[dice] Refactor some dice related constants and APIs

sw/device/silicon_creator/lib/base/util.c

@@ -35,3 +35,10 @@ void util_hexdump_byte(uint8_t byte, uint8_t *str) {
   str[0] = hexdump_halfbyte((byte & 0xF0) >> 4);
   str[1] = hexdump_halfbyte(byte & 0x0F);
 }
+
+void util_p256_signature_le_to_be_convert(
+    uint32_t r[kUtilEcdsaP256SignatureComponentWords],
+    uint32_t s[kUtilEcdsaP256SignatureComponentWords]) {
+  util_reverse_bytes(r, kUtilEcdsaP256SignatureComponentBytes);
+  util_reverse_bytes(s, kUtilEcdsaP256SignatureComponentBytes);
+}

sw/device/silicon_creator/lib/base/util.h

@@ -12,6 +12,23 @@
 extern "C" {
 #endif
 
+enum {
+  /**
+   * Size of an attestation signature component in bits.
+   */
+  kUtilEcdsaP256SignatureComponentBits = 256,
+  /**
+   * Size of an attestation signature component in bytes.
+   */
+  kUtilEcdsaP256SignatureComponentBytes =
+      kUtilEcdsaP256SignatureComponentBits / 8,
+  /**
+   * Size of an attestation signature component in 32b words.
+   */
+  kUtilEcdsaP256SignatureComponentWords =
+      kUtilEcdsaP256SignatureComponentBytes / sizeof(uint32_t),
+};
+
 /**
  * Rounds up the passed value to get it aligned to the requested number of bits.
  *
@@ -46,6 +63,16 @@ void util_reverse_bytes(void *buf, size_t num_bytes);
  */
 void util_hexdump_byte(uint8_t byte, uint8_t *str);
 
+/**
+ * Convert the calculated signature (r,s) from little endian to big endian
+ *
+ * @param r ECDSA signature r value
+ * @param s ECDSA signature s value
+ */
+void util_p256_signature_le_to_be_convert(
+    uint32_t r[kUtilEcdsaP256SignatureComponentWords],
+    uint32_t s[kUtilEcdsaP256SignatureComponentWords]);
+
 #ifdef __cplusplus
 }
 #endif

sw/device/silicon_creator/lib/cert/BUILD

@@ -101,9 +101,9 @@ cc_library(
         "//sw/device/silicon_creator/lib/base:util",
         "//sw/device/silicon_creator/lib/cert:cdi_0_template_library",
         "//sw/device/silicon_creator/lib/cert:cdi_1_template_library",
+        "//sw/device/silicon_creator/lib/cert:dice_keys",
         "//sw/device/silicon_creator/lib/cert:uds_template_library",
         "//sw/device/silicon_creator/lib/drivers:hmac",
-        "//sw/device/silicon_creator/lib/drivers:keymgr",
         "//sw/device/silicon_creator/lib/drivers:lifecycle",
         "//sw/device/silicon_creator/lib/sigverify:ecdsa_p256_key",
         "//sw/device/silicon_creator/manuf/lib:flash_info_fields",
@@ -112,6 +112,7 @@ cc_library(
 
 cc_library(
     name = "cbor",
+    srcs = ["cbor.c"],
     hdrs = ["cbor.h"],
     deps = [
         "//sw/device/lib/base:status",
@@ -130,6 +131,17 @@ cc_library(
         "//hw/ip/otp_ctrl/data:otp_ctrl_c_regs",
         "//sw/device/lib/base:status",
         "//sw/device/silicon_creator/lib:attestation",
+        "//sw/device/silicon_creator/lib/cert:dice_keys",
+        "//sw/device/silicon_creator/manuf/lib:flash_info_fields",
+    ],
+)
+
+cc_library(
+    name = "dice_keys",
+    srcs = ["dice_keys.c"],
+    hdrs = ["dice_keys.h"],
+    deps = [
+        "//sw/device/silicon_creator/lib/drivers:keymgr",
         "//sw/device/silicon_creator/manuf/lib:flash_info_fields",
     ],
 )

sw/device/silicon_creator/lib/cert/cbor.c

@@ -0,0 +1,146 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#include "sw/device/silicon_creator/lib/cert/cbor.h"
+
+#include <string.h>
+
+#include "include/dice/cbor_writer.h"
+#include "sw/device/lib/base/macros.h"
+#include "sw/device/lib/runtime/log.h"
+#include "sw/device/silicon_creator/lib/error.h"
+
+#define CBOR_RETURN_IF_OVERFLOWED(p)    \
+  do {                                  \
+    if (CborOutOverflowed(p)) {         \
+      LOG_ERROR("CborOutOverflowed!!"); \
+      return kErrorCertInvalidSize;     \
+    }                                   \
+  } while (0)
+
+#define CBOR_CHECK_OVERFLOWED_AND_RETURN(p) \
+  do {                                      \
+    CBOR_RETURN_IF_OVERFLOWED(p);           \
+    return kErrorOk;                        \
+  } while (0)
+
+inline rom_error_t cbor_write_out_init(struct CborOut *p, void *buf,
+                                       const size_t buf_size) {
+  CborOutInit(buf, buf_size, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_map_init(struct CborOut *p, const size_t num_pairs) {
+  CborWriteMap(num_pairs, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_array_init(struct CborOut *p,
+                                   const size_t num_elements) {
+  CborWriteArray(num_elements, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_write_string(struct CborOut *p, const char *str) {
+  CborWriteTstr(str, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_write_bytes(struct CborOut *p, const uint8_t *data,
+                                    const size_t data_size) {
+  CborWriteBstr(data_size, data, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+// Wrappers to encode a pair of data for cbor-map
+inline rom_error_t cbor_write_pair_uint_uint(struct CborOut *p, uint64_t key,
+                                             uint64_t value) {
+  CborWriteUint(key, p);
+  CborWriteUint(value, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_write_pair_int_uint(struct CborOut *p, int64_t key,
+                                            uint64_t value) {
+  CborWriteInt(key, p);
+  CborWriteUint(value, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_write_pair_uint_int(struct CborOut *p, uint64_t key,
+                                            int64_t value) {
+  CborWriteUint(key, p);
+  CborWriteInt(value, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_write_pair_int_bytes(struct CborOut *p, int64_t key,
+                                             const uint8_t *value,
+                                             const size_t value_size) {
+  CborWriteInt(key, p);
+  CborWriteBstr(value_size, value, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_write_pair_uint_tstr(struct CborOut *p, uint64_t key,
+                                             const char *value) {
+  CborWriteUint(key, p);
+  CborWriteTstr(value, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+inline rom_error_t cbor_write_pair_int_tstr(struct CborOut *p, int64_t key,
+                                            const char *value) {
+  CborWriteInt(key, p);
+  CborWriteTstr(value, p);
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+// Helpers for the auto-gen template, to
+// - calculate the size of a given cbor argument
+// - add a bstr/tstr header with size, and rewind the cursor
+// - copy the war data from input pointer to the CborOut buffer
+size_t cbor_calc_arg_size(uint64_t value) {
+  if (value <= 23) {
+    return 0;
+  } else if (value <= 0xff) {
+    return 1;
+  } else if (value <= 0xffff) {
+    return 2;
+  } else if (value <= 0xffffffff) {
+    return 4;
+  } else {
+    return 8;
+  };
+}
+
+size_t cbor_calc_int_size(int64_t value) {
+  if (value < 0)
+    return cbor_calc_arg_size((uint64_t)(-(value + 1)));
+
+  return cbor_calc_arg_size((uint64_t)value);
+}
+
+rom_error_t cbor_write_bstr_header(struct CborOut *p, const size_t bstr_size) {
+  if (NULL == CborAllocBstr(bstr_size, p))
+    return kErrorCertInvalidSize;
+  p->cursor -= bstr_size;
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+rom_error_t cbor_write_tstr_header(struct CborOut *p, const size_t tstr_size) {
+  if (NULL == CborAllocTstr(tstr_size, p))
+    return kErrorCertInvalidSize;
+  p->cursor -= tstr_size;
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}
+
+rom_error_t cbor_write_raw_bytes(struct CborOut *p, const uint8_t *raw,
+                                 const size_t raw_size) {
+  if (p->cursor + raw_size > p->buffer_size)
+    return kErrorCertInvalidSize;
+  memcpy(&p->buffer[p->cursor], raw, raw_size);
+  p->cursor += raw_size;
+  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
+}

sw/device/silicon_creator/lib/cert/cbor.h

@@ -6,100 +6,52 @@
 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_CBOR_H_
 
 #include "include/dice/cbor_writer.h"
-#include "sw/device/lib/runtime/log.h"
 #include "sw/device/silicon_creator/lib/error.h"
 
-#define CBOR_CHECK_OVERFLOWED_AND_RETURN(p) \
-  do {                                      \
-    if (CborOutOverflowed(p)) {             \
-      LOG_ERROR("CborOutOverflowed!!");     \
-      return kErrorCertInvalidSize;         \
-    }                                       \
-    return kErrorOk;                        \
-  } while (0)
-
 // Wrappers for each CBOR type and CBOR handle initialization
-static inline rom_error_t cbor_write_out_init(struct CborOut *p, void *buf,
-                                              const size_t buf_size) {
-  CborOutInit(buf, buf_size, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_map_init(struct CborOut *p,
-                                        const size_t num_pairs) {
-  CborWriteMap(num_pairs, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_array_init(struct CborOut *p,
-                                          const size_t num_elements) {
-  CborWriteArray(num_elements, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_write_string(struct CborOut *p,
-                                            const char *str) {
-  CborWriteTstr(str, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_write_bytes(struct CborOut *p,
-                                           const uint8_t *data,
-                                           const size_t data_size) {
-  CborWriteBstr(data_size, data, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
+rom_error_t cbor_write_out_init(struct CborOut *p, void *buf,
+                                const size_t buf_size);
+
+rom_error_t cbor_map_init(struct CborOut *p, const size_t num_pairs);
+
+rom_error_t cbor_array_init(struct CborOut *p, const size_t num_elements);
+
+rom_error_t cbor_write_string(struct CborOut *p, const char *str);
+
+rom_error_t cbor_write_bytes(struct CborOut *p, const uint8_t *data,
+                             const size_t data_size);
 
 // Wrappers to encode a pair of data for cbor-map
-static inline rom_error_t cbor_write_pair_uint_uint(struct CborOut *p,
-                                                    uint64_t key,
-                                                    uint64_t value) {
-  CborWriteUint(key, p);
-  CborWriteUint(value, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_write_pair_int_uint(struct CborOut *p,
-                                                   int64_t key,
-                                                   uint64_t value) {
-  CborWriteInt(key, p);
-  CborWriteUint(value, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_write_pair_uint_int(struct CborOut *p,
-                                                   uint64_t key,
-                                                   int64_t value) {
-  CborWriteUint(key, p);
-  CborWriteInt(value, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_write_pair_int_bytes(struct CborOut *p,
-                                                    int64_t key,
-                                                    const uint8_t *value,
-                                                    const size_t value_size) {
-  CborWriteInt(key, p);
-  CborWriteBstr(value_size, value, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_write_pair_uint_tstr(struct CborOut *p,
-                                                    uint64_t key,
-                                                    const char *value) {
-  CborWriteUint(key, p);
-  CborWriteTstr(value, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-static inline rom_error_t cbor_write_pair_int_tstr(struct CborOut *p,
-                                                   int64_t key,
-                                                   const char *value) {
-  CborWriteInt(key, p);
-  CborWriteTstr(value, p);
-  CBOR_CHECK_OVERFLOWED_AND_RETURN(p);
-}
-
-#undef CBOR_CHECK_OVERFLOWED_AND_RETURN
+rom_error_t cbor_write_pair_uint_uint(struct CborOut *p, uint64_t key,
+                                      uint64_t value);
+
+rom_error_t cbor_write_pair_int_uint(struct CborOut *p, int64_t key,
+                                     uint64_t value);
+
+rom_error_t cbor_write_pair_uint_int(struct CborOut *p, uint64_t key,
+                                     int64_t value);
+
+rom_error_t cbor_write_pair_int_bytes(struct CborOut *p, int64_t key,
+                                      const uint8_t *value,
+                                      const size_t value_size);
+
+rom_error_t cbor_write_pair_uint_tstr(struct CborOut *p, uint64_t key,
+                                      const char *value);
+
+rom_error_t cbor_write_pair_int_tstr(struct CborOut *p, int64_t key,
+                                     const char *value);
+
+// Helpers for the auto-gen template
+// Calculate the size of a given cbor argument, in int64 or uint64
+size_t cbor_calc_arg_size(uint64_t value);
+size_t cbor_calc_int_size(int64_t value);
+
+// Add a bstr/tstr header with size, and rewind the cursor
+rom_error_t cbor_write_bstr_header(struct CborOut *p, const size_t bstr_size);
+rom_error_t cbor_write_tstr_header(struct CborOut *p, const size_t tstr_size);
+
+// Copy the rwa data from input pointer to the CborOut buffer
+rom_error_t cbor_write_raw_bytes(struct CborOut *p, const uint8_t *raw,
+                                 const size_t raw_size);
 
 #endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_CBOR_H_