• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2020 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14 
15 #include "dice/dice.h"
16 
17 #include <string.h>
18 
19 #include "dice/ops.h"
20 
21 #define DICE_CODE_SIZE DICE_HASH_SIZE
22 #define DICE_CONFIG_SIZE DICE_INLINE_CONFIG_SIZE
23 #define DICE_AUTHORITY_SIZE DICE_HASH_SIZE
24 #define DICE_MODE_SIZE 1
25 
26 static const uint8_t kAsymSalt[] = {
27     0x63, 0xB6, 0xA0, 0x4D, 0x2C, 0x07, 0x7F, 0xC1, 0x0F, 0x63, 0x9F,
28     0x21, 0xDA, 0x79, 0x38, 0x44, 0x35, 0x6C, 0xC2, 0xB0, 0xB4, 0x41,
29     0xB3, 0xA7, 0x71, 0x24, 0x03, 0x5C, 0x03, 0xF8, 0xE1, 0xBE, 0x60,
30     0x35, 0xD3, 0x1F, 0x28, 0x28, 0x21, 0xA7, 0x45, 0x0A, 0x02, 0x22,
31     0x2A, 0xB1, 0xB3, 0xCF, 0xF1, 0x67, 0x9B, 0x05, 0xAB, 0x1C, 0xA5,
32     0xD1, 0xAF, 0xFB, 0x78, 0x9C, 0xCD, 0x2B, 0x0B, 0x3B};
33 static const size_t kAsymSaltSize = 64;
34 
35 static const uint8_t kIdSalt[] = {
36     0xDB, 0xDB, 0xAE, 0xBC, 0x80, 0x20, 0xDA, 0x9F, 0xF0, 0xDD, 0x5A,
37     0x24, 0xC8, 0x3A, 0xA5, 0xA5, 0x42, 0x86, 0xDF, 0xC2, 0x63, 0x03,
38     0x1E, 0x32, 0x9B, 0x4D, 0xA1, 0x48, 0x43, 0x06, 0x59, 0xFE, 0x62,
39     0xCD, 0xB5, 0xB7, 0xE1, 0xE0, 0x0F, 0xC6, 0x80, 0x30, 0x67, 0x11,
40     0xEB, 0x44, 0x4A, 0xF7, 0x72, 0x09, 0x35, 0x94, 0x96, 0xFC, 0xFF,
41     0x1D, 0xB9, 0x52, 0x0B, 0xA5, 0x1C, 0x7B, 0x29, 0xEA};
42 static const size_t kIdSaltSize = 64;
43 
DiceDeriveCdiPrivateKeySeed(void * context,const uint8_t cdi_attest[DICE_CDI_SIZE],uint8_t cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE])44 DiceResult DiceDeriveCdiPrivateKeySeed(
45     void* context, const uint8_t cdi_attest[DICE_CDI_SIZE],
46     uint8_t cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE]) {
47   // Use the CDI as input key material, with fixed salt and info.
48   return DiceKdf(context, /*length=*/DICE_PRIVATE_KEY_SEED_SIZE, cdi_attest,
49                  /*ikm_size=*/DICE_CDI_SIZE, kAsymSalt, kAsymSaltSize,
50                  /*info=*/(const uint8_t*)"Key Pair", /*info_size=*/8,
51                  cdi_private_key_seed);
52 }
53 
DiceDeriveCdiCertificateId(void * context,const uint8_t * cdi_public_key,size_t cdi_public_key_size,uint8_t id[DICE_ID_SIZE])54 DiceResult DiceDeriveCdiCertificateId(void* context,
55                                       const uint8_t* cdi_public_key,
56                                       size_t cdi_public_key_size,
57                                       uint8_t id[DICE_ID_SIZE]) {
58   // Use the public key as input key material, with fixed salt and info.
59   DiceResult result =
60       DiceKdf(context, /*length=*/20, cdi_public_key, cdi_public_key_size,
61               kIdSalt, kIdSaltSize,
62               /*info=*/(const uint8_t*)"ID", /*info_size=*/2, id);
63   if (result == kDiceResultOk) {
64     // Clear the top bit to keep the integer positive.
65     id[0] &= ~0x80;
66   }
67   return result;
68 }
69 
DiceMainFlow(void * context,const uint8_t current_cdi_attest[DICE_CDI_SIZE],const uint8_t current_cdi_seal[DICE_CDI_SIZE],const DiceInputValues * input_values,size_t next_cdi_certificate_buffer_size,uint8_t * next_cdi_certificate,size_t * next_cdi_certificate_actual_size,uint8_t next_cdi_attest[DICE_CDI_SIZE],uint8_t next_cdi_seal[DICE_CDI_SIZE])70 DiceResult DiceMainFlow(void* context,
71                         const uint8_t current_cdi_attest[DICE_CDI_SIZE],
72                         const uint8_t current_cdi_seal[DICE_CDI_SIZE],
73                         const DiceInputValues* input_values,
74                         size_t next_cdi_certificate_buffer_size,
75                         uint8_t* next_cdi_certificate,
76                         size_t* next_cdi_certificate_actual_size,
77                         uint8_t next_cdi_attest[DICE_CDI_SIZE],
78                         uint8_t next_cdi_seal[DICE_CDI_SIZE]) {
79   // This implementation serializes the inputs for a one-shot hash. On some
80   // platforms, using a multi-part hash operation may be more optimal. The
81   // combined input buffer has this layout:
82   // ---------------------------------------------------------------------------
83   // | Code Input | Config Input | Authority Input | Mode Input | Hidden Input |
84   // ---------------------------------------------------------------------------
85   const size_t kCodeOffset = 0;
86   const size_t kConfigOffset = kCodeOffset + DICE_CODE_SIZE;
87   const size_t kAuthorityOffset = kConfigOffset + DICE_CONFIG_SIZE;
88   const size_t kModeOffset = kAuthorityOffset + DICE_AUTHORITY_SIZE;
89   const size_t kHiddenOffset = kModeOffset + DICE_MODE_SIZE;
90 
91   DiceResult result = kDiceResultOk;
92 
93   // Declare buffers that get cleaned up on 'goto out'.
94   uint8_t input_buffer[DICE_CODE_SIZE + DICE_CONFIG_SIZE + DICE_AUTHORITY_SIZE +
95                        DICE_MODE_SIZE + DICE_HIDDEN_SIZE];
96   uint8_t attest_input_hash[DICE_HASH_SIZE];
97   uint8_t seal_input_hash[DICE_HASH_SIZE];
98   uint8_t current_cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE];
99   uint8_t next_cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE];
100 
101   // Assemble the input buffer.
102   memcpy(&input_buffer[kCodeOffset], input_values->code_hash, DICE_CODE_SIZE);
103   if (input_values->config_type == kDiceConfigTypeInline) {
104     memcpy(&input_buffer[kConfigOffset], input_values->config_value,
105            DICE_CONFIG_SIZE);
106   } else if (!input_values->config_descriptor) {
107     result = kDiceResultInvalidInput;
108     goto out;
109   } else {
110     result = DiceHash(context, input_values->config_descriptor,
111                       input_values->config_descriptor_size,
112                       &input_buffer[kConfigOffset]);
113     if (result != kDiceResultOk) {
114       goto out;
115     }
116   }
117   memcpy(&input_buffer[kAuthorityOffset], input_values->authority_hash,
118          DICE_AUTHORITY_SIZE);
119   input_buffer[kModeOffset] = input_values->mode;
120   memcpy(&input_buffer[kHiddenOffset], input_values->hidden, DICE_HIDDEN_SIZE);
121 
122   // Hash the appropriate input values for both attestation and sealing. For
123   // attestation all the inputs are used, and for sealing only the authority,
124   // mode, and hidden inputs are used.
125   result =
126       DiceHash(context, input_buffer, sizeof(input_buffer), attest_input_hash);
127   if (result != kDiceResultOk) {
128     goto out;
129   }
130   result = DiceHash(context, &input_buffer[kAuthorityOffset],
131                     DICE_AUTHORITY_SIZE + DICE_MODE_SIZE + DICE_HIDDEN_SIZE,
132                     seal_input_hash);
133   if (result != kDiceResultOk) {
134     goto out;
135   }
136 
137   // Compute the next CDI values. For each of these the current CDI value is
138   // used as input key material and the input hash is used as salt.
139   result = DiceKdf(context, /*length=*/DICE_CDI_SIZE, current_cdi_attest,
140                    /*ikm_size=*/DICE_CDI_SIZE, attest_input_hash,
141                    /*salt_size=*/DICE_HASH_SIZE,
142                    /*info=*/(const uint8_t*)"CDI_Attest", /*info_size=*/10,
143                    next_cdi_attest);
144   if (result != kDiceResultOk) {
145     goto out;
146   }
147   result = DiceKdf(
148       context, /*length=*/DICE_CDI_SIZE, current_cdi_seal,
149       /*ikm_size=*/DICE_CDI_SIZE, seal_input_hash, /*salt_size=*/DICE_HASH_SIZE,
150       /*info=*/(const uint8_t*)"CDI_Seal", /*info_size=*/8, next_cdi_seal);
151   if (result != kDiceResultOk) {
152     goto out;
153   }
154 
155   // Create the CDI certificate only if it is required (i.e. non-null/non-zero
156   // values are provided for the next CDI certificate parameters).
157   if (next_cdi_certificate == NULL &&
158       next_cdi_certificate_actual_size == NULL &&
159       next_cdi_certificate_buffer_size == 0) {
160     goto out;
161   }
162 
163   // Derive asymmetric private key seeds from the attestation CDI values.
164   result = DiceDeriveCdiPrivateKeySeed(context, current_cdi_attest,
165                                        current_cdi_private_key_seed);
166   if (result != kDiceResultOk) {
167     goto out;
168   }
169   result = DiceDeriveCdiPrivateKeySeed(context, next_cdi_attest,
170                                        next_cdi_private_key_seed);
171   if (result != kDiceResultOk) {
172     goto out;
173   }
174 
175   // Generate a certificate for |next_cdi_private_key_seed| with
176   // |current_cdi_private_key_seed| as the authority.
177   result = DiceGenerateCertificate(
178       context, next_cdi_private_key_seed, current_cdi_private_key_seed,
179       input_values, next_cdi_certificate_buffer_size, next_cdi_certificate,
180       next_cdi_certificate_actual_size);
181 
182 out:
183   // Clear sensitive memory.
184   DiceClearMemory(context, sizeof(input_buffer), input_buffer);
185   DiceClearMemory(context, sizeof(attest_input_hash), attest_input_hash);
186   DiceClearMemory(context, sizeof(seal_input_hash), seal_input_hash);
187   DiceClearMemory(context, sizeof(current_cdi_private_key_seed),
188                   current_cdi_private_key_seed);
189   DiceClearMemory(context, sizeof(next_cdi_private_key_seed),
190                   next_cdi_private_key_seed);
191   return result;
192 }
193