blob: 30ab76096cee19f018551f70c6c404ae2d5f61a0 [file] [log] [blame]
Janis Danisevskis13356b22021-10-20 09:44:12 -07001// Copyright 2021, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! Implements safe wrappers around the public API of libopen-dice.
16//! ## Example:
17//! ```
18//! use diced_open_dice_cbor as dice;
19//!
20//! let context = dice::dice::OpenDiceCborContext::new()
21//! let parent_cdi_attest = [1u8, dice::CDI_SIZE];
22//! let parent_cdi_seal = [2u8, dice::CDI_SIZE];
Alice Wangb68814b2023-02-02 13:15:32 +000023//! let input_values = dice::InputValues::new(
24//! [3u8, dice::HASH_SIZE], // code_hash
25//! dice::Config::Descriptor(&"My descriptor".as_bytes().to_vec()),
26//! [0u8, dice::HASH_SIZE], // authority_hash
27//! dice::DiceMode::kDiceModeNormal,
28//! [0u8, dice::HIDDEN_SIZE], // hidden
Janis Danisevskis13356b22021-10-20 09:44:12 -070029//! };
30//! let (cdi_attest, cdi_seal, cert_chain) = context
31//! .main_flow(&parent_cdi_attest, &parent_cdi_seal, &input_values)?;
32//! ```
33
Alice Wang856d6562023-02-03 13:51:08 +000034pub use diced_open_dice::{
Alice Wang9c40eca2023-02-03 13:10:24 +000035 check_result, retry_bcc_format_config_descriptor, Config, DiceError, Hash, Hidden, InputValues,
36 Result, CDI_SIZE, HASH_SIZE, HIDDEN_SIZE,
Alice Wang856d6562023-02-03 13:51:08 +000037};
38use keystore2_crypto::ZVec;
Janis Danisevskis2cef73f2021-11-03 15:02:48 -070039use open_dice_bcc_bindgen::BccMainFlow;
Alice Wang97d47a72023-01-31 12:48:02 +000040pub use open_dice_cbor_bindgen::DiceMode;
Janis Danisevskis13356b22021-10-20 09:44:12 -070041use open_dice_cbor_bindgen::{
Alice Wang0b9e1102023-02-02 09:57:06 +000042 DiceDeriveCdiCertificateId, DiceDeriveCdiPrivateKeySeed, DiceGenerateCertificate, DiceHash,
Alice Wang3213d492023-02-03 15:52:18 +000043 DiceKdf, DiceKeypairFromSeed, DiceMainFlow, DiceSign, DiceVerify, DICE_ID_SIZE,
Alice Wangb68814b2023-02-02 13:15:32 +000044 DICE_PRIVATE_KEY_SEED_SIZE, DICE_PRIVATE_KEY_SIZE, DICE_PUBLIC_KEY_SIZE, DICE_SIGNATURE_SIZE,
Janis Danisevskis13356b22021-10-20 09:44:12 -070045};
Alice Wang856d6562023-02-03 13:51:08 +000046use std::ffi::c_void;
Janis Danisevskis13356b22021-10-20 09:44:12 -070047
Janis Danisevskis13356b22021-10-20 09:44:12 -070048/// The size of a private key seed.
49pub const PRIVATE_KEY_SEED_SIZE: usize = DICE_PRIVATE_KEY_SEED_SIZE as usize;
Janis Danisevskis13356b22021-10-20 09:44:12 -070050/// The size of an ID.
51pub const ID_SIZE: usize = DICE_ID_SIZE as usize;
52/// The size of a private key.
53pub const PRIVATE_KEY_SIZE: usize = DICE_PRIVATE_KEY_SIZE as usize;
54/// The size of a public key.
55pub const PUBLIC_KEY_SIZE: usize = DICE_PUBLIC_KEY_SIZE as usize;
56/// The size of a signature.
57pub const SIGNATURE_SIZE: usize = DICE_SIGNATURE_SIZE as usize;
58
Janis Danisevskis13356b22021-10-20 09:44:12 -070059/// Multiple of the open dice function required preallocated output buffer
60/// which may be too small, this function implements the retry logic to handle
61/// too small buffer allocations.
62/// The callback `F` must expect a mutable reference to a buffer and a size hint
63/// field. The callback is called repeatedly as long as it returns
64/// `Err(Error::BufferTooSmall)`. If the size hint remains 0, the buffer size is
65/// doubled with each iteration. If the size hint is set by the callback, the buffer
66/// will be set to accommodate at least this many bytes.
67/// If the callback returns `Ok(())`, the buffer is truncated to the size hint
68/// exactly.
69/// The function panics if the callback returns `Ok(())` and the size hint is
70/// larger than the buffer size.
Alice Wang9c40eca2023-02-03 13:10:24 +000071/// TODO(b/267575445): Remove this method once we migrate all its callers to
72/// `retry_with_bigger_buffer` in `diced_open_dice`.
Janis Danisevskis13356b22021-10-20 09:44:12 -070073fn retry_while_adjusting_output_buffer<F>(mut f: F) -> Result<Vec<u8>>
74where
75 F: FnMut(&mut Vec<u8>, &mut usize) -> Result<()>,
76{
77 let mut buffer = vec![0; INITIAL_OUT_BUFFER_SIZE];
78 let mut actual_size: usize = 0;
79 loop {
80 match f(&mut buffer, &mut actual_size) {
81 // If Error::BufferTooSmall was returned, the allocated certificate
82 // buffer was to small for the output. So the buffer is resized to the actual
83 // size, and a second attempt is made with the new buffer.
Alice Wang856d6562023-02-03 13:51:08 +000084 Err(DiceError::BufferTooSmall) => {
Janis Danisevskis13356b22021-10-20 09:44:12 -070085 let new_size = if actual_size == 0 {
86 // Due to an off spec implementation of open dice cbor, actual size
87 // does not return the required size if the buffer was too small. So
88 // we have to try and approach it gradually.
89 buffer.len() * 2
90 } else {
91 actual_size
92 };
93 buffer.resize(new_size, 0);
94 continue;
95 }
96 Err(e) => return Err(e),
97 Ok(()) => {
98 if actual_size > buffer.len() {
99 panic!(
100 "actual_size larger than buffer size: open-dice function
101 may have written past the end of the buffer."
102 );
103 }
104 // Truncate the certificate buffer to the actual size because it may be
105 // smaller than the original allocation.
106 buffer.truncate(actual_size);
107 return Ok(buffer);
108 }
109 }
110 }
111}
112
113/// Some libopen-dice variants use a context. Developers that want to customize these
114/// bindings may want to implement their own Context factory that creates a context
115/// useable by their preferred backend.
116pub trait Context {
117 /// # Safety
118 /// The return value of get_context is passed to any open dice function.
119 /// Implementations must explain why the context pointer returned is safe
120 /// to be used by the open dice library.
121 unsafe fn get_context(&mut self) -> *mut c_void;
122}
123
124impl<T: Context + Send> ContextImpl for T {}
125
126/// This represents a context for the open dice library. The wrapped open dice instance, which
127/// is based on boringssl and cbor, does not use a context, so that this type is empty.
128#[derive(Default)]
129pub struct OpenDiceCborContext();
130
131impl OpenDiceCborContext {
132 /// Construct a new instance of OpenDiceCborContext.
133 pub fn new() -> Self {
134 Default::default()
135 }
136}
137
138impl Context for OpenDiceCborContext {
139 unsafe fn get_context(&mut self) -> *mut c_void {
140 // # Safety
141 // The open dice cbor implementation does not use a context. It is safe
142 // to return NULL.
143 std::ptr::null_mut()
144 }
145}
146
147/// Type alias for ZVec indicating that it holds a CDI_ATTEST secret.
148pub type CdiAttest = ZVec;
149
150/// Type alias for ZVec indicating that it holds a CDI_SEAL secret.
151pub type CdiSeal = ZVec;
152
153/// Type alias for Vec<u8> indicating that it hold a DICE certificate.
154pub type Cert = Vec<u8>;
155
Janis Danisevskis2cef73f2021-11-03 15:02:48 -0700156/// Type alias for Vec<u8> indicating that it holds a BCC certificate chain.
157pub type Bcc = Vec<u8>;
158
Janis Danisevskis13356b22021-10-20 09:44:12 -0700159const INITIAL_OUT_BUFFER_SIZE: usize = 1024;
160
161/// ContextImpl is a mixin trait that implements the safe wrappers around the open dice
162/// library calls. Implementations must implement Context::get_context(). As of
163/// this writing, the only implementation is OpenDiceCborContext, which returns NULL.
164pub trait ContextImpl: Context + Send {
165 /// Safe wrapper around open-dice DiceDeriveCdiPrivateKeySeed, see open dice
166 /// documentation for details.
167 fn derive_cdi_private_key_seed(&mut self, cdi_attest: &[u8; CDI_SIZE]) -> Result<ZVec> {
168 let mut seed = ZVec::new(PRIVATE_KEY_SEED_SIZE)?;
169 // SAFETY:
170 // * The first context argument may be NULL and is unused by the wrapped
171 // implementation.
172 // * The second argument is expected to be a const array of size CDI_SIZE.
173 // * The third argument is expected to be a non const array of size
174 // PRIVATE_KEY_SEED_SIZE which is fulfilled if the call to ZVec::new above
175 // succeeds.
176 // * No pointers are expected to be valid beyond the scope of the function
177 // call.
178 check_result(unsafe {
179 DiceDeriveCdiPrivateKeySeed(self.get_context(), cdi_attest.as_ptr(), seed.as_mut_ptr())
180 })?;
181 Ok(seed)
182 }
183
184 /// Safe wrapper around open-dice DiceDeriveCdiCertificateId, see open dice
185 /// documentation for details.
186 fn derive_cdi_certificate_id(&mut self, cdi_public_key: &[u8]) -> Result<ZVec> {
187 let mut id = ZVec::new(ID_SIZE)?;
188 // SAFETY:
189 // * The first context argument may be NULL and is unused by the wrapped
190 // implementation.
191 // * The second argument is expected to be a const array with a size given by the
192 // third argument.
193 // * The fourth argument is expected to be a non const array of size
194 // ID_SIZE which is fulfilled if the call to ZVec::new above succeeds.
195 // * No pointers are expected to be valid beyond the scope of the function
196 // call.
197 check_result(unsafe {
198 DiceDeriveCdiCertificateId(
199 self.get_context(),
200 cdi_public_key.as_ptr(),
201 cdi_public_key.len(),
202 id.as_mut_ptr(),
203 )
204 })?;
205 Ok(id)
206 }
207
208 /// Safe wrapper around open-dice DiceMainFlow, see open dice
209 /// documentation for details.
210 /// Returns a tuple of:
211 /// * The next attestation CDI,
212 /// * the next seal CDI, and
213 /// * the next attestation certificate.
214 /// `(next_attest_cdi, next_seal_cdi, next_attestation_cert)`
Alice Wangb68814b2023-02-02 13:15:32 +0000215 fn main_flow(
Janis Danisevskis13356b22021-10-20 09:44:12 -0700216 &mut self,
217 current_cdi_attest: &[u8; CDI_SIZE],
218 current_cdi_seal: &[u8; CDI_SIZE],
Alice Wangb68814b2023-02-02 13:15:32 +0000219 input_values: &InputValues,
Janis Danisevskis13356b22021-10-20 09:44:12 -0700220 ) -> Result<(CdiAttest, CdiSeal, Cert)> {
221 let mut next_attest = CdiAttest::new(CDI_SIZE)?;
222 let mut next_seal = CdiSeal::new(CDI_SIZE)?;
223
224 // SAFETY (DiceMainFlow):
225 // * The first context argument may be NULL and is unused by the wrapped
226 // implementation.
227 // * The second argument and the third argument are const arrays of size CDI_SIZE.
228 // This is fulfilled as per the definition of the arguments `current_cdi_attest`
229 // and `current_cdi_seal.
230 // * The fourth argument is a pointer to `DiceInputValues`. It, and its indirect
Alice Wangb68814b2023-02-02 13:15:32 +0000231 // references must be valid for the duration of the function call.
Janis Danisevskis13356b22021-10-20 09:44:12 -0700232 // * The fifth and sixth argument are the length of and the pointer to the
233 // allocated certificate buffer respectively. They are used to return
234 // the generated certificate.
235 // * The seventh argument is a pointer to a mutable usize object. It is
236 // used to return the actual size of the output certificate.
237 // * The eighth argument and the ninth argument are pointers to mutable buffers of size
238 // CDI_SIZE. This is fulfilled if the allocation above succeeded.
239 // * No pointers are expected to be valid beyond the scope of the function
240 // call.
Alice Wangb68814b2023-02-02 13:15:32 +0000241 let cert = retry_while_adjusting_output_buffer(|cert, actual_size| {
242 check_result(unsafe {
243 DiceMainFlow(
244 self.get_context(),
245 current_cdi_attest.as_ptr(),
246 current_cdi_seal.as_ptr(),
247 input_values.as_ptr(),
248 cert.len(),
249 cert.as_mut_ptr(),
250 actual_size as *mut _,
251 next_attest.as_mut_ptr(),
252 next_seal.as_mut_ptr(),
253 )
254 })
255 })?;
256 Ok((next_attest, next_seal, cert))
Janis Danisevskis13356b22021-10-20 09:44:12 -0700257 }
258
259 /// Safe wrapper around open-dice DiceHash, see open dice
260 /// documentation for details.
261 fn hash(&mut self, input: &[u8]) -> Result<Vec<u8>> {
262 let mut output: Vec<u8> = vec![0; HASH_SIZE];
263
264 // SAFETY:
265 // * The first context argument may be NULL and is unused by the wrapped
266 // implementation.
267 // * The second argument and the third argument are the pointer to and length of the given
268 // input buffer respectively.
269 // * The fourth argument must be a pointer to a mutable buffer of size HASH_SIZE
270 // which is fulfilled by the allocation above.
271 check_result(unsafe {
272 DiceHash(self.get_context(), input.as_ptr(), input.len(), output.as_mut_ptr())
273 })?;
274 Ok(output)
275 }
276
277 /// Safe wrapper around open-dice DiceKdf, see open dice
278 /// documentation for details.
279 fn kdf(&mut self, length: usize, input_key: &[u8], salt: &[u8], info: &[u8]) -> Result<ZVec> {
280 let mut output = ZVec::new(length)?;
281
282 // SAFETY:
283 // * The first context argument may be NULL and is unused by the wrapped
284 // implementation.
285 // * The second argument is primitive.
286 // * The third argument and the fourth argument are the pointer to and length of the given
287 // input key.
288 // * The fifth argument and the sixth argument are the pointer to and length of the given
289 // salt.
290 // * The seventh argument and the eighth argument are the pointer to and length of the
291 // given info field.
292 // * The ninth argument is a pointer to the output buffer which must have the
293 // length given by the `length` argument (see second argument). This is
294 // fulfilled if the allocation of `output` succeeds.
295 // * All pointers must be valid for the duration of the function call, but not
296 // longer.
297 check_result(unsafe {
298 DiceKdf(
299 self.get_context(),
300 length,
301 input_key.as_ptr(),
302 input_key.len(),
303 salt.as_ptr(),
304 salt.len(),
305 info.as_ptr(),
306 info.len(),
307 output.as_mut_ptr(),
308 )
309 })?;
310 Ok(output)
311 }
312
313 /// Safe wrapper around open-dice DiceKeyPairFromSeed, see open dice
314 /// documentation for details.
315 fn keypair_from_seed(&mut self, seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(Vec<u8>, ZVec)> {
316 let mut private_key = ZVec::new(PRIVATE_KEY_SIZE)?;
317 let mut public_key = vec![0u8; PUBLIC_KEY_SIZE];
318
319 // SAFETY:
320 // * The first context argument may be NULL and is unused by the wrapped
321 // implementation.
322 // * The second argument is a pointer to a const buffer of size `PRIVATE_KEY_SEED_SIZE`
323 // fulfilled by the definition of the argument.
324 // * The third argument and the fourth argument are mutable buffers of size
325 // `PRIVATE_KEY_SIZE` and `PUBLIC_KEY_SIZE` respectively. This is fulfilled by the
326 // allocations above.
327 // * All pointers must be valid for the duration of the function call but not beyond.
328 check_result(unsafe {
329 DiceKeypairFromSeed(
330 self.get_context(),
331 seed.as_ptr(),
332 public_key.as_mut_ptr(),
333 private_key.as_mut_ptr(),
334 )
335 })?;
336 Ok((public_key, private_key))
337 }
338
339 /// Safe wrapper around open-dice DiceSign, see open dice
340 /// documentation for details.
341 fn sign(&mut self, message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Vec<u8>> {
342 let mut signature = vec![0u8; SIGNATURE_SIZE];
343
344 // SAFETY:
345 // * The first context argument may be NULL and is unused by the wrapped
346 // implementation.
347 // * The second argument and the third argument are the pointer to and length of the given
348 // message buffer.
349 // * The fourth argument is a const buffer of size `PRIVATE_KEY_SIZE`. This is fulfilled
350 // by the definition of `private key`.
351 // * The fifth argument is mutable buffer of size `SIGNATURE_SIZE`. This is fulfilled
352 // by the allocation above.
353 // * All pointers must be valid for the duration of the function call but not beyond.
354 check_result(unsafe {
355 DiceSign(
356 self.get_context(),
357 message.as_ptr(),
358 message.len(),
359 private_key.as_ptr(),
360 signature.as_mut_ptr(),
361 )
362 })?;
363 Ok(signature)
364 }
365
366 /// Safe wrapper around open-dice DiceVerify, see open dice
367 /// documentation for details.
368 fn verify(
369 &mut self,
370 message: &[u8],
371 signature: &[u8; SIGNATURE_SIZE],
372 public_key: &[u8; PUBLIC_KEY_SIZE],
373 ) -> Result<()> {
374 // SAFETY:
375 // * The first context argument may be NULL and is unused by the wrapped
376 // implementation.
377 // * The second argument and the third argument are the pointer to and length of the given
378 // message buffer.
379 // * The fourth argument is a const buffer of size `SIGNATURE_SIZE`. This is fulfilled
380 // by the definition of `signature`.
381 // * The fifth argument is a const buffer of size `PUBLIC_KEY_SIZE`. This is fulfilled
382 // by the definition of `public_key`.
383 // * All pointers must be valid for the duration of the function call but not beyond.
384 check_result(unsafe {
385 DiceVerify(
386 self.get_context(),
387 message.as_ptr(),
388 message.len(),
389 signature.as_ptr(),
390 public_key.as_ptr(),
391 )
392 })
393 }
394
395 /// Safe wrapper around open-dice DiceGenerateCertificate, see open dice
396 /// documentation for details.
Alice Wangb68814b2023-02-02 13:15:32 +0000397 fn generate_certificate(
Janis Danisevskis13356b22021-10-20 09:44:12 -0700398 &mut self,
399 subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
400 authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
Alice Wangb68814b2023-02-02 13:15:32 +0000401 input_values: &InputValues,
Janis Danisevskis13356b22021-10-20 09:44:12 -0700402 ) -> Result<Vec<u8>> {
Alice Wangb68814b2023-02-02 13:15:32 +0000403 // SAFETY (DiceGenerateCertificate):
Janis Danisevskis13356b22021-10-20 09:44:12 -0700404 // * The first context argument may be NULL and is unused by the wrapped
405 // implementation.
406 // * The second argument and the third argument are const arrays of size
407 // `PRIVATE_KEY_SEED_SIZE`. This is fulfilled as per the definition of the arguments.
408 // * The fourth argument is a pointer to `DiceInputValues` it, and its indirect
Alice Wangb68814b2023-02-02 13:15:32 +0000409 // references must be valid for the duration of the function call.
Janis Danisevskis13356b22021-10-20 09:44:12 -0700410 // * The fifth argument and the sixth argument are the length of and the pointer to the
411 // allocated certificate buffer respectively. They are used to return
412 // the generated certificate.
Janis Danisevskis2cef73f2021-11-03 15:02:48 -0700413 // * The seventh argument is a pointer to a mutable usize object. It is
Janis Danisevskis13356b22021-10-20 09:44:12 -0700414 // used to return the actual size of the output certificate.
415 // * All pointers must be valid for the duration of the function call but not beyond.
Alice Wangb68814b2023-02-02 13:15:32 +0000416 let cert = retry_while_adjusting_output_buffer(|cert, actual_size| {
417 check_result(unsafe {
418 DiceGenerateCertificate(
419 self.get_context(),
420 subject_private_key_seed.as_ptr(),
421 authority_private_key_seed.as_ptr(),
422 input_values.as_ptr(),
423 cert.len(),
424 cert.as_mut_ptr(),
425 actual_size as *mut _,
426 )
427 })
428 })?;
429 Ok(cert)
Janis Danisevskis13356b22021-10-20 09:44:12 -0700430 }
Janis Danisevskis2cef73f2021-11-03 15:02:48 -0700431
432 /// Safe wrapper around open-dice BccDiceMainFlow, see open dice
433 /// documentation for details.
434 /// Returns a tuple of:
435 /// * The next attestation CDI,
436 /// * the next seal CDI, and
437 /// * the next bcc adding the new certificate to the given bcc.
438 /// `(next_attest_cdi, next_seal_cdi, next_bcc)`
Alice Wangb68814b2023-02-02 13:15:32 +0000439 fn bcc_main_flow(
Janis Danisevskis2cef73f2021-11-03 15:02:48 -0700440 &mut self,
441 current_cdi_attest: &[u8; CDI_SIZE],
442 current_cdi_seal: &[u8; CDI_SIZE],
443 bcc: &[u8],
Alice Wangb68814b2023-02-02 13:15:32 +0000444 input_values: &InputValues,
Janis Danisevskis2cef73f2021-11-03 15:02:48 -0700445 ) -> Result<(CdiAttest, CdiSeal, Bcc)> {
446 let mut next_attest = CdiAttest::new(CDI_SIZE)?;
447 let mut next_seal = CdiSeal::new(CDI_SIZE)?;
448
449 // SAFETY (BccMainFlow):
450 // * The first context argument may be NULL and is unused by the wrapped
451 // implementation.
452 // * The second argument and the third argument are const arrays of size CDI_SIZE.
453 // This is fulfilled as per the definition of the arguments `current_cdi_attest`
454 // and `current_cdi_seal`.
455 // * The fourth argument and the fifth argument are the pointer to and size of the buffer
456 // holding the current bcc.
457 // * The sixth argument is a pointer to `DiceInputValues` it, and its indirect
Alice Wangb68814b2023-02-02 13:15:32 +0000458 // references must be valid for the duration of the function call.
Janis Danisevskis2cef73f2021-11-03 15:02:48 -0700459 // * The seventh argument and the eighth argument are the length of and the pointer to the
460 // allocated certificate buffer respectively. They are used to return the generated
461 // certificate.
462 // * The ninth argument is a pointer to a mutable usize object. It is
463 // used to return the actual size of the output certificate.
464 // * The tenth argument and the eleventh argument are pointers to mutable buffers of
465 // size CDI_SIZE. This is fulfilled if the allocation above succeeded.
466 // * No pointers are expected to be valid beyond the scope of the function
467 // call.
Alice Wangb68814b2023-02-02 13:15:32 +0000468 let next_bcc = retry_while_adjusting_output_buffer(|next_bcc, actual_size| {
469 check_result(unsafe {
470 BccMainFlow(
471 self.get_context(),
472 current_cdi_attest.as_ptr(),
473 current_cdi_seal.as_ptr(),
474 bcc.as_ptr(),
475 bcc.len(),
476 input_values.as_ptr(),
477 next_bcc.len(),
478 next_bcc.as_mut_ptr(),
479 actual_size as *mut _,
480 next_attest.as_mut_ptr(),
481 next_seal.as_mut_ptr(),
482 )
483 })
484 })?;
485 Ok((next_attest, next_seal, next_bcc))
Janis Danisevskis2cef73f2021-11-03 15:02:48 -0700486 }
487}
488
Janis Danisevskisdb78b772021-11-29 17:59:50 -0800489#[cfg(test)]
490mod test {
491 use super::*;
492 use diced_sample_inputs::make_sample_bcc_and_cdis;
493 use std::convert::TryInto;
494
495 static SEED_TEST_VECTOR: &[u8] = &[
496 0xfa, 0x3c, 0x2f, 0x58, 0x37, 0xf5, 0x8e, 0x96, 0x16, 0x09, 0xf5, 0x22, 0xa1, 0xf1, 0xba,
497 0xaa, 0x19, 0x95, 0x01, 0x79, 0x2e, 0x60, 0x56, 0xaf, 0xf6, 0x41, 0xe7, 0xff, 0x48, 0xf5,
498 0x3a, 0x08, 0x84, 0x8a, 0x98, 0x85, 0x6d, 0xf5, 0x69, 0x21, 0x03, 0xcd, 0x09, 0xc3, 0x28,
499 0xd6, 0x06, 0xa7, 0x57, 0xbd, 0x48, 0x4b, 0x0f, 0x79, 0x0f, 0xf8, 0x2f, 0xf0, 0x0a, 0x41,
500 0x94, 0xd8, 0x8c, 0xa8,
501 ];
502
503 static CDI_ATTEST_TEST_VECTOR: &[u8] = &[
504 0xfa, 0x3c, 0x2f, 0x58, 0x37, 0xf5, 0x8e, 0x96, 0x16, 0x09, 0xf5, 0x22, 0xa1, 0xf1, 0xba,
505 0xaa, 0x19, 0x95, 0x01, 0x79, 0x2e, 0x60, 0x56, 0xaf, 0xf6, 0x41, 0xe7, 0xff, 0x48, 0xf5,
506 0x3a, 0x08,
507 ];
508 static CDI_PRIVATE_KEY_SEED_TEST_VECTOR: &[u8] = &[
509 0x5f, 0xcc, 0x8e, 0x1a, 0xd1, 0xc2, 0xb3, 0xe9, 0xfb, 0xe1, 0x68, 0xf0, 0xf6, 0x98, 0xfe,
510 0x0d, 0xee, 0xd4, 0xb5, 0x18, 0xcb, 0x59, 0x70, 0x2d, 0xee, 0x06, 0xe5, 0x70, 0xf1, 0x72,
511 0x02, 0x6e,
512 ];
513
514 static PUB_KEY_TEST_VECTOR: &[u8] = &[
515 0x47, 0x42, 0x4b, 0xbd, 0xd7, 0x23, 0xb4, 0xcd, 0xca, 0xe2, 0x8e, 0xdc, 0x6b, 0xfc, 0x23,
516 0xc9, 0x21, 0x5c, 0x48, 0x21, 0x47, 0xee, 0x5b, 0xfa, 0xaf, 0x88, 0x9a, 0x52, 0xf1, 0x61,
517 0x06, 0x37,
518 ];
519 static PRIV_KEY_TEST_VECTOR: &[u8] = &[
520 0x5f, 0xcc, 0x8e, 0x1a, 0xd1, 0xc2, 0xb3, 0xe9, 0xfb, 0xe1, 0x68, 0xf0, 0xf6, 0x98, 0xfe,
521 0x0d, 0xee, 0xd4, 0xb5, 0x18, 0xcb, 0x59, 0x70, 0x2d, 0xee, 0x06, 0xe5, 0x70, 0xf1, 0x72,
522 0x02, 0x6e, 0x47, 0x42, 0x4b, 0xbd, 0xd7, 0x23, 0xb4, 0xcd, 0xca, 0xe2, 0x8e, 0xdc, 0x6b,
523 0xfc, 0x23, 0xc9, 0x21, 0x5c, 0x48, 0x21, 0x47, 0xee, 0x5b, 0xfa, 0xaf, 0x88, 0x9a, 0x52,
524 0xf1, 0x61, 0x06, 0x37,
525 ];
526
527 static SIGNATURE_TEST_VECTOR: &[u8] = &[
528 0x44, 0xae, 0xcc, 0xe2, 0xb9, 0x96, 0x18, 0x39, 0x0e, 0x61, 0x0f, 0x53, 0x07, 0xbf, 0xf2,
529 0x32, 0x3d, 0x44, 0xd4, 0xf2, 0x07, 0x23, 0x30, 0x85, 0x32, 0x18, 0xd2, 0x69, 0xb8, 0x29,
530 0x3c, 0x26, 0xe6, 0x0d, 0x9c, 0xa5, 0xc2, 0x73, 0xcd, 0x8c, 0xb8, 0x3c, 0x3e, 0x5b, 0xfd,
531 0x62, 0x8d, 0xf6, 0xc4, 0x27, 0xa6, 0xe9, 0x11, 0x06, 0x5a, 0xb2, 0x2b, 0x64, 0xf7, 0xfc,
532 0xbb, 0xab, 0x4a, 0x0e,
533 ];
534
535 #[test]
536 fn hash_derive_sign_verify() {
537 let mut ctx = OpenDiceCborContext::new();
538 let seed = ctx.hash("MySeedString".as_bytes()).unwrap();
539 assert_eq!(seed, SEED_TEST_VECTOR);
540 let cdi_attest = &seed[..CDI_SIZE];
541 assert_eq!(cdi_attest, CDI_ATTEST_TEST_VECTOR);
542 let cdi_private_key_seed =
543 ctx.derive_cdi_private_key_seed(cdi_attest.try_into().unwrap()).unwrap();
544 assert_eq!(&cdi_private_key_seed[..], CDI_PRIVATE_KEY_SEED_TEST_VECTOR);
545 let (pub_key, priv_key) =
546 ctx.keypair_from_seed(cdi_private_key_seed[..].try_into().unwrap()).unwrap();
547 assert_eq!(&pub_key, PUB_KEY_TEST_VECTOR);
548 assert_eq!(&priv_key[..], PRIV_KEY_TEST_VECTOR);
549 let mut signature =
550 ctx.sign("MyMessage".as_bytes(), priv_key[..].try_into().unwrap()).unwrap();
551 assert_eq!(&signature, SIGNATURE_TEST_VECTOR);
552 assert!(ctx
553 .verify(
554 "MyMessage".as_bytes(),
555 signature[..].try_into().unwrap(),
556 pub_key[..].try_into().unwrap()
557 )
558 .is_ok());
559 assert!(ctx
560 .verify(
561 "MyMessage_fail".as_bytes(),
562 signature[..].try_into().unwrap(),
563 pub_key[..].try_into().unwrap()
564 )
565 .is_err());
566 signature[0] += 1;
567 assert!(ctx
568 .verify(
569 "MyMessage".as_bytes(),
570 signature[..].try_into().unwrap(),
571 pub_key[..].try_into().unwrap()
572 )
573 .is_err());
574 }
575
576 static SAMPLE_CDI_ATTEST_TEST_VECTOR: &[u8] = &[
577 0x3e, 0x57, 0x65, 0x5d, 0x48, 0x02, 0xbd, 0x5c, 0x66, 0xcc, 0x1f, 0x0f, 0xbe, 0x5e, 0x32,
578 0xb6, 0x9e, 0x3d, 0x04, 0xaf, 0x00, 0x15, 0xbc, 0xdd, 0x1f, 0xbc, 0x59, 0xe4, 0xc3, 0x87,
579 0x95, 0x5e,
580 ];
581
582 static SAMPLE_CDI_SEAL_TEST_VECTOR: &[u8] = &[
583 0x36, 0x1b, 0xd2, 0xb3, 0xc4, 0xda, 0x77, 0xb2, 0x9c, 0xba, 0x39, 0x53, 0x82, 0x93, 0xd9,
584 0xb8, 0x9f, 0x73, 0x2d, 0x27, 0x06, 0x15, 0xa8, 0xcb, 0x6d, 0x1d, 0xf2, 0xb1, 0x54, 0xbb,
585 0x62, 0xf1,
586 ];
587
588 static SAMPLE_BCC_TEST_VECTOR: &[u8] = &[
Alan Stokes7cdcf992022-05-24 07:42:24 +0000589 0x84, 0xa5, 0x01, 0x01, 0x03, 0x27, 0x04, 0x81, 0x02, 0x20, 0x06, 0x21, 0x58, 0x20, 0x3e,
590 0x85, 0xe5, 0x72, 0x75, 0x55, 0xe5, 0x1e, 0xe7, 0xf3, 0x35, 0x94, 0x8e, 0xbb, 0xbd, 0x74,
591 0x1e, 0x1d, 0xca, 0x49, 0x9c, 0x97, 0x39, 0x77, 0x06, 0xd3, 0xc8, 0x6e, 0x8b, 0xd7, 0x33,
592 0xf9, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x8a, 0xa9, 0x01, 0x78, 0x28, 0x34,
593 0x32, 0x64, 0x38, 0x38, 0x36, 0x34, 0x66, 0x39, 0x37, 0x62, 0x36, 0x35, 0x34, 0x37, 0x61,
594 0x35, 0x30, 0x63, 0x31, 0x65, 0x30, 0x61, 0x37, 0x34, 0x39, 0x66, 0x38, 0x65, 0x66, 0x38,
595 0x62, 0x38, 0x31, 0x65, 0x63, 0x36, 0x32, 0x61, 0x66, 0x02, 0x78, 0x28, 0x31, 0x66, 0x36,
596 0x39, 0x36, 0x66, 0x30, 0x37, 0x32, 0x35, 0x32, 0x66, 0x32, 0x39, 0x65, 0x39, 0x33, 0x66,
597 0x65, 0x34, 0x64, 0x65, 0x31, 0x39, 0x65, 0x65, 0x33, 0x32, 0x63, 0x64, 0x38, 0x31, 0x64,
598 0x63, 0x34, 0x30, 0x34, 0x65, 0x37, 0x36, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0x16,
599 0x48, 0xf2, 0x55, 0x53, 0x23, 0xdd, 0x15, 0x2e, 0x83, 0x38, 0xc3, 0x64, 0x38, 0x63, 0x26,
600 0x0f, 0xcf, 0x5b, 0xd1, 0x3a, 0xd3, 0x40, 0x3e, 0x23, 0xf8, 0x34, 0x4c, 0x6d, 0xa2, 0xbe,
601 0x25, 0x1c, 0xb0, 0x29, 0xe8, 0xc3, 0xfb, 0xb8, 0x80, 0xdc, 0xb1, 0xd2, 0xb3, 0x91, 0x4d,
602 0xd3, 0xfb, 0x01, 0x0f, 0xe4, 0xe9, 0x46, 0xa2, 0xc0, 0x26, 0x57, 0x5a, 0xba, 0x30, 0xf7,
603 0x15, 0x98, 0x14, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x56, 0xa3, 0x3a, 0x00, 0x01, 0x11, 0x71,
604 0x63, 0x41, 0x42, 0x4c, 0x3a, 0x00, 0x01, 0x11, 0x72, 0x01, 0x3a, 0x00, 0x01, 0x11, 0x73,
605 0xf6, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x40, 0x47, 0xae, 0x42, 0x27, 0x4c, 0xcb, 0x65,
606 0x4d, 0xee, 0x74, 0x2d, 0x05, 0x78, 0x2a, 0x08, 0x2a, 0xa5, 0xf0, 0xcf, 0xea, 0x3e, 0x60,
607 0xee, 0x97, 0x11, 0x4b, 0x5b, 0xe6, 0x05, 0x0c, 0xe8, 0x90, 0xf5, 0x22, 0xc4, 0xc6, 0x67,
608 0x7a, 0x22, 0x27, 0x17, 0xb3, 0x79, 0xcc, 0x37, 0x64, 0x5e, 0x19, 0x4f, 0x96, 0x37, 0x67,
609 0x3c, 0xd0, 0xc5, 0xed, 0x0f, 0xdd, 0xe7, 0x2e, 0x4f, 0x70, 0x97, 0x30, 0x3a, 0x00, 0x47,
610 0x44, 0x54, 0x58, 0x40, 0xf9, 0x00, 0x9d, 0xc2, 0x59, 0x09, 0xe0, 0xb6, 0x98, 0xbd, 0xe3,
611 0x97, 0x4a, 0xcb, 0x3c, 0xe7, 0x6b, 0x24, 0xc3, 0xe4, 0x98, 0xdd, 0xa9, 0x6a, 0x41, 0x59,
612 0x15, 0xb1, 0x23, 0xe6, 0xc8, 0xdf, 0xfb, 0x52, 0xb4, 0x52, 0xc1, 0xb9, 0x61, 0xdd, 0xbc,
613 0x5b, 0x37, 0x0e, 0x12, 0x12, 0xb2, 0xfd, 0xc1, 0x09, 0xb0, 0xcf, 0x33, 0x81, 0x4c, 0xc6,
614 0x29, 0x1b, 0x99, 0xea, 0xae, 0xfd, 0xaa, 0x0d, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01,
615 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01, 0x01, 0x03, 0x27, 0x04, 0x81, 0x02,
616 0x20, 0x06, 0x21, 0x58, 0x20, 0xb1, 0x02, 0xcc, 0x2c, 0xb2, 0x6a, 0x3b, 0xe9, 0xc1, 0xd3,
617 0x95, 0x10, 0xa0, 0xe1, 0xff, 0x51, 0xde, 0x57, 0xd5, 0x65, 0x28, 0xfd, 0x7f, 0xeb, 0xd4,
618 0xca, 0x15, 0xf3, 0xca, 0xdf, 0x37, 0x88, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58,
619 0x40, 0x58, 0xd8, 0x03, 0x24, 0x53, 0x60, 0x57, 0xa9, 0x09, 0xfa, 0xab, 0xdc, 0x57, 0x1e,
620 0xf0, 0xe5, 0x1e, 0x51, 0x6f, 0x9e, 0xa3, 0x42, 0xe6, 0x6a, 0x8c, 0xaa, 0xad, 0x08, 0x48,
621 0xde, 0x7f, 0x4f, 0x6e, 0x2f, 0x7f, 0x39, 0x6c, 0xa1, 0xf8, 0x42, 0x71, 0xfe, 0x17, 0x3d,
622 0xca, 0x31, 0x83, 0x92, 0xed, 0xbb, 0x40, 0xb8, 0x10, 0xe0, 0xf2, 0x5a, 0x99, 0x53, 0x38,
623 0x46, 0x33, 0x97, 0x78, 0x05, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x8a, 0xa9,
624 0x01, 0x78, 0x28, 0x31, 0x66, 0x36, 0x39, 0x36, 0x66, 0x30, 0x37, 0x32, 0x35, 0x32, 0x66,
625 0x32, 0x39, 0x65, 0x39, 0x33, 0x66, 0x65, 0x34, 0x64, 0x65, 0x31, 0x39, 0x65, 0x65, 0x33,
626 0x32, 0x63, 0x64, 0x38, 0x31, 0x64, 0x63, 0x34, 0x30, 0x34, 0x65, 0x37, 0x36, 0x02, 0x78,
627 0x28, 0x32, 0x35, 0x39, 0x34, 0x38, 0x39, 0x65, 0x36, 0x39, 0x37, 0x34, 0x38, 0x37, 0x30,
628 0x35, 0x64, 0x65, 0x33, 0x65, 0x32, 0x66, 0x34, 0x34, 0x32, 0x36, 0x37, 0x65, 0x61, 0x34,
629 0x39, 0x33, 0x38, 0x66, 0x66, 0x36, 0x61, 0x35, 0x37, 0x32, 0x35, 0x3a, 0x00, 0x47, 0x44,
630 0x50, 0x58, 0x40, 0xa4, 0x0c, 0xcb, 0xc1, 0xbf, 0xfa, 0xcc, 0xfd, 0xeb, 0xf4, 0xfc, 0x43,
631 0x83, 0x7f, 0x46, 0x8d, 0xd8, 0xd8, 0x14, 0xc1, 0x96, 0x14, 0x1f, 0x6e, 0xb3, 0xa0, 0xd9,
632 0x56, 0xb3, 0xbf, 0x2f, 0xfa, 0x88, 0x70, 0x11, 0x07, 0x39, 0xa4, 0xd2, 0xa9, 0x6b, 0x18,
633 0x28, 0xe8, 0x29, 0x20, 0x49, 0x0f, 0xbb, 0x8d, 0x08, 0x8c, 0xc6, 0x54, 0xe9, 0x71, 0xd2,
634 0x7e, 0xa4, 0xfe, 0x58, 0x7f, 0xd3, 0xc7, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x56, 0xa3, 0x3a,
635 0x00, 0x01, 0x11, 0x71, 0x63, 0x41, 0x56, 0x42, 0x3a, 0x00, 0x01, 0x11, 0x72, 0x01, 0x3a,
636 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x40, 0x93, 0x17, 0xe1,
637 0x11, 0x27, 0x59, 0xd0, 0xef, 0x75, 0x0b, 0x2b, 0x1c, 0x0f, 0x5f, 0x52, 0xc3, 0x29, 0x23,
638 0xb5, 0x2a, 0xe6, 0x12, 0x72, 0x6f, 0x39, 0x86, 0x65, 0x2d, 0xf2, 0xe4, 0xe7, 0xd0, 0xaf,
639 0x0e, 0xa7, 0x99, 0x16, 0x89, 0x97, 0x21, 0xf7, 0xdc, 0x89, 0xdc, 0xde, 0xbb, 0x94, 0x88,
640 0x1f, 0xda, 0xe2, 0xf3, 0xe0, 0x54, 0xf9, 0x0e, 0x29, 0xb1, 0xbd, 0xe1, 0x0c, 0x0b, 0xd7,
641 0xf6, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x40, 0xb2, 0x69, 0x05, 0x48, 0x56, 0xb5, 0xfa,
642 0x55, 0x6f, 0xac, 0x56, 0xd9, 0x02, 0x35, 0x2b, 0xaa, 0x4c, 0xba, 0x28, 0xdd, 0x82, 0x3a,
643 0x86, 0xf5, 0xd4, 0xc2, 0xf1, 0xf9, 0x35, 0x7d, 0xe4, 0x43, 0x13, 0xbf, 0xfe, 0xd3, 0x36,
644 0xd8, 0x1c, 0x12, 0x78, 0x5c, 0x9c, 0x3e, 0xf6, 0x66, 0xef, 0xab, 0x3d, 0x0f, 0x89, 0xa4,
645 0x6f, 0xc9, 0x72, 0xee, 0x73, 0x43, 0x02, 0x8a, 0xef, 0xbc, 0x05, 0x98, 0x3a, 0x00, 0x47,
646 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01, 0x01, 0x03,
647 0x27, 0x04, 0x81, 0x02, 0x20, 0x06, 0x21, 0x58, 0x20, 0x96, 0x6d, 0x96, 0x42, 0xda, 0x64,
648 0x51, 0xad, 0xfa, 0x00, 0xbc, 0xbc, 0x95, 0x8a, 0xb0, 0xb9, 0x76, 0x01, 0xe6, 0xbd, 0xc0,
649 0x26, 0x79, 0x26, 0xfc, 0x0f, 0x1d, 0x87, 0x65, 0xf1, 0xf3, 0x99, 0x3a, 0x00, 0x47, 0x44,
650 0x58, 0x41, 0x20, 0x58, 0x40, 0x10, 0x7f, 0x77, 0xad, 0x70, 0xbd, 0x52, 0x81, 0x28, 0x8d,
651 0x24, 0x81, 0xb4, 0x3f, 0x21, 0x68, 0x9f, 0xc3, 0x80, 0x68, 0x86, 0x55, 0xfb, 0x2e, 0x6d,
652 0x96, 0xe1, 0xe1, 0xb7, 0x28, 0x8d, 0x63, 0x85, 0xba, 0x2a, 0x01, 0x33, 0x87, 0x60, 0x63,
653 0xbb, 0x16, 0x3f, 0x2f, 0x3d, 0xf4, 0x2d, 0x48, 0x5b, 0x87, 0xed, 0xda, 0x34, 0xeb, 0x9c,
654 0x4d, 0x14, 0xac, 0x65, 0xf4, 0xfa, 0xef, 0x45, 0x0b, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0,
655 0x59, 0x01, 0x8f, 0xa9, 0x01, 0x78, 0x28, 0x32, 0x35, 0x39, 0x34, 0x38, 0x39, 0x65, 0x36,
656 0x39, 0x37, 0x34, 0x38, 0x37, 0x30, 0x35, 0x64, 0x65, 0x33, 0x65, 0x32, 0x66, 0x34, 0x34,
657 0x32, 0x36, 0x37, 0x65, 0x61, 0x34, 0x39, 0x33, 0x38, 0x66, 0x66, 0x36, 0x61, 0x35, 0x37,
658 0x32, 0x35, 0x02, 0x78, 0x28, 0x35, 0x64, 0x34, 0x65, 0x64, 0x37, 0x66, 0x34, 0x31, 0x37,
659 0x61, 0x39, 0x35, 0x34, 0x61, 0x31, 0x38, 0x31, 0x34, 0x30, 0x37, 0x62, 0x35, 0x38, 0x38,
660 0x35, 0x61, 0x66, 0x64, 0x37, 0x32, 0x61, 0x35, 0x62, 0x66, 0x34, 0x30, 0x64, 0x61, 0x36,
661 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Janis Danisevskisdb78b772021-11-29 17:59:50 -0800662 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
663 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
664 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Alan Stokes7cdcf992022-05-24 07:42:24 +0000665 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x47, 0x44,
666 0x53, 0x58, 0x1a, 0xa3, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x67, 0x41, 0x6e, 0x64, 0x72, 0x6f,
667 0x69, 0x64, 0x3a, 0x00, 0x01, 0x11, 0x72, 0x0c, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a,
668 0x00, 0x47, 0x44, 0x52, 0x58, 0x40, 0x26, 0x1a, 0xbd, 0x26, 0xd8, 0x37, 0x8f, 0x4a, 0xf2,
669 0x9e, 0x49, 0x4d, 0x93, 0x23, 0xc4, 0x6e, 0x02, 0xda, 0xe0, 0x00, 0x02, 0xe7, 0xed, 0x29,
670 0xdf, 0x2b, 0xb3, 0x69, 0xf3, 0x55, 0x0e, 0x4c, 0x22, 0xdc, 0xcf, 0xf5, 0x92, 0xc9, 0xfa,
671 0x78, 0x98, 0xf1, 0x0e, 0x55, 0x5f, 0xf4, 0x45, 0xed, 0xc0, 0x0a, 0x72, 0x2a, 0x7a, 0x3a,
672 0xd2, 0xb1, 0xf7, 0x76, 0xfe, 0x2a, 0x6b, 0x7b, 0x2a, 0x53, 0x3a, 0x00, 0x47, 0x44, 0x54,
673 0x58, 0x40, 0x04, 0x25, 0x5d, 0x60, 0x5f, 0x5c, 0x45, 0x0d, 0xf2, 0x9a, 0x6e, 0x99, 0x30,
674 0x03, 0xb8, 0xd6, 0xe1, 0x99, 0x71, 0x1b, 0xf8, 0x44, 0xfa, 0xb5, 0x31, 0x79, 0x1c, 0x37,
675 0x68, 0x4e, 0x1d, 0xc0, 0x24, 0x74, 0x68, 0xf8, 0x80, 0x20, 0x3e, 0x44, 0xb1, 0x43, 0xd2,
676 0x9c, 0xfc, 0x12, 0x9e, 0x77, 0x0a, 0xde, 0x29, 0x24, 0xff, 0x2e, 0xfa, 0xc7, 0x10, 0xd5,
677 0x73, 0xd4, 0xc6, 0xdf, 0x62, 0x9f, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00,
678 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01, 0x01, 0x03, 0x27, 0x04, 0x81, 0x02, 0x20, 0x06,
679 0x21, 0x58, 0x20, 0xdb, 0xe7, 0x5b, 0x3f, 0xa3, 0x42, 0xb0, 0x9c, 0xf8, 0x40, 0x8c, 0xb0,
680 0x9c, 0xf0, 0x0a, 0xaf, 0xdf, 0x6f, 0xe5, 0x09, 0x21, 0x11, 0x92, 0xe1, 0xf8, 0xc5, 0x09,
681 0x02, 0x3d, 0x1f, 0xb7, 0xc5, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0xc4,
682 0xc1, 0xd7, 0x1c, 0x2d, 0x26, 0x89, 0x22, 0xcf, 0xa6, 0x99, 0x77, 0x30, 0x84, 0x86, 0x27,
683 0x59, 0x8f, 0xd8, 0x08, 0x75, 0xe0, 0xb2, 0xef, 0xf9, 0xfa, 0xa5, 0x40, 0x8c, 0xd3, 0xeb,
684 0xbb, 0xda, 0xf2, 0xc8, 0xae, 0x41, 0x22, 0x50, 0x9c, 0xe8, 0xb2, 0x9c, 0x9b, 0x3f, 0x8a,
685 0x78, 0x76, 0xab, 0xd0, 0xbe, 0xfc, 0xe4, 0x79, 0xcb, 0x1b, 0x2b, 0xaa, 0x4d, 0xdd, 0x15,
686 0x61, 0x42, 0x06,
Janis Danisevskisdb78b772021-11-29 17:59:50 -0800687 ];
688
689 // This test invokes make_sample_bcc_and_cdis and compares the result bitwise to the target
690 // vectors. The function uses main_flow, bcc_main_flow, format_config_descriptor,
691 // derive_cdi_private_key_seed, and keypair_from_seed. This test is sensitive to errors
692 // and changes in any of those functions.
693 #[test]
694 fn main_flow_and_bcc_main_flow() {
695 let (cdi_attest, cdi_seal, bcc) = make_sample_bcc_and_cdis().unwrap();
696 assert_eq!(&cdi_attest[..], SAMPLE_CDI_ATTEST_TEST_VECTOR);
697 assert_eq!(&cdi_seal[..], SAMPLE_CDI_SEAL_TEST_VECTOR);
698 assert_eq!(&bcc[..], SAMPLE_BCC_TEST_VECTOR);
699 }
700
701 static DERIVED_KEY_TEST_VECTOR: &[u8] = &[
702 0x0e, 0xd6, 0x07, 0x0e, 0x1c, 0x38, 0x2c, 0x76, 0x13, 0xc6, 0x76, 0x25, 0x7e, 0x07, 0x6f,
703 0xdb, 0x1d, 0xb1, 0x0f, 0x3f, 0xed, 0xc5, 0x2b, 0x95, 0xd1, 0x32, 0xf1, 0x63, 0x2f, 0x2a,
704 0x01, 0x5e,
705 ];
706
707 #[test]
708 fn kdf() {
709 let mut ctx = OpenDiceCborContext::new();
710 let derived_key = ctx
711 .kdf(
712 PRIVATE_KEY_SEED_SIZE,
713 "myKey".as_bytes(),
714 "mySalt".as_bytes(),
715 "myInfo".as_bytes(),
716 )
717 .unwrap();
718 assert_eq!(&derived_key[..], DERIVED_KEY_TEST_VECTOR);
719 }
720
721 static CERT_ID_TEST_VECTOR: &[u8] = &[
722 0x7a, 0x36, 0x45, 0x2c, 0x02, 0xf6, 0x2b, 0xec, 0xf9, 0x80, 0x06, 0x75, 0x87, 0xa5, 0xc1,
723 0x44, 0x0c, 0xd3, 0xc0, 0x6d,
724 ];
725
726 #[test]
727 fn derive_cdi_certificate_id() {
728 let mut ctx = OpenDiceCborContext::new();
729 let cert_id = ctx.derive_cdi_certificate_id("MyPubKey".as_bytes()).unwrap();
730 assert_eq!(&cert_id[..], CERT_ID_TEST_VECTOR);
731 }
732}