1 // Copyright 2024 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 // This is an implementation of P-256 signature operations using boringssl.
16
17 #include <stdint.h>
18 #include <stdio.h>
19
20 #include "dice/boringssl_ecdsa_utils.h"
21 #include "dice/config/cose_key_config.h"
22 #include "dice/dice.h"
23 #include "dice/ops.h"
24
25 #if DICE_PRIVATE_KEY_SEED_SIZE != 32
26 #error "Private key seed is expected to be 32 bytes."
27 #endif
28 #if DICE_PUBLIC_KEY_BUFFER_SIZE != 64
29 #error "This P-256 implementation needs 64 bytes to store the public key."
30 #endif
31 #if DICE_PRIVATE_KEY_BUFFER_SIZE != 32
32 #error "P-256 needs 32 bytes for the private key."
33 #endif
34 #if DICE_SIGNATURE_BUFFER_SIZE != 64
35 #error "P-256 needs 64 bytes to store the signature."
36 #endif
37
38 #define DICE_PROFILE_NAME "opendice.example.p256"
39
DiceGetKeyParam(void * context_not_used,DicePrincipal principal_not_used,DiceKeyParam * key_param)40 DiceResult DiceGetKeyParam(void* context_not_used,
41 DicePrincipal principal_not_used,
42 DiceKeyParam* key_param) {
43 (void)context_not_used;
44 (void)principal_not_used;
45 key_param->profile_name = DICE_PROFILE_NAME;
46 key_param->public_key_size = DICE_PUBLIC_KEY_BUFFER_SIZE;
47 key_param->signature_size = DICE_SIGNATURE_BUFFER_SIZE;
48
49 key_param->cose_key_type = kCoseKeyKtyEc2;
50 key_param->cose_key_algorithm = kCoseAlgEs256;
51 key_param->cose_key_curve = kCoseCrvP256;
52 return kDiceResultOk;
53 }
54
DiceKeypairFromSeed(void * context_not_used,DicePrincipal principal_not_used,const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE])55 DiceResult DiceKeypairFromSeed(
56 void* context_not_used, DicePrincipal principal_not_used,
57 const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
58 uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
59 uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]) {
60 (void)context_not_used;
61 (void)principal_not_used;
62 if (1 == P256KeypairFromSeed(public_key, private_key, seed)) {
63 return kDiceResultOk;
64 }
65 return kDiceResultPlatformError;
66 }
67
DiceSign(void * context_not_used,const uint8_t * message,size_t message_size,const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE],uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE])68 DiceResult DiceSign(void* context_not_used, const uint8_t* message,
69 size_t message_size,
70 const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE],
71 uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
72 (void)context_not_used;
73 if (1 == P256Sign(signature, message, message_size, private_key)) {
74 return kDiceResultOk;
75 }
76 return kDiceResultPlatformError;
77 }
78
DiceVerify(void * context_not_used,const uint8_t * message,size_t message_size,const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE],const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE])79 DiceResult DiceVerify(void* context_not_used, const uint8_t* message,
80 size_t message_size,
81 const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE],
82 const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]) {
83 (void)context_not_used;
84 if (1 == P256Verify(message, message_size, signature, public_key)) {
85 return kDiceResultOk;
86 }
87 return kDiceResultPlatformError;
88 }
89