Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions sw/device/silicon_creator/lib/base/util.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,10 @@ void util_hexdump_byte(uint8_t byte, uint8_t *str) {
str[0] = hexdump_halfbyte((byte & 0xF0) >> 4);
str[1] = hexdump_halfbyte(byte & 0x0F);
}

void util_p256_signature_le_to_be_convert(
uint32_t r[kUtilEcdsaP256SignatureComponentWords],
uint32_t s[kUtilEcdsaP256SignatureComponentWords]) {
util_reverse_bytes(r, kUtilEcdsaP256SignatureComponentBytes);
util_reverse_bytes(s, kUtilEcdsaP256SignatureComponentBytes);
}
27 changes: 27 additions & 0 deletions sw/device/silicon_creator/lib/base/util.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,23 @@
extern "C" {
#endif

enum {
/**
* Size of an ECDSA P256 signature component in bits.
*/
kUtilEcdsaP256SignatureComponentBits = 256,
/**
* Size of an ECDSA P256 signature component in bytes.
*/
kUtilEcdsaP256SignatureComponentBytes =
kUtilEcdsaP256SignatureComponentBits / 8,
/**
* Size of an ECDSA P256 signature component in 32b words.
*/
kUtilEcdsaP256SignatureComponentWords =
kUtilEcdsaP256SignatureComponentBytes / sizeof(uint32_t),
};

/**
* Rounds up the passed value to get it aligned to the requested number of bits.
*
Expand Down Expand Up @@ -46,6 +63,16 @@ void util_reverse_bytes(void *buf, size_t num_bytes);
*/
void util_hexdump_byte(uint8_t byte, uint8_t *str);

/**
* Convert the calculated signature (r,s) from little endian to big endian
*
* @param r ECDSA signature r value
* @param s ECDSA signature s value
*/
void util_p256_signature_le_to_be_convert(
uint32_t r[kUtilEcdsaP256SignatureComponentWords],
uint32_t s[kUtilEcdsaP256SignatureComponentWords]);

#ifdef __cplusplus
}
#endif
Expand Down
11 changes: 10 additions & 1 deletion sw/device/silicon_creator/lib/cert/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,9 @@ cc_library(
"//sw/device/silicon_creator/lib/base:util",
"//sw/device/silicon_creator/lib/cert:cdi_0_template_library",
"//sw/device/silicon_creator/lib/cert:cdi_1_template_library",
"//sw/device/silicon_creator/lib/cert:dice_keys",
"//sw/device/silicon_creator/lib/cert:uds_template_library",
"//sw/device/silicon_creator/lib/drivers:hmac",
"//sw/device/silicon_creator/lib/drivers:keymgr",
"//sw/device/silicon_creator/lib/drivers:lifecycle",
"//sw/device/silicon_creator/lib/sigverify:ecdsa_p256_key",
"//sw/device/silicon_creator/manuf/lib:flash_info_fields",
Expand All @@ -130,6 +130,15 @@ cc_library(
"//hw/ip/otp_ctrl/data:otp_ctrl_c_regs",
"//sw/device/lib/base:status",
"//sw/device/silicon_creator/lib:attestation",
],
)

cc_library(
name = "dice_keys",
srcs = ["dice_keys.c"],
hdrs = ["dice_keys.h"],
deps = [
"//sw/device/silicon_creator/lib/drivers:keymgr",
"//sw/device/silicon_creator/manuf/lib:flash_info_fields",
],
)
Expand Down
265 changes: 219 additions & 46 deletions sw/device/silicon_creator/lib/cert/cbor.h
Original file line number Diff line number Diff line change
Expand Up @@ -9,97 +9,270 @@
#include "sw/device/lib/runtime/log.h"
#include "sw/device/silicon_creator/lib/error.h"

#define CBOR_RETURN_IF_OVERFLOWED(p) \
do { \
if (CborOutOverflowed(p)) { \
LOG_ERROR("CborOutOverflowed!!"); \
return kErrorCertInvalidSize; \
} \
} while (0)

#define CBOR_CHECK_OVERFLOWED_AND_RETURN(p) \
do { \
if (CborOutOverflowed(p)) { \
LOG_ERROR("CborOutOverflowed!!"); \
return kErrorCertInvalidSize; \
} \
CBOR_RETURN_IF_OVERFLOWED(p); \
return kErrorOk; \
} while (0)

// Wrappers for each CBOR type and CBOR handle initialization
static inline rom_error_t cbor_write_out_init(struct CborOut *p, void *buf,
const size_t buf_size) {
/**
* Initialize a CborOut structure.
*
* @param[in,out] p The pointer to a CborOut structure
* @param buf The buffer that can be used for CBOR encoding
* @param buf_size The buffer size
* @return kErrorOk, or kErrorCertInvalidSize if the buf_size exceeds the
* buffer size that is recorded in p.
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_out_init(
struct CborOut *p, void *buf, const size_t buf_size) {
CborOutInit(buf, buf_size, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_map_init(struct CborOut *p,
const size_t num_pairs) {
/**
* Add a "map" header along with the elements count to a CborOut structure.
*
* @param[in,out] p The pointer to a CborOut structure
* @param num_pairs The elements count in the map
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_map_init(
struct CborOut *p, const size_t num_pairs) {
CborWriteMap(num_pairs, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_array_init(struct CborOut *p,
const size_t num_elements) {
/**
* Add a "array" header along with the elements count to a CborOut structure.
*
* @param[in,out] p The pointer to a CborOut structure
* @param num_elements The elements count in the map
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_array_init(
struct CborOut *p, const size_t num_elements) {
CborWriteArray(num_elements, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_write_string(struct CborOut *p,
const char *str) {
/**
* Add a "tstr" to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param str The string pointer
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_string(
struct CborOut *p, const char *str) {
CborWriteTstr(str, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_write_bytes(struct CborOut *p,
const uint8_t *data,
const size_t data_size) {
/**
* Add a "bstr" to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param data The pointer to the data that needs to be packed
* @packed data_size Size of the data
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_bytes(
struct CborOut *p, const uint8_t *data, const size_t data_size) {
CborWriteBstr(data_size, data, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

// Wrappers to encode a pair of data for cbor-map
static inline rom_error_t cbor_write_pair_uint_uint(struct CborOut *p,
uint64_t key,
uint64_t value) {
/***********************************************
* Wrappers to encode a pair of data for cbor-map
***********************************************/
/**
* Add 2 elements, "uint" and "uint", to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param key The first "uint" element
* @param value The second "uint" element
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_pair_uint_uint(
struct CborOut *p, uint64_t key, uint64_t value) {
CborWriteUint(key, p);
CborWriteUint(value, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_write_pair_int_uint(struct CborOut *p,
int64_t key,
uint64_t value) {
/**
* Add 2 elements, "int" and "uint", to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param key The first "int" element
* @param value The second "uint" element
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_pair_int_uint(
struct CborOut *p, int64_t key, uint64_t value) {
CborWriteInt(key, p);
CborWriteUint(value, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_write_pair_uint_int(struct CborOut *p,
uint64_t key,
int64_t value) {
/**
* Add 2 elements, "uint" and "int", to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param key The first "uint" element
* @param value The second "int" element
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_pair_uint_int(
struct CborOut *p, uint64_t key, int64_t value) {
CborWriteUint(key, p);
CborWriteInt(value, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_write_pair_int_bytes(struct CborOut *p,
int64_t key,
const uint8_t *value,
const size_t value_size) {
/**
* Add 2 elements, "int" and "bstr", to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param key The first "int" element
* @param value The pointer of the second "bstr" element
* @param value_size Size of the value
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_pair_int_bytes(
struct CborOut *p, int64_t key, const uint8_t *value,
const size_t value_size) {
CborWriteInt(key, p);
CborWriteBstr(value_size, value, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_write_pair_uint_tstr(struct CborOut *p,
uint64_t key,
const char *value) {
/**
* Add 2 elements, "uint" and "tstr", to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param key The first "uint" element
* @param value The pointer of the second "tstr" element
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_pair_uint_tstr(
struct CborOut *p, uint64_t key, const char *value) {
CborWriteUint(key, p);
CborWriteTstr(value, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

static inline rom_error_t cbor_write_pair_int_tstr(struct CborOut *p,
int64_t key,
const char *value) {
/**
* Add 2 elements, "int" and "tstr", to a CborOut structure
*
* @param[in,out] p The pointer to a CborOut structure
* @param key The first "int" element
* @param value The pointer of the second "tstr" element
* @return kErrorOk, or kErrorCertInvalidSize if the updated CborOut is
* overflowed
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_pair_int_tstr(
struct CborOut *p, int64_t key, const char *value) {
CborWriteInt(key, p);
CborWriteTstr(value, p);
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

#undef CBOR_CHECK_OVERFLOWED_AND_RETURN
/***********************************************
* Helpers for the auto-gen template
***********************************************/
/**
* Calculate how much space is needed in the header for an "unsigned interger"
* type of CBOR argument.
*
* @param value An unsigned integer argument.
* @return Size required in the header
*/
static inline size_t cbor_calc_arg_size(uint64_t value) {
if (value <= 23) {
return 0;
} else if (value <= 0xff) {
return 1;
} else if (value <= 0xffff) {
return 2;
} else if (value <= 0xffffffff) {
return 4;
} else {
return 8;
};
}
/**
* Calculate how much space is needed in the header for a "signed interger" type
* of CBOR argument.
*
* @param value An signed integer argument.
* @return Size required in the header
*/
static inline size_t cbor_calc_int_size(int64_t value) {
if (value < 0)
return cbor_calc_arg_size((uint64_t)(-(value + 1)));

return cbor_calc_arg_size((uint64_t)value);
}

// Add a bstr/tstr header with size, and rewind the cursor
/**
* Add a "bstr" header along with the payload size, and rewind the cursor of
* CborOut structure.
*
* @param[in,out] p The pointer to a CborOut structure
* @param bstr_size The size of the payload
* @return kErrorOk, or kErrorCertInvalidSize if the bstr_size exceeds the
* buffer size that is recorded in p.
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_bstr_header(
struct CborOut *p, const size_t bstr_size) {
if (NULL == CborAllocBstr(bstr_size, p))
return kErrorCertInvalidSize;
p->cursor -= bstr_size;
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}
/**
* Add a "tstr" header along with the payload size, and rewind the cursor of
* CborOut structure.
*
* @param[in,out] p The pointer to a CborOut structure
* @param tstr_size The size of the payload
* @return kErrorOk, or kErrorCertInvalidSize if the tstr_size exceeds the
* buffer size that is recorded in p.
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_tstr_header(
struct CborOut *p, const size_t tstr_size) {
if (NULL == CborAllocTstr(tstr_size, p))
return kErrorCertInvalidSize;
p->cursor -= tstr_size;
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}

/**
* Fill in raw data to a given CborOut structure.
*
* @param[in,out] p The pointer to a CborOut structure
* @param raw The pointer to the raw bytes
* @param raw_size The size of the raw byptes
* @return kErrorOk, or kErrorCertInvalidSize if the raw_size exceeds the
* buffer size that is recorded in p.
*/
OT_WARN_UNUSED_RESULT static inline rom_error_t cbor_write_raw_bytes(
struct CborOut *p, const uint8_t *raw, const size_t raw_size) {
if (p->cursor + raw_size > p->buffer_size)
return kErrorCertInvalidSize;
memcpy(&p->buffer[p->cursor], raw, raw_size);
p->cursor += raw_size;
CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
}
#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_CBOR_H_
Loading
Loading