Skip to content

Commit

Permalink
[dice, ot_certs] add CWT DICE certificate templates
Browse files Browse the repository at this point in the history 
Signed-off-by: Steven Tsai <[email protected]>
  • Loading branch information
@stevenchtsai
stevenchtsai committed Nov 7, 2024
1 parent 63f33ac commit efa7804
Show file tree
Hide file tree
Showing 5 changed files with 280 additions and 0 deletions.
24 changes: 24 additions & 0 deletions sw/device/silicon_creator/lib/cert/BUILD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,30 @@ certificate_template(
template = "cdi_1.hjson",
)

certificate_template(
name = "cwt_cose_key_template",
cert_format = "cwt",
template = "cwt_cose_key.hjson",
)

certificate_template(
name = "cwt_dice_chain_entry_payload_template",
cert_format = "cwt",
template = "cwt_dice_chain_entry_payload.hjson",
)

certificate_template(
name = "cwt_dice_chain_entry_input_template",
cert_format = "cwt",
template = "cwt_dice_chain_entry_input.hjson",
)

certificate_template(
name = "cwt_dice_chain_entry_template",
cert_format = "cwt",
template = "cwt_dice_chain_entry.hjson",
)

certificate_template(
name = "tpm_ek_template",
template = "tpm_ek.hjson",
Expand Down
63 changes: 63 additions & 0 deletions sw/device/silicon_creator/lib/cert/cwt_cose_key.hjson
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
{
name: "cwt_cose_key",

variables: {
// Creator public key: this is an EC point on
// the prime256v1 curve so it has two components
// (x and y) which are 32-bytes integers.
creator_pub_key_ec_x: {
type: "byte-array",
exact-size: 32,
},
creator_pub_key_ec_y: {
type: "byte-array",
exact-size: 32,
},
},

constants: {
key_type_label: {
type: "integer",
value: 1
},
key_type_value: {
type: "integer",
value: 2
},
alg_type_label: {
type: "integer",
value: 3
},
alg_type_value: {
type: "integer",
value: -7
},
curve_type_label: {
type: "integer",
value: -1
},
curve_type_value: {
type: "integer",
value: 1
},
key_x_label: {
type: "integer",
value: -2
},
key_y_label: {
type: "integer",
value: -3
},
},

structure: {
key_type_label: key_type_value
alg_type_label: alg_type_value
curve_type_label: curve_type_value
key_x_label: creator_pub_key_ec_x
key_y_label: creator_pub_key_ec_y
}
}
40 changes: 40 additions & 0 deletions sw/device/silicon_creator/lib/cert/cwt_dice_chain_entry.hjson
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
{
name: "cwt_dice_chain_entry",

variables: {
payload: {
type: "byte-array",
max-size: 437
// kCwtDiceChainEntryPayloadMaxVariableSizeBytes from bazel-bin/sw/device/silicon_creator/lib/cert/cwt_dice_chain_entry_payload.h
},
signature: {
type: "byte-array",
exact-size: 64
},
},

constants: {
one_label: {
type: "integer",
value: 1
},
neg_seven_value: {
type: "integer",
value: -7
},
},

structure: [
{
"cbor-byte-array": {
one_label: neg_seven_value
}
},
{},
payload
signature
]
}
48 changes: 48 additions & 0 deletions sw/device/silicon_creator/lib/cert/cwt_dice_chain_entry_input.hjson
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
{
name: "cwt_dice_chain_entry_input",

variables: {
payload: {
type: "byte-array",
max-size: 437
// kCwtDiceChainEntryPayloadMaxVariableSizeBytes from bazel-bin/sw/device/silicon_creator/lib/cert/cwt_dice_chain_entry_payload.h
},
},

constants: {
context_value: {
type: "string",
value: "Signature1"
},
zero_value: {
type: "integer",
value: 0
},
one_label: {
type: "integer",
value: 1
},
neg_seven_value: {
type: "integer",
value: -7
},
single_zero_byte_array: {
type: "byte-array",
value: ""
},
},

structure: [
context_value
{
"cbor-byte-array": {
one_label: neg_seven_value
}
},
single_zero_byte_array
payload
]
}
105 changes: 105 additions & 0 deletions sw/device/silicon_creator/lib/cert/cwt_dice_chain_entry_payload.hjson
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
{
name: "cwt_dice_chain_entry_payload",

variables: {
issuer: {
type: "string",
max-size: 64,
},
subject: {
type: "string",
max-size: 64,
},
code_hash: {
type: "byte-array",
exact-size: 32,
},
config_hash: {
type: "byte-array",
exact-size: 32,
},
config_desc: {
type: "byte-array",
max-size: 64,
},
auth_hash: {
type: "byte-array",
exact-size: 32,
},
mode: {
type: "byte-array",
exact-size: 1,
},
subject_pk: {
type: "byte-array",
exact-size: 77,
},
profile_name: {
type: "string",
exact-size: 10,
},
},

constants: {
issuer_label: {
type: "integer",
value: 1
},
subject_label: {
type: "integer",
value: 2
},
profile_name_label: {
type: "integer",
value: -4670554
},
subject_pk_label: {
type: "integer",
value: -4670552
},
key_usage_label: {
type: "integer",
value: -4670553
},
key_usage_value: {
type: "byte-array",
value: "20"
},
code_hash_label: {
type: "integer",
value: -4670545
},
config_hash_label: {
type: "integer",
value: -4670547
},
config_desc_label: {
type: "integer",
value: -4670548
},
auth_hash_label: {
type: "integer",
value: -4670549
},
mode_label: {
type: "integer",
value: -4670551
},
},

structure: {
issuer_label: issuer
subject_label: subject
code_hash_label: code_hash
config_hash_label: config_hash
config_desc_label: config_desc
auth_hash_label: auth_hash
mode_label: mode
subject_pk_label: subject_pk
key_usage_label: key_usage_value
profile_name_label: profile_name
}
}

0 comments on commit efa7804

Please sign in to comment.