• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2020 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14 
15 #include <stddef.h>
16 #include <stdint.h>
17 
18 #include "dice/dice.h"
19 
20 namespace dice {
21 namespace test {
22 
23 constexpr size_t kTestCertSize = 2048;
24 
25 enum CertificateType {
26   CertificateType_X509,
27   CertificateType_Cbor,
28 };
29 
30 enum KeyType {
31   KeyType_Ed25519,
32   KeyType_P256,
33 };
34 
35 struct DiceStateForTest {
36   uint8_t cdi_attest[DICE_CDI_SIZE];
37   uint8_t cdi_seal[DICE_CDI_SIZE];
38   uint8_t certificate[kTestCertSize];
39   size_t certificate_size;
40 };
41 
42 // Dumps |state| to a set of files in the current directory with the given
43 // |suffix|.
44 void DumpState(CertificateType cert_type, KeyType key_type, const char* suffix,
45                const DiceStateForTest& state);
46 
47 // Deterministically derives |length| bytes from |seed|.
48 void DeriveFakeInputValue(const char* seed, size_t length, uint8_t* output);
49 
50 // Generates a self-signed X.509 UDS certificate for the given |uds| value. The
51 // signature scheme is ED25519-SHA512.
52 void CreateFakeUdsCertificate(void* context, const uint8_t uds[32],
53                               CertificateType cert_type, KeyType key_type,
54                               uint8_t certificate[kTestCertSize],
55                               size_t* certificate_size);
56 
57 // Verifies a chain of CDI certificates given by |states| against
58 // |root_certificate|. If |is_partial_chain| is set, then root_certificate does
59 // not need to be self signed.
60 bool VerifyCertificateChain(CertificateType cert_type,
61                             const uint8_t* root_certificate,
62                             size_t root_certificate_size,
63                             const DiceStateForTest states[],
64                             size_t num_dice_states, bool is_partial_chain);
65 
66 }  // namespace test
67 }  // namespace dice
68