, &out); CborWriteInt(key_param.cose_key_algorithm, &out); // Add the KeyOps. CborWriteInt(kCoseKeyOpsLabel, &out); CborWriteArray(/*num_elements=*/1, &out); CborWriteInt(kCoseKeyOpsVerify, &out); // Add the curve. CborWriteInt(kCoseKeyCrvLabel, &out); CborWriteInt(key_param.cose_key_curve, &out); // Add the public key. if (key_param.cose_key_type == kCoseKeyKtyOkp) { CborWriteInt(kCoseKeyXLabel, &out); CborWriteBstr(key_param.public_key_size, public_key, &out); } else if (key_param.cose_key_type == kCoseKeyKtyEc2) { // Add the subject public key x and y coordinates int xy_param_size = key_param.public_key_size / 2; CborWriteInt(kCoseKeyXLabel, &out); CborWriteBstr(xy_param_size, &public_key[0], &out); CborWriteInt(kCoseKeyYLabel, &out); CborWriteBstr(xy_param_size, &public_key[xy_param_size], &out); } *encoded_size = CborOutSize(&out); if (CborOutOverflowed(&out)) { return kDiceResultBufferTooSmall; } return kDiceResultOk; }