1 // Copyright 2023, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! This module implements a retry version for multiple DICE functions that
16 //! require preallocated output buffer. As the retry functions require
17 //! memory allocation on heap, currently we only expose these functions in
18 //! std environment.
19
20 use crate::bcc::{bcc_format_config_descriptor, bcc_main_flow};
21 use crate::dice::{
22 dice_main_flow, Cdi, CdiValues, DiceArtifacts, InputValues, CDI_SIZE, PRIVATE_KEY_SEED_SIZE,
23 };
24 use crate::error::{DiceError, Result};
25 use crate::ops::generate_certificate;
26 use std::ffi::CStr;
27
28 /// Artifacts stores a set of dice artifacts comprising CDI_ATTEST, CDI_SEAL,
29 /// and the BCC formatted attestation certificate chain.
30 /// As we align with the DICE standards today, this is the certificate chain
31 /// is also called DICE certificate chain.
32 #[derive(Debug)]
33 pub struct OwnedDiceArtifacts {
34 /// CDI Values.
35 cdi_values: CdiValues,
36 /// Boot Certificate Chain.
37 bcc: Vec<u8>,
38 }
39
40 impl DiceArtifacts for OwnedDiceArtifacts {
cdi_attest(&self) -> &[u8; CDI_SIZE]41 fn cdi_attest(&self) -> &[u8; CDI_SIZE] {
42 &self.cdi_values.cdi_attest
43 }
44
cdi_seal(&self) -> &[u8; CDI_SIZE]45 fn cdi_seal(&self) -> &[u8; CDI_SIZE] {
46 &self.cdi_values.cdi_seal
47 }
48
bcc(&self) -> Option<&[u8]>49 fn bcc(&self) -> Option<&[u8]> {
50 Some(&self.bcc)
51 }
52 }
53
54 /// Retries the given function with bigger output buffer size.
retry_with_bigger_buffer<F>(mut f: F) -> Result<Vec<u8>> where F: FnMut(&mut Vec<u8>) -> Result<usize>,55 fn retry_with_bigger_buffer<F>(mut f: F) -> Result<Vec<u8>>
56 where
57 F: FnMut(&mut Vec<u8>) -> Result<usize>,
58 {
59 const INITIAL_BUFFER_SIZE: usize = 256;
60 const MAX_BUFFER_SIZE: usize = 64 * 1024 * 1024;
61
62 let mut buffer = vec![0u8; INITIAL_BUFFER_SIZE];
63 while buffer.len() <= MAX_BUFFER_SIZE {
64 match f(&mut buffer) {
65 Err(DiceError::BufferTooSmall) => {
66 let new_size = buffer.len() * 2;
67 buffer.resize(new_size, 0);
68 }
69 Err(e) => return Err(e),
70 Ok(actual_size) => {
71 if actual_size > buffer.len() {
72 panic!(
73 "actual_size larger than buffer size: open-dice function
74 may have written past the end of the buffer."
75 );
76 }
77 buffer.truncate(actual_size);
78 return Ok(buffer);
79 }
80 }
81 }
82 Err(DiceError::PlatformError)
83 }
84
85 /// Formats a configuration descriptor following the BCC's specification.
retry_bcc_format_config_descriptor( name: Option<&CStr>, version: Option<u64>, resettable: bool, ) -> Result<Vec<u8>>86 pub fn retry_bcc_format_config_descriptor(
87 name: Option<&CStr>,
88 version: Option<u64>,
89 resettable: bool,
90 ) -> Result<Vec<u8>> {
91 retry_with_bigger_buffer(|buffer| {
92 bcc_format_config_descriptor(name, version, resettable, buffer)
93 })
94 }
95
96 /// Executes the main BCC flow.
97 ///
98 /// Given a full set of input values along with the current BCC and CDI values,
99 /// computes the next CDI values and matching updated BCC.
retry_bcc_main_flow( current_cdi_attest: &Cdi, current_cdi_seal: &Cdi, bcc: &[u8], input_values: &InputValues, ) -> Result<OwnedDiceArtifacts>100 pub fn retry_bcc_main_flow(
101 current_cdi_attest: &Cdi,
102 current_cdi_seal: &Cdi,
103 bcc: &[u8],
104 input_values: &InputValues,
105 ) -> Result<OwnedDiceArtifacts> {
106 let mut next_cdi_values = CdiValues::default();
107 let next_bcc = retry_with_bigger_buffer(|next_bcc| {
108 bcc_main_flow(
109 current_cdi_attest,
110 current_cdi_seal,
111 bcc,
112 input_values,
113 &mut next_cdi_values,
114 next_bcc,
115 )
116 })?;
117 Ok(OwnedDiceArtifacts { cdi_values: next_cdi_values, bcc: next_bcc })
118 }
119
120 /// Executes the main DICE flow.
121 ///
122 /// Given a full set of input values and the current CDI values, computes the
123 /// next CDI values and a matching certificate.
retry_dice_main_flow( current_cdi_attest: &Cdi, current_cdi_seal: &Cdi, input_values: &InputValues, ) -> Result<(CdiValues, Vec<u8>)>124 pub fn retry_dice_main_flow(
125 current_cdi_attest: &Cdi,
126 current_cdi_seal: &Cdi,
127 input_values: &InputValues,
128 ) -> Result<(CdiValues, Vec<u8>)> {
129 let mut next_cdi_values = CdiValues::default();
130 let next_cdi_certificate = retry_with_bigger_buffer(|next_cdi_certificate| {
131 dice_main_flow(
132 current_cdi_attest,
133 current_cdi_seal,
134 input_values,
135 next_cdi_certificate,
136 &mut next_cdi_values,
137 )
138 })?;
139 Ok((next_cdi_values, next_cdi_certificate))
140 }
141
142 /// Generates an X.509 certificate from the given `subject_private_key_seed` and
143 /// `input_values`, and signed by `authority_private_key_seed`.
144 /// The subject private key seed is supplied here so the implementation can choose
145 /// between asymmetric mechanisms, for example ECDSA vs Ed25519.
146 /// Returns the generated certificate.
retry_generate_certificate( subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE], authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE], input_values: &InputValues, ) -> Result<Vec<u8>>147 pub fn retry_generate_certificate(
148 subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
149 authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
150 input_values: &InputValues,
151 ) -> Result<Vec<u8>> {
152 retry_with_bigger_buffer(|certificate| {
153 generate_certificate(
154 subject_private_key_seed,
155 authority_private_key_seed,
156 input_values,
157 certificate,
158 )
159 })
160 }
161