Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 7f30e5415896226e1aa9d4903593dc7fc868c2e7 / . / diced / open_dice / src / ops.rs
blob: 6b9202a33ff64987a95cd290f20834362bcee84e [file] [log] [blame]
Alice Wang24954b42023-02-06 10:03:45 +0000[diff] [blame]1// Copyright 2023, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! This module mirrors the content in open-dice/include/dice/ops.h
16//! It contains the set of functions that implement various operations that the
17//! main DICE functions depend on.
18
Alice Wang8722d9e2023-02-13 14:56:56 +0000[diff] [blame]19use crate::dice::{
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame]20 Hash, InputValues, PrivateKey, PublicKey, Signature, HASH_SIZE, PRIVATE_KEY_SEED_SIZE,
21 PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, SIGNATURE_SIZE,
Alice Wang8722d9e2023-02-13 14:56:56 +0000[diff] [blame]22};
Alice Wang24954b42023-02-06 10:03:45 +0000[diff] [blame]23use crate::error::{check_result, Result};
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame]24use open_dice_cbor_bindgen::{
25 DiceGenerateCertificate, DiceHash, DiceKdf, DiceKeypairFromSeed, DiceSign, DiceVerify,
26};
Alice Wang24954b42023-02-06 10:03:45 +0000[diff] [blame]27use std::ptr;
28
29/// Hashes the provided input using DICE's hash function `DiceHash`.
30pub fn hash(input: &[u8]) -> Result<Hash> {
31 let mut output: Hash = [0; HASH_SIZE];
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]32 check_result(
Andrew Walbran7f30e542023-07-07 13:42:25 +0100[diff] [blame^]33 // SAFETY: DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
34 // The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]35 unsafe {
36 DiceHash(
37 ptr::null_mut(), // context
38 input.as_ptr(),
39 input.len(),
40 output.as_mut_ptr(),
41 )
42 },
43 output.len(),
44 )?;
Alice Wang24954b42023-02-06 10:03:45 +0000[diff] [blame]45 Ok(output)
46}
Alice Wang6ef44bc2023-02-08 12:08:32 +0000[diff] [blame]47
48/// An implementation of HKDF-SHA512. Derives a key of `derived_key.len()` bytes from `ikm`, `salt`,
49/// and `info`. The derived key is written to the `derived_key`.
50pub fn kdf(ikm: &[u8], salt: &[u8], info: &[u8], derived_key: &mut [u8]) -> Result<()> {
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]51 check_result(
Andrew Walbran7f30e542023-07-07 13:42:25 +0100[diff] [blame^]52 // SAFETY: The function writes to the `derived_key`, within the given bounds, and only reads
53 // the input values. The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]54 unsafe {
55 DiceKdf(
56 ptr::null_mut(), // context
57 derived_key.len(),
58 ikm.as_ptr(),
59 ikm.len(),
60 salt.as_ptr(),
61 salt.len(),
62 info.as_ptr(),
63 info.len(),
64 derived_key.as_mut_ptr(),
65 )
66 },
67 derived_key.len(),
68 )
Alice Wang6ef44bc2023-02-08 12:08:32 +0000[diff] [blame]69}
Alice Wang4d611772023-02-13 09:45:21 +0000[diff] [blame]70
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame]71/// Deterministically generates a public and private key pair from `seed`.
72/// Since this is deterministic, `seed` is as sensitive as a private key and can
73/// be used directly as the private key.
74pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(PublicKey, PrivateKey)> {
75 let mut public_key = [0u8; PUBLIC_KEY_SIZE];
76 let mut private_key = PrivateKey::default();
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]77 check_result(
Andrew Walbran7f30e542023-07-07 13:42:25 +0100[diff] [blame^]78 // SAFETY: The function writes to the `public_key` and `private_key` within the given
79 // bounds, and only reads the `seed`. The first argument context is not used in this
80 // function.
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]81 unsafe {
82 DiceKeypairFromSeed(
83 ptr::null_mut(), // context
84 seed.as_ptr(),
85 public_key.as_mut_ptr(),
86 private_key.as_mut_ptr(),
87 )
88 },
89 public_key.len(),
90 )?;
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame]91 Ok((public_key, private_key))
92}
93
Alice Wang8722d9e2023-02-13 14:56:56 +0000[diff] [blame]94/// Signs the `message` with the give `private_key` using `DiceSign`.
95pub fn sign(message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Signature> {
96 let mut signature = [0u8; SIGNATURE_SIZE];
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]97 check_result(
Andrew Walbran7f30e542023-07-07 13:42:25 +0100[diff] [blame^]98 // SAFETY: The function writes to the `signature` within the given bounds, and only reads
99 // the message and the private key. The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]100 unsafe {
101 DiceSign(
102 ptr::null_mut(), // context
103 message.as_ptr(),
104 message.len(),
105 private_key.as_ptr(),
106 signature.as_mut_ptr(),
107 )
108 },
109 signature.len(),
110 )?;
Alice Wang8722d9e2023-02-13 14:56:56 +0000[diff] [blame]111 Ok(signature)
112}
113
114/// Verifies the `signature` of the `message` with the given `public_key` using `DiceVerify`.
115pub fn verify(message: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<()> {
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]116 check_result(
Andrew Walbran7f30e542023-07-07 13:42:25 +0100[diff] [blame^]117 // SAFETY: only reads the messages, signature and public key as constant values.
118 // The first argument context is not used in this function.
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]119 unsafe {
120 DiceVerify(
121 ptr::null_mut(), // context
122 message.as_ptr(),
123 message.len(),
124 signature.as_ptr(),
125 public_key.as_ptr(),
126 )
127 },
128 0,
129 )
Alice Wang8722d9e2023-02-13 14:56:56 +0000[diff] [blame]130}
131
Alice Wang4d611772023-02-13 09:45:21 +0000[diff] [blame]132/// Generates an X.509 certificate from the given `subject_private_key_seed` and
133/// `input_values`, and signed by `authority_private_key_seed`.
134/// The subject private key seed is supplied here so the implementation can choose
135/// between asymmetric mechanisms, for example ECDSA vs Ed25519.
136/// Returns the actual size of the generated certificate.
137pub fn generate_certificate(
138 subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
139 authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
140 input_values: &InputValues,
141 certificate: &mut [u8],
142) -> Result<usize> {
143 let mut certificate_actual_size = 0;
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]144 check_result(
Andrew Walbran7f30e542023-07-07 13:42:25 +0100[diff] [blame^]145 // SAFETY: The function writes to the `certificate` within the given bounds, and only reads
146 // the input values and the key seeds. The first argument context is not used in this
147 // function.
Alice Wangef999242023-05-22 11:14:59 +0000[diff] [blame]148 unsafe {
149 DiceGenerateCertificate(
150 ptr::null_mut(), // context
151 subject_private_key_seed.as_ptr(),
152 authority_private_key_seed.as_ptr(),
153 input_values.as_ptr(),
154 certificate.len(),
155 certificate.as_mut_ptr(),
156 &mut certificate_actual_size,
157 )
158 },
159 certificate_actual_size,
160 )?;
Alice Wang4d611772023-02-13 09:45:21 +0000[diff] [blame]161 Ok(certificate_actual_size)
162}