diff options
| author | Atul Luykx <aluykx@google.com> | 2023-02-09 20:56:06 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-02-09 20:56:06 +0000 |
| commit | ce7a278ec46d98fe0de7ef4199a9816081bec94a (patch) | |
| tree | c4265a89dce40fd37c22fe69d26d3d7fefe4ab4e | |
| parent | 0266b37c2b4a0f241245e4b8457fab25898d3779 (diff) | |
| parent | 3c1a98e8a137a07825304307ab93fc316aa768b4 (diff) | |
| download | open-dice-ce7a278ec46d98fe0de7ef4199a9816081bec94a.tar.gz | |
Merge remote-tracking branch 'aosp/upstream-main' into HEAD am: 3c1a98e8a1
Original change: https://android-review.googlesource.com/c/platform/external/open-dice/+/2426733
Change-Id: I469c1926bbcb560be33997c1620cebed6f0abd86
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
34 files changed, 2488 insertions, 995 deletions
@@ -1,3 +1,5 @@ .clangd +.cache compile_commands.json out +build_overrides/pigweed_environment.gni @@ -45,6 +45,12 @@ cc_library_headers { export_include_dirs: ["include/dice/config/boringssl_ed25519"], } +cc_library_headers { + name: "libopen_dice_boringssl_ecdsa_p384_headers", + defaults: ["libopen_dice.cc_defaults"], + export_include_dirs: ["include/dice/config/boringssl_ecdsa_p384"], +} + cc_library_static { name: "libopen_dice_cbor", defaults: ["libopen_dice.cc_defaults"], @@ -52,6 +58,7 @@ cc_library_static { "src/boringssl_hash_kdf_ops.c", "src/boringssl_ed25519_ops.c", "src/cbor_cert_op.c", + "src/cbor_ed25519_cert_op.c", "src/cbor_writer.c", "src/clear_memory.c", "src/dice.c", @@ -69,6 +76,31 @@ cc_library_static { } cc_library_static { + name: "libopen_dice_cbor_p384", + defaults: ["libopen_dice.cc_defaults"], + srcs: [ + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ecdsa_utils.c", + "src/boringssl_p384_ops.c", + "src/cbor_cert_op.c", + "src/cbor_p384_cert_op.c", + "src/cbor_writer.c", + "src/clear_memory.c", + "src/dice.c", + "src/utils.c", + ], + header_libs: [ + "libopen_dice_boringssl_ecdsa_p384_headers", + "libopen_dice_headers", + ], + export_header_lib_headers: [ + "libopen_dice_boringssl_ecdsa_p384_headers", + "libopen_dice_headers", + ], + shared_libs: ["libcrypto"], +} + +cc_library_static { name: "libopen_dice_bcc", defaults: ["libopen_dice.cc_defaults"], srcs: [ @@ -80,6 +112,18 @@ cc_library_static { shared_libs: ["libcrypto"], } +cc_library_static { + name: "libopen_dice_bcc_p384", + defaults: ["libopen_dice.cc_defaults"], + srcs: [ + "src/cbor_reader.c", + "src/android/bcc.c", + ], + static_libs: ["libopen_dice_cbor_p384"], + export_static_lib_headers: ["libopen_dice_cbor_p384"], + shared_libs: ["libcrypto"], +} + cc_test { name: "libopen_dice_test", host_supported: true, @@ -98,6 +142,23 @@ cc_test { } cc_test { + name: "libopen_dice_p384_test", + host_supported: true, + cflags: ["-DDICE_USE_GTEST"], + srcs: [ + "src/clear_memory.c", + "src/dice_test.cc", + "src/dice.c", + "src/utils.c", + ], + header_libs: [ + "libopen_dice_boringssl_ecdsa_p384_headers", + "libopen_dice_headers", + ], + shared_libs: ["libcrypto"], +} + +cc_test { name: "libopen_dice_cbor_writer_test", host_supported: true, cflags: ["-DDICE_USE_GTEST"], @@ -106,6 +167,14 @@ cc_test { } cc_test { + name: "libopen_dice_cbor_writer_p384_test", + host_supported: true, + cflags: ["-DDICE_USE_GTEST"], + srcs: ["src/cbor_writer_test.cc"], + static_libs: ["libopen_dice_cbor_p384"], +} + +cc_test { name: "libopen_dice_cbor_reader_test", host_supported: true, cflags: ["-DDICE_USE_GTEST"], @@ -114,6 +183,14 @@ cc_test { } cc_test { + name: "libopen_dice_cbor_reader_p384_test", + host_supported: true, + cflags: ["-DDICE_USE_GTEST"], + srcs: ["src/cbor_reader_test.cc"], + static_libs: ["libopen_dice_bcc_p384"], +} + +cc_test { name: "libopen_dice_bcc_test", host_supported: true, cflags: ["-DDICE_USE_GTEST"], @@ -135,6 +212,13 @@ cc_fuzz { } cc_fuzz { + name: "libopen_dice_cbor_writer_p384_fuzzer", + host_supported: true, + srcs: ["src/cbor_writer_fuzzer.cc"], + static_libs: ["libopen_dice_cbor_p384"], +} + +cc_fuzz { name: "libopen_dice_cbor_reader_fuzzer", host_supported: true, srcs: ["src/cbor_reader_fuzzer.cc"], @@ -142,6 +226,13 @@ cc_fuzz { } cc_fuzz { + name: "libopen_dice_cbor_reader_p384_fuzzer", + host_supported: true, + srcs: ["src/cbor_reader_fuzzer.cc"], + static_libs: ["libopen_dice_bcc_p384"], +} + +cc_fuzz { name: "libopen_dice_cbor_fuzzer", host_supported: true, srcs: ["src/fuzzer.cc"], @@ -150,6 +241,14 @@ cc_fuzz { } cc_fuzz { + name: "libopen_dice_cbor_p384_fuzzer", + host_supported: true, + srcs: ["src/fuzzer.cc"], + static_libs: ["libopen_dice_cbor_p384"], + shared_libs: ["libcrypto"], +} + +cc_fuzz { name: "libopen_dice_bcc_fuzzer", host_supported: true, srcs: ["src/android/bcc_fuzzer.cc"], @@ -160,6 +259,17 @@ cc_fuzz { shared_libs: ["libcrypto"], } +cc_fuzz { + name: "libopen_dice_bcc_p384_fuzzer", + host_supported: true, + srcs: ["src/android/bcc_fuzzer.cc"], + static_libs: [ + "libopen_dice_bcc_p384", + "libopen_dice_cbor_p384", + ], + shared_libs: ["libcrypto"], +} + rust_defaults { name: "libopen_dice_bindgen_nostd.rust_defaults", bindgen_flags: [ @@ -26,16 +26,12 @@ group("default") { } pw_source_set("cbor_writer") { - public = [ - "include/dice/cbor_writer.h", - ] + public = [ "include/dice/cbor_writer.h" ] sources = [ "src/cbor_writer.c" ] } pw_source_set("cbor_reader") { - public = [ - "include/dice/cbor_reader.h", - ] + public = [ "include/dice/cbor_reader.h" ] sources = [ "src/cbor_reader.c" ] } @@ -50,7 +46,7 @@ pw_static_library("dice_standalone") { ] sources = [ "src/clear_memory.c", - "src/dice.c" + "src/dice.c", ] all_dependent_configs = [ ":standalone_ops_config" ] } @@ -59,27 +55,47 @@ config("boringssl_ed25519_ops_config") { include_dirs = [ "//include/dice/config/boringssl_ed25519" ] } -pw_static_library("dice_with_boringssl_ops") { +config("boringssl_ecdsa_p384_ops_config") { + include_dirs = [ "//include/dice/config/boringssl_ecdsa_p384" ] +} + +pw_static_library("dice_with_boringssl_ed25519_ops") { public = [ "include/dice/dice.h", "include/dice/utils.h", ] sources = [ "src/boringssl_cert_op.c", - "src/boringssl_hash_kdf_ops.c", "src/boringssl_ed25519_ops.c", + "src/boringssl_hash_kdf_ops.c", "src/clear_memory.c", "src/dice.c", "src/utils.c", ] - deps = [ - "//third_party/boringssl:crypto", - ] + deps = [ "//third_party/boringssl:crypto" ] all_dependent_configs = [ ":boringssl_ed25519_ops_config" ] } +pw_static_library("dice_with_boringssl_p384_ops") { + public = [ + "include/dice/dice.h", + "include/dice/utils.h", + ] + sources = [ + "src/boringssl_cert_op.c", + "src/boringssl_p384_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/clear_memory.c", + "src/dice.c", + "src/utils.c", + ] + deps = [ "//third_party/boringssl:crypto" ] + all_dependent_configs = [ ":boringssl_ecdsa_p384_ops_config" ] +} + config("mbedtls_ops_config") { include_dirs = [ "//include//dice/config/mbedtls_ecdsa_p256" ] + defines = [ "MBEDTLS_ALLOW_PRIVATE_ACCESS" ] } pw_static_library("dice_with_mbedtls_ops") { @@ -93,21 +109,20 @@ pw_static_library("dice_with_mbedtls_ops") { "src/mbedtls_ops.c", "src/utils.c", ] - deps = [ - "//third_party/mbedtls:mbedcrypto", - ] + deps = [ "//third_party/mbedtls:mbedcrypto" ] all_dependent_configs = [ ":mbedtls_ops_config" ] } -pw_static_library("dice_with_cbor_cert") { +pw_static_library("dice_with_cbor_ed25519_cert") { public = [ "include/dice/dice.h", "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_ops.c", "src/boringssl_ed25519_ops.c", + "src/boringssl_hash_kdf_ops.c", "src/cbor_cert_op.c", + "src/cbor_ed25519_cert_op.c", "src/clear_memory.c", "src/dice.c", "src/utils.c", @@ -119,22 +134,58 @@ pw_static_library("dice_with_cbor_cert") { all_dependent_configs = [ ":boringssl_ed25519_ops_config" ] } -pw_static_library("dice_with_cbor_template_cert") { + +pw_static_library("boringssl_ecdsa_utils") { + public = [ + "include/dice/boringssl_ecdsa_utils.h", + ] + sources = [ + "src/boringssl_ecdsa_utils.c", + ] + deps = [ + "//third_party/boringssl:crypto", + ] +} + +pw_static_library("dice_with_cbor_p384_cert") { public = [ "include/dice/dice.h", "include/dice/utils.h", ] sources = [ "src/boringssl_hash_kdf_ops.c", - "src/boringssl_ed25519_ops.c", + "src/boringssl_p384_ops.c", + "src/cbor_cert_op.c", + "src/cbor_p384_cert_op.c", "src/clear_memory.c", "src/dice.c", - "src/template_cbor_cert_op.c", "src/utils.c", + "src/boringssl_ecdsa_utils.c", ] deps = [ + ":cbor_writer", + ":boringssl_ecdsa_utils", "//third_party/boringssl:crypto", ] + all_dependent_configs = [ + ":boringssl_ecdsa_p384_ops_config", + ] +} + +pw_static_library("dice_with_cbor_template_ed25519_cert") { + public = [ + "include/dice/dice.h", + "include/dice/utils.h", + ] + sources = [ + "src/boringssl_ed25519_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/clear_memory.c", + "src/dice.c", + "src/template_cbor_cert_op.c", + "src/utils.c", + ] + deps = [ "//third_party/boringssl:crypto" ] all_dependent_configs = [ ":boringssl_ed25519_ops_config" ] } @@ -144,16 +195,14 @@ pw_static_library("dice_with_x509_template_cert") { "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_ops.c", "src/boringssl_ed25519_ops.c", + "src/boringssl_hash_kdf_ops.c", "src/clear_memory.c", "src/dice.c", "src/template_cert_op.c", "src/utils.c", ] - deps = [ - "//third_party/boringssl:crypto", - ] + deps = [ "//third_party/boringssl:crypto" ] all_dependent_configs = [ ":boringssl_ed25519_ops_config" ] } @@ -163,30 +212,22 @@ pw_source_set("fuzzer") { pw_test("cbor_writer_test") { sources = [ "src/cbor_writer_test.cc" ] - deps = [ - ":cbor_writer", - ] + deps = [ ":cbor_writer" ] } pw_test("cbor_reader_test") { sources = [ "src/cbor_reader_test.cc" ] - deps = [ - ":cbor_reader", - ] + deps = [ ":cbor_reader" ] } pw_executable("cbor_writer_fuzzer") { sources = [ "src/cbor_writer_fuzzer.cc" ] - deps = [ - ":cbor_writer", - ] + deps = [ ":cbor_writer" ] } pw_executable("cbor_reader_fuzzer") { sources = [ "src/cbor_reader_fuzzer.cc" ] - deps = [ - ":cbor_reader", - ] + deps = [ ":cbor_reader" ] } pw_test("dice_test") { @@ -197,22 +238,30 @@ pw_test("dice_test") { ] } -pw_test("boringssl_ops_test") { +pw_test("boringssl_ed25519_ops_test") { sources = [ - "src/boringssl_ops_test.cc", + "src/boringssl_ed25519_ops_test.cc", "src/test_utils.cc", ] deps = [ - ":dice_with_boringssl_ops", - "//third_party/boringssl:crypto", - "//third_party/cose-c:cose-c", + ":dice_with_boringssl_ed25519_ops", + ":boringssl_ecdsa_utils", "$dir_pw_string:pw_string", + "//third_party/boringssl:crypto", + "//third_party/cose-c:cose-c_ed25519", ] } -pw_executable("boringssl_ops_fuzzer") { +pw_executable("boringssl_ed25519_ops_fuzzer") { deps = [ - ":dice_with_boringssl_ops", + ":dice_with_boringssl_ed25519_ops", + ":fuzzer", + ] +} + +pw_executable("boringssl_p384_ops_fuzzer") { + deps = [ + ":dice_with_boringssl_p384_ops", ":fuzzer", ] } @@ -224,9 +273,10 @@ pw_test("template_cert_op_test") { ] deps = [ ":dice_with_x509_template_cert", - "//third_party/boringssl:crypto", - "//third_party/cose-c:cose-c", + ":boringssl_ecdsa_utils", "$dir_pw_string:pw_string", + "//third_party/boringssl:crypto", + "//third_party/cose-c:cose-c_ed25519", ] } @@ -237,42 +287,58 @@ pw_executable("template_cert_op_fuzzer") { ] } -pw_test("cbor_cert_op_test") { +pw_test("cbor_ed25519_cert_op_test") { sources = [ "src/cbor_cert_op_test.cc", "src/test_utils.cc", ] deps = [ - ":dice_with_cbor_cert", + ":dice_with_cbor_ed25519_cert", + ":boringssl_ecdsa_utils", + "$dir_pw_string:pw_string", + "//third_party/boringssl:crypto", + "//third_party/cose-c:cose-c_ed25519", + ] +} + +pw_test("cbor_p384_cert_op_test") { + sources = [ + "src/cbor_p384_cert_op_test.cc", + "src/test_utils.cc", + ] + deps = [ + ":dice_with_cbor_p384_cert", + ":boringssl_ecdsa_utils", "//third_party/boringssl:crypto", - "//third_party/cose-c:cose-c", + "//third_party/cose-c:cose-c_p384", "$dir_pw_string:pw_string", ] } -pw_executable("cbor_cert_op_fuzzer") { +pw_executable("cbor_ed25519_cert_op_fuzzer") { deps = [ - ":dice_with_cbor_cert", + ":dice_with_cbor_ed25519_cert", ":fuzzer", ] } -pw_test("template_cbor_cert_op_test") { +pw_test("template_cbor_ed25519_cert_op_test") { sources = [ "src/template_cbor_cert_op_test.cc", "src/test_utils.cc", ] deps = [ - ":dice_with_cbor_template_cert", - "//third_party/boringssl:crypto", - "//third_party/cose-c:cose-c", + ":dice_with_cbor_template_ed25519_cert", + ":boringssl_ecdsa_utils", "$dir_pw_string:pw_string", + "//third_party/boringssl:crypto", + "//third_party/cose-c:cose-c_ed25519", ] } -pw_executable("template_cbor_cert_op_fuzzer") { +pw_executable("template_cbor_ed25519_cert_op_fuzzer") { deps = [ - ":dice_with_cbor_template_cert", + ":dice_with_cbor_template_ed25519_cert", ":fuzzer", ] } @@ -284,9 +350,10 @@ pw_test("mbedtls_ops_test") { ] deps = [ ":dice_with_mbedtls_ops", - "//third_party/boringssl:crypto", - "//third_party/cose-c:cose-c", + ":boringssl_ecdsa_utils", "$dir_pw_string:pw_string", + "//third_party/boringssl:crypto", + "//third_party/cose-c:cose-c_ed25519", ] } @@ -299,13 +366,14 @@ pw_executable("mbedtls_ops_fuzzer") { pw_test_group("tests") { tests = [ - ":boringssl_ops_test", - ":cbor_cert_op_test", + ":boringssl_ed25519_ops_test", + ":cbor_ed25519_cert_op_test", + ":cbor_p384_cert_op_test", ":cbor_reader_test", ":cbor_writer_test", ":dice_test", ":mbedtls_ops_test", - ":template_cbor_cert_op_test", + ":template_cbor_ed25519_cert_op_test", ":template_cert_op_test", "//src/android:bcc_test", ] @@ -313,12 +381,13 @@ pw_test_group("tests") { group("fuzzers") { deps = [ - ":boringssl_ops_fuzzer", - ":cbor_cert_op_fuzzer", + ":boringssl_ed25519_ops_fuzzer", + ":boringssl_p384_ops_fuzzer", + ":cbor_ed25519_cert_op_fuzzer", ":cbor_reader_fuzzer", ":cbor_writer_fuzzer", ":mbedtls_ops_fuzzer", - ":template_cbor_cert_op_fuzzer", + ":template_cbor_ed25519_cert_op_fuzzer", ":template_cert_op_fuzzer", "//src/android:bcc_fuzzer", ] @@ -340,10 +409,10 @@ pw_source_set("dice_main") { sources = [ "src/dice_main.c" ] } -pw_executable("dice_with_boringssl_ops_main") { +pw_executable("dice_with_boringssl_ed25519_ops_main") { deps = [ ":dice_main", - ":dice_with_boringssl_ops", + ":dice_with_boringssl_ed25519_ops", ] } @@ -357,14 +426,14 @@ pw_executable("dice_with_mbedtls_ops_main") { pw_executable("dice_with_cbor_cert_main") { deps = [ ":dice_main", - ":dice_with_cbor_cert", + ":dice_with_cbor_ed25519_cert", ] } -pw_executable("dice_with_cbor_template_cert_main") { +pw_executable("dice_with_cbor_template_ed25519_cert_main") { deps = [ ":dice_main", - ":dice_with_cbor_template_cert", + ":dice_with_cbor_template_ed25519_cert", ] } @@ -375,7 +444,7 @@ pw_executable("dice_with_x509_template_cert_main") { ] } -pw_size_report("executable_size_report") { +pw_size_diff("executable_size_report") { title = "Executable sizes (includes thirdparty deps)" base = ":empty_main" binaries = [ @@ -384,8 +453,8 @@ pw_size_report("executable_size_report") { label = "DiceMainFlow only (No Ops)" }, { - target = ":dice_with_boringssl_ops_main" - label = "Boringssl Ops" + target = ":dice_with_boringssl_ed25519_ops_main" + label = "Boringssl Ed25519 Ops" base = ":dice_standalone_main" }, { @@ -396,22 +465,22 @@ pw_size_report("executable_size_report") { { target = ":dice_with_cbor_cert_main" label = "Boringssl with CBOR Cert" - base = ":dice_with_boringssl_ops_main" + base = ":dice_with_boringssl_ed25519_ops_main" }, { - target = ":dice_with_cbor_template_cert_main" - label = "Boringssl with CBOR Template Cert" - base = ":dice_with_boringssl_ops_main" + target = ":dice_with_cbor_template_ed25519_cert_main" + label = "Boringssl with CBOR Template Ed25519 Cert" + base = ":dice_with_boringssl_ed25519_ops_main" }, { target = ":dice_with_x509_template_cert_main" label = "Boringssl with X.509 Template Cert" - base = ":dice_with_boringssl_ops_main" + base = ":dice_with_boringssl_ed25519_ops_main" }, ] } -pw_size_report("library_size_report") { +pw_size_diff("library_size_report") { title = "Library sizes (excludes thirdparty deps)" base = ":empty_lib" binaries = [ @@ -420,7 +489,7 @@ pw_size_report("library_size_report") { label = "DICE Standalone (No Ops)" }, { - target = ":dice_with_boringssl_ops" + target = ":dice_with_boringssl_ed25519_ops" label = "Boringssl Ops" base = ":dice_standalone" }, @@ -430,12 +499,17 @@ pw_size_report("library_size_report") { base = ":dice_standalone" }, { - target = ":dice_with_cbor_cert" + target = ":dice_with_cbor_ed25519_cert" label = "CBOR Cert" base = ":dice_standalone" }, { - target = ":dice_with_cbor_template_cert" + target = ":dice_with_cbor_p384_cert" + label = "CBOR P384 Cert" + base = ":dice_standalone" + }, + { + target = ":dice_with_cbor_template_ed25519_cert" label = "CBOR Template Cert" base = ":dice_standalone" }, @@ -450,9 +524,10 @@ pw_size_report("library_size_report") { group("optimized_libs") { deps = [ ":dice_standalone", - ":dice_with_boringssl_ops", - ":dice_with_cbor_cert", - ":dice_with_cbor_template_cert", + ":dice_with_boringssl_ed25519_ops", + ":dice_with_cbor_ed25519_cert", + ":dice_with_cbor_p384_cert", + ":dice_with_cbor_template_ed25519_cert", ":dice_with_mbedtls_ops", ":dice_with_x509_template_cert", ":executable_size_report", diff --git a/bootstrap.sh b/bootstrap.sh index 3404d07..181daec 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -25,11 +25,14 @@ # manually. git submodule update --init -# Apply local submodule patches. -git -C third_party/mbedtls/src am ../0001-Mark-basic-constraints-critical-as-appropriate.patch - # Bootstrap the pigweed environment. . third_party/pigweed/src/bootstrap.sh +# Copy the pigweed environment config with a path fixup. +sed s/environment/third_party\\\/pigweed\\\/src\\\/environment/g \ + < third_party/pigweed/src/build_overrides/pigweed_environment.gni \ + > build_overrides/pigweed_environment.gni +gn format build_overrides/pigweed_environment.gni + # Setup the build. gn gen --export-compile-commands out diff --git a/generate_test_values.py b/generate_test_values.py index 953ef82..f4afd4f 100644 --- a/generate_test_values.py +++ b/generate_test_values.py @@ -115,13 +115,13 @@ def _generate_c(name): content += _generate_array('kExpectedCdiSeal_%s' % _to_camel_case(name), seal_cdi_data) for cert_type in ('X509', 'CBOR'): - for key_type in ('Ed25519', 'P256'): + for key_type in ('Ed25519', 'P256', 'P384'): var_name = 'kExpected%s%sCert_%s' % (_to_camel_case(cert_type), _to_camel_case(key_type), _to_camel_case(name)) cert_data = _read_file('_%s_%s_cert_%s.cert' % (cert_type, key_type, name)) - if cert_type == 'X509': + if cert_type == 'X509' and key_type != 'P384': content += ( '// $ openssl x509 -inform DER -noout -text -certopt ' 'ext_parse\n') diff --git a/include/dice/boringssl_ecdsa_utils.h b/include/dice/boringssl_ecdsa_utils.h new file mode 100644 index 0000000..229926a --- /dev/null +++ b/include/dice/boringssl_ecdsa_utils.h @@ -0,0 +1,57 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +#ifndef BORINGSSL_ECDSA_UTILS_H_ +#define BORINGSSL_ECDSA_UTILS_H_ + +#include <stddef.h> +#include <stdint.h> + +#include "dice/dice.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define P384_PRIVATE_KEY_SIZE 48 +#define P384_PUBLIC_KEY_SIZE 96 +#define P384_SIGNATURE_SIZE 96 + +// Deterministically generates a public and private key pair from |seed|. +// Since this is deterministic, |seed| is as sensitive as a private key and can +// be used directly as the private key. The |private_key| may use an +// implementation defined format so may only be passed to the |sign| operation. +int P384KeypairFromSeed(uint8_t public_key[P384_PUBLIC_KEY_SIZE], + uint8_t private_key[P384_PRIVATE_KEY_SIZE], + const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]); + +// Calculates a signature of |message_size| bytes from |message| using +// |private_key|. |private_key| was generated by |keypair_from_seed| to allow +// an implementation to use their own private key format. |signature| points to +// the buffer where the calculated signature is written. +int P384Sign(uint8_t signature[P384_SIGNATURE_SIZE], const uint8_t* message, + size_t message_size, + const uint8_t private_key[P384_PRIVATE_KEY_SIZE]); + +// Verifies, using |public_key|, that |signature| covers |message_size| bytes +// from |message|. +int P384Verify(const uint8_t* message, size_t message_size, + const uint8_t signature[P384_SIGNATURE_SIZE], + const uint8_t public_key[P384_PUBLIC_KEY_SIZE]); + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif // BORINGSSL_ECDSA_UTILS_H_ diff --git a/include/dice/config/boringssl_ecdsa_p384/dice/config.h b/include/dice/config/boringssl_ecdsa_p384/dice/config.h new file mode 100644 index 0000000..a0f9583 --- /dev/null +++ b/include/dice/config/boringssl_ecdsa_p384/dice/config.h @@ -0,0 +1,25 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +#ifndef DICE_CONFIG_H_ +#define DICE_CONFIG_H_ + +// ECDSA P384 +// From table 1 of RFC 9053 +#define DICE_COSE_KEY_ALG_VALUE (-35) +#define DICE_PUBLIC_KEY_SIZE 96 +#define DICE_PRIVATE_KEY_SIZE 48 +#define DICE_SIGNATURE_SIZE 96 + +#endif // DICE_DICE_CONFIG_H_ diff --git a/include/dice/config/boringssl_ed25519/dice/config.h b/include/dice/config/boringssl_ed25519/dice/config.h index 583ac68..02097c4 100644 --- a/include/dice/config/boringssl_ed25519/dice/config.h +++ b/include/dice/config/boringssl_ed25519/dice/config.h @@ -16,6 +16,8 @@ #define DICE_CONFIG_H_ // Ed25519 +// COSE Key alg value from Table 2 of RFC9053 +#define DICE_COSE_KEY_ALG_VALUE (-8) #define DICE_PUBLIC_KEY_SIZE 32 #define DICE_PRIVATE_KEY_SIZE 64 #define DICE_SIGNATURE_SIZE 64 diff --git a/include/dice/known_test_values.h b/include/dice/known_test_values.h index 7391fe6..c3a052b 100644 --- a/include/dice/known_test_values.h +++ b/include/dice/known_test_values.h @@ -268,6 +268,8 @@ constexpr uint8_t kExpectedX509P256Cert_ZeroInput[705] = { 0xd7, 0x4c, 0x98, 0x1f, 0x10, 0x7f, 0x14, 0x6a, 0x45, 0xc0, 0x1c, 0x48, 0x99, 0xce, 0x6e, 0x8f, 0x6d, 0xd3, 0xdc, 0xf3, 0x93}; +constexpr uint8_t kExpectedX509P384Cert_ZeroInput[0] = {}; + constexpr uint8_t kExpectedCborEd25519Cert_ZeroInput[441] = { 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x6e, 0xa8, 0x01, 0x78, 0x28, 0x37, 0x61, 0x30, 0x36, 0x65, 0x65, 0x65, 0x34, 0x31, 0x62, 0x37, @@ -309,6 +311,54 @@ constexpr uint8_t kExpectedCborEd25519Cert_ZeroInput[441] = { constexpr uint8_t kExpectedCborP256Cert_ZeroInput[0] = {}; +constexpr uint8_t kExpectedCborP384Cert_ZeroInput[542] = { + 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0xb2, 0xa8, 0x01, + 0x78, 0x28, 0x30, 0x34, 0x63, 0x32, 0x36, 0x35, 0x66, 0x65, 0x30, 0x36, + 0x66, 0x66, 0x32, 0x33, 0x30, 0x65, 0x33, 0x39, 0x62, 0x36, 0x33, 0x32, + 0x32, 0x65, 0x65, 0x61, 0x39, 0x65, 0x30, 0x31, 0x30, 0x37, 0x31, 0x31, + 0x66, 0x62, 0x36, 0x36, 0x62, 0x34, 0x02, 0x78, 0x28, 0x34, 0x30, 0x63, + 0x62, 0x34, 0x66, 0x30, 0x36, 0x34, 0x61, 0x36, 0x38, 0x64, 0x34, 0x30, + 0x37, 0x61, 0x30, 0x62, 0x33, 0x39, 0x30, 0x61, 0x62, 0x63, 0x63, 0x30, + 0x35, 0x61, 0x33, 0x34, 0x62, 0x66, 0x63, 0x38, 0x61, 0x66, 0x33, 0x33, + 0x66, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x3a, 0x00, 0x47, 0x44, 0x53, 0x58, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, + 0x00, 0x47, 0x44, 0x54, 0x58, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x00, + 0x47, 0x44, 0x56, 0x41, 0x00, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x71, + 0xa6, 0x01, 0x02, 0x03, 0x38, 0x22, 0x04, 0x81, 0x02, 0x20, 0x02, 0x21, + 0x58, 0x30, 0x77, 0x19, 0x6b, 0xa5, 0x84, 0xeb, 0x79, 0x46, 0xd2, 0xfb, + 0xb0, 0xd5, 0xc8, 0x31, 0xc7, 0xad, 0x91, 0x37, 0x5e, 0x11, 0x28, 0xdb, + 0x23, 0x8c, 0xc1, 0xc6, 0x7f, 0xae, 0x5e, 0x07, 0x10, 0x95, 0x5b, 0x17, + 0xb5, 0xd5, 0x08, 0x12, 0x31, 0x06, 0xba, 0x31, 0x31, 0x10, 0x43, 0x71, + 0x51, 0xde, 0x22, 0x58, 0x30, 0x03, 0x25, 0xa9, 0x76, 0x29, 0x67, 0x9d, + 0x6b, 0xa9, 0x01, 0xb1, 0x22, 0xa0, 0x4b, 0xee, 0xf7, 0xb3, 0xe1, 0x52, + 0xfc, 0xe0, 0x3c, 0xdc, 0x5d, 0x1b, 0x58, 0x16, 0x69, 0xdd, 0x44, 0x24, + 0x67, 0xbf, 0x21, 0xd7, 0x47, 0xf3, 0x13, 0xd1, 0x47, 0x6c, 0x4b, 0xd3, + 0x05, 0xb5, 0x29, 0xa0, 0xf1, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, + 0x58, 0x60, 0xb0, 0xb7, 0x0f, 0x47, 0xfa, 0xba, 0xca, 0x05, 0x16, 0x4f, + 0x1e, 0xd1, 0x73, 0x15, 0x94, 0x17, 0xcd, 0x6b, 0x3c, 0x0e, 0x18, 0x77, + 0xc0, 0x6e, 0x53, 0x97, 0xf2, 0x03, 0xb9, 0xbb, 0x82, 0xde, 0xe0, 0x2d, + 0xb3, 0xc8, 0x0e, 0x7a, 0x5e, 0xb0, 0x74, 0x15, 0xbe, 0x25, 0x6a, 0x7c, + 0x90, 0x30, 0x80, 0x0c, 0x90, 0x20, 0x00, 0xc5, 0x42, 0xbf, 0xf7, 0x4e, + 0x1b, 0xd8, 0xe2, 0xe4, 0x32, 0xd5, 0xf3, 0x8e, 0x1e, 0x59, 0x9f, 0x1e, + 0x71, 0x8e, 0xc3, 0x2e, 0x50, 0x8a, 0xa0, 0x02, 0xa4, 0xd3, 0xe6, 0x8c, + 0x68, 0xbb, 0x5e, 0x33, 0xfd, 0x81, 0x12, 0xa7, 0xdc, 0x68, 0xc7, 0x7a, + 0x4b, 0xfa}; + constexpr uint8_t kExpectedCdiAttest_HashOnlyInput[32] = { 0x08, 0x4e, 0xf4, 0x06, 0xc6, 0x9b, 0xa7, 0x4b, 0x1e, 0x24, 0xd0, 0x62, 0xf9, 0xab, 0x8a, 0x8d, 0x89, 0xda, 0x6e, 0x03, 0xe4, 0xc6, @@ -554,6 +604,8 @@ constexpr uint8_t kExpectedX509P256Cert_HashOnlyInput[707] = { 0xc9, 0xe2, 0x0f, 0x50, 0xf0, 0x1c, 0x70, 0x01, 0x64, 0xa7, 0x8d, 0x7d, 0x51, 0xe9, 0x59, 0xfe, 0xe6, 0x7f, 0x31, 0x28, 0x30, 0x04, 0x04}; +constexpr uint8_t kExpectedX509P384Cert_HashOnlyInput[0] = {}; + constexpr uint8_t kExpectedCborEd25519Cert_HashOnlyInput[441] = { 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x6e, 0xa8, 0x01, 0x78, 0x28, 0x34, 0x37, 0x35, 0x37, 0x30, 0x38, 0x65, 0x62, 0x33, 0x62, 0x34, @@ -595,6 +647,54 @@ constexpr uint8_t kExpectedCborEd25519Cert_HashOnlyInput[441] = { constexpr uint8_t kExpectedCborP256Cert_HashOnlyInput[0] = {}; +constexpr uint8_t kExpectedCborP384Cert_HashOnlyInput[542] = { + 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0xb2, 0xa8, 0x01, + 0x78, 0x28, 0x35, 0x64, 0x38, 0x62, 0x36, 0x62, 0x65, 0x37, 0x63, 0x65, + 0x33, 0x65, 0x64, 0x65, 0x36, 0x61, 0x32, 0x34, 0x31, 0x38, 0x30, 0x31, + 0x34, 0x35, 0x32, 0x33, 0x65, 0x36, 0x63, 0x39, 0x64, 0x63, 0x38, 0x37, + 0x65, 0x39, 0x38, 0x63, 0x63, 0x36, 0x02, 0x78, 0x28, 0x36, 0x35, 0x61, + 0x63, 0x35, 0x39, 0x36, 0x61, 0x62, 0x39, 0x39, 0x34, 0x30, 0x33, 0x61, + 0x38, 0x63, 0x37, 0x30, 0x32, 0x37, 0x35, 0x62, 0x31, 0x34, 0x62, 0x30, + 0x32, 0x33, 0x37, 0x33, 0x66, 0x66, 0x31, 0x34, 0x33, 0x66, 0x39, 0x31, + 0x65, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, + 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, + 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e, + 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40, + 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79, + 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f, + 0x3a, 0x00, 0x47, 0x44, 0x53, 0x58, 0x40, 0xcf, 0x99, 0x7b, 0xea, 0x2e, + 0x2c, 0x86, 0xa0, 0x7b, 0x52, 0x09, 0xc8, 0xb5, 0x3c, 0x41, 0x12, 0x29, + 0x28, 0x1a, 0x82, 0x0d, 0x49, 0x9c, 0x95, 0xcb, 0x0b, 0x1b, 0x31, 0x1a, + 0x01, 0x9c, 0xf2, 0x66, 0x1a, 0xd9, 0xb5, 0xce, 0x52, 0x59, 0xcb, 0xf4, + 0x81, 0x9b, 0x21, 0xaf, 0x32, 0x5d, 0x07, 0xa0, 0x1e, 0x91, 0x59, 0x6f, + 0x06, 0x55, 0x10, 0x8e, 0x2e, 0x08, 0x88, 0x52, 0x28, 0x86, 0x7f, 0x3a, + 0x00, 0x47, 0x44, 0x54, 0x58, 0x40, 0x22, 0x52, 0x60, 0x17, 0xef, 0x2c, + 0xa1, 0xf6, 0xcb, 0xed, 0x39, 0xd5, 0xe2, 0xaa, 0x65, 0x20, 0xfb, 0xad, + 0x82, 0x93, 0xe5, 0x78, 0x23, 0x22, 0x97, 0xc1, 0x6e, 0x6a, 0x4e, 0x36, + 0xd7, 0x6a, 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d, + 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9, + 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0x3a, 0x00, + 0x47, 0x44, 0x56, 0x41, 0x00, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x71, + 0xa6, 0x01, 0x02, 0x03, 0x38, 0x22, 0x04, 0x81, 0x02, 0x20, 0x02, 0x21, + 0x58, 0x30, 0x32, 0x81, 0xad, 0x61, 0x1e, 0x50, 0x96, 0x2b, 0x5e, 0xda, + 0xff, 0xee, 0x14, 0xa6, 0x44, 0x3d, 0xd9, 0xd1, 0x34, 0xf6, 0x64, 0xb7, + 0x61, 0x58, 0xf4, 0x9a, 0x58, 0xdb, 0xef, 0xa8, 0x87, 0x13, 0x26, 0x08, + 0x1b, 0xc7, 0xdd, 0xc5, 0x5b, 0x73, 0x42, 0xd6, 0x29, 0x87, 0x3f, 0x85, + 0xd0, 0xe4, 0x22, 0x58, 0x30, 0x60, 0x85, 0xd8, 0x42, 0x29, 0x1b, 0xc6, + 0xd9, 0xf6, 0x2f, 0x3a, 0xce, 0xa0, 0xb9, 0x40, 0xb8, 0x18, 0xde, 0xc2, + 0x5c, 0x90, 0xfb, 0x4b, 0x6d, 0x96, 0x42, 0x77, 0xe2, 0xf6, 0x58, 0x3d, + 0x37, 0xa7, 0x3d, 0x2e, 0xca, 0xd1, 0x2c, 0xa4, 0xd4, 0xa7, 0xaf, 0x25, + 0xc3, 0xb2, 0xe7, 0x34, 0xf5, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, + 0x58, 0x60, 0x84, 0x9a, 0x2e, 0x89, 0xeb, 0x6d, 0x61, 0x93, 0xe0, 0x0e, + 0xb9, 0x57, 0xc6, 0x84, 0x08, 0x28, 0x77, 0xeb, 0x9e, 0x39, 0xad, 0x74, + 0x78, 0xf3, 0x8f, 0xf7, 0xdf, 0xfa, 0xa2, 0xbf, 0x01, 0x4f, 0x94, 0x1a, + 0xa1, 0x27, 0xaa, 0x93, 0x57, 0xe4, 0x49, 0x07, 0xb9, 0xd7, 0x49, 0xdb, + 0x73, 0x1e, 0xa1, 0x7e, 0xf1, 0x19, 0x87, 0x8e, 0x5a, 0x89, 0xb7, 0x02, + 0x19, 0x13, 0xdb, 0x20, 0x3f, 0x5f, 0x49, 0xc9, 0xb7, 0xcf, 0x52, 0xc3, + 0xd2, 0xf7, 0x90, 0x52, 0xf7, 0xaa, 0x39, 0x66, 0x78, 0x7a, 0x5b, 0xb3, + 0xa7, 0xe9, 0x33, 0xc6, 0x4f, 0xe6, 0x78, 0xf3, 0x4b, 0x51, 0xf1, 0xed, + 0x15, 0xeb}; + constexpr uint8_t kExpectedCdiAttest_DescriptorInput[32] = { 0x20, 0xd5, 0x0c, 0x68, 0x5a, 0xd9, 0xe2, 0xdf, 0x77, 0x60, 0x78, 0x68, 0x19, 0x00, 0x24, 0xc2, 0x04, 0x4f, 0xb8, 0xde, 0x79, 0xaa, @@ -919,6 +1019,8 @@ constexpr uint8_t kExpectedX509P256Cert_DescriptorInput[927] = { 0x89, 0xe2, 0xa6, 0x14, 0x0c, 0xfa, 0xc2, 0xb1, 0xdd, 0x0c, 0x0a, 0x78, 0xac, 0x60, 0x19}; +constexpr uint8_t kExpectedX509P384Cert_DescriptorInput[0] = {}; + constexpr uint8_t kExpectedCborEd25519Cert_DescriptorInput[667] = { 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x02, 0x50, 0xab, 0x01, 0x78, 0x28, 0x34, 0x37, 0x35, 0x37, 0x30, 0x38, 0x65, 0x62, 0x33, 0x62, 0x34, @@ -979,6 +1081,72 @@ constexpr uint8_t kExpectedCborEd25519Cert_DescriptorInput[667] = { constexpr uint8_t kExpectedCborP256Cert_DescriptorInput[0] = {}; +constexpr uint8_t kExpectedCborP384Cert_DescriptorInput[768] = { + 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x02, 0x94, 0xab, 0x01, + 0x78, 0x28, 0x35, 0x64, 0x38, 0x62, 0x36, 0x62, 0x65, 0x37, 0x63, 0x65, + 0x33, 0x65, 0x64, 0x65, 0x36, 0x61, 0x32, 0x34, 0x31, 0x38, 0x30, 0x31, + 0x34, 0x35, 0x32, 0x33, 0x65, 0x36, 0x63, 0x39, 0x64, 0x63, 0x38, 0x37, + 0x65, 0x39, 0x38, 0x63, 0x63, 0x36, 0x02, 0x78, 0x28, 0x36, 0x66, 0x31, + 0x33, 0x39, 0x63, 0x37, 0x62, 0x32, 0x62, 0x31, 0x36, 0x61, 0x63, 0x38, + 0x31, 0x30, 0x32, 0x34, 0x64, 0x35, 0x37, 0x34, 0x39, 0x36, 0x62, 0x31, + 0x62, 0x37, 0x61, 0x31, 0x33, 0x66, 0x64, 0x33, 0x65, 0x38, 0x30, 0x37, + 0x66, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, + 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, + 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e, + 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40, + 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79, + 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f, + 0x3a, 0x00, 0x47, 0x44, 0x51, 0x58, 0x64, 0x6c, 0x46, 0x01, 0x33, 0x26, + 0x73, 0x4b, 0x22, 0x65, 0xfd, 0xfa, 0x58, 0xd7, 0x57, 0x3e, 0x95, 0x59, + 0xe0, 0x3a, 0xc3, 0xb9, 0xf7, 0xc8, 0x0e, 0x98, 0x80, 0x8c, 0xf5, 0xc4, + 0xb8, 0xaf, 0xe3, 0x16, 0x84, 0x25, 0xa5, 0x35, 0x5d, 0x17, 0x72, 0x56, + 0x8f, 0x8e, 0xec, 0x2f, 0x5a, 0x74, 0x60, 0x77, 0x2a, 0x6e, 0x90, 0xc0, + 0x4e, 0x9f, 0x87, 0x6b, 0xf4, 0x8d, 0x9c, 0x66, 0xe3, 0x0b, 0xd2, 0x10, + 0x35, 0x21, 0xa8, 0x1d, 0xa2, 0x31, 0x17, 0xe7, 0x0c, 0xdf, 0x18, 0xf7, + 0x94, 0xe4, 0xd1, 0xca, 0x32, 0x7d, 0xf2, 0x63, 0x23, 0x1d, 0xbc, 0x84, + 0x74, 0x61, 0xdb, 0x87, 0xf2, 0xab, 0x72, 0xad, 0xaf, 0x08, 0xf8, 0x3a, + 0x00, 0x47, 0x44, 0x53, 0x58, 0x28, 0x1b, 0x40, 0xc1, 0xa9, 0x77, 0x60, + 0xeb, 0xc3, 0x67, 0xf0, 0x5f, 0x6a, 0xe1, 0x5e, 0x20, 0xc2, 0x51, 0x68, + 0x4d, 0x82, 0x48, 0x8b, 0x03, 0x32, 0x16, 0x79, 0x88, 0x14, 0x37, 0x78, + 0x7f, 0x16, 0x9a, 0x06, 0xfd, 0xc0, 0x8a, 0x15, 0x80, 0x62, 0x3a, 0x00, + 0x47, 0x44, 0x52, 0x58, 0x40, 0x45, 0x00, 0xe9, 0x5c, 0xbd, 0x00, 0x57, + 0x04, 0x55, 0x87, 0x6c, 0xbd, 0x2f, 0xea, 0x41, 0x9c, 0x66, 0x42, 0x51, + 0x41, 0xbb, 0x44, 0xed, 0x0e, 0xe9, 0x66, 0xcf, 0xd5, 0x10, 0x73, 0x0d, + 0x4b, 0x48, 0xe4, 0x7a, 0x53, 0x35, 0x01, 0x0e, 0x6d, 0x15, 0x55, 0xc5, + 0xb7, 0xd2, 0xd5, 0x36, 0xb6, 0xbc, 0x7e, 0xb0, 0xf3, 0x3d, 0xe6, 0x19, + 0x78, 0x62, 0xeb, 0x02, 0x57, 0x39, 0x56, 0x73, 0x4f, 0x3a, 0x00, 0x47, + 0x44, 0x54, 0x58, 0x40, 0x22, 0x52, 0x60, 0x17, 0xef, 0x2c, 0xa1, 0xf6, + 0xcb, 0xed, 0x39, 0xd5, 0xe2, 0xaa, 0x65, 0x20, 0xfb, 0xad, 0x82, 0x93, + 0xe5, 0x78, 0x23, 0x22, 0x97, 0xc1, 0x6e, 0x6a, 0x4e, 0x36, 0xd7, 0x6a, + 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d, 0xeb, 0x5d, + 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9, 0xcc, 0x23, + 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0x3a, 0x00, 0x47, 0x44, + 0x55, 0x58, 0x41, 0x92, 0xd6, 0x97, 0xb3, 0x83, 0xdf, 0xe7, 0x8c, 0xc7, + 0xbc, 0x4a, 0xfc, 0xea, 0x76, 0xc0, 0x53, 0x66, 0xbd, 0x2c, 0x1e, 0x10, + 0x31, 0x90, 0x80, 0x11, 0x2d, 0x08, 0x4d, 0x7c, 0x39, 0x76, 0xdc, 0x73, + 0xe7, 0x1c, 0x16, 0x62, 0xd5, 0x59, 0xd7, 0x49, 0x2b, 0x6a, 0xa2, 0x36, + 0x67, 0x57, 0xd1, 0xf2, 0xf9, 0xaf, 0x13, 0xd7, 0xa3, 0xe4, 0xd3, 0x39, + 0x5b, 0x02, 0x78, 0xb1, 0xe0, 0x09, 0x70, 0xa2, 0x3a, 0x00, 0x47, 0x44, + 0x56, 0x41, 0x00, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x71, 0xa6, 0x01, + 0x02, 0x03, 0x38, 0x22, 0x04, 0x81, 0x02, 0x20, 0x02, 0x21, 0x58, 0x30, + 0xb4, 0x02, 0x19, 0x48, 0xca, 0xdd, 0x23, 0x4b, 0x92, 0x91, 0x22, 0x8d, + 0xa8, 0x80, 0x85, 0xc0, 0xf9, 0x23, 0xe4, 0x89, 0xbd, 0x91, 0x8d, 0xf3, + 0x8f, 0xa3, 0x73, 0x60, 0x70, 0x19, 0xc6, 0x33, 0x76, 0xbf, 0xd4, 0x60, + 0xfa, 0xdc, 0xde, 0x46, 0x58, 0x51, 0x13, 0x1d, 0x73, 0x81, 0x79, 0xff, + 0x22, 0x58, 0x30, 0x39, 0x79, 0x1b, 0x49, 0x6a, 0xcf, 0x37, 0x8f, 0xf4, + 0x1a, 0xc2, 0x29, 0xb5, 0x80, 0x2f, 0x7b, 0x2b, 0x0a, 0x27, 0x96, 0xb3, + 0xb2, 0xc1, 0xc6, 0x6f, 0xb4, 0x16, 0xa4, 0x78, 0x76, 0x73, 0x6f, 0xcb, + 0xf5, 0x7d, 0x26, 0xc2, 0x37, 0xe9, 0x58, 0x98, 0xeb, 0xef, 0x11, 0x7c, + 0x8d, 0x1d, 0x4b, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x60, + 0x12, 0xa5, 0xb9, 0xc3, 0xbf, 0x06, 0x10, 0x7d, 0x22, 0x4b, 0xc1, 0xd2, + 0x58, 0xce, 0xd8, 0x4c, 0x42, 0x48, 0x69, 0x58, 0xf0, 0x83, 0x4a, 0x54, + 0x39, 0x90, 0xec, 0x10, 0xef, 0x76, 0x2e, 0xb0, 0x33, 0x82, 0x6f, 0x93, + 0x2b, 0xc3, 0xb2, 0xc4, 0x6a, 0xcb, 0xde, 0x4c, 0x21, 0x62, 0x56, 0x07, + 0xc7, 0xb1, 0xd6, 0xde, 0xff, 0x95, 0x2c, 0xce, 0xbf, 0x3c, 0x0b, 0xdc, + 0xd0, 0xc5, 0x39, 0x6d, 0xc3, 0x59, 0x23, 0x7b, 0x54, 0x11, 0xf4, 0xb1, + 0x33, 0x66, 0x94, 0x47, 0x3c, 0x14, 0x99, 0x0a, 0xca, 0xa9, 0x84, 0xf4, + 0xc9, 0x24, 0xfd, 0x11, 0xe7, 0xcc, 0x37, 0x6f, 0x12, 0x2b, 0x1a, 0xa7}; + } // namespace test } // namespace dice diff --git a/include/dice/test_framework.h b/include/dice/test_framework.h index 16e1c90..d85ba2b 100644 --- a/include/dice/test_framework.h +++ b/include/dice/test_framework.h @@ -15,10 +15,11 @@ #ifndef DICE_TEST_FRAMEWORK_H_ #define DICE_TEST_FRAMEWORK_H_ -#ifdef DICE_USE_GTEST #include "gtest/gtest.h" -#else -#include "pw_unit_test/framework.h" + +#ifndef DICE_USE_GTEST +// Use pigweed's pw_unit_test::light framework instead of upstream gtest. +#include "pw_unit_test/simple_printing_event_handler.h" #endif #endif // DICE_TEST_FRAMEWORK_H_ diff --git a/include/dice/test_utils.h b/include/dice/test_utils.h index 776e932..afc400a 100644 --- a/include/dice/test_utils.h +++ b/include/dice/test_utils.h @@ -30,6 +30,7 @@ enum CertificateType { enum KeyType { KeyType_Ed25519, KeyType_P256, + KeyType_P384, }; struct DiceStateForTest { @@ -23,6 +23,7 @@ MODULE_SRCS := \ $(LOCAL_DIR)/src/boringssl_hash_kdf_ops.c \ $(LOCAL_DIR)/src/boringssl_ed25519_ops.c \ $(LOCAL_DIR)/src/cbor_cert_op.c \ + $(LOCAL_DIR)/src/cbor_ed25519_cert_op.c \ $(LOCAL_DIR)/src/cbor_reader.c \ $(LOCAL_DIR)/src/cbor_writer.c \ $(LOCAL_DIR)/src/clear_memory.c \ diff --git a/src/android/BUILD.gn b/src/android/BUILD.gn index dd8bdbc..b9b9574 100644 --- a/src/android/BUILD.gn +++ b/src/android/BUILD.gn @@ -21,24 +21,16 @@ pw_source_set("bcc") { deps = [ "//:cbor_reader", "//:cbor_writer", - "//:dice_with_cbor_cert", + "//:dice_with_cbor_ed25519_cert", ] } pw_test("bcc_test") { - sources = [ - "bcc_test.cc", - ] - deps = [ - ":bcc", - ] + sources = [ "bcc_test.cc" ] + deps = [ ":bcc" ] } pw_executable("bcc_fuzzer") { - sources = [ - "bcc_fuzzer.cc", - ] - deps = [ - ":bcc", - ] + sources = [ "bcc_fuzzer.cc" ] + deps = [ ":bcc" ] } diff --git a/src/boringssl_ecdsa_utils.c b/src/boringssl_ecdsa_utils.c new file mode 100644 index 0000000..9513cd4 --- /dev/null +++ b/src/boringssl_ecdsa_utils.c @@ -0,0 +1,297 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// This is an implementation of the crypto operations that uses boringssl. The +// algorithms used are SHA512, HKDF-SHA512, and ECDSA P384-SHA384. + +#include "dice/boringssl_ecdsa_utils.h" + +#include <stdint.h> +#include <stdio.h> +#include <string.h> + +#include "openssl/bn.h" +#include "openssl/crypto.h" +#include "openssl/ec.h" +#include "openssl/ec_key.h" +#include "openssl/ecdsa.h" +#include "openssl/evp.h" +#include "openssl/hkdf.h" +#include "openssl/hmac.h" +#include "openssl/is_boringssl.h" +#include "openssl/sha.h" + +static int hmac(uint8_t k[64], uint8_t in[64], uint8_t *out, + unsigned int out_len) { + int ret = 0; + + if (out_len > 64 || out_len < 0) { + goto out; + } + HMAC_CTX ctx; + HMAC_CTX_init(&ctx); + if (1 != HMAC_Init_ex(&ctx, k, 64, EVP_sha512(), NULL /* impl */)) { + goto out; + } + if (1 != HMAC_Update(&ctx, in, 64)) { + goto out; + } + ret = HMAC_Final(&ctx, out, &out_len); + HMAC_CTX_cleanup(&ctx); + +out: + return ret; +} + +static int hmac3(uint8_t k[64], uint8_t in1[64], uint8_t in2, + const uint8_t *in3, unsigned int in3_len, uint8_t out[64]) { + int ret = 0; + + HMAC_CTX ctx; + HMAC_CTX_init(&ctx); + if (1 != HMAC_Init_ex(&ctx, k, 64, EVP_sha512(), NULL /* impl */)) { + goto out; + } + if (1 != HMAC_Update(&ctx, in1, 64)) { + goto out; + } + if (1 != HMAC_Update(&ctx, &in2, 1)) { + goto out; + } + if (in3 != NULL && in3_len > 0) { + if (1 != HMAC_Update(&ctx, in3, in3_len)) { + goto out; + } + } + unsigned int out_len = 64; + ret = HMAC_Final(&ctx, out, &out_len); + HMAC_CTX_cleanup(&ctx); + +out: + return ret; +} + +// Algorithm from section 3.2 of IETF RFC6979 +static BIGNUM *derivePrivateKey(const EC_GROUP *group, const uint8_t *seed, + size_t seed_size, uint8_t *private_key, + size_t private_key_len) { + BIGNUM *candidate = NULL; + uint8_t v[64]; + uint8_t k[64]; + memset(v, 1, 64); + memset(k, 0, 64); + + if (1 != hmac3(k, v, 0x00, seed, (unsigned int)seed_size, k)) { + goto err; + } + if (1 != hmac(k, v, v, sizeof(v))) { + goto err; + } + if (1 != hmac3(k, v, 0x01, seed, (unsigned int)seed_size, k)) { + goto err; + } + do { + if (1 != hmac(k, v, v, sizeof(v))) { + goto err; + } + if (1 != hmac(k, v, private_key, private_key_len)) { + goto err; + } + if (1 != hmac3(k, v, 0x00, NULL, 0, k)) { + goto err; + } + candidate = BN_bin2bn(private_key, private_key_len, NULL); + if (!candidate) { + goto err; + } + } while (BN_cmp(candidate, EC_GROUP_get0_order(group)) >= 0 || + BN_is_zero(candidate)); + goto out; + +err: + BN_clear_free(candidate); + candidate = NULL; +out: + return candidate; +} + +int P384KeypairFromSeed(uint8_t public_key[P384_PUBLIC_KEY_SIZE], + uint8_t private_key[P384_PRIVATE_KEY_SIZE], + const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]) { + int ret = 0; + EC_POINT *publicKey = NULL; + BIGNUM *pD = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + + EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1); + if (!key) { + goto out; + } + const EC_GROUP *group = EC_KEY_get0_group(key); + if (!group) { + goto out; + } + publicKey = EC_POINT_new(group); + if (!publicKey) { + goto out; + } + + pD = derivePrivateKey(group, seed, DICE_PRIVATE_KEY_SEED_SIZE, private_key, + P384_PRIVATE_KEY_SIZE); + if (!pD) { + goto out; + } + if (1 != BN_bn2bin_padded(private_key, P384_PRIVATE_KEY_SIZE, pD)) { + goto out; + } + if (1 != EC_KEY_set_private_key(key, pD)) { + goto out; + } + if (1 != EC_POINT_mul(group, publicKey, pD, NULL, NULL, NULL)) { + goto out; + } + x = BN_new(); + if (!x) { + goto out; + } + y = BN_new(); + if (!y) { + goto out; + } + if (1 != EC_POINT_get_affine_coordinates_GFp(group, publicKey, x, y, NULL)) { + goto out; + } + if (BN_num_bytes(x) > P384_PRIVATE_KEY_SIZE) { + goto out; + } + BN_bn2bin(x, &public_key[0]); + if (BN_num_bytes(y) > P384_PRIVATE_KEY_SIZE) { + goto out; + } + BN_bn2bin(y, &public_key[P384_PRIVATE_KEY_SIZE]); + ret = 1; + +out: + EC_POINT_free(publicKey); + BN_clear_free(x); + BN_clear_free(y); + EC_KEY_free(key); + BN_clear_free(pD); + + return ret; +} + +int P384Sign(uint8_t signature[P384_SIGNATURE_SIZE], const uint8_t *message, + size_t message_size, + const uint8_t private_key[P384_PRIVATE_KEY_SIZE]) { + int ret = 0; + BIGNUM *pD = NULL; + EC_KEY *key = NULL; + uint8_t output[48]; + ECDSA_SIG *sig = NULL; + + pD = BN_bin2bn(private_key, P384_PRIVATE_KEY_SIZE, NULL); + if (!pD) { + goto out; + } + key = EC_KEY_new_by_curve_name(NID_secp384r1); + if (!key) { + goto out; + } + if (1 != EC_KEY_set_private_key(key, pD)) { + goto out; + } + SHA384(message, message_size, output); + sig = ECDSA_do_sign(output, 48, key); + if (!sig) { + goto out; + } + + if (BN_num_bytes(sig->r) > P384_PRIVATE_KEY_SIZE) { + goto out; + } + BN_bn2bin(sig->r, &signature[0]); + if (BN_num_bytes(sig->s) > P384_PRIVATE_KEY_SIZE) { + goto out; + } + BN_bn2bin(sig->s, &signature[P384_PRIVATE_KEY_SIZE]); + ret = 1; + +out: + EC_KEY_free(key); + BN_clear_free(pD); + ECDSA_SIG_free(sig); + return ret; +} + +int P384Verify(const uint8_t *message, size_t message_size, + const uint8_t signature[P384_SIGNATURE_SIZE], + const uint8_t public_key[P384_PUBLIC_KEY_SIZE]) { + int ret = 0; + uint8_t output[48]; + EC_KEY *key = NULL; + BIGNUM *bn_ret = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + ECDSA_SIG *sig = NULL; + + SHA384(message, message_size, output); + key = EC_KEY_new_by_curve_name(NID_secp384r1); + if (!key) { + goto out; + } + x = BN_new(); + if (!x) { + goto out; + } + bn_ret = BN_bin2bn(&public_key[0], P384_PUBLIC_KEY_SIZE / 2, x); + if (!bn_ret) { + goto out; + } + y = BN_new(); + if (!y) { + goto out; + } + bn_ret = BN_bin2bn(&public_key[P384_PUBLIC_KEY_SIZE / 2], P384_PUBLIC_KEY_SIZE / 2, y); + if (!bn_ret) { + goto out; + } + if (1 != EC_KEY_set_public_key_affine_coordinates(key, x, y)) { + goto out; + } + + + sig = ECDSA_SIG_new(); + if (!sig) { + goto out; + } + bn_ret = BN_bin2bn(&signature[0], P384_SIGNATURE_SIZE / 2, sig->r); + if (!bn_ret) { + goto out; + } + bn_ret = BN_bin2bn(&signature[P384_SIGNATURE_SIZE / 2], P384_SIGNATURE_SIZE / 2, + sig->s); + if (!bn_ret) { + goto out; + } + ret = ECDSA_do_verify(output, 48, sig, key); + +out: + BN_clear_free(y); + BN_clear_free(x); + EC_KEY_free(key); + ECDSA_SIG_free(sig); + return ret; +} diff --git a/src/boringssl_ops_test.cc b/src/boringssl_ed25519_ops_test.cc index adb6f10..adb6f10 100644 --- a/src/boringssl_ops_test.cc +++ b/src/boringssl_ed25519_ops_test.cc diff --git a/src/boringssl_p384_ops.c b/src/boringssl_p384_ops.c new file mode 100644 index 0000000..ca5e88b --- /dev/null +++ b/src/boringssl_p384_ops.c @@ -0,0 +1,69 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// This is an implementation of the crypto operations that uses boringssl. The +// algorithms used are SHA512, HKDF-SHA512, and Ed25519-SHA512. + +#include <stdint.h> +#include <stdio.h> + +#include "dice/boringssl_ecdsa_utils.h" +#include "dice/dice.h" +#include "dice/ops.h" + +#if DICE_PRIVATE_KEY_SEED_SIZE != 32 +#error "Private key seed is expected to be 32 bytes." +#endif +#if DICE_PUBLIC_KEY_SIZE != 96 +#error "This P-384 implementation needs 96 bytes to store the public key." +#endif +#if DICE_PRIVATE_KEY_SIZE != 48 +#error "P-384 needs 48 bytes for the private key." +#endif +#if DICE_SIGNATURE_SIZE != 96 +#error "P-384 needs 96 bytes to store the signature." +#endif + +DiceResult DiceKeypairFromSeed(void* context_not_used, + const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE], + uint8_t public_key[DICE_PUBLIC_KEY_SIZE], + uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) { + (void)context_not_used; + if (1 == P384KeypairFromSeed(public_key, private_key, seed)) { + return kDiceResultOk; + } + return kDiceResultPlatformError; +} + +DiceResult DiceSign(void* context_not_used, const uint8_t* message, + size_t message_size, + const uint8_t private_key[DICE_PRIVATE_KEY_SIZE], + uint8_t signature[DICE_SIGNATURE_SIZE]) { + (void)context_not_used; + if (1 == P384Sign(signature, message, message_size, private_key)) { + return kDiceResultOk; + } + return kDiceResultPlatformError; +} + +DiceResult DiceVerify(void* context_not_used, const uint8_t* message, + size_t message_size, + const uint8_t signature[DICE_SIGNATURE_SIZE], + const uint8_t public_key[DICE_PUBLIC_KEY_SIZE]) { + (void)context_not_used; + if (1 == P384Verify(message, message_size, signature, public_key)) { + return kDiceResultOk; + } + return kDiceResultPlatformError; +} diff --git a/src/cbor_cert_op.c b/src/cbor_cert_op.c index 8006294..5df1583 100644 --- a/src/cbor_cert_op.c +++ b/src/cbor_cert_op.c @@ -13,7 +13,8 @@ // the License. // This is a DiceGenerateCertificate implementation that generates a CWT-style -// CBOR certificate using the ED25519-SHA512 signature scheme. +// CBOR certificate. The function DiceCoseEncodePublicKey depends on the +// signature algorithm type, and must be implemented elsewhere. #include <stddef.h> #include <stdint.h> @@ -25,74 +26,24 @@ #include "dice/ops/trait/cose.h" #include "dice/utils.h" -#if DICE_PUBLIC_KEY_SIZE != 32 -#error "Only Ed25519 is supported; 32 bytes needed to store the public key." -#endif -#if DICE_SIGNATURE_SIZE != 64 -#error "Only Ed25519 is supported; 64 bytes needed to store the signature." -#endif - // Max size of COSE_Sign1 including payload. #define DICE_MAX_CERTIFICATE_SIZE 2048 // Max size of COSE_Key encoding. -#define DICE_MAX_PUBLIC_KEY_SIZE 64 +#define DICE_MAX_PUBLIC_KEY_SIZE (DICE_PUBLIC_KEY_SIZE + 32) // Max size of the COSE_Sign1 protected attributes. #define DICE_MAX_PROTECTED_ATTRIBUTES_SIZE 16 -DiceResult DiceCoseEncodePublicKey( - void* context_not_used, const uint8_t public_key[DICE_PUBLIC_KEY_SIZE], - size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { - (void)context_not_used; - - // Constants per RFC 8152. - const int64_t kCoseKeyKtyLabel = 1; - const int64_t kCoseKeyAlgLabel = 3; - const int64_t kCoseKeyOpsLabel = 4; - const int64_t kCoseOkpCrvLabel = -1; - const int64_t kCoseOkpXLabel = -2; - const int64_t kCoseKeyTypeOkp = 1; - const int64_t kCoseAlgEdDSA = -8; - const int64_t kCoseKeyOpsVerify = 2; - const int64_t kCoseCrvEd25519 = 6; - - struct CborOut out; - CborOutInit(buffer, buffer_size, &out); - CborWriteMap(/*num_pairs=*/5, &out); - // Add the key type. - CborWriteInt(kCoseKeyKtyLabel, &out); - CborWriteInt(kCoseKeyTypeOkp, &out); - // Add the algorithm. - CborWriteInt(kCoseKeyAlgLabel, &out); - CborWriteInt(kCoseAlgEdDSA, &out); - // Add the KeyOps. - CborWriteInt(kCoseKeyOpsLabel, &out); - CborWriteArray(/*num_elements=*/1, &out); - CborWriteInt(kCoseKeyOpsVerify, &out); - // Add the curve. - CborWriteInt(kCoseOkpCrvLabel, &out); - CborWriteInt(kCoseCrvEd25519, &out); - // Add the public key. - CborWriteInt(kCoseOkpXLabel, &out); - CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE, public_key, &out); - if (CborOutOverflowed(&out)) { - return kDiceResultBufferTooSmall; - } - *encoded_size = CborOutSize(&out); - return kDiceResultOk; -} - static DiceResult EncodeProtectedAttributes(size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { // Constants per RFC 8152. const int64_t kCoseHeaderAlgLabel = 1; - const int64_t kCoseAlgEdDSA = -8; struct CborOut out; CborOutInit(buffer, buffer_size, &out); CborWriteMap(/*num_elements=*/1, &out); // Add the algorithm. CborWriteInt(kCoseHeaderAlgLabel, &out); - CborWriteInt(kCoseAlgEdDSA, &out); + CborWriteInt(DICE_COSE_KEY_ALG_VALUE, &out); if (CborOutOverflowed(&out)) { return kDiceResultBufferTooSmall; } diff --git a/src/cbor_ed25519_cert_op.c b/src/cbor_ed25519_cert_op.c new file mode 100644 index 0000000..a461ae1 --- /dev/null +++ b/src/cbor_ed25519_cert_op.c @@ -0,0 +1,69 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +#include <stddef.h> +#include <stdint.h> +#include <string.h> + +#include "dice/cbor_writer.h" +#include "dice/ops/trait/cose.h" + +#if DICE_PUBLIC_KEY_SIZE != 32 +#error "Only Ed25519 is supported; 32 bytes needed to store the public key." +#endif +#if DICE_SIGNATURE_SIZE != 64 +#error "Only Ed25519 is supported; 64 bytes needed to store the signature." +#endif + +DiceResult DiceCoseEncodePublicKey( + void* context_not_used, const uint8_t public_key[DICE_PUBLIC_KEY_SIZE], + size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { + (void)context_not_used; + + // Constants per RFC 8152. + const int64_t kCoseKeyKtyLabel = 1; + const int64_t kCoseKeyAlgLabel = 3; + const int64_t kCoseKeyOpsLabel = 4; + const int64_t kCoseOkpCrvLabel = -1; + const int64_t kCoseOkpXLabel = -2; + const int64_t kCoseKeyTypeOkp = 1; + const int64_t kCoseAlgEdDSA = DICE_COSE_KEY_ALG_VALUE; + const int64_t kCoseKeyOpsVerify = 2; + const int64_t kCoseCrvEd25519 = 6; + + struct CborOut out; + CborOutInit(buffer, buffer_size, &out); + CborWriteMap(/*num_pairs=*/5, &out); + // Add the key type. + CborWriteInt(kCoseKeyKtyLabel, &out); + CborWriteInt(kCoseKeyTypeOkp, &out); + // Add the algorithm. + CborWriteInt(kCoseKeyAlgLabel, &out); + CborWriteInt(kCoseAlgEdDSA, &out); + // Add the KeyOps. + CborWriteInt(kCoseKeyOpsLabel, &out); + CborWriteArray(/*num_elements=*/1, &out); + CborWriteInt(kCoseKeyOpsVerify, &out); + // Add the curve. + CborWriteInt(kCoseOkpCrvLabel, &out); + CborWriteInt(kCoseCrvEd25519, &out); + // Add the public key. + CborWriteInt(kCoseOkpXLabel, &out); + CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE, public_key, &out); + if (CborOutOverflowed(&out)) { + return kDiceResultBufferTooSmall; + } + *encoded_size = CborOutSize(&out); + return kDiceResultOk; +} diff --git a/src/cbor_p384_cert_op.c b/src/cbor_p384_cert_op.c new file mode 100644 index 0000000..de078b6 --- /dev/null +++ b/src/cbor_p384_cert_op.c @@ -0,0 +1,80 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// This is a DiceGenerateCertificate implementation that generates a CWT-style +// CBOR certificate using the ED25519-SHA512 signature scheme. + +#include <stddef.h> +#include <stdint.h> +#include <string.h> + +#include "dice/cbor_writer.h" +#include "dice/dice.h" +#include "dice/ops.h" +#include "dice/ops/trait/cose.h" +#include "dice/utils.h" + +#if DICE_PUBLIC_KEY_SIZE != 96 +#error "96 bytes needed to store the public key." +#endif +#if DICE_SIGNATURE_SIZE != 96 +#error "96 bytes needed to store the signature." +#endif + +DiceResult DiceCoseEncodePublicKey( + void* context_not_used, const uint8_t public_key[DICE_PUBLIC_KEY_SIZE], + size_t buffer_size, uint8_t* buffer, size_t* encoded_size) { + (void)context_not_used; + + // Constants per RFC 8152. + const int64_t kCoseKeyKtyLabel = 1; + const int64_t kCoseKeyAlgLabel = 3; + const int64_t kCoseKeyAlgValue = DICE_COSE_KEY_ALG_VALUE; + const int64_t kCoseKeyOpsLabel = 4; + const int64_t kCoseKeyOpsValue = 2; // Verify + const int64_t kCoseKeyKtyValue = 2; // EC2 + const int64_t kCoseEc2CrvLabel = -1; + const int64_t kCoseEc2CrvValue = 2; // P-384 + const int64_t kCoseEc2XLabel = -2; + const int64_t kCoseEc2YLabel = -3; + + struct CborOut out; + CborOutInit(buffer, buffer_size, &out); + CborWriteMap(/*num_pairs=*/6, &out); + // Add the key type. + CborWriteInt(kCoseKeyKtyLabel, &out); + CborWriteInt(kCoseKeyKtyValue, &out); + // Add the algorithm. + CborWriteInt(kCoseKeyAlgLabel, &out); + CborWriteInt(kCoseKeyAlgValue, &out); + // Add the KeyOps. + CborWriteInt(kCoseKeyOpsLabel, &out); + CborWriteArray(/*num_elements=*/1, &out); + CborWriteInt(kCoseKeyOpsValue, &out); + // Add the curve. + CborWriteInt(kCoseEc2CrvLabel, &out); + CborWriteInt(kCoseEc2CrvValue, &out); + // Add the subject public key x and y coordinates + CborWriteInt(kCoseEc2XLabel, &out); + CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE / 2, &public_key[0], &out); + CborWriteInt(kCoseEc2YLabel, &out); + CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE / 2, + &public_key[DICE_PUBLIC_KEY_SIZE / 2], &out); + + if (CborOutOverflowed(&out)) { + return kDiceResultBufferTooSmall; + } + *encoded_size = CborOutSize(&out); + return kDiceResultOk; +} diff --git a/src/cbor_p384_cert_op_test.cc b/src/cbor_p384_cert_op_test.cc new file mode 100644 index 0000000..21d0331 --- /dev/null +++ b/src/cbor_p384_cert_op_test.cc @@ -0,0 +1,254 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +#include <stddef.h> +#include <stdint.h> +#include <stdio.h> + +#include <memory> + +#include "dice/config.h" +#include "dice/dice.h" +#include "dice/known_test_values.h" +#include "dice/test_framework.h" +#include "dice/test_utils.h" +#include "dice/utils.h" +#include "pw_string/format.h" + +namespace { + +using dice::test::CertificateType_Cbor; +using dice::test::DeriveFakeInputValue; +using dice::test::DiceStateForTest; +using dice::test::KeyType_P384; + +TEST(DiceOpsTest, KnownAnswerZeroInput) { + DiceStateForTest current_state = {}; + DiceStateForTest next_state = {}; + DiceInputValues input_values = {}; + DiceResult result = DiceMainFlow( + NULL, current_state.cdi_attest, current_state.cdi_seal, &input_values, + sizeof(next_state.certificate), next_state.certificate, + &next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal); + EXPECT_EQ(kDiceResultOk, result); + DumpState(CertificateType_Cbor, KeyType_P384, "zero_input", next_state); + // The CDI values should be deterministic. + ASSERT_EQ(sizeof(next_state.cdi_attest), + sizeof(dice::test::kExpectedCdiAttest_ZeroInput)); + EXPECT_EQ(0, memcmp(next_state.cdi_attest, + dice::test::kExpectedCdiAttest_ZeroInput, DICE_CDI_SIZE)); + ASSERT_EQ(sizeof(next_state.cdi_seal), + sizeof(dice::test::kExpectedCdiSeal_ZeroInput)); + EXPECT_EQ(0, memcmp(next_state.cdi_seal, + dice::test::kExpectedCdiSeal_ZeroInput, DICE_CDI_SIZE)); + ASSERT_EQ(sizeof(dice::test::kExpectedCborP384Cert_ZeroInput), + next_state.certificate_size); + // Comparing everything except for the signature, since ECDSA signatures are + // not deterministic + EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP384Cert_ZeroInput, + next_state.certificate, + next_state.certificate_size - DICE_SIGNATURE_SIZE)); +} + +TEST(DiceOpsTest, KnownAnswerHashOnlyInput) { + DiceStateForTest current_state = {}; + DeriveFakeInputValue("cdi_attest", DICE_CDI_SIZE, current_state.cdi_attest); + DeriveFakeInputValue("cdi_seal", DICE_CDI_SIZE, current_state.cdi_seal); + DiceStateForTest next_state = {}; + DiceInputValues input_values = {}; + DeriveFakeInputValue("code_hash", DICE_HASH_SIZE, input_values.code_hash); + DeriveFakeInputValue("authority_hash", DICE_HASH_SIZE, + input_values.authority_hash); + input_values.config_type = kDiceConfigTypeInline; + DeriveFakeInputValue("inline_config", DICE_INLINE_CONFIG_SIZE, + input_values.config_value); + + DiceResult result = DiceMainFlow( + NULL, current_state.cdi_attest, current_state.cdi_seal, &input_values, + sizeof(next_state.certificate), next_state.certificate, + &next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal); + EXPECT_EQ(kDiceResultOk, result); + DumpState(CertificateType_Cbor, KeyType_P384, "hash_only_input", next_state); + ASSERT_EQ(sizeof(next_state.cdi_attest), + sizeof(dice::test::kExpectedCdiAttest_HashOnlyInput)); + EXPECT_EQ( + 0, memcmp(next_state.cdi_attest, + dice::test::kExpectedCdiAttest_HashOnlyInput, DICE_CDI_SIZE)); + ASSERT_EQ(sizeof(next_state.cdi_seal), + sizeof(dice::test::kExpectedCdiSeal_HashOnlyInput)); + EXPECT_EQ( + 0, memcmp(next_state.cdi_seal, dice::test::kExpectedCdiSeal_HashOnlyInput, + DICE_CDI_SIZE)); + ASSERT_EQ(sizeof(dice::test::kExpectedCborP384Cert_HashOnlyInput), + next_state.certificate_size); + EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP384Cert_HashOnlyInput, + next_state.certificate, + next_state.certificate_size - DICE_SIGNATURE_SIZE)); +} + +TEST(DiceOpsTest, KnownAnswerDescriptorInput) { + DiceStateForTest current_state = {}; + DeriveFakeInputValue("cdi_attest", DICE_CDI_SIZE, current_state.cdi_attest); + DeriveFakeInputValue("cdi_seal", DICE_CDI_SIZE, current_state.cdi_seal); + + DiceStateForTest next_state = {}; + + DiceInputValues input_values = {}; + DeriveFakeInputValue("code_hash", DICE_HASH_SIZE, input_values.code_hash); + uint8_t code_descriptor[100]; + DeriveFakeInputValue("code_desc", sizeof(code_descriptor), code_descriptor); + input_values.code_descriptor = code_descriptor; + input_values.code_descriptor_size = sizeof(code_descriptor); + + uint8_t config_descriptor[40]; + DeriveFakeInputValue("config_desc", sizeof(config_descriptor), + config_descriptor); + input_values.config_descriptor = config_descriptor; + input_values.config_descriptor_size = sizeof(config_descriptor); + input_values.config_type = kDiceConfigTypeDescriptor; + + DeriveFakeInputValue("authority_hash", DICE_HASH_SIZE, + input_values.authority_hash); + uint8_t authority_descriptor[65]; + DeriveFakeInputValue("authority_desc", sizeof(authority_descriptor), + authority_descriptor); + input_values.authority_descriptor = authority_descriptor; + input_values.authority_descriptor_size = sizeof(authority_descriptor); + + DiceResult result = DiceMainFlow( + NULL, current_state.cdi_attest, current_state.cdi_seal, &input_values, + sizeof(next_state.certificate), next_state.certificate, + &next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal); + EXPECT_EQ(kDiceResultOk, result); + DumpState(CertificateType_Cbor, KeyType_P384, "descriptor_input", next_state); + // Both CDI values and the certificate should be deterministic. + EXPECT_EQ( + 0, memcmp(next_state.cdi_attest, + dice::test::kExpectedCdiAttest_DescriptorInput, DICE_CDI_SIZE)); + EXPECT_EQ( + 0, memcmp(next_state.cdi_seal, + dice::test::kExpectedCdiSeal_DescriptorInput, DICE_CDI_SIZE)); + ASSERT_EQ(sizeof(dice::test::kExpectedCborP384Cert_DescriptorInput), + next_state.certificate_size); + EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP384Cert_DescriptorInput, + next_state.certificate, + next_state.certificate_size - DICE_SIGNATURE_SIZE)); +} + +TEST(DiceOpsTest, NonZeroMode) { + constexpr size_t kModeOffsetInCert = 316; + DiceStateForTest current_state = {}; + DiceStateForTest next_state = {}; + DiceInputValues input_values = {}; + input_values.mode = kDiceModeDebug; + DiceResult result = DiceMainFlow( + NULL, current_state.cdi_attest, current_state.cdi_seal, &input_values, + sizeof(next_state.certificate), next_state.certificate, + &next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal); + EXPECT_EQ(kDiceResultOk, result); + EXPECT_EQ(kDiceModeDebug, next_state.certificate[kModeOffsetInCert]); +} + +TEST(DiceOpsTest, LargeInputs) { + constexpr uint8_t kBigBuffer[1024 * 1024] = {}; + DiceStateForTest current_state = {}; + DiceStateForTest next_state = {}; + DiceInputValues input_values = {}; + input_values.code_descriptor = kBigBuffer; + input_values.code_descriptor_size = sizeof(kBigBuffer); + DiceResult result = DiceMainFlow( + NULL, current_state.cdi_attest, current_state.cdi_seal, &input_values, + sizeof(next_state.certificate), next_state.certificate, + &next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal); + EXPECT_EQ(kDiceResultBufferTooSmall, result); +} + +TEST(DiceOpsTest, InvalidConfigType) { + DiceStateForTest current_state = {}; + DiceStateForTest next_state = {}; + DiceInputValues input_values = {}; + input_values.config_type = (DiceConfigType)55; + DiceResult result = DiceMainFlow( + NULL, current_state.cdi_attest, current_state.cdi_seal, &input_values, + sizeof(next_state.certificate), next_state.certificate, + &next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal); + EXPECT_EQ(kDiceResultInvalidInput, result); +} + +TEST(DiceOpsTest, PartialCertChain) { + constexpr size_t kNumLayers = 7; + DiceStateForTest states[kNumLayers + 1] = {}; + DiceInputValues inputs[kNumLayers] = {}; + for (size_t i = 0; i < kNumLayers; ++i) { + char seed[40]; + pw::string::Format(seed, "code_hash_%zu", i); + DeriveFakeInputValue(seed, DICE_HASH_SIZE, inputs[i].code_hash); + pw::string::Format(seed, "authority_hash_%zu", i); + DeriveFakeInputValue(seed, DICE_HASH_SIZE, inputs[i].authority_hash); + inputs[i].config_type = kDiceConfigTypeInline; + pw::string::Format(seed, "inline_config_%zu", i); + DeriveFakeInputValue(seed, DICE_INLINE_CONFIG_SIZE, inputs[i].config_value); + inputs[i].mode = kDiceModeNormal; + EXPECT_EQ( + kDiceResultOk, + DiceMainFlow(/*context=*/NULL, states[i].cdi_attest, states[i].cdi_seal, + &inputs[i], sizeof(states[i + 1].certificate), + states[i + 1].certificate, &states[i + 1].certificate_size, + states[i + 1].cdi_attest, states[i + 1].cdi_seal)); + char suffix[40]; + pw::string::Format(suffix, "part_cert_chain_%zu", i); + DumpState(CertificateType_Cbor, KeyType_P384, suffix, states[i + 1]); + } + // Use the first derived CDI cert as the 'root' of partial chain. + EXPECT_TRUE(dice::test::VerifyCertificateChain( + CertificateType_Cbor, states[1].certificate, states[1].certificate_size, + &states[2], kNumLayers - 1, /*is_partial_chain=*/true)); +} + +TEST(DiceOpsTest, FullCertChain) { + constexpr size_t kNumLayers = 7; + DiceStateForTest states[kNumLayers + 1] = {}; + DiceInputValues inputs[kNumLayers] = {}; + for (size_t i = 0; i < kNumLayers; ++i) { + char seed[40]; + pw::string::Format(seed, "code_hash_%zu", i); + DeriveFakeInputValue(seed, DICE_HASH_SIZE, inputs[i].code_hash); + pw::string::Format(seed, "authority_hash_%zu", i); + DeriveFakeInputValue(seed, DICE_HASH_SIZE, inputs[i].authority_hash); + inputs[i].config_type = kDiceConfigTypeInline; + pw::string::Format(seed, "inline_config_%zu", i); + DeriveFakeInputValue(seed, DICE_INLINE_CONFIG_SIZE, inputs[i].config_value); + inputs[i].mode = kDiceModeNormal; + EXPECT_EQ( + kDiceResultOk, + DiceMainFlow(/*context=*/NULL, states[i].cdi_attest, states[i].cdi_seal, + &inputs[i], sizeof(states[i + 1].certificate), + states[i + 1].certificate, &states[i + 1].certificate_size, + states[i + 1].cdi_attest, states[i + 1].cdi_seal)); + char suffix[40]; + pw::string::Format(suffix, "full_cert_chain_%zu", i); + DumpState(CertificateType_Cbor, KeyType_P384, suffix, states[i + 1]); + } + // Use a fake self-signed UDS cert as the 'root'. + uint8_t root_certificate[dice::test::kTestCertSize]; + size_t root_certificate_size = 0; + dice::test::CreateFakeUdsCertificate( + NULL, states[0].cdi_attest, CertificateType_Cbor, KeyType_P384, + root_certificate, &root_certificate_size); + EXPECT_TRUE(dice::test::VerifyCertificateChain( + CertificateType_Cbor, root_certificate, root_certificate_size, &states[1], + kNumLayers, /*is_partial_chain=*/false)); +} + +} // namespace diff --git a/src/mbedtls_ops.c b/src/mbedtls_ops.c index 4085481..4dbf2dd 100644 --- a/src/mbedtls_ops.c +++ b/src/mbedtls_ops.c @@ -439,11 +439,18 @@ DiceResult DiceGenerateCertificate( } // This implementation is deterministic and assumes entropy is not available. // If this code is run where entropy is available, however, f_rng and p_rng - // should be set appropriately. + // should be set to use that entropy. As is, we'll provide a DRBG for blinding + // but it will be ineffective. + mbedtls_hmac_drbg_context drbg; + mbedtls_hmac_drbg_init(&drbg); + mbedtls_hmac_drbg_seed_buf(&drbg, + mbedtls_md_info_from_type(MBEDTLS_MD_SHA512), + subject_key_id, subject_key_id_size); uint8_t tmp_buffer[DICE_MAX_CERTIFICATE_SIZE]; int length_or_error = mbedtls_x509write_crt_der(&cert_context, tmp_buffer, sizeof(tmp_buffer), - /*f_rng=*/NULL, /*p_rng=*/NULL); + mbedtls_hmac_drbg_random, &drbg); + mbedtls_hmac_drbg_free(&drbg); if (length_or_error < 0) { result = kDiceResultPlatformError; goto out; diff --git a/src/test_utils.cc b/src/test_utils.cc index 1988f25..cb21d3f 100644 --- a/src/test_utils.cc +++ b/src/test_utils.cc @@ -21,6 +21,7 @@ #include <memory> #include "cose/cose.h" +#include "dice/boringssl_ecdsa_utils.h" #include "dice/dice.h" #include "dice/utils.h" #include "openssl/asn1.h" @@ -36,6 +37,9 @@ #include "openssl/x509v3.h" #include "pw_string/format.h" +// The largest possible public key size among ECDSA P-384, P-256, and ED25519 +#define MAX_PUBLIC_KEY_SIZE 96 + namespace { // A scoped pointer for cn_cbor. @@ -60,6 +64,8 @@ const char* GetKeyTypeStr(dice::test::KeyType key_type) { return "Ed25519"; case dice::test::KeyType_P256: return "P256"; + case dice::test::KeyType_P384: + return "P384"; } return ""; } @@ -161,7 +167,7 @@ class HmacSha512Drbg { bssl::UniquePtr<EVP_PKEY> KeyFromRawKey( const uint8_t raw_key[DICE_PRIVATE_KEY_SEED_SIZE], - dice::test::KeyType key_type, uint8_t raw_public_key[33], + dice::test::KeyType key_type, uint8_t raw_public_key[MAX_PUBLIC_KEY_SIZE], size_t* raw_public_key_size) { if (key_type == dice::test::KeyType_Ed25519) { bssl::UniquePtr<EVP_PKEY> key( @@ -197,7 +203,26 @@ bssl::UniquePtr<EVP_PKEY> KeyFromRawKey( EC_POINT_point2oct(group, pub.get(), POINT_CONVERSION_COMPRESSED, raw_public_key, 33, /*ctx=*/nullptr); return pkey; + } else if (key_type == dice::test::KeyType_P384) { + const size_t kPublicKeySize = 96; + const size_t kPrivateKeySize = 48; + uint8_t pk[kPrivateKeySize]; + P384KeypairFromSeed(raw_public_key, pk, raw_key); + *raw_public_key_size = kPublicKeySize; + + bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_secp384r1)); + BIGNUM* x = BN_new(); + BN_bin2bn(&raw_public_key[0], kPublicKeySize / 2, x); + BIGNUM* y = BN_new(); + BN_bin2bn(&raw_public_key[kPublicKeySize / 2], kPublicKeySize / 2, y); + EC_KEY_set_public_key_affine_coordinates(key.get(), x, y); + BN_clear_free(y); + BN_clear_free(x); + bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); + EVP_PKEY_set1_EC_KEY(pkey.get(), key.get()); + return pkey; } + printf("ERROR: Unsupported key type.\n"); return nullptr; } @@ -299,7 +324,7 @@ bool VerifyX509CertificateChain(const uint8_t* root_certificate, return (1 == X509_verify_cert(x509_store_ctx.get())); } -void CreateCborUdsCertificate( +void CreateEd25519CborUdsCertificate( const uint8_t private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE], const uint8_t id[DICE_ID_SIZE], uint8_t certificate[dice::test::kTestCertSize], size_t* certificate_size) { @@ -383,6 +408,121 @@ void CreateCborUdsCertificate( certificate, 0, dice::test::kTestCertSize, sign1.get()); } +void CreateP384CborUdsCertificate( + const uint8_t private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE], + const uint8_t id[DICE_ID_SIZE], + uint8_t certificate[dice::test::kTestCertSize], size_t* certificate_size) { + const int64_t kCwtIssuerLabel = 1; + const int64_t kCwtSubjectLabel = 2; + const int64_t kUdsPublicKeyLabel = -4670552; + const int64_t kUdsKeyUsageLabel = -4670553; + const uint8_t kKeyUsageCertSign = 32; // Bit 5. + const uint8_t kProtectedAttributesCbor[4] = { + 0xa1 /* map(1) */, 0x01 /* alg(1) */, 0x38, 0x22 /* ES384(-34) */}; + const size_t kPublicKeySize = 96; + const size_t kPrivateKeySize = 48; + const size_t kSignatureSize = 96; + + // Public key encoded as a COSE_Key. + uint8_t public_key[kPublicKeySize]; + uint8_t private_key[kPrivateKeySize]; + P384KeypairFromSeed(public_key, private_key, private_key_seed); + cn_cbor_errback error; + ScopedCbor public_key_cbor(cn_cbor_map_create(&error)); + // kty = ec2 + cn_cbor_mapput_int(public_key_cbor.get(), 1, cn_cbor_int_create(2, &error), + &error); + // crv = P-384 + cn_cbor_mapput_int(public_key_cbor.get(), -1, cn_cbor_int_create(2, &error), + &error); + // x = public_key X + cn_cbor_mapput_int( + public_key_cbor.get(), -2, + cn_cbor_data_create(&public_key[0], kPublicKeySize / 2, &error), &error); + // y = public_key Y + cn_cbor_mapput_int(public_key_cbor.get(), -3, + cn_cbor_data_create(&public_key[kPublicKeySize / 2], + kPublicKeySize / 2, &error), + &error); + uint8_t encoded_public_key[200]; + size_t encoded_public_key_size = + cn_cbor_encoder_write(encoded_public_key, 0, 200, public_key_cbor.get()); + + // Simple CWT payload with issuer, subject, and use the same subject public + // key field as a CDI certificate to make verification easy. + char id_hex[41]; + DiceHexEncode(id, DICE_ID_SIZE, id_hex, sizeof(id_hex)); + id_hex[40] = '\0'; + ScopedCbor cwt(cn_cbor_map_create(&error)); + cn_cbor_mapput_int(cwt.get(), kCwtIssuerLabel, + cn_cbor_string_create(id_hex, &error), &error); + cn_cbor_mapput_int(cwt.get(), kCwtSubjectLabel, + cn_cbor_string_create(id_hex, &error), &error); + cn_cbor_mapput_int( + cwt.get(), kUdsPublicKeyLabel, + cn_cbor_data_create(encoded_public_key, encoded_public_key_size, &error), + &error); + uint8_t key_usage_byte = kKeyUsageCertSign; + cn_cbor_mapput_int(cwt.get(), kUdsKeyUsageLabel, + cn_cbor_data_create(&key_usage_byte, 1, &error), &error); + uint8_t payload[dice::test::kTestCertSize]; + size_t payload_size = + cn_cbor_encoder_write(payload, 0, dice::test::kTestCertSize, cwt.get()); + + // Signature over COSE Sign1 TBS. + ScopedCbor tbs_cbor(cn_cbor_array_create(&error)); + cn_cbor_array_append(tbs_cbor.get(), + cn_cbor_string_create("Signature1", &error), &error); + cn_cbor_array_append(tbs_cbor.get(), + cn_cbor_data_create(kProtectedAttributesCbor, 4, &error), + &error); + cn_cbor_array_append(tbs_cbor.get(), cn_cbor_data_create(NULL, 0, &error), + &error); + cn_cbor_array_append(tbs_cbor.get(), + cn_cbor_data_create(payload, payload_size, &error), + &error); + uint8_t tbs[dice::test::kTestCertSize]; + size_t tbs_size = + cn_cbor_encoder_write(tbs, 0, dice::test::kTestCertSize, tbs_cbor.get()); + uint8_t signature[kSignatureSize]; + P384Sign(signature, tbs, tbs_size, private_key); + + // COSE Sign1. + ScopedCbor sign1(cn_cbor_array_create(&error)); + cn_cbor_array_append(sign1.get(), + cn_cbor_data_create(kProtectedAttributesCbor, 4, &error), + &error); + cn_cbor_array_append(sign1.get(), cn_cbor_map_create(&error), &error); + cn_cbor_array_append( + sign1.get(), cn_cbor_data_create(payload, payload_size, &error), &error); + cn_cbor_array_append(sign1.get(), + cn_cbor_data_create(signature, kSignatureSize, &error), + &error); + *certificate_size = cn_cbor_encoder_write( + certificate, 0, dice::test::kTestCertSize, sign1.get()); +} + +void CreateCborUdsCertificate( + const uint8_t private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE], + dice::test::KeyType key_type, const uint8_t id[DICE_ID_SIZE], + uint8_t certificate[dice::test::kTestCertSize], size_t* certificate_size) { + switch (key_type) { + case dice::test::KeyType_Ed25519: + CreateEd25519CborUdsCertificate(private_key_seed, id, certificate, + certificate_size); + break; + case dice::test::KeyType_P256: + printf( + "Error: encountered unsupported KeyType P256 when creating CBOR UDS " + "certificate\n"); + break; + case dice::test::KeyType_P384: + CreateP384CborUdsCertificate(private_key_seed, id, certificate, + certificate_size); + break; + } +} + ScopedCbor ExtractCwtFromCborCertificate(const uint8_t* certificate, size_t certificate_size) { cn_cbor_errback error; @@ -624,7 +764,7 @@ void CreateFakeUdsCertificate(void* context, const uint8_t uds[32], uint8_t raw_key[DICE_PRIVATE_KEY_SEED_SIZE]; DiceDeriveCdiPrivateKeySeed(context, uds, raw_key); - uint8_t raw_public_key[33]; + uint8_t raw_public_key[MAX_PUBLIC_KEY_SIZE]; size_t raw_public_key_size = 0; bssl::UniquePtr<EVP_PKEY> key( KeyFromRawKey(raw_key, key_type, raw_public_key, &raw_public_key_size)); @@ -635,7 +775,8 @@ void CreateFakeUdsCertificate(void* context, const uint8_t uds[32], if (cert_type == CertificateType_X509) { CreateX509UdsCertificate(key.get(), id, certificate, certificate_size); } else { - CreateCborUdsCertificate(raw_key, id, certificate, certificate_size); + CreateCborUdsCertificate(raw_key, key_type, id, certificate, + certificate_size); } char filename[100]; diff --git a/third_party/boringssl/.gitignore b/third_party/boringssl/.gitignore index 656f869..c3389b0 100644 --- a/third_party/boringssl/.gitignore +++ b/third_party/boringssl/.gitignore @@ -7,4 +7,5 @@ ios-* linux-* mac-* win-* +apple-* diff --git a/third_party/boringssl/BUILD.generated.gni b/third_party/boringssl/BUILD.generated.gni index fed3f02..194fdbb 100644 --- a/third_party/boringssl/BUILD.generated.gni +++ b/third_party/boringssl/BUILD.generated.gni @@ -1,4 +1,4 @@ -# Copyright (c) 2016 The Chromium Authors. All rights reserved. +# Copyright 2016 The Chromium Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -10,34 +10,30 @@ crypto_sources = [ "src/crypto/asn1/a_bool.c", "src/crypto/asn1/a_d2i_fp.c", "src/crypto/asn1/a_dup.c", - "src/crypto/asn1/a_enum.c", "src/crypto/asn1/a_gentm.c", "src/crypto/asn1/a_i2d_fp.c", "src/crypto/asn1/a_int.c", "src/crypto/asn1/a_mbstr.c", "src/crypto/asn1/a_object.c", "src/crypto/asn1/a_octet.c", - "src/crypto/asn1/a_print.c", "src/crypto/asn1/a_strex.c", "src/crypto/asn1/a_strnid.c", "src/crypto/asn1/a_time.c", "src/crypto/asn1/a_type.c", "src/crypto/asn1/a_utctm.c", - "src/crypto/asn1/a_utf8.c", "src/crypto/asn1/asn1_lib.c", "src/crypto/asn1/asn1_par.c", "src/crypto/asn1/asn_pack.c", - "src/crypto/asn1/charmap.h", "src/crypto/asn1/f_int.c", "src/crypto/asn1/f_string.c", "src/crypto/asn1/internal.h", + "src/crypto/asn1/posix_time.c", "src/crypto/asn1/tasn_dec.c", "src/crypto/asn1/tasn_enc.c", "src/crypto/asn1/tasn_fre.c", "src/crypto/asn1/tasn_new.c", "src/crypto/asn1/tasn_typ.c", "src/crypto/asn1/tasn_utl.c", - "src/crypto/asn1/time_support.c", "src/crypto/base64/base64.c", "src/crypto/bio/bio.c", "src/crypto/bio/bio_mem.c", @@ -64,33 +60,37 @@ crypto_sources = [ "src/crypto/chacha/internal.h", "src/crypto/cipher_extra/cipher_extra.c", "src/crypto/cipher_extra/derive_key.c", - "src/crypto/cipher_extra/e_aesccm.c", "src/crypto/cipher_extra/e_aesctrhmac.c", "src/crypto/cipher_extra/e_aesgcmsiv.c", "src/crypto/cipher_extra/e_chacha20poly1305.c", + "src/crypto/cipher_extra/e_des.c", "src/crypto/cipher_extra/e_null.c", "src/crypto/cipher_extra/e_rc2.c", "src/crypto/cipher_extra/e_rc4.c", "src/crypto/cipher_extra/e_tls.c", "src/crypto/cipher_extra/internal.h", "src/crypto/cipher_extra/tls_cbc.c", - "src/crypto/cmac/cmac.c", "src/crypto/conf/conf.c", "src/crypto/conf/conf_def.h", "src/crypto/conf/internal.h", - "src/crypto/cpu-aarch64-fuchsia.c", - "src/crypto/cpu-aarch64-linux.c", - "src/crypto/cpu-aarch64-win.c", - "src/crypto/cpu-arm-linux.c", - "src/crypto/cpu-arm-linux.h", - "src/crypto/cpu-arm.c", - "src/crypto/cpu-intel.c", - "src/crypto/cpu-ppc64le.c", + "src/crypto/cpu_aarch64_apple.c", + "src/crypto/cpu_aarch64_freebsd.c", + "src/crypto/cpu_aarch64_fuchsia.c", + "src/crypto/cpu_aarch64_linux.c", + "src/crypto/cpu_aarch64_win.c", + "src/crypto/cpu_arm.c", + "src/crypto/cpu_arm_freebsd.c", + "src/crypto/cpu_arm_linux.c", + "src/crypto/cpu_arm_linux.h", + "src/crypto/cpu_intel.c", + "src/crypto/cpu_ppc64le.c", "src/crypto/crypto.c", "src/crypto/curve25519/curve25519.c", "src/crypto/curve25519/curve25519_tables.h", "src/crypto/curve25519/internal.h", "src/crypto/curve25519/spake25519.c", + "src/crypto/des/des.c", + "src/crypto/des/internal.h", "src/crypto/dh_extra/dh_asn1.c", "src/crypto/dh_extra/params.c", "src/crypto/digest_extra/digest_extra.c", @@ -106,7 +106,6 @@ crypto_sources = [ "src/crypto/engine/engine.c", "src/crypto/err/err.c", "src/crypto/err/internal.h", - "src/crypto/evp/digestsign.c", "src/crypto/evp/evp.c", "src/crypto/evp/evp_asn1.c", "src/crypto/evp/evp_ctx.c", @@ -116,6 +115,7 @@ crypto_sources = [ "src/crypto/evp/p_ec_asn1.c", "src/crypto/evp/p_ed25519.c", "src/crypto/evp/p_ed25519_asn1.c", + "src/crypto/evp/p_hkdf.c", "src/crypto/evp/p_rsa.c", "src/crypto/evp/p_rsa_asn1.c", "src/crypto/evp/p_x25519.c", @@ -131,12 +131,12 @@ crypto_sources = [ "src/crypto/fipsmodule/bn/rsaz_exp.h", "src/crypto/fipsmodule/cipher/internal.h", "src/crypto/fipsmodule/delocate.h", - "src/crypto/fipsmodule/des/internal.h", + "src/crypto/fipsmodule/dh/internal.h", "src/crypto/fipsmodule/digest/internal.h", "src/crypto/fipsmodule/digest/md32_common.h", "src/crypto/fipsmodule/ec/internal.h", - "src/crypto/fipsmodule/ec/p256-x86_64-table.h", - "src/crypto/fipsmodule/ec/p256-x86_64.h", + "src/crypto/fipsmodule/ec/p256-nistz-table.h", + "src/crypto/fipsmodule/ec/p256-nistz.h", "src/crypto/fipsmodule/ec/p256_table.h", "src/crypto/fipsmodule/ecdsa/internal.h", "src/crypto/fipsmodule/fips_shared_support.c", @@ -146,6 +146,7 @@ crypto_sources = [ "src/crypto/fipsmodule/rand/getrandom_fillin.h", "src/crypto/fipsmodule/rand/internal.h", "src/crypto/fipsmodule/rsa/internal.h", + "src/crypto/fipsmodule/service_indicator/internal.h", "src/crypto/fipsmodule/sha/internal.h", "src/crypto/fipsmodule/tls/internal.h", "src/crypto/hkdf/hkdf.c", @@ -254,7 +255,6 @@ crypto_sources = [ "src/crypto/x509v3/internal.h", "src/crypto/x509v3/pcy_cache.c", "src/crypto/x509v3/pcy_data.c", - "src/crypto/x509v3/pcy_lib.c", "src/crypto/x509v3/pcy_map.c", "src/crypto/x509v3/pcy_node.c", "src/crypto/x509v3/pcy_tree.c", @@ -312,6 +312,7 @@ crypto_headers = [ "src/include/openssl/conf.h", "src/include/openssl/cpu.h", "src/include/openssl/crypto.h", + "src/include/openssl/ctrdrbg.h", "src/include/openssl/curve25519.h", "src/include/openssl/des.h", "src/include/openssl/dh.h", @@ -332,6 +333,7 @@ crypto_headers = [ "src/include/openssl/hpke.h", "src/include/openssl/hrss.h", "src/include/openssl/is_boringssl.h", + "src/include/openssl/kdf.h", "src/include/openssl/lhash.h", "src/include/openssl/md4.h", "src/include/openssl/md5.h", @@ -354,11 +356,13 @@ crypto_headers = [ "src/include/openssl/ripemd.h", "src/include/openssl/rsa.h", "src/include/openssl/safestack.h", + "src/include/openssl/service_indicator.h", "src/include/openssl/sha.h", "src/include/openssl/siphash.h", "src/include/openssl/span.h", "src/include/openssl/stack.h", "src/include/openssl/thread.h", + "src/include/openssl/time.h", "src/include/openssl/trust_token.h", "src/include/openssl/type_check.h", "src/include/openssl/x509.h", @@ -437,39 +441,83 @@ tool_sources = [ "src/tool/transport_common.h", ] -crypto_sources_ios_aarch64 = [ - "ios-aarch64/crypto/chacha/chacha-armv8.S", - "ios-aarch64/crypto/fipsmodule/aesv8-armx64.S", - "ios-aarch64/crypto/fipsmodule/armv8-mont.S", - "ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S", - "ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S", - "ios-aarch64/crypto/fipsmodule/sha1-armv8.S", - "ios-aarch64/crypto/fipsmodule/sha256-armv8.S", - "ios-aarch64/crypto/fipsmodule/sha512-armv8.S", - "ios-aarch64/crypto/fipsmodule/vpaes-armv8.S", - "ios-aarch64/crypto/test/trampoline-armv8.S", +crypto_sources_apple_aarch64 = [ + "apple-aarch64/crypto/chacha/chacha-armv8.S", + "apple-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S", + "apple-aarch64/crypto/fipsmodule/aesv8-armx64.S", + "apple-aarch64/crypto/fipsmodule/armv8-mont.S", + "apple-aarch64/crypto/fipsmodule/ghash-neon-armv8.S", + "apple-aarch64/crypto/fipsmodule/ghashv8-armx64.S", + "apple-aarch64/crypto/fipsmodule/p256-armv8-asm.S", + "apple-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S", + "apple-aarch64/crypto/fipsmodule/sha1-armv8.S", + "apple-aarch64/crypto/fipsmodule/sha256-armv8.S", + "apple-aarch64/crypto/fipsmodule/sha512-armv8.S", + "apple-aarch64/crypto/fipsmodule/vpaes-armv8.S", + "apple-aarch64/crypto/test/trampoline-armv8.S", ] -crypto_sources_ios_arm = [ - "ios-arm/crypto/chacha/chacha-armv4.S", - "ios-arm/crypto/fipsmodule/aesv8-armx32.S", - "ios-arm/crypto/fipsmodule/armv4-mont.S", - "ios-arm/crypto/fipsmodule/bsaes-armv7.S", - "ios-arm/crypto/fipsmodule/ghash-armv4.S", - "ios-arm/crypto/fipsmodule/ghashv8-armx32.S", - "ios-arm/crypto/fipsmodule/sha1-armv4-large.S", - "ios-arm/crypto/fipsmodule/sha256-armv4.S", - "ios-arm/crypto/fipsmodule/sha512-armv4.S", - "ios-arm/crypto/fipsmodule/vpaes-armv7.S", - "ios-arm/crypto/test/trampoline-armv4.S", +crypto_sources_apple_arm = [ + "apple-arm/crypto/chacha/chacha-armv4.S", + "apple-arm/crypto/fipsmodule/aesv8-armx32.S", + "apple-arm/crypto/fipsmodule/armv4-mont.S", + "apple-arm/crypto/fipsmodule/bsaes-armv7.S", + "apple-arm/crypto/fipsmodule/ghash-armv4.S", + "apple-arm/crypto/fipsmodule/ghashv8-armx32.S", + "apple-arm/crypto/fipsmodule/sha1-armv4-large.S", + "apple-arm/crypto/fipsmodule/sha256-armv4.S", + "apple-arm/crypto/fipsmodule/sha512-armv4.S", + "apple-arm/crypto/fipsmodule/vpaes-armv7.S", + "apple-arm/crypto/test/trampoline-armv4.S", +] + +crypto_sources_apple_x86 = [ + "apple-x86/crypto/chacha/chacha-x86.S", + "apple-x86/crypto/fipsmodule/aesni-x86.S", + "apple-x86/crypto/fipsmodule/bn-586.S", + "apple-x86/crypto/fipsmodule/co-586.S", + "apple-x86/crypto/fipsmodule/ghash-ssse3-x86.S", + "apple-x86/crypto/fipsmodule/ghash-x86.S", + "apple-x86/crypto/fipsmodule/md5-586.S", + "apple-x86/crypto/fipsmodule/sha1-586.S", + "apple-x86/crypto/fipsmodule/sha256-586.S", + "apple-x86/crypto/fipsmodule/sha512-586.S", + "apple-x86/crypto/fipsmodule/vpaes-x86.S", + "apple-x86/crypto/fipsmodule/x86-mont.S", + "apple-x86/crypto/test/trampoline-x86.S", +] + +crypto_sources_apple_x86_64 = [ + "apple-x86_64/crypto/chacha/chacha-x86_64.S", + "apple-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S", + "apple-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S", + "apple-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S", + "apple-x86_64/crypto/fipsmodule/aesni-x86_64.S", + "apple-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S", + "apple-x86_64/crypto/fipsmodule/ghash-x86_64.S", + "apple-x86_64/crypto/fipsmodule/md5-x86_64.S", + "apple-x86_64/crypto/fipsmodule/p256-x86_64-asm.S", + "apple-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S", + "apple-x86_64/crypto/fipsmodule/rdrand-x86_64.S", + "apple-x86_64/crypto/fipsmodule/rsaz-avx2.S", + "apple-x86_64/crypto/fipsmodule/sha1-x86_64.S", + "apple-x86_64/crypto/fipsmodule/sha256-x86_64.S", + "apple-x86_64/crypto/fipsmodule/sha512-x86_64.S", + "apple-x86_64/crypto/fipsmodule/vpaes-x86_64.S", + "apple-x86_64/crypto/fipsmodule/x86_64-mont.S", + "apple-x86_64/crypto/fipsmodule/x86_64-mont5.S", + "apple-x86_64/crypto/test/trampoline-x86_64.S", ] crypto_sources_linux_aarch64 = [ "linux-aarch64/crypto/chacha/chacha-armv8.S", + "linux-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S", "linux-aarch64/crypto/fipsmodule/aesv8-armx64.S", "linux-aarch64/crypto/fipsmodule/armv8-mont.S", "linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S", "linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S", + "linux-aarch64/crypto/fipsmodule/p256-armv8-asm.S", + "linux-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S", "linux-aarch64/crypto/fipsmodule/sha1-armv8.S", "linux-aarch64/crypto/fipsmodule/sha256-armv8.S", "linux-aarch64/crypto/fipsmodule/sha512-armv8.S", @@ -538,50 +586,15 @@ crypto_sources_linux_x86_64 = [ "src/crypto/hrss/asm/poly_rq_mul.S", ] -crypto_sources_mac_x86 = [ - "mac-x86/crypto/chacha/chacha-x86.S", - "mac-x86/crypto/fipsmodule/aesni-x86.S", - "mac-x86/crypto/fipsmodule/bn-586.S", - "mac-x86/crypto/fipsmodule/co-586.S", - "mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S", - "mac-x86/crypto/fipsmodule/ghash-x86.S", - "mac-x86/crypto/fipsmodule/md5-586.S", - "mac-x86/crypto/fipsmodule/sha1-586.S", - "mac-x86/crypto/fipsmodule/sha256-586.S", - "mac-x86/crypto/fipsmodule/sha512-586.S", - "mac-x86/crypto/fipsmodule/vpaes-x86.S", - "mac-x86/crypto/fipsmodule/x86-mont.S", - "mac-x86/crypto/test/trampoline-x86.S", -] - -crypto_sources_mac_x86_64 = [ - "mac-x86_64/crypto/chacha/chacha-x86_64.S", - "mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S", - "mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S", - "mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S", - "mac-x86_64/crypto/fipsmodule/aesni-x86_64.S", - "mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S", - "mac-x86_64/crypto/fipsmodule/ghash-x86_64.S", - "mac-x86_64/crypto/fipsmodule/md5-x86_64.S", - "mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S", - "mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S", - "mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S", - "mac-x86_64/crypto/fipsmodule/rsaz-avx2.S", - "mac-x86_64/crypto/fipsmodule/sha1-x86_64.S", - "mac-x86_64/crypto/fipsmodule/sha256-x86_64.S", - "mac-x86_64/crypto/fipsmodule/sha512-x86_64.S", - "mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S", - "mac-x86_64/crypto/fipsmodule/x86_64-mont.S", - "mac-x86_64/crypto/fipsmodule/x86_64-mont5.S", - "mac-x86_64/crypto/test/trampoline-x86_64.S", -] - crypto_sources_win_aarch64 = [ "win-aarch64/crypto/chacha/chacha-armv8.S", + "win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S", "win-aarch64/crypto/fipsmodule/aesv8-armx64.S", "win-aarch64/crypto/fipsmodule/armv8-mont.S", "win-aarch64/crypto/fipsmodule/ghash-neon-armv8.S", "win-aarch64/crypto/fipsmodule/ghashv8-armx64.S", + "win-aarch64/crypto/fipsmodule/p256-armv8-asm.S", + "win-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S", "win-aarch64/crypto/fipsmodule/sha1-armv8.S", "win-aarch64/crypto/fipsmodule/sha256-armv8.S", "win-aarch64/crypto/fipsmodule/sha512-armv8.S", @@ -634,6 +647,7 @@ fuzzers = [ "cert", "client", "decode_client_hello_inner", + "der_roundtrip", "dtls_client", "dtls_server", "pkcs12", diff --git a/third_party/boringssl/README.md b/third_party/boringssl/README.md index bbeb404..1942162 100644 --- a/third_party/boringssl/README.md +++ b/third_party/boringssl/README.md @@ -5,5 +5,5 @@ The boringssl repo is configured as a git submodule in ``` cd third_party/boringssl -python2 src/util/generate_build_files.py gn +python src/util/generate_build_files.py gn ``` diff --git a/third_party/boringssl/err_data.c b/third_party/boringssl/err_data.c index 98bc22a..7991be6 100644 --- a/third_party/boringssl/err_data.c +++ b/third_party/boringssl/err_data.c @@ -16,224 +16,227 @@ #include <openssl/base.h> #include <openssl/err.h> -#include <openssl/type_check.h> +#include <assert.h> -OPENSSL_STATIC_ASSERT(ERR_LIB_NONE == 1, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_SYS == 2, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_BN == 3, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_RSA == 4, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_DH == 5, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_EVP == 6, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_BUF == 7, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_OBJ == 8, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_PEM == 9, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_DSA == 10, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_X509 == 11, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_ASN1 == 12, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_CONF == 13, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_CRYPTO == 14, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_EC == 15, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_SSL == 16, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_BIO == 17, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_PKCS7 == 18, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_PKCS8 == 19, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_X509V3 == 20, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_RAND == 21, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_ENGINE == 22, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_OCSP == 23, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_UI == 24, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_COMP == 25, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_ECDSA == 26, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_ECDH == 27, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_HMAC == 28, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_DIGEST == 29, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_CIPHER == 30, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_HKDF == 31, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_TRUST_TOKEN == 32, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_LIB_USER == 33, "library value changed"); -OPENSSL_STATIC_ASSERT(ERR_NUM_LIBS == 34, "number of libraries changed"); +static_assert(ERR_LIB_NONE == 1, "library value changed"); +static_assert(ERR_LIB_SYS == 2, "library value changed"); +static_assert(ERR_LIB_BN == 3, "library value changed"); +static_assert(ERR_LIB_RSA == 4, "library value changed"); +static_assert(ERR_LIB_DH == 5, "library value changed"); +static_assert(ERR_LIB_EVP == 6, "library value changed"); +static_assert(ERR_LIB_BUF == 7, "library value changed"); +static_assert(ERR_LIB_OBJ == 8, "library value changed"); +static_assert(ERR_LIB_PEM == 9, "library value changed"); +static_assert(ERR_LIB_DSA == 10, "library value changed"); +static_assert(ERR_LIB_X509 == 11, "library value changed"); +static_assert(ERR_LIB_ASN1 == 12, "library value changed"); +static_assert(ERR_LIB_CONF == 13, "library value changed"); +static_assert(ERR_LIB_CRYPTO == 14, "library value changed"); +static_assert(ERR_LIB_EC == 15, "library value changed"); +static_assert(ERR_LIB_SSL == 16, "library value changed"); +static_assert(ERR_LIB_BIO == 17, "library value changed"); +static_assert(ERR_LIB_PKCS7 == 18, "library value changed"); +static_assert(ERR_LIB_PKCS8 == 19, "library value changed"); +static_assert(ERR_LIB_X509V3 == 20, "library value changed"); +static_assert(ERR_LIB_RAND == 21, "library value changed"); +static_assert(ERR_LIB_ENGINE == 22, "library value changed"); +static_assert(ERR_LIB_OCSP == 23, "library value changed"); +static_assert(ERR_LIB_UI == 24, "library value changed"); +static_assert(ERR_LIB_COMP == 25, "library value changed"); +static_assert(ERR_LIB_ECDSA == 26, "library value changed"); +static_assert(ERR_LIB_ECDH == 27, "library value changed"); +static_assert(ERR_LIB_HMAC == 28, "library value changed"); +static_assert(ERR_LIB_DIGEST == 29, "library value changed"); +static_assert(ERR_LIB_CIPHER == 30, "library value changed"); +static_assert(ERR_LIB_HKDF == 31, "library value changed"); +static_assert(ERR_LIB_TRUST_TOKEN == 32, "library value changed"); +static_assert(ERR_LIB_USER == 33, "library value changed"); +static_assert(ERR_NUM_LIBS == 34, "number of libraries changed"); const uint32_t kOpenSSLReasonValues[] = { - 0xc320862, - 0xc32887c, - 0xc33088b, - 0xc33889b, - 0xc3408aa, - 0xc3488c3, - 0xc3508cf, - 0xc3588ec, - 0xc36090c, - 0xc36891a, - 0xc37092a, - 0xc378937, - 0xc380947, - 0xc388952, - 0xc390968, - 0xc398977, - 0xc3a098b, - 0xc3a886f, + 0xc320885, + 0xc32889f, + 0xc3308ae, + 0xc3388be, + 0xc3408cd, + 0xc3488e6, + 0xc3508f2, + 0xc35890f, + 0xc36092f, + 0xc36893d, + 0xc37094d, + 0xc37895a, + 0xc38096a, + 0xc388975, + 0xc39098b, + 0xc39899a, + 0xc3a09ae, + 0xc3a8892, 0xc3b00f7, - 0xc3b88fe, - 0x1032086f, - 0x103295e5, - 0x103315f1, - 0x1033960a, - 0x1034161d, - 0x10348f4f, - 0x10350c88, - 0x10359630, - 0x1036165a, - 0x1036966d, - 0x1037168c, - 0x103796a5, - 0x103816ba, - 0x103896d8, - 0x103916e7, - 0x10399703, - 0x103a171e, - 0x103a972d, - 0x103b1749, - 0x103b9764, - 0x103c178a, + 0xc3b8921, + 0x10320892, + 0x10329620, + 0x1033162c, + 0x10339645, + 0x10341658, + 0x10348f72, + 0x10350cab, + 0x1035966b, + 0x10361695, + 0x103696a8, + 0x103716c7, + 0x103796e0, + 0x103816f5, + 0x10389713, + 0x10391722, + 0x1039973e, + 0x103a1759, + 0x103a9768, + 0x103b1784, + 0x103b979f, + 0x103c17c5, 0x103c80f7, - 0x103d179b, - 0x103d97af, - 0x103e17ce, - 0x103e97dd, - 0x103f17f4, - 0x103f9807, - 0x10400c4c, - 0x1040981a, - 0x10411838, - 0x1041984b, - 0x10421865, - 0x10429875, - 0x10431889, - 0x1043989f, - 0x104418b7, - 0x104498cc, - 0x104518e0, - 0x104598f2, - 0x10460625, - 0x10468977, - 0x10471907, - 0x1047991e, - 0x10481933, - 0x10489941, - 0x10490e9b, - 0x1049977b, - 0x104a1645, - 0x14320c2f, - 0x14328c3d, - 0x14330c4c, - 0x14338c5e, + 0x103d17d6, + 0x103d97ea, + 0x103e1809, + 0x103e9818, + 0x103f182f, + 0x103f9842, + 0x10400c6f, + 0x10409855, + 0x10411873, + 0x10419886, + 0x104218a0, + 0x104298b0, + 0x104318c4, + 0x104398da, + 0x104418f2, + 0x10449907, + 0x1045191b, + 0x1045992d, + 0x10460635, + 0x1046899a, + 0x10471942, + 0x10479959, + 0x1048196e, + 0x1048997c, + 0x10490ebe, + 0x104997b6, + 0x104a1680, + 0x14320c52, + 0x14328c60, + 0x14330c6f, + 0x14338c81, 0x143400b9, 0x143480f7, 0x18320090, - 0x18328fa5, + 0x18328fc8, 0x183300b9, - 0x18338fbb, - 0x18340fcf, + 0x18338fde, + 0x18340ff2, 0x183480f7, - 0x18350fee, - 0x18359006, - 0x1836101b, - 0x1836902f, - 0x18371067, - 0x1837907d, - 0x18381091, - 0x183890a1, - 0x18390a9d, - 0x183990b1, - 0x183a10d7, - 0x183a90fd, - 0x183b0ca7, - 0x183b914c, - 0x183c115e, - 0x183c9169, - 0x183d1179, - 0x183d918a, - 0x183e119b, - 0x183e91ad, - 0x183f11d6, - 0x183f91ef, - 0x18401207, - 0x184086fd, - 0x18411120, - 0x184190eb, - 0x1842110a, - 0x18428c94, - 0x184310c6, - 0x18439132, - 0x18440fe4, - 0x18449053, - 0x20321241, - 0x2032922e, - 0x2432124d, - 0x243289bd, - 0x2433125f, - 0x2433926c, - 0x24341279, - 0x2434928b, - 0x2435129a, - 0x243592b7, - 0x243612c4, - 0x243692d2, - 0x243712e0, - 0x243792ee, - 0x243812f7, - 0x24389304, - 0x24391317, - 0x28320c7c, - 0x28328ca7, - 0x28330c4c, - 0x28338cba, - 0x28340c88, + 0x18351011, + 0x18359029, + 0x1836103e, + 0x18369052, + 0x1837108a, + 0x183790a0, + 0x183810b4, + 0x183890c4, + 0x18390ac0, + 0x183990d4, + 0x183a10fa, + 0x183a9120, + 0x183b0cca, + 0x183b916f, + 0x183c1181, + 0x183c918c, + 0x183d119c, + 0x183d91ad, + 0x183e11be, + 0x183e91d0, + 0x183f11f9, + 0x183f9212, + 0x1840122a, + 0x1840870d, + 0x18411143, + 0x1841910e, + 0x1842112d, + 0x18428cb7, + 0x184310e9, + 0x18439155, + 0x18441007, + 0x18449076, + 0x20321264, + 0x20329251, + 0x24321270, + 0x243289e0, + 0x24331282, + 0x2433928f, + 0x2434129c, + 0x243492ae, + 0x243512bd, + 0x243592da, + 0x243612e7, + 0x243692f5, + 0x24371303, + 0x24379311, + 0x2438131a, + 0x24389327, + 0x2439133a, + 0x28320c9f, + 0x28328cca, + 0x28330c6f, + 0x28338cdd, + 0x28340cab, 0x283480b9, 0x283500f7, - 0x28358c94, - 0x2c323286, - 0x2c32932e, - 0x2c333294, - 0x2c33b2a6, - 0x2c3432ba, - 0x2c34b2cc, - 0x2c3532e7, - 0x2c35b2f9, - 0x2c363329, + 0x28358cb7, + 0x2c3232bf, + 0x2c329351, + 0x2c3332cd, + 0x2c33b2df, + 0x2c3432f3, + 0x2c34b305, + 0x2c353320, + 0x2c35b332, + 0x2c363362, 0x2c36833a, - 0x2c373336, - 0x2c37b362, - 0x2c383387, - 0x2c38b39e, - 0x2c3933bc, - 0x2c39b3cc, - 0x2c3a33de, - 0x2c3ab3f2, - 0x2c3b3403, - 0x2c3bb422, - 0x2c3c1340, - 0x2c3c9356, - 0x2c3d3436, - 0x2c3d936f, - 0x2c3e3453, - 0x2c3eb461, - 0x2c3f3479, - 0x2c3fb491, - 0x2c4034bb, - 0x2c409241, - 0x2c4134cc, - 0x2c41b4df, - 0x2c421207, - 0x2c42b4f0, - 0x2c43074a, - 0x2c43b414, - 0x2c443375, - 0x2c44b49e, - 0x2c45330c, - 0x2c45b348, - 0x2c4633ac, + 0x2c37336f, + 0x2c37b39b, + 0x2c3833c0, + 0x2c38b3d7, + 0x2c3933f5, + 0x2c39b405, + 0x2c3a3417, + 0x2c3ab42b, + 0x2c3b343c, + 0x2c3bb45b, + 0x2c3c1363, + 0x2c3c9379, + 0x2c3d34a0, + 0x2c3d9392, + 0x2c3e34ca, + 0x2c3eb4d8, + 0x2c3f34f0, + 0x2c3fb508, + 0x2c403532, + 0x2c409264, + 0x2c413543, + 0x2c41b556, + 0x2c42122a, + 0x2c42b567, + 0x2c43076d, + 0x2c43b44d, + 0x2c4433ae, + 0x2c44b515, + 0x2c453345, + 0x2c45b381, + 0x2c4633e5, + 0x2c46b46f, + 0x2c473484, + 0x2c47b4bd, 0x30320000, 0x30328015, 0x3033001f, @@ -278,528 +281,531 @@ const uint32_t kOpenSSLReasonValues[] = { 0x3046833a, 0x30470372, 0x30478384, - 0x30480392, - 0x304883a3, - 0x304903b2, - 0x304983ca, - 0x304a03dc, - 0x304a83f0, - 0x304b0408, - 0x304b841b, - 0x304c0426, - 0x304c8437, - 0x304d0443, - 0x304d8459, - 0x304e0467, - 0x304e847d, - 0x304f048f, - 0x304f84a1, - 0x305004c4, - 0x305084d7, - 0x305104e8, - 0x305184f8, - 0x30520510, - 0x30528525, - 0x3053053d, - 0x30538551, - 0x30540569, - 0x30548582, - 0x3055059b, - 0x305585b8, - 0x305605c3, - 0x305685db, - 0x305705eb, - 0x305785fc, - 0x3058060f, - 0x30588625, - 0x3059062e, - 0x30598643, - 0x305a0656, - 0x305a8665, - 0x305b0685, - 0x305b8694, - 0x305c06b5, - 0x305c86d1, - 0x305d06dd, - 0x305d86fd, - 0x305e0719, - 0x305e872a, - 0x305f0740, - 0x305f874a, - 0x306004b4, + 0x304803a2, + 0x304883b3, + 0x304903c2, + 0x304983da, + 0x304a03ec, + 0x304a8400, + 0x304b0418, + 0x304b842b, + 0x304c0436, + 0x304c8447, + 0x304d0453, + 0x304d8469, + 0x304e0477, + 0x304e848d, + 0x304f049f, + 0x304f84b1, + 0x305004d4, + 0x305084e7, + 0x305104f8, + 0x30518508, + 0x30520520, + 0x30528535, + 0x3053054d, + 0x30538561, + 0x30540579, + 0x30548592, + 0x305505ab, + 0x305585c8, + 0x305605d3, + 0x305685eb, + 0x305705fb, + 0x3057860c, + 0x3058061f, + 0x30588635, + 0x3059063e, + 0x30598653, + 0x305a0666, + 0x305a8675, + 0x305b0695, + 0x305b86a4, + 0x305c06c5, + 0x305c86e1, + 0x305d06ed, + 0x305d870d, + 0x305e0729, + 0x305e874d, + 0x305f0763, + 0x305f876d, + 0x306004c4, 0x3060804a, 0x30610357, - 0x34320b8d, - 0x34328ba1, - 0x34330bbe, - 0x34338bd1, - 0x34340be0, - 0x34348c19, - 0x34350bfd, + 0x3061873a, + 0x30620392, + 0x34320bb0, + 0x34328bc4, + 0x34330be1, + 0x34338bf4, + 0x34340c03, + 0x34348c3c, + 0x34350c20, 0x3c320090, - 0x3c328ce4, - 0x3c330cfd, - 0x3c338d18, - 0x3c340d35, - 0x3c348d5f, - 0x3c350d7a, - 0x3c358da0, - 0x3c360db9, - 0x3c368dd1, - 0x3c370de2, - 0x3c378df0, - 0x3c380dfd, - 0x3c388e11, - 0x3c390ca7, - 0x3c398e34, - 0x3c3a0e48, - 0x3c3a8937, - 0x3c3b0e58, - 0x3c3b8e73, - 0x3c3c0e85, - 0x3c3c8eb8, - 0x3c3d0ec2, - 0x3c3d8ed6, - 0x3c3e0ee4, - 0x3c3e8f09, - 0x3c3f0cd0, - 0x3c3f8ef2, + 0x3c328d07, + 0x3c330d20, + 0x3c338d3b, + 0x3c340d58, + 0x3c348d82, + 0x3c350d9d, + 0x3c358dc3, + 0x3c360ddc, + 0x3c368df4, + 0x3c370e05, + 0x3c378e13, + 0x3c380e20, + 0x3c388e34, + 0x3c390cca, + 0x3c398e57, + 0x3c3a0e6b, + 0x3c3a895a, + 0x3c3b0e7b, + 0x3c3b8e96, + 0x3c3c0ea8, + 0x3c3c8edb, + 0x3c3d0ee5, + 0x3c3d8ef9, + 0x3c3e0f07, + 0x3c3e8f2c, + 0x3c3f0cf3, + 0x3c3f8f15, 0x3c4000b9, 0x3c4080f7, - 0x3c410d50, - 0x3c418d8f, - 0x3c420e9b, - 0x3c428e25, - 0x403219d3, - 0x403299e9, - 0x40331a17, - 0x40339a21, - 0x40341a38, - 0x40349a56, - 0x40351a66, - 0x40359a78, - 0x40361a85, - 0x40369a91, - 0x40371aa6, - 0x40379ab8, - 0x40381ac3, - 0x40389ad5, - 0x40390f4f, - 0x40399ae5, - 0x403a1af8, - 0x403a9b19, - 0x403b1b2a, - 0x403b9b3a, + 0x3c410d73, + 0x3c418db2, + 0x3c420ebe, + 0x3c428e48, + 0x40321a0e, + 0x40329a24, + 0x40331a52, + 0x40339a5c, + 0x40341a73, + 0x40349a91, + 0x40351aa1, + 0x40359ab3, + 0x40361ac0, + 0x40369acc, + 0x40371ae1, + 0x40379af3, + 0x40381afe, + 0x40389b10, + 0x40390f72, + 0x40399b20, + 0x403a1b33, + 0x403a9b54, + 0x403b1b65, + 0x403b9b75, 0x403c0071, 0x403c8090, - 0x403d1b9b, - 0x403d9bb1, - 0x403e1bc0, - 0x403e9bf8, - 0x403f1c12, - 0x403f9c3a, - 0x40401c4f, - 0x40409c63, - 0x40411c9e, - 0x40419cb9, - 0x40421cd2, - 0x40429ce5, - 0x40431cf9, - 0x40439d27, - 0x40441d3e, + 0x403d1bd6, + 0x403d9bec, + 0x403e1bfb, + 0x403e9c33, + 0x403f1c4d, + 0x403f9c75, + 0x40401c8a, + 0x40409c9e, + 0x40411cd9, + 0x40419cf4, + 0x40421d0d, + 0x40429d20, + 0x40431d34, + 0x40439d62, + 0x40441d79, 0x404480b9, - 0x40451d53, - 0x40459d65, - 0x40461d89, - 0x40469da9, - 0x40471db7, - 0x40479dde, - 0x40481e4f, - 0x40489f09, - 0x40491f20, - 0x40499f3a, - 0x404a1f51, - 0x404a9f6f, - 0x404b1f87, - 0x404b9fb4, - 0x404c1fca, - 0x404c9fdc, - 0x404d1ffd, - 0x404da036, - 0x404e204a, - 0x404ea057, - 0x404f20f1, - 0x404fa167, - 0x405021be, - 0x4050a1d2, - 0x40512205, - 0x40522215, - 0x4052a239, - 0x40532251, - 0x4053a264, - 0x40542279, - 0x4054a29c, - 0x405522c7, - 0x4055a304, - 0x40562329, - 0x4056a342, - 0x4057235a, - 0x4057a36d, - 0x40582382, - 0x4058a3a9, - 0x405923d8, - 0x4059a405, - 0x405a2419, - 0x405aa429, - 0x405b2441, - 0x405ba452, - 0x405c2465, - 0x405ca4a4, - 0x405d24b1, - 0x405da4d6, - 0x405e2514, - 0x405e8adb, - 0x405f254f, - 0x405fa55c, - 0x4060256a, - 0x4060a58c, - 0x406125ed, - 0x4061a625, - 0x4062263c, - 0x4062a64d, - 0x4063269a, - 0x4063a6af, - 0x406426c6, - 0x4064a6f2, - 0x4065270d, - 0x4065a724, - 0x4066273c, - 0x4066a766, - 0x40672791, - 0x4067a7d6, - 0x4068281e, - 0x4068a83f, - 0x40692871, - 0x4069a89f, - 0x406a28c0, - 0x406aa8e0, - 0x406b2a68, - 0x406baa8b, - 0x406c2aa1, - 0x406cadab, - 0x406d2dda, - 0x406dae02, - 0x406e2e30, - 0x406eae7d, - 0x406f2ed6, - 0x406faf0e, - 0x40702f21, - 0x4070af3e, - 0x4071082a, - 0x4071af50, - 0x40722f63, - 0x4072af99, - 0x40732fb1, - 0x40739540, - 0x40742fc5, - 0x4074afdf, - 0x40752ff0, - 0x4075b004, - 0x40763012, - 0x40769304, - 0x40773037, - 0x4077b077, - 0x40783092, - 0x4078b0cb, - 0x407930e2, - 0x4079b0f8, - 0x407a3124, - 0x407ab137, - 0x407b314c, - 0x407bb15e, - 0x407c318f, - 0x407cb198, - 0x407d285a, - 0x407da177, - 0x407e30a7, - 0x407ea3b9, - 0x407f1dcb, - 0x407f9f9e, - 0x40802101, - 0x40809df3, - 0x40812227, - 0x4081a0a5, - 0x40822e1b, - 0x40829b46, - 0x40832394, - 0x4083a6d7, - 0x40841e07, - 0x4084a3f1, - 0x40852476, - 0x4085a5b4, - 0x408624f6, - 0x4086a191, - 0x40872e61, - 0x4087a602, - 0x40881b84, - 0x4088a7e9, - 0x40891bd3, - 0x40899b60, - 0x408a2ad9, - 0x408a9958, - 0x408b3173, - 0x408baeeb, - 0x408c2486, - 0x408c9990, - 0x408d1eef, - 0x408d9e39, - 0x408e201f, - 0x408ea2e4, - 0x408f27fd, - 0x408fa5d0, - 0x409027b2, - 0x4090a4c8, - 0x40912ac1, - 0x409199b6, - 0x40921c20, - 0x4092ae9c, - 0x40932f7c, - 0x4093a1a2, - 0x40941e1b, - 0x4094aaf2, - 0x4095265e, - 0x4095b104, - 0x40962e48, - 0x4096a11a, - 0x409721ed, - 0x4097a06e, - 0x40981c80, - 0x4098a672, - 0x40992eb8, - 0x4099a311, - 0x409a22aa, - 0x409a9974, - 0x409b1e75, - 0x409b9ea0, - 0x409c3059, - 0x409c9ec8, - 0x409d20d6, - 0x409da0bb, - 0x409e1d11, - 0x409ea14f, - 0x409f2137, - 0x409f9e68, - 0x40a02535, - 0x40a0a088, - 0x41f42993, - 0x41f92a25, - 0x41fe2918, - 0x41feabce, - 0x41ff2cfc, - 0x420329ac, - 0x420829ce, - 0x4208aa0a, - 0x420928fc, - 0x4209aa44, - 0x420a2953, - 0x420aa933, - 0x420b2973, - 0x420ba9ec, - 0x420c2d18, - 0x420cab02, - 0x420d2bb5, - 0x420dabec, - 0x42122c1f, - 0x42172cdf, - 0x4217ac61, - 0x421c2c83, - 0x421f2c3e, - 0x42212d90, - 0x42262cc2, - 0x422b2d6e, - 0x422bab90, - 0x422c2d50, - 0x422cab43, - 0x422d2b1c, - 0x422dad2f, - 0x422e2b6f, - 0x42302c9e, - 0x4230ac06, - 0x44320755, - 0x44328764, - 0x44330770, - 0x4433877e, - 0x44340791, - 0x443487a2, - 0x443507a9, - 0x443587b3, - 0x443607c6, - 0x443687dc, - 0x443707ee, - 0x443787fb, - 0x4438080a, - 0x44388812, - 0x4439082a, - 0x44398838, - 0x443a084b, - 0x4832132e, - 0x48329340, - 0x48331356, - 0x4833936f, - 0x4c321394, - 0x4c3293a4, - 0x4c3313b7, - 0x4c3393d7, + 0x40451d8e, + 0x40459da0, + 0x40461dc4, + 0x40469de4, + 0x40471df2, + 0x40479e19, + 0x40481e8a, + 0x40489f44, + 0x40491f5b, + 0x40499f75, + 0x404a1f8c, + 0x404a9faa, + 0x404b1fc2, + 0x404b9fef, + 0x404c2005, + 0x404ca017, + 0x404d2038, + 0x404da071, + 0x404e2085, + 0x404ea092, + 0x404f212c, + 0x404fa1a2, + 0x40502211, + 0x4050a225, + 0x40512258, + 0x40522268, + 0x4052a28c, + 0x405322a4, + 0x4053a2b7, + 0x405422cc, + 0x4054a2ef, + 0x4055231a, + 0x4055a357, + 0x4056237c, + 0x4056a395, + 0x405723ad, + 0x4057a3c0, + 0x405823d5, + 0x4058a3fc, + 0x4059242b, + 0x4059a458, + 0x405a246c, + 0x405aa47c, + 0x405b2494, + 0x405ba4a5, + 0x405c24b8, + 0x405ca4f7, + 0x405d2504, + 0x405da529, + 0x405e2567, + 0x405e8afe, + 0x405f2588, + 0x405fa595, + 0x406025a3, + 0x4060a5c5, + 0x40612626, + 0x4061a65e, + 0x40622675, + 0x4062a686, + 0x406326d3, + 0x4063a6e8, + 0x406426ff, + 0x4064a72b, + 0x40652746, + 0x4065a75d, + 0x40662775, + 0x4066a79f, + 0x406727ca, + 0x4067a80f, + 0x40682857, + 0x4068a878, + 0x406928aa, + 0x4069a8d8, + 0x406a28f9, + 0x406aa919, + 0x406b2aa1, + 0x406baac4, + 0x406c2ada, + 0x406cade4, + 0x406d2e13, + 0x406dae3b, + 0x406e2e69, + 0x406eaeb6, + 0x406f2f0f, + 0x406faf47, + 0x40702f5a, + 0x4070af77, + 0x4071084d, + 0x4071af89, + 0x40722f9c, + 0x4072afd2, + 0x40732fea, + 0x4073957b, + 0x40742ffe, + 0x4074b018, + 0x40753029, + 0x4075b03d, + 0x4076304b, + 0x40769327, + 0x40773070, + 0x4077b0b0, + 0x407830cb, + 0x4078b104, + 0x4079311b, + 0x4079b131, + 0x407a315d, + 0x407ab170, + 0x407b3185, + 0x407bb197, + 0x407c31c8, + 0x407cb1d1, + 0x407d2893, + 0x407da1ca, + 0x407e30e0, + 0x407ea40c, + 0x407f1e06, + 0x407f9fd9, + 0x4080213c, + 0x40809e2e, + 0x4081227a, + 0x4081a0e0, + 0x40822e54, + 0x40829b81, + 0x408323e7, + 0x4083a710, + 0x40841e42, + 0x4084a444, + 0x408524c9, + 0x4085a5ed, + 0x40862549, + 0x4086a1e4, + 0x40872e9a, + 0x4087a63b, + 0x40881bbf, + 0x4088a822, + 0x40891c0e, + 0x40899b9b, + 0x408a2b12, + 0x408a9993, + 0x408b31ac, + 0x408baf24, + 0x408c24d9, + 0x408c99cb, + 0x408d1f2a, + 0x408d9e74, + 0x408e205a, + 0x408ea337, + 0x408f2836, + 0x408fa609, + 0x409027eb, + 0x4090a51b, + 0x40912afa, + 0x409199f1, + 0x40921c5b, + 0x4092aed5, + 0x40932fb5, + 0x4093a1f5, + 0x40941e56, + 0x4094ab2b, + 0x40952697, + 0x4095b13d, + 0x40962e81, + 0x4096a155, + 0x40972240, + 0x4097a0a9, + 0x40981cbb, + 0x4098a6ab, + 0x40992ef1, + 0x4099a364, + 0x409a22fd, + 0x409a99af, + 0x409b1eb0, + 0x409b9edb, + 0x409c3092, + 0x409c9f03, + 0x409d2111, + 0x409da0f6, + 0x409e1d4c, + 0x409ea18a, + 0x409f2172, + 0x409f9ea3, + 0x40a021b2, + 0x40a0a0c3, + 0x41f429cc, + 0x41f92a5e, + 0x41fe2951, + 0x41feac07, + 0x41ff2d35, + 0x420329e5, + 0x42082a07, + 0x4208aa43, + 0x42092935, + 0x4209aa7d, + 0x420a298c, + 0x420aa96c, + 0x420b29ac, + 0x420baa25, + 0x420c2d51, + 0x420cab3b, + 0x420d2bee, + 0x420dac25, + 0x42122c58, + 0x42172d18, + 0x4217ac9a, + 0x421c2cbc, + 0x421f2c77, + 0x42212dc9, + 0x42262cfb, + 0x422b2da7, + 0x422babc9, + 0x422c2d89, + 0x422cab7c, + 0x422d2b55, + 0x422dad68, + 0x422e2ba8, + 0x42302cd7, + 0x4230ac3f, + 0x44320778, + 0x44328787, + 0x44330793, + 0x443387a1, + 0x443407b4, + 0x443487c5, + 0x443507cc, + 0x443587d6, + 0x443607e9, + 0x443687ff, + 0x44370811, + 0x4437881e, + 0x4438082d, + 0x44388835, + 0x4439084d, + 0x4439885b, + 0x443a086e, + 0x48321351, + 0x48329363, + 0x48331379, + 0x48339392, + 0x4c3213cf, + 0x4c3293df, + 0x4c3313f2, + 0x4c339412, 0x4c3400b9, 0x4c3480f7, - 0x4c3513e3, - 0x4c3593f1, - 0x4c36140d, - 0x4c369433, - 0x4c371442, - 0x4c379450, - 0x4c381465, - 0x4c389471, - 0x4c391491, - 0x4c3994bb, - 0x4c3a14d4, - 0x4c3a94ed, - 0x4c3b0625, - 0x4c3b9506, - 0x4c3c1518, - 0x4c3c9527, - 0x4c3d1540, - 0x4c3d8c6f, - 0x4c3e15ad, - 0x4c3e954f, - 0x4c3f15cf, - 0x4c3f9304, - 0x4c401565, - 0x4c409380, - 0x4c41159d, - 0x4c419420, - 0x4c421589, - 0x50323502, - 0x5032b511, - 0x5033351c, - 0x5033b52c, - 0x50343545, - 0x5034b55f, - 0x5035356d, - 0x5035b583, - 0x50363595, - 0x5036b5ab, - 0x503735c4, - 0x5037b5d7, - 0x503835ef, - 0x5038b600, - 0x50393615, - 0x5039b629, - 0x503a3649, - 0x503ab65f, - 0x503b3677, - 0x503bb689, - 0x503c36a5, - 0x503cb6bc, - 0x503d36d5, - 0x503db6eb, - 0x503e36f8, - 0x503eb70e, - 0x503f3720, - 0x503f83a3, - 0x50403733, - 0x5040b743, - 0x5041375d, - 0x5041b76c, - 0x50423786, - 0x5042b7a3, - 0x504337b3, - 0x5043b7c3, - 0x504437e0, - 0x50448459, - 0x504537f4, - 0x5045b812, - 0x50463825, - 0x5046b83b, - 0x5047384d, - 0x5047b862, - 0x50483888, - 0x5048b896, - 0x504938a9, - 0x5049b8be, - 0x504a38d4, - 0x504ab8e4, - 0x504b3904, - 0x504bb917, - 0x504c393a, - 0x504cb968, - 0x504d3995, - 0x504db9b2, - 0x504e39cd, - 0x504eb9e9, - 0x504f39fb, - 0x504fba12, - 0x50503a21, - 0x50508719, - 0x50513a34, - 0x5051b7d2, - 0x5052397a, - 0x58320f8d, - 0x68320f4f, - 0x68328ca7, - 0x68330cba, - 0x68338f5d, - 0x68340f6d, + 0x4c35141e, + 0x4c35942c, + 0x4c361448, + 0x4c36946e, + 0x4c37147d, + 0x4c37948b, + 0x4c3814a0, + 0x4c3894ac, + 0x4c3914cc, + 0x4c3994f6, + 0x4c3a150f, + 0x4c3a9528, + 0x4c3b0635, + 0x4c3b9541, + 0x4c3c1553, + 0x4c3c9562, + 0x4c3d157b, + 0x4c3d8c92, + 0x4c3e15e8, + 0x4c3e958a, + 0x4c3f160a, + 0x4c3f9327, + 0x4c4015a0, + 0x4c4093bb, + 0x4c4115d8, + 0x4c41945b, + 0x4c4215c4, + 0x4c4293a3, + 0x50323579, + 0x5032b588, + 0x50333593, + 0x5033b5a3, + 0x503435bc, + 0x5034b5d6, + 0x503535e4, + 0x5035b5fa, + 0x5036360c, + 0x5036b622, + 0x5037363b, + 0x5037b64e, + 0x50383666, + 0x5038b677, + 0x5039368c, + 0x5039b6a0, + 0x503a36c0, + 0x503ab6d6, + 0x503b36ee, + 0x503bb700, + 0x503c371c, + 0x503cb733, + 0x503d374c, + 0x503db762, + 0x503e376f, + 0x503eb785, + 0x503f3797, + 0x503f83b3, + 0x504037aa, + 0x5040b7ba, + 0x504137d4, + 0x5041b7e3, + 0x504237fd, + 0x5042b81a, + 0x5043382a, + 0x5043b83a, + 0x50443857, + 0x50448469, + 0x5045386b, + 0x5045b889, + 0x5046389c, + 0x5046b8b2, + 0x504738c4, + 0x5047b8d9, + 0x504838ff, + 0x5048b90d, + 0x50493920, + 0x5049b935, + 0x504a394b, + 0x504ab95b, + 0x504b397b, + 0x504bb98e, + 0x504c39b1, + 0x504cb9df, + 0x504d3a0c, + 0x504dba29, + 0x504e3a44, + 0x504eba60, + 0x504f3a72, + 0x504fba89, + 0x50503a98, + 0x50508729, + 0x50513aab, + 0x5051b849, + 0x505239f1, + 0x58320fb0, + 0x68320f72, + 0x68328cca, + 0x68330cdd, + 0x68338f80, + 0x68340f90, 0x683480f7, - 0x6c320f15, - 0x6c328c5e, - 0x6c330f20, - 0x6c338f39, - 0x74320a43, + 0x6c320f38, + 0x6c328c81, + 0x6c330f43, + 0x6c338f5c, + 0x74320a66, 0x743280b9, - 0x74330c6f, - 0x783209a8, - 0x783289bd, - 0x783309c9, + 0x74330c92, + 0x783209cb, + 0x783289e0, + 0x783309ec, 0x78338090, - 0x783409d8, - 0x783489ed, - 0x78350a0c, - 0x78358a2e, - 0x78360a43, - 0x78368a59, - 0x78370a69, - 0x78378a8a, - 0x78380a9d, - 0x78388aaf, - 0x78390abc, - 0x78398adb, - 0x783a0af0, - 0x783a8afe, - 0x783b0b08, - 0x783b8b1c, - 0x783c0b33, - 0x783c8b48, - 0x783d0b5f, - 0x783d8b74, - 0x783e0aca, - 0x783e8a7c, - 0x7c32121d, - 0x80321433, + 0x783409fb, + 0x78348a10, + 0x78350a2f, + 0x78358a51, + 0x78360a66, + 0x78368a7c, + 0x78370a8c, + 0x78378aad, + 0x78380ac0, + 0x78388ad2, + 0x78390adf, + 0x78398afe, + 0x783a0b13, + 0x783a8b21, + 0x783b0b2b, + 0x783b8b3f, + 0x783c0b56, + 0x783c8b6b, + 0x783d0b82, + 0x783d8b97, + 0x783e0aed, + 0x783e8a9f, + 0x7c321240, + 0x8032146e, 0x80328090, - 0x80333255, + 0x8033328e, 0x803380b9, - 0x80343264, - 0x8034b1cc, - 0x803531ea, - 0x8035b278, - 0x8036322c, - 0x8036b1db, - 0x8037321e, - 0x8037b1b9, - 0x8038323f, - 0x8038b1fb, - 0x80393210, + 0x8034329d, + 0x8034b205, + 0x80353223, + 0x8035b2b1, + 0x80363265, + 0x8036b214, + 0x80373257, + 0x8037b1f2, + 0x80383278, + 0x8038b234, + 0x80393249, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -851,6 +857,7 @@ const char kOpenSSLReasonStringData[] = "INVALID_BIT_STRING_PADDING\0" "INVALID_BMPSTRING\0" "INVALID_DIGIT\0" + "INVALID_INTEGER\0" "INVALID_MODIFIER\0" "INVALID_NUMBER\0" "INVALID_OBJECT_ENCODING\0" @@ -897,6 +904,7 @@ const char kOpenSSLReasonStringData[] = "UNSUPPORTED_ANY_DEFINED_BY_TYPE\0" "UNSUPPORTED_PUBLIC_KEY_TYPE\0" "UNSUPPORTED_TYPE\0" + "WRONG_INTEGER_TYPE\0" "WRONG_PUBLIC_KEY_TYPE\0" "WRONG_TAG\0" "WRONG_TYPE\0" @@ -1066,6 +1074,7 @@ const char kOpenSSLReasonStringData[] = "NOT_PKCS7_SIGNED_DATA\0" "NO_CERTIFICATES_INCLUDED\0" "NO_CRLS_INCLUDED\0" + "AMBIGUOUS_FRIENDLY_NAME\0" "BAD_ITERATION_COUNT\0" "BAD_PKCS12_DATA\0" "BAD_PKCS12_VERSION\0" @@ -1223,6 +1232,7 @@ const char kOpenSSLReasonStringData[] = "INVALID_ECH_CONFIG_LIST\0" "INVALID_ECH_PUBLIC_NAME\0" "INVALID_MESSAGE\0" + "INVALID_OUTER_EXTENSION\0" "INVALID_OUTER_RECORD_TYPE\0" "INVALID_SCT_LIST\0" "INVALID_SIGNATURE_ALGORITHM\0" @@ -1266,7 +1276,6 @@ const char kOpenSSLReasonStringData[] = "OLD_SESSION_CIPHER_NOT_RETURNED\0" "OLD_SESSION_PRF_HASH_MISMATCH\0" "OLD_SESSION_VERSION_NOT_RETURNED\0" - "OUTER_EXTENSION_NOT_FOUND\0" "PARSE_TLSEXT\0" "PATH_TOO_LONG\0" "PEER_DID_NOT_RETURN_A_CERTIFICATE\0" @@ -1417,7 +1426,10 @@ const char kOpenSSLReasonStringData[] = "LOADING_DEFAULTS\0" "NAME_TOO_LONG\0" "NEWER_CRL_NOT_NEWER\0" + "NO_CERTIFICATE_FOUND\0" + "NO_CERTIFICATE_OR_CRL_FOUND\0" "NO_CERT_SET_FOR_US_TO_VERIFY\0" + "NO_CRL_FOUND\0" "NO_CRL_NUMBER\0" "PUBLIC_KEY_DECODE_ERROR\0" "PUBLIC_KEY_ENCODE_ERROR\0" diff --git a/third_party/cose-c/BUILD.gn b/third_party/cose-c/BUILD.gn index 917e647..e5a46aa 100644 --- a/third_party/cose-c/BUILD.gn +++ b/third_party/cose-c/BUILD.gn @@ -15,10 +15,17 @@ import("//build_overrides/pigweed.gni") import("$dir_pw_build/target_types.gni") -config("external_config") { +config("external_config_ed25519") { include_dirs = [ "src/include", - "include", + "include/ed25519", + ] +} + +config("external_config_p384") { + include_dirs = [ + "src/include", + "include/p384", ] } @@ -28,16 +35,33 @@ config("internal_config") { cflags = [ "-Wno-cast-qual" ] } -pw_static_library("cose-c") { +pw_static_library("cose-c_ed25519") { + public = [ "src/include/cose/cose.h" ] + sources = [ + "cose_ed25519_deps.cc", + "src/src/Cose.cpp", + "src/src/CoseKey.cpp", + "src/src/Sign1.cpp", + "src/src/cbor.cpp", + ] + public_configs = [ ":external_config_ed25519" ] + configs = [ ":internal_config" ] + public_deps = [ + "//third_party/boringssl:crypto", + "//third_party/cn-cbor:cn-cbor", + ] +} + +pw_static_library("cose-c_p384") { public = [ "src/include/cose/cose.h" ] sources = [ - "cose_deps.cc", + "cose_p384_deps.cc", "src/src/Cose.cpp", "src/src/CoseKey.cpp", "src/src/Sign1.cpp", "src/src/cbor.cpp", ] - public_configs = [ ":external_config" ] + public_configs = [ ":external_config_p384" ] configs = [ ":internal_config" ] public_deps = [ "//third_party/boringssl:crypto", diff --git a/third_party/cose-c/cose_deps.cc b/third_party/cose-c/cose_ed25519_deps.cc index 986b2b0..1eb8a15 100644 --- a/third_party/cose-c/cose_deps.cc +++ b/third_party/cose-c/cose_ed25519_deps.cc @@ -23,7 +23,7 @@ // Gets the public key from a well-formed Ed25519 COSE_Key. On success populates // |public_key| and returns true. -static bool GetPublicKeyFromCbor(const cn_cbor *key, uint8_t public_key[32]) { +static bool GetPublicKeyFromCbor(const cn_cbor *key, uint8_t public_key[PUBLIC_KEY_SIZE]) { const int64_t kCoseKeyAlgLabel = 3; const int64_t kCoseKeyOpsLabel = 4; const uint64_t kCoseKeyOpsVerify = 2; @@ -42,7 +42,7 @@ static bool GetPublicKeyFromCbor(const cn_cbor *key, uint8_t public_key[32]) { if (curve->type != CN_CBOR_UINT || curve->v.uint != COSE_Curve_Ed25519) { return false; } - if (x->type != CN_CBOR_BYTES || x->length != 32) { + if (x->type != CN_CBOR_BYTES || x->length != PUBLIC_KEY_SIZE) { return false; } // Optional attributes. @@ -72,7 +72,7 @@ static bool GetPublicKeyFromCbor(const cn_cbor *key, uint8_t public_key[32]) { } } - memcpy(public_key, x->v.bytes, 32); + memcpy(public_key, x->v.bytes, PUBLIC_KEY_SIZE); return true; } @@ -88,7 +88,7 @@ bool EdDSA_Verify(COSE *cose_signer, int signature_index, COSE_KEY *cose_key, if (signature->type != CN_CBOR_BYTES || signature->length != 64) { return false; } - uint8_t public_key[32]; + uint8_t public_key[PUBLIC_KEY_SIZE]; if (!GetPublicKeyFromCbor(key, public_key)) { return false; } diff --git a/third_party/cose-c/cose_p384_deps.cc b/third_party/cose-c/cose_p384_deps.cc new file mode 100644 index 0000000..795b080 --- /dev/null +++ b/third_party/cose-c/cose_p384_deps.cc @@ -0,0 +1,148 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +#include <stdint.h> +#include <string.h> + +#include "cose/cose.h" +#include "cose/cose_configure.h" +#include "cose_int.h" +#include "openssl/bn.h" +#include "openssl/ec.h" +#include "openssl/ec_key.h" +#include "openssl/ecdsa.h" +#include "openssl/evp.h" +#include "openssl/hkdf.h" +#include "openssl/is_boringssl.h" +#include "openssl/sha.h" + +// Gets the public key from a well-formed ECDSA P-384 COSE_Key. On +// success populates |public_key| and returns true; public_key must hold 96 bytes +// (uncompressed format). +static bool GetPublicKeyFromCbor(const cn_cbor *key, uint8_t *public_key) { + const int64_t kCoseKeyAlgLabel = 3; + const int64_t kCoseKeyOpsLabel = 4; + const uint64_t kCoseKeyOpsVerify = 2; + const int64_t kCoseAlgEs384 = -35; + + // Mandatory attributes. + cn_cbor *type = cn_cbor_mapget_int(key, COSE_Key_Type); + cn_cbor *curve = cn_cbor_mapget_int(key, COSE_Key_OPK_Curve); + if (!type || !curve) { + return false; + } + if (type->type != CN_CBOR_UINT || curve->type != CN_CBOR_UINT) { + return false; + } + + if (type->v.uint != COSE_Key_Type_EC2 || curve->v.uint != COSE_Curve_P384) { + return false; + } + + cn_cbor *x = cn_cbor_mapget_int(key, COSE_Key_EC2_X); + if (!x || x->type != CN_CBOR_BYTES || x->length != (PUBLIC_KEY_SIZE / 2)) { + return false; + } + + cn_cbor *y = cn_cbor_mapget_int(key, COSE_Key_EC2_Y); + if (!y || y->type != CN_CBOR_BYTES || y->length != (PUBLIC_KEY_SIZE / 2)) { + return false; + } + + cn_cbor *alg = cn_cbor_mapget_int(key, kCoseKeyAlgLabel); + if (alg) { + if (alg->type != CN_CBOR_INT || alg->v.sint != kCoseAlgEs384) { + return false; + } + } + + cn_cbor *ops = cn_cbor_mapget_int(key, kCoseKeyOpsLabel); + if (ops) { + if (ops->type != CN_CBOR_ARRAY || ops->length == 0) { + return false; + } + bool found_verify = false; + for (size_t i = 0; i < ops->length; ++i) { + cn_cbor *item = cn_cbor_index(ops, i); + if (!item || item->type != CN_CBOR_UINT) { + return false; + } + if (item->v.uint == kCoseKeyOpsVerify) { + found_verify = true; + } + } + if (!found_verify) { + return false; + } + } + + memcpy(&public_key[0], x->v.bytes, PUBLIC_KEY_SIZE / 2); + memcpy(&public_key[PUBLIC_KEY_SIZE / 2], y->v.bytes, PUBLIC_KEY_SIZE / 2); + return true; +} + +bool ECDSA_Verify(COSE *cose_signer, int signature_index, COSE_KEY *cose_key, + int cbitsDigest, const byte *message, size_t message_size, + cose_errback *) { + (void)cbitsDigest; + cn_cbor *signature = _COSE_arrayget_int(cose_signer, signature_index); + cn_cbor *key = cose_key->m_cborKey; + if (!signature || !key) { + return false; + } + if (signature->type != CN_CBOR_BYTES || signature->length != PUBLIC_KEY_SIZE) { + return false; + } + uint8_t public_key[PUBLIC_KEY_SIZE]; + if (!GetPublicKeyFromCbor(key, public_key)) { + return false; + } + + // Implementation of ECDSA verification starts here + uint8_t output[48]; + SHA384(message, message_size, output); + EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp384r1); + BIGNUM *x = BN_new(); + BN_bin2bn(&public_key[0], 48, x); + BIGNUM *y = BN_new(); + BN_bin2bn(&public_key[48], 48, y); + int result = EC_KEY_set_public_key_affine_coordinates(eckey, x, y); + + BN_clear_free(y); + BN_clear_free(x); + + if (result == 0) { + printf("Setting affine coordinates failed\n"); + return false; + } + + ECDSA_SIG *sig = ECDSA_SIG_new(); + BN_bin2bn(&(signature->v.bytes[0]), 48, sig->r); + BN_bin2bn(&(signature->v.bytes[48]), 48, sig->s); + result = ECDSA_do_verify(output, 48, sig, eckey); + + EC_KEY_free(eckey); + ECDSA_SIG_free(sig); + if (1 != result) { + return false; + } + return true; +} + +// A stub for 'ECDSA_Sign'. This is unused, but helps make linkers happy. +bool ECDSA_Sign(COSE * /*cose_signer*/, int /*signature_index*/, + COSE_KEY * /*cose_key*/, const byte * /*message*/, + size_t /*message_size*/, cose_errback *) { + return false; +} diff --git a/third_party/cose-c/include/cose/cose_configure.h b/third_party/cose-c/include/ed25519/cose/cose_configure.h index c874231..f6d91a2 100644 --- a/third_party/cose-c/include/cose/cose_configure.h +++ b/third_party/cose-c/include/ed25519/cose/cose_configure.h @@ -1,4 +1,5 @@ #define USE_EDDSA +#define PUBLIC_KEY_SIZE 32 #define INCLUDE_ENCRYPT 0 #define INCLUDE_ENCRYPT0 0 diff --git a/third_party/cose-c/include/p384/cose/cose_configure.h b/third_party/cose-c/include/p384/cose/cose_configure.h new file mode 100644 index 0000000..ebb4469 --- /dev/null +++ b/third_party/cose-c/include/p384/cose/cose_configure.h @@ -0,0 +1,11 @@ +#define USE_ECDSA_SHA_384 +#define PUBLIC_KEY_SIZE 96 + +#define INCLUDE_ENCRYPT 0 +#define INCLUDE_ENCRYPT0 0 +#define INCLUDE_MAC 0 +#define INCLUDE_MAC0 0 +#define INCLUDE_SIGN 0 +#define INCLUDE_SIGN1 1 +#define INCLUDE_COUNTERSIGNATURE 0 +#define INCLUDE_COUNTERSIGNATURE1 0 diff --git a/third_party/mbedtls/0001-Mark-basic-constraints-critical-as-appropriate.patch b/third_party/mbedtls/0001-Mark-basic-constraints-critical-as-appropriate.patch deleted file mode 100644 index 097eb17..0000000 --- a/third_party/mbedtls/0001-Mark-basic-constraints-critical-as-appropriate.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d5cbe3484248ee5f44543b1b50604bcd5739cc85 Mon Sep 17 00:00:00 2001 -From: Darren Krahn <dkrahn@google.com> -Date: Fri, 10 Jul 2020 17:03:57 -0700 -Subject: [PATCH] Mark basic constraints critical as appropriate. - -Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension -must be marked critical. ---- - library/x509write_crt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/library/x509write_crt.c b/library/x509write_crt.c -index 32c655096..498b8b0a0 100644 ---- a/library/x509write_crt.c -+++ b/library/x509write_crt.c -@@ -163,7 +163,7 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, - return( - mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, - MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ), -- 0, buf + sizeof(buf) - len, len ) ); -+ is_ca, buf + sizeof(buf) - len, len ) ); - } - - #if defined(MBEDTLS_SHA1_C) --- -2.29.0.rc1.297.gfa9743e501-goog - diff --git a/third_party/mbedtls/BUILD.gn b/third_party/mbedtls/BUILD.gn index e77c1b2..7e6d0f7 100644 --- a/third_party/mbedtls/BUILD.gn +++ b/third_party/mbedtls/BUILD.gn @@ -31,9 +31,12 @@ pw_static_library("mbedcrypto") { "src/library/asn1parse.c", "src/library/asn1write.c", "src/library/bignum.c", + "src/library/bignum_core.c", + "src/library/constant_time.c", "src/library/ecdsa.c", "src/library/ecp.c", "src/library/ecp_curves.c", + "src/library/hash_info.c", "src/library/hkdf.c", "src/library/hmac_drbg.c", "src/library/md.c", diff --git a/third_party/mbedtls/custom_config.h b/third_party/mbedtls/custom_config.h index ff71785..24d5418 100644 --- a/third_party/mbedtls/custom_config.h +++ b/third_party/mbedtls/custom_config.h @@ -32,6 +32,7 @@ #define MBEDTLS_MD_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_WRITE_C #define MBEDTLS_SHA512_C #define MBEDTLS_X509_CREATE_C |