[cbor] Use libcoset/libciborium to convert ed25519 pub key to cbor
This replaces the manual serialization and makes the code easier
to read and maintain.
The test diced_open_dice_cbor_test ensures that the result is
exactly the same as before.
Test: atest diced_open_dice_cbor_test
Change-Id: Ice6ed3f71875c52a11e1fe4c36d5ff0d8ab9ae6d
diff --git a/diced/src/sample_inputs.rs b/diced/src/sample_inputs.rs
index 19200a5..f32b630 100644
--- a/diced/src/sample_inputs.rs
+++ b/diced/src/sample_inputs.rs
@@ -16,6 +16,8 @@
//! as well as tuple of CDIs and BCC derived thereof.
use anyhow::{anyhow, Context, Result};
+use ciborium::value::Value;
+use coset::{iana, Algorithm, CborSerializable, CoseKey, KeyOperation, KeyType, Label};
use diced_open_dice::{
derive_cdi_private_key_seed, keypair_from_seed, retry_bcc_format_config_descriptor,
retry_bcc_main_flow, retry_dice_main_flow, Config, DiceArtifacts, DiceMode, InputValues,
@@ -23,7 +25,6 @@
};
use diced_utils::cbor;
use std::ffi::CStr;
-use std::io::Write;
/// Sample UDS used to perform the root dice flow by `make_sample_bcc_and_cdis`.
pub const UDS: &[u8; CDI_SIZE] = &[
@@ -74,35 +75,22 @@
0x0a, 0xde, 0x29, 0x24, 0xff, 0x2e, 0xfa, 0xc7, 0x10, 0xd5, 0x73, 0xd4, 0xc6, 0xdf, 0x62, 0x9f,
];
-fn encode_pub_key_ed25519(pub_key: &[u8], stream: &mut dyn Write) -> Result<()> {
- cbor::encode_header(5 /* CBOR MAP */, 5, stream)
- .context("In encode_pub_key_ed25519: Trying to encode map header.")?;
- cbor::encode_number(1, stream)
- .context("In encode_pub_key_ed25519: Trying to encode Key type tag.")?;
- cbor::encode_number(1, stream)
- .context("In encode_pub_key_ed25519: Trying to encode Key type.")?;
- cbor::encode_number(3, stream)
- .context("In encode_pub_key_ed25519: Trying to encode algorithm tag.")?;
- // Encoding a -8 for AlgorithmEdDSA. The encoded number is -1 - <header argument>,
- // the an argument of 7 below.
- cbor::encode_header(1 /* CBOR NEGATIVE INT */, 7 /* -1 -7 = -8*/, stream)
- .context("In encode_pub_key_ed25519: Trying to encode algorithm.")?;
- cbor::encode_number(4, stream)
- .context("In encode_pub_key_ed25519: Trying to encode ops tag.")?;
- // Encoding a single-element array for key ops
- cbor::encode_header(4 /* CBOR ARRAY */, 1, stream)
- .context("In encode_pub_key_ed25519: Trying to encode ops array header.")?;
- // Ops 2 for verify.
- cbor::encode_number(2, stream).context("In encode_pub_key_ed25519: Trying to encode ops.")?;
- cbor::encode_header(1 /* CBOR NEGATIVE INT */, 0 /* -1 -0 = -1*/, stream)
- .context("In encode_pub_key_ed25519: Trying to encode curve tag.")?;
- // Curve 6 for Ed25519
- cbor::encode_number(6, stream).context("In encode_pub_key_ed25519: Trying to encode curve.")?;
- cbor::encode_header(1 /* CBOR NEGATIVE INT */, 1 /* -1 -1 = -2*/, stream)
- .context("In encode_pub_key_ed25519: Trying to encode X coordinate tag.")?;
- cbor::encode_bstr(pub_key, stream)
- .context("In encode_pub_key_ed25519: Trying to encode X coordinate.")?;
- Ok(())
+fn ed25519_public_key_to_cbor(public_key: &[u8]) -> Result<Vec<u8>> {
+ let key = CoseKey {
+ kty: KeyType::Assigned(iana::KeyType::OKP),
+ alg: Some(Algorithm::Assigned(iana::Algorithm::EdDSA)),
+ key_ops: vec![KeyOperation::Assigned(iana::KeyOperation::Verify)].into_iter().collect(),
+ params: vec![
+ (
+ Label::Int(iana::Ec2KeyParameter::Crv as i64),
+ Value::from(iana::EllipticCurve::Ed25519 as u64),
+ ),
+ (Label::Int(iana::Ec2KeyParameter::X as i64), Value::Bytes(public_key.to_vec())),
+ ],
+ ..Default::default()
+ };
+ key.to_vec()
+ .map_err(|e| anyhow!(format!("Failed to serialize the key to CBOR data. Error: {e}")))
}
/// Makes a DICE chain (BCC) from the sample input.
@@ -119,8 +107,7 @@
let mut bcc: Vec<u8> = vec![];
cbor::encode_header(4 /* CBOR ARRAY */, 2, &mut bcc)
.context("In make_sample_bcc_and_cdis: Trying to encode array header.")?;
- encode_pub_key_ed25519(&public_key, &mut bcc)
- .context("In make_sample_bcc_and_cdis: Trying encode pub_key.")?;
+ bcc.extend(ed25519_public_key_to_cbor(&public_key)?);
// Appends ABL certificate to DICE chain.
let config_descriptor = retry_bcc_format_config_descriptor(