1 // Copyright 2023, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! This module implements a retry version for multiple DICE functions that
16 //! require preallocated output buffer. As the retry functions require
17 //! memory allocation on heap, currently we only expose these functions in
18 //! std environment.
19
20 use crate::bcc::{bcc_format_config_descriptor, bcc_main_flow, DiceConfigValues};
21 use crate::dice::{
22 dice_main_flow, Cdi, CdiValues, DiceArtifacts, InputValues, CDI_SIZE, PRIVATE_KEY_SEED_SIZE,
23 };
24 use crate::error::{DiceError, Result};
25 use crate::ops::generate_certificate;
26 use alloc::vec::Vec;
27 #[cfg(feature = "serde_derive")]
28 use serde_derive::{Deserialize, Serialize};
29
30 /// Artifacts stores a set of dice artifacts comprising CDI_ATTEST, CDI_SEAL,
31 /// and the BCC formatted attestation certificate chain.
32 /// As we align with the DICE standards today, this is the certificate chain
33 /// is also called DICE certificate chain.
34 #[derive(Debug)]
35 #[cfg_attr(feature = "serde_derive", derive(Serialize, Deserialize))]
36 pub struct OwnedDiceArtifacts {
37 /// CDI Values.
38 cdi_values: CdiValues,
39 /// Boot Certificate Chain.
40 bcc: Vec<u8>,
41 }
42
43 impl DiceArtifacts for OwnedDiceArtifacts {
cdi_attest(&self) -> &[u8; CDI_SIZE]44 fn cdi_attest(&self) -> &[u8; CDI_SIZE] {
45 &self.cdi_values.cdi_attest
46 }
47
cdi_seal(&self) -> &[u8; CDI_SIZE]48 fn cdi_seal(&self) -> &[u8; CDI_SIZE] {
49 &self.cdi_values.cdi_seal
50 }
51
bcc(&self) -> Option<&[u8]>52 fn bcc(&self) -> Option<&[u8]> {
53 Some(&self.bcc)
54 }
55 }
56
57 /// Retries the given function with bigger measured buffer size.
retry_with_measured_buffer<F>(mut f: F) -> Result<Vec<u8>> where F: FnMut(&mut Vec<u8>) -> Result<usize>,58 fn retry_with_measured_buffer<F>(mut f: F) -> Result<Vec<u8>>
59 where
60 F: FnMut(&mut Vec<u8>) -> Result<usize>,
61 {
62 let mut buffer = Vec::new();
63 match f(&mut buffer) {
64 Err(DiceError::BufferTooSmall(actual_size)) => {
65 buffer.resize(actual_size, 0);
66 f(&mut buffer)?;
67 }
68 Err(e) => return Err(e),
69 Ok(_) => {}
70 };
71 Ok(buffer)
72 }
73
74 /// Formats a configuration descriptor following the BCC's specification.
retry_bcc_format_config_descriptor(values: &DiceConfigValues) -> Result<Vec<u8>>75 pub fn retry_bcc_format_config_descriptor(values: &DiceConfigValues) -> Result<Vec<u8>> {
76 retry_with_measured_buffer(|buffer| bcc_format_config_descriptor(values, buffer))
77 }
78
79 /// Executes the main BCC flow.
80 ///
81 /// Given a full set of input values along with the current BCC and CDI values,
82 /// computes the next CDI values and matching updated BCC.
retry_bcc_main_flow( current_cdi_attest: &Cdi, current_cdi_seal: &Cdi, bcc: &[u8], input_values: &InputValues, ) -> Result<OwnedDiceArtifacts>83 pub fn retry_bcc_main_flow(
84 current_cdi_attest: &Cdi,
85 current_cdi_seal: &Cdi,
86 bcc: &[u8],
87 input_values: &InputValues,
88 ) -> Result<OwnedDiceArtifacts> {
89 let mut next_cdi_values = CdiValues::default();
90 let next_bcc = retry_with_measured_buffer(|next_bcc| {
91 bcc_main_flow(
92 current_cdi_attest,
93 current_cdi_seal,
94 bcc,
95 input_values,
96 &mut next_cdi_values,
97 next_bcc,
98 )
99 })?;
100 Ok(OwnedDiceArtifacts { cdi_values: next_cdi_values, bcc: next_bcc })
101 }
102
103 /// Executes the main DICE flow.
104 ///
105 /// Given a full set of input values and the current CDI values, computes the
106 /// next CDI values and a matching certificate.
retry_dice_main_flow( current_cdi_attest: &Cdi, current_cdi_seal: &Cdi, input_values: &InputValues, ) -> Result<(CdiValues, Vec<u8>)>107 pub fn retry_dice_main_flow(
108 current_cdi_attest: &Cdi,
109 current_cdi_seal: &Cdi,
110 input_values: &InputValues,
111 ) -> Result<(CdiValues, Vec<u8>)> {
112 let mut next_cdi_values = CdiValues::default();
113 let next_cdi_certificate = retry_with_measured_buffer(|next_cdi_certificate| {
114 dice_main_flow(
115 current_cdi_attest,
116 current_cdi_seal,
117 input_values,
118 next_cdi_certificate,
119 &mut next_cdi_values,
120 )
121 })?;
122 Ok((next_cdi_values, next_cdi_certificate))
123 }
124
125 /// Generates an X.509 certificate from the given `subject_private_key_seed` and
126 /// `input_values`, and signed by `authority_private_key_seed`.
127 /// The subject private key seed is supplied here so the implementation can choose
128 /// between asymmetric mechanisms, for example ECDSA vs Ed25519.
129 /// Returns the generated certificate.
retry_generate_certificate( subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE], authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE], input_values: &InputValues, ) -> Result<Vec<u8>>130 pub fn retry_generate_certificate(
131 subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
132 authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
133 input_values: &InputValues,
134 ) -> Result<Vec<u8>> {
135 retry_with_measured_buffer(|certificate| {
136 generate_certificate(
137 subject_private_key_seed,
138 authority_private_key_seed,
139 input_values,
140 certificate,
141 )
142 })
143 }
144