diced/open_dice/src/ops.rs - platform/system/security - Git at Google

 // Copyright 2023, The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 //! This module mirrors the content in open-dice/include/dice/ops.h
 //! It contains the set of functions that implement various operations that the
 //! main DICE functions depend on.

 use crate::dice::{
     Hash, InputValues, PrivateKey, PublicKey, Signature, HASH_SIZE, PRIVATE_KEY_SEED_SIZE,
     PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, SIGNATURE_SIZE,
 };
 use crate::error::{check_result, Result};
 use open_dice_cbor_bindgen::{
     DiceGenerateCertificate, DiceHash, DiceKdf, DiceKeypairFromSeed, DiceSign, DiceVerify,
 };
 use std::ptr;

 /// Hashes the provided input using DICE's hash function `DiceHash`.
 pub fn hash(input: &[u8]) -> Result<Hash> {
     let mut output: Hash = [0; HASH_SIZE];
     // SAFETY: DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
     // The first argument context is not used in this function.
     check_result(
         unsafe {
             DiceHash(
                 ptr::null_mut(), // context
                 input.as_ptr(),
                 input.len(),
                 output.as_mut_ptr(),
             )
         },
         output.len(),
     )?;
     Ok(output)
 }

 /// An implementation of HKDF-SHA512. Derives a key of `derived_key.len()` bytes from `ikm`, `salt`,
 /// and `info`. The derived key is written to the `derived_key`.
 pub fn kdf(ikm: &[u8], salt: &[u8], info: &[u8], derived_key: &mut [u8]) -> Result<()> {
     // SAFETY: The function writes to the `derived_key`, within the given bounds, and only reads the
     // input values. The first argument context is not used in this function.
     check_result(
         unsafe {
             DiceKdf(
                 ptr::null_mut(), // context
                 derived_key.len(),
                 ikm.as_ptr(),
                 ikm.len(),
                 salt.as_ptr(),
                 salt.len(),
                 info.as_ptr(),
                 info.len(),
                 derived_key.as_mut_ptr(),
             )
         },
         derived_key.len(),
     )
 }

 /// Deterministically generates a public and private key pair from `seed`.
 /// Since this is deterministic, `seed` is as sensitive as a private key and can
 /// be used directly as the private key.
 pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(PublicKey, PrivateKey)> {
     let mut public_key = [0u8; PUBLIC_KEY_SIZE];
     let mut private_key = PrivateKey::default();
     // SAFETY: The function writes to the `public_key` and `private_key` within the given bounds,
     // and only reads the `seed`. The first argument context is not used in this function.
     check_result(
         unsafe {
             DiceKeypairFromSeed(
                 ptr::null_mut(), // context
                 seed.as_ptr(),
                 public_key.as_mut_ptr(),
                 private_key.as_mut_ptr(),
             )
         },
         public_key.len(),
     )?;
     Ok((public_key, private_key))
 }

 /// Signs the `message` with the give `private_key` using `DiceSign`.
 pub fn sign(message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Signature> {
     let mut signature = [0u8; SIGNATURE_SIZE];
     // SAFETY: The function writes to the `signature` within the given bounds, and only reads the
     // message and the private key. The first argument context is not used in this function.
     check_result(
         unsafe {
             DiceSign(
                 ptr::null_mut(), // context
                 message.as_ptr(),
                 message.len(),
                 private_key.as_ptr(),
                 signature.as_mut_ptr(),
             )
         },
         signature.len(),
     )?;
     Ok(signature)
 }

 /// Verifies the `signature` of the `message` with the given `public_key` using `DiceVerify`.
 pub fn verify(message: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<()> {
     // SAFETY: only reads the messages, signature and public key as constant values.
     // The first argument context is not used in this function.
     check_result(
         unsafe {
             DiceVerify(
                 ptr::null_mut(), // context
                 message.as_ptr(),
                 message.len(),
                 signature.as_ptr(),
                 public_key.as_ptr(),
             )
         },
         0,
     )
 }

 /// Generates an X.509 certificate from the given `subject_private_key_seed` and
 /// `input_values`, and signed by `authority_private_key_seed`.
 /// The subject private key seed is supplied here so the implementation can choose
 /// between asymmetric mechanisms, for example ECDSA vs Ed25519.
 /// Returns the actual size of the generated certificate.
 pub fn generate_certificate(
     subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
     authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
     input_values: &InputValues,
     certificate: &mut [u8],
 ) -> Result<usize> {
     let mut certificate_actual_size = 0;
     // SAFETY: The function writes to the `certificate` within the given bounds, and only reads the
     // input values and the key seeds. The first argument context is not used in this function.
     check_result(
         unsafe {
             DiceGenerateCertificate(
                 ptr::null_mut(), // context
                 subject_private_key_seed.as_ptr(),
                 authority_private_key_seed.as_ptr(),
                 input_values.as_ptr(),
                 certificate.len(),
                 certificate.as_mut_ptr(),
                 &mut certificate_actual_size,
             )
         },
         certificate_actual_size,
     )?;
     Ok(certificate_actual_size)
 }
	// Copyright 2023, The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	//! This module mirrors the content in open-dice/include/dice/ops.h
	//! It contains the set of functions that implement various operations that the
	//! main DICE functions depend on.

	use crate::dice::{
	Hash, InputValues, PrivateKey, PublicKey, Signature, HASH_SIZE, PRIVATE_KEY_SEED_SIZE,
	PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, SIGNATURE_SIZE,
	};
	use crate::error::{check_result, Result};
	use open_dice_cbor_bindgen::{
	DiceGenerateCertificate, DiceHash, DiceKdf, DiceKeypairFromSeed, DiceSign, DiceVerify,
	};
	use std::ptr;

	/// Hashes the provided input using DICE's hash function `DiceHash`.
	pub fn hash(input: &[u8]) -> Result<Hash> {
	let mut output: Hash = [0; HASH_SIZE];
	// SAFETY: DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
	// The first argument context is not used in this function.
	check_result(
	unsafe {
	DiceHash(
	ptr::null_mut(), // context
	input.as_ptr(),
	input.len(),
	output.as_mut_ptr(),
	)
	},
	output.len(),
	)?;
	Ok(output)
	}

	/// An implementation of HKDF-SHA512. Derives a key of `derived_key.len()` bytes from `ikm`, `salt`,
	/// and `info`. The derived key is written to the `derived_key`.
	pub fn kdf(ikm: &[u8], salt: &[u8], info: &[u8], derived_key: &mut [u8]) -> Result<()> {
	// SAFETY: The function writes to the `derived_key`, within the given bounds, and only reads the
	// input values. The first argument context is not used in this function.
	check_result(
	unsafe {
	DiceKdf(
	ptr::null_mut(), // context
	derived_key.len(),
	ikm.as_ptr(),
	ikm.len(),
	salt.as_ptr(),
	salt.len(),
	info.as_ptr(),
	info.len(),
	derived_key.as_mut_ptr(),
	)
	},
	derived_key.len(),
	)
	}

	/// Deterministically generates a public and private key pair from `seed`.
	/// Since this is deterministic, `seed` is as sensitive as a private key and can
	/// be used directly as the private key.
	pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(PublicKey, PrivateKey)> {
	let mut public_key = [0u8; PUBLIC_KEY_SIZE];
	let mut private_key = PrivateKey::default();
	// SAFETY: The function writes to the `public_key` and `private_key` within the given bounds,
	// and only reads the `seed`. The first argument context is not used in this function.
	check_result(
	unsafe {
	DiceKeypairFromSeed(
	ptr::null_mut(), // context
	seed.as_ptr(),
	public_key.as_mut_ptr(),
	private_key.as_mut_ptr(),
	)
	},
	public_key.len(),
	)?;
	Ok((public_key, private_key))
	}

	/// Signs the `message` with the give `private_key` using `DiceSign`.
	pub fn sign(message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Signature> {
	let mut signature = [0u8; SIGNATURE_SIZE];
	// SAFETY: The function writes to the `signature` within the given bounds, and only reads the
	// message and the private key. The first argument context is not used in this function.
	check_result(
	unsafe {
	DiceSign(
	ptr::null_mut(), // context
	message.as_ptr(),
	message.len(),
	private_key.as_ptr(),
	signature.as_mut_ptr(),
	)
	},
	signature.len(),
	)?;
	Ok(signature)
	}

	/// Verifies the `signature` of the `message` with the given `public_key` using `DiceVerify`.
	pub fn verify(message: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<()> {
	// SAFETY: only reads the messages, signature and public key as constant values.
	// The first argument context is not used in this function.
	check_result(
	unsafe {
	DiceVerify(
	ptr::null_mut(), // context
	message.as_ptr(),
	message.len(),
	signature.as_ptr(),
	public_key.as_ptr(),
	)
	},
	0,
	)
	}

	/// Generates an X.509 certificate from the given `subject_private_key_seed` and
	/// `input_values`, and signed by `authority_private_key_seed`.
	/// The subject private key seed is supplied here so the implementation can choose
	/// between asymmetric mechanisms, for example ECDSA vs Ed25519.
	/// Returns the actual size of the generated certificate.
	pub fn generate_certificate(
	subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
	authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
	input_values: &InputValues,
	certificate: &mut [u8],
	) -> Result<usize> {
	let mut certificate_actual_size = 0;
	// SAFETY: The function writes to the `certificate` within the given bounds, and only reads the
	// input values and the key seeds. The first argument context is not used in this function.
	check_result(
	unsafe {
	DiceGenerateCertificate(
	ptr::null_mut(), // context
	subject_private_key_seed.as_ptr(),
	authority_private_key_seed.as_ptr(),
	input_values.as_ptr(),
	certificate.len(),
	certificate.as_mut_ptr(),
	&mut certificate_actual_size,
	)
	},
	certificate_actual_size,
	)?;
	Ok(certificate_actual_size)
	}