[dice] Migrate from fixed public key/signature sizes to dynamic length
As the fixed public key / signature sizes are dropped in the
multi-alg version of open-dice.
Test: atest MicrodroidHostTests
Test: atest --include-subdirs libs/dice:postsubmit
Bug: 357008987
Change-Id: Ib471476cfef8af1a999df65a537f18dc83ff37b1
diff --git a/libs/dice/open_dice/Android.bp b/libs/dice/open_dice/Android.bp
index b4181e2..c60260e 100644
--- a/libs/dice/open_dice/Android.bp
+++ b/libs/dice/open_dice/Android.bp
@@ -152,9 +152,7 @@
"--allowlist-var=DICE_INLINE_CONFIG_SIZE",
"--allowlist-var=DICE_PRIVATE_KEY_SEED_SIZE",
"--allowlist-var=DICE_ID_SIZE",
- "--allowlist-var=DICE_PUBLIC_KEY_SIZE",
"--allowlist-var=DICE_PRIVATE_KEY_SIZE",
- "--allowlist-var=DICE_SIGNATURE_SIZE",
],
}
diff --git a/libs/dice/open_dice/src/dice.rs b/libs/dice/open_dice/src/dice.rs
index 325a2b1..6404508 100644
--- a/libs/dice/open_dice/src/dice.rs
+++ b/libs/dice/open_dice/src/dice.rs
@@ -22,7 +22,6 @@
DiceConfigType, DiceDeriveCdiCertificateId, DiceDeriveCdiPrivateKeySeed, DiceInputValues,
DiceMainFlow, DICE_CDI_SIZE, DICE_HASH_SIZE, DICE_HIDDEN_SIZE, DICE_ID_SIZE,
DICE_INLINE_CONFIG_SIZE, DICE_PRIVATE_KEY_SEED_SIZE, DICE_PRIVATE_KEY_SIZE,
- DICE_PUBLIC_KEY_SIZE, DICE_SIGNATURE_SIZE,
};
#[cfg(feature = "serde_derive")]
use serde_derive::{Deserialize, Serialize};
@@ -41,10 +40,6 @@
pub const PRIVATE_KEY_SEED_SIZE: usize = DICE_PRIVATE_KEY_SEED_SIZE as usize;
/// The size of a private key.
pub const PRIVATE_KEY_SIZE: usize = DICE_PRIVATE_KEY_SIZE as usize;
-/// The size of a public key.
-pub const PUBLIC_KEY_SIZE: usize = DICE_PUBLIC_KEY_SIZE as usize;
-/// The size of a signature.
-pub const SIGNATURE_SIZE: usize = DICE_SIGNATURE_SIZE as usize;
/// The size of an ID.
pub const ID_SIZE: usize = DICE_ID_SIZE as usize;
@@ -56,10 +51,6 @@
pub type InlineConfig = [u8; INLINE_CONFIG_SIZE];
/// Array type of CDIs.
pub type Cdi = [u8; CDI_SIZE];
-/// Array type of the public key.
-pub type PublicKey = [u8; PUBLIC_KEY_SIZE];
-/// Array type of the signature.
-pub type Signature = [u8; SIGNATURE_SIZE];
/// Array type of DICE ID.
pub type DiceId = [u8; ID_SIZE];
@@ -94,6 +85,35 @@
/// algorithm is used consistently for both the authority and subject keys in DICE derivation.
pub const VM_KEY_ALGORITHM: KeyAlgorithm = KeyAlgorithm::Ed25519;
+impl KeyAlgorithm {
+ /// Returns the size of the public key.
+ pub fn public_key_size(&self) -> usize {
+ match self {
+ KeyAlgorithm::Ed25519 => 32,
+ KeyAlgorithm::EcdsaP256 => 64,
+ KeyAlgorithm::EcdsaP384 => 96,
+ }
+ }
+
+ /// Returns the size of the signature.
+ pub fn signature_size(&self) -> usize {
+ match self {
+ KeyAlgorithm::Ed25519 => 64,
+ KeyAlgorithm::EcdsaP256 => 64,
+ KeyAlgorithm::EcdsaP384 => 96,
+ }
+ }
+
+ /// Returns the size of the private key.
+ pub fn private_key_size(&self) -> usize {
+ match self {
+ KeyAlgorithm::Ed25519 => 64,
+ KeyAlgorithm::EcdsaP256 => 32,
+ KeyAlgorithm::EcdsaP384 => 48,
+ }
+ }
+}
+
/// A trait for types that represent Dice artifacts, which include:
///
/// - Attestation CDI
diff --git a/libs/dice/open_dice/src/lib.rs b/libs/dice/open_dice/src/lib.rs
index 66e93cf..a347d46 100644
--- a/libs/dice/open_dice/src/lib.rs
+++ b/libs/dice/open_dice/src/lib.rs
@@ -35,8 +35,8 @@
pub use dice::{
derive_cdi_certificate_id, derive_cdi_private_key_seed, dice_main_flow, Cdi, CdiValues, Config,
DiceArtifacts, DiceMode, Hash, Hidden, InlineConfig, InputValues, KeyAlgorithm, PrivateKey,
- PrivateKeySeed, PublicKey, Signature, CDI_SIZE, HASH_SIZE, HIDDEN_SIZE, ID_SIZE,
- PRIVATE_KEY_SEED_SIZE, VM_KEY_ALGORITHM,
+ PrivateKeySeed, CDI_SIZE, HASH_SIZE, HIDDEN_SIZE, ID_SIZE, PRIVATE_KEY_SEED_SIZE,
+ VM_KEY_ALGORITHM,
};
pub use error::{DiceError, Result};
pub use ops::{
diff --git a/libs/dice/open_dice/src/ops.rs b/libs/dice/open_dice/src/ops.rs
index 47b5244..137736f 100644
--- a/libs/dice/open_dice/src/ops.rs
+++ b/libs/dice/open_dice/src/ops.rs
@@ -17,10 +17,11 @@
//! main DICE functions depend on.
use crate::dice::{
- derive_cdi_private_key_seed, DiceArtifacts, Hash, InputValues, PrivateKey, PublicKey,
- Signature, HASH_SIZE, PRIVATE_KEY_SEED_SIZE, PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, SIGNATURE_SIZE,
+ derive_cdi_private_key_seed, DiceArtifacts, Hash, InputValues, PrivateKey, HASH_SIZE,
+ PRIVATE_KEY_SEED_SIZE, PRIVATE_KEY_SIZE, VM_KEY_ALGORITHM,
};
-use crate::error::{check_result, Result};
+use crate::error::{check_result, DiceError, Result};
+use alloc::{vec, vec::Vec};
use open_dice_cbor_bindgen::{
DiceGenerateCertificate, DiceHash, DiceKdf, DiceKeypairFromSeed, DiceSign, DiceVerify,
};
@@ -71,8 +72,8 @@
/// Deterministically generates a public and private key pair from `seed`.
/// Since this is deterministic, `seed` is as sensitive as a private key and can
/// be used directly as the private key.
-pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(PublicKey, PrivateKey)> {
- let mut public_key = [0u8; PUBLIC_KEY_SIZE];
+pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(Vec<u8>, PrivateKey)> {
+ let mut public_key = vec![0u8; VM_KEY_ALGORITHM.public_key_size()];
let mut private_key = PrivateKey::default();
check_result(
// SAFETY: The function writes to the `public_key` and `private_key` within the given
@@ -106,8 +107,8 @@
}
/// Signs the `message` with the give `private_key` using `DiceSign`.
-pub fn sign(message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Signature> {
- let mut signature = [0u8; SIGNATURE_SIZE];
+pub fn sign(message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Vec<u8>> {
+ let mut signature = vec![0u8; VM_KEY_ALGORITHM.signature_size()];
check_result(
// SAFETY: The function writes to the `signature` within the given bounds, and only reads
// the message and the private key. The first argument context is not used in this
@@ -127,7 +128,12 @@
}
/// Verifies the `signature` of the `message` with the given `public_key` using `DiceVerify`.
-pub fn verify(message: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<()> {
+pub fn verify(message: &[u8], signature: &[u8], public_key: &[u8]) -> Result<()> {
+ if signature.len() != VM_KEY_ALGORITHM.signature_size()
+ || public_key.len() != VM_KEY_ALGORITHM.public_key_size()
+ {
+ return Err(DiceError::InvalidInput);
+ }
check_result(
// SAFETY: only reads the messages, signature and public key as constant values.
// The first argument context is not used in this function.