include/lib/dice/dice.h - filogic/atf - Gitiles

 // Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
 // use this file except in compliance with the License. You may obtain a copy of
 // the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 // License for the specific language governing permissions and limitations under
 // the License.

 #ifndef DICE_DICE_H_
 #define DICE_DICE_H_

 #include <stddef.h>
 #include <stdint.h>

 #ifdef __cplusplus
 extern "C" {
 #endif

 #define DICE_CDI_SIZE 32
 #define DICE_HASH_SIZE 64
 #define DICE_HIDDEN_SIZE 64
 #define DICE_INLINE_CONFIG_SIZE 64
 #define DICE_PRIVATE_KEY_SEED_SIZE 32
 #define DICE_ID_SIZE 20

 typedef enum {
   kDiceResultOk,
   kDiceResultInvalidInput,
   kDiceResultBufferTooSmall,
   kDiceResultPlatformError,
 } DiceResult;

 typedef enum {
   kDiceModeNotInitialized,
   kDiceModeNormal,
   kDiceModeDebug,
   kDiceModeMaintenance,
 } DiceMode;

 typedef enum {
   kDiceConfigTypeInline,
   kDiceConfigTypeDescriptor,
 } DiceConfigType;

 // Contains a full set of input values describing the target program or system.
 // See the Open Profile for DICE specification for a detailed explanation of
 // these inputs.
 //
 // Fields:
 //    code_hash: A hash or similar representation of the target code.
 //    code_descriptor: An optional descriptor to be included in the certificate.
 //        This descriptor is opaque to the DICE flow and is included verbatim
 //        in the certificate with no validation. May be null.
 //    code_descriptor_size: The size in bytes of |code_descriptor|.
 //    config_type: Indicates how to interpret the remaining config-related
 //        fields. If the type is 'inline', then the 64 byte configuration input
 //        value must be provided in |config_value| and |config_descriptor| is
 //        ignored. If the type is 'descriptor', then |config_descriptor| is
 //        hashed to get the configuration input value and |config_value| is
 //        ignored.
 //    config_value: A 64-byte configuration input value when |config_type| is
 //        kDiceConfigTypeInline. Otherwise, this field is ignored.
 //    config_descriptor: A descriptor to be hashed for the configuration input
 //        value when |config_type| is kDiceConfigTypeDescriptor. Otherwise,
 //        this field is ignored and may be null.
 //    config_descriptor_size: The size in bytes of |config_descriptor|.
 //    authority_hash: A hash or similar representation of the authority used to
 //        verify the target code. If the code is not verified or the authority
 //        is implicit, for example hard coded as part of the code currently
 //        executing, then this value should be set to all zero bytes.
 //    authority_descriptor: An optional descriptor to be included in the
 //        certificate. This descriptor is opaque to the DICE flow and is
 //        included verbatim in the certificate with no validation. May be null.
 //    authority_descriptor_size: The size in bytes of |authority_descriptor|.
 //    mode: The current operating mode.
 //    hidden: Additional input which will not appear in certificates. If this is
 //        not used it should be set to all zero bytes.
 typedef struct DiceInputValues_ {
   uint8_t code_hash[DICE_HASH_SIZE];
   const uint8_t* code_descriptor;
   size_t code_descriptor_size;
   DiceConfigType config_type;
   uint8_t config_value[DICE_INLINE_CONFIG_SIZE];
   const uint8_t* config_descriptor;
   size_t config_descriptor_size;
   uint8_t authority_hash[DICE_HASH_SIZE];
   const uint8_t* authority_descriptor;
   size_t authority_descriptor_size;
   DiceMode mode;
   uint8_t hidden[DICE_HIDDEN_SIZE];
 } DiceInputValues;

 // Derives a |cdi_private_key_seed| from a |cdi_attest| value. On success
 // populates |cdi_private_key_seed| and returns kDiceResultOk.
 DiceResult DiceDeriveCdiPrivateKeySeed(
     void* context, const uint8_t cdi_attest[DICE_CDI_SIZE],
     uint8_t cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE]);

 // Derives an |id| from a |cdi_public_key| value. Because public keys can vary
 // in length depending on the algorithm, the |cdi_public_key_size| in bytes must
 // be provided. When interpreted as an integer, |id| is big-endian. On success
 // populates |id| and returns kDiceResultOk.
 DiceResult DiceDeriveCdiCertificateId(void* context,
                                       const uint8_t* cdi_public_key,
                                       size_t cdi_public_key_size,
                                       uint8_t id[DICE_ID_SIZE]);

 // Executes the main DICE flow.
 //
 // Given a full set of input values and the current CDI values, computes the
 // next CDI values and a matching certificate. See the Open Profile for DICE
 // specification for a detailed explanation of this flow.
 // In certain cases, the caller may not need to generate the CDI certificate.
 // The caller should signal this by setting the certificate parameters to
 // null/zero values appropriately.
 //
 // Parameters:
 //    context: Context provided by the caller that is opaque to this library
 //        but is passed through to the integration-provided operations in
 //        dice/ops.h. The value is, therefore, integration-specific and may be
 //        null.
 //    current_cdi_attest, current_cdi_seal: The current CDI values as produced
 //        by a previous DICE flow. If this is the first DICE flow in a system,
 //        the Unique Device Secret (UDS) should be used for both of these
 //        arguments.
 //    input_values: A set of input values describing the target program or
 //        system.
 //    next_cdi_certificate_buffer_size: The size in bytes of the buffer pointed
 //        to by the |next_cdi_certificate| argument. This should be set to zero
 //        if next CDI certificate should not be computed.
 //    next_cdi_certificate: On success, will be populated with the generated
 //        certificate, up to |next_cdi_certificate_buffer_size| in size. If the
 //        certificate cannot fit in the buffer, |next_cdi_certificate_size| is
 //        populated with the required size and kDiceResultBufferTooSmall is
 //        returned. This should be set to NULL if next CDI certificate should
 //        not be computed.
 //    next_cdi_certificate_actual_size: On success, will be populated with the
 //        size, in bytes, of the certificate data written to
 //        |next_cdi_certificate|. If kDiceResultBufferTooSmall is returned, will
 //        be populated with the required buffer size. This should be set to NULL
 //        if next CDI certificate should not be computed.
 //    next_cdi_attest: On success, will be populated with the next CDI value for
 //        attestation.
 //    next_cdi_seal: On success, will be populated with the next CDI value for
 //        sealing.
 DiceResult DiceMainFlow(void* context,
                         const uint8_t current_cdi_attest[DICE_CDI_SIZE],
                         const uint8_t current_cdi_seal[DICE_CDI_SIZE],
                         const DiceInputValues* input_values,
                         size_t next_cdi_certificate_buffer_size,
                         uint8_t* next_cdi_certificate,
                         size_t* next_cdi_certificate_actual_size,
                         uint8_t next_cdi_attest[DICE_CDI_SIZE],
                         uint8_t next_cdi_seal[DICE_CDI_SIZE]);

 #ifdef __cplusplus
 }  // extern "C"
 #endif

 #endif  // DICE_DICE_H_
	// Copyright 2020 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License"); you may not
	// use this file except in compliance with the License. You may obtain a copy of
	// the License at
	//
	// https://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	// License for the specific language governing permissions and limitations under
	// the License.

	#ifndef DICE_DICE_H_
	#define DICE_DICE_H_

	#include <stddef.h>
	#include <stdint.h>

	#ifdef __cplusplus
	extern "C" {
	#endif

	#define DICE_CDI_SIZE 32
	#define DICE_HASH_SIZE 64
	#define DICE_HIDDEN_SIZE 64
	#define DICE_INLINE_CONFIG_SIZE 64
	#define DICE_PRIVATE_KEY_SEED_SIZE 32
	#define DICE_ID_SIZE 20

	typedef enum {
	kDiceResultOk,
	kDiceResultInvalidInput,
	kDiceResultBufferTooSmall,
	kDiceResultPlatformError,
	} DiceResult;

	typedef enum {
	kDiceModeNotInitialized,
	kDiceModeNormal,
	kDiceModeDebug,
	kDiceModeMaintenance,
	} DiceMode;

	typedef enum {
	kDiceConfigTypeInline,
	kDiceConfigTypeDescriptor,
	} DiceConfigType;

	// Contains a full set of input values describing the target program or system.
	// See the Open Profile for DICE specification for a detailed explanation of
	// these inputs.
	//
	// Fields:
	// code_hash: A hash or similar representation of the target code.
	// code_descriptor: An optional descriptor to be included in the certificate.
	// This descriptor is opaque to the DICE flow and is included verbatim
	// in the certificate with no validation. May be null.
	// code_descriptor_size: The size in bytes of \|code_descriptor\|.
	// config_type: Indicates how to interpret the remaining config-related
	// fields. If the type is 'inline', then the 64 byte configuration input
	// value must be provided in \|config_value\| and \|config_descriptor\| is
	// ignored. If the type is 'descriptor', then \|config_descriptor\| is
	// hashed to get the configuration input value and \|config_value\| is
	// ignored.
	// config_value: A 64-byte configuration input value when \|config_type\| is
	// kDiceConfigTypeInline. Otherwise, this field is ignored.
	// config_descriptor: A descriptor to be hashed for the configuration input
	// value when \|config_type\| is kDiceConfigTypeDescriptor. Otherwise,
	// this field is ignored and may be null.
	// config_descriptor_size: The size in bytes of \|config_descriptor\|.
	// authority_hash: A hash or similar representation of the authority used to
	// verify the target code. If the code is not verified or the authority
	// is implicit, for example hard coded as part of the code currently
	// executing, then this value should be set to all zero bytes.
	// authority_descriptor: An optional descriptor to be included in the
	// certificate. This descriptor is opaque to the DICE flow and is
	// included verbatim in the certificate with no validation. May be null.
	// authority_descriptor_size: The size in bytes of \|authority_descriptor\|.
	// mode: The current operating mode.
	// hidden: Additional input which will not appear in certificates. If this is
	// not used it should be set to all zero bytes.
	typedef struct DiceInputValues_ {
	uint8_t code_hash[DICE_HASH_SIZE];
	const uint8_t* code_descriptor;
	size_t code_descriptor_size;
	DiceConfigType config_type;
	uint8_t config_value[DICE_INLINE_CONFIG_SIZE];
	const uint8_t* config_descriptor;
	size_t config_descriptor_size;
	uint8_t authority_hash[DICE_HASH_SIZE];
	const uint8_t* authority_descriptor;
	size_t authority_descriptor_size;
	DiceMode mode;
	uint8_t hidden[DICE_HIDDEN_SIZE];
	} DiceInputValues;

	// Derives a \|cdi_private_key_seed\| from a \|cdi_attest\| value. On success
	// populates \|cdi_private_key_seed\| and returns kDiceResultOk.
	DiceResult DiceDeriveCdiPrivateKeySeed(
	void* context, const uint8_t cdi_attest[DICE_CDI_SIZE],
	uint8_t cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE]);

	// Derives an \|id\| from a \|cdi_public_key\| value. Because public keys can vary
	// in length depending on the algorithm, the \|cdi_public_key_size\| in bytes must
	// be provided. When interpreted as an integer, \|id\| is big-endian. On success
	// populates \|id\| and returns kDiceResultOk.
	DiceResult DiceDeriveCdiCertificateId(void* context,
	const uint8_t* cdi_public_key,
	size_t cdi_public_key_size,
	uint8_t id[DICE_ID_SIZE]);

	// Executes the main DICE flow.
	//
	// Given a full set of input values and the current CDI values, computes the
	// next CDI values and a matching certificate. See the Open Profile for DICE
	// specification for a detailed explanation of this flow.
	// In certain cases, the caller may not need to generate the CDI certificate.
	// The caller should signal this by setting the certificate parameters to
	// null/zero values appropriately.
	//
	// Parameters:
	// context: Context provided by the caller that is opaque to this library
	// but is passed through to the integration-provided operations in
	// dice/ops.h. The value is, therefore, integration-specific and may be
	// null.
	// current_cdi_attest, current_cdi_seal: The current CDI values as produced
	// by a previous DICE flow. If this is the first DICE flow in a system,
	// the Unique Device Secret (UDS) should be used for both of these
	// arguments.
	// input_values: A set of input values describing the target program or
	// system.
	// next_cdi_certificate_buffer_size: The size in bytes of the buffer pointed
	// to by the \|next_cdi_certificate\| argument. This should be set to zero
	// if next CDI certificate should not be computed.
	// next_cdi_certificate: On success, will be populated with the generated
	// certificate, up to \|next_cdi_certificate_buffer_size\| in size. If the
	// certificate cannot fit in the buffer, \|next_cdi_certificate_size\| is
	// populated with the required size and kDiceResultBufferTooSmall is
	// returned. This should be set to NULL if next CDI certificate should
	// not be computed.
	// next_cdi_certificate_actual_size: On success, will be populated with the
	// size, in bytes, of the certificate data written to
	// \|next_cdi_certificate\|. If kDiceResultBufferTooSmall is returned, will
	// be populated with the required buffer size. This should be set to NULL
	// if next CDI certificate should not be computed.
	// next_cdi_attest: On success, will be populated with the next CDI value for
	// attestation.
	// next_cdi_seal: On success, will be populated with the next CDI value for
	// sealing.
	DiceResult DiceMainFlow(void* context,
	const uint8_t current_cdi_attest[DICE_CDI_SIZE],
	const uint8_t current_cdi_seal[DICE_CDI_SIZE],
	const DiceInputValues* input_values,
	size_t next_cdi_certificate_buffer_size,
	uint8_t* next_cdi_certificate,
	size_t* next_cdi_certificate_actual_size,
	uint8_t next_cdi_attest[DICE_CDI_SIZE],
	uint8_t next_cdi_seal[DICE_CDI_SIZE]);

	#ifdef __cplusplus
	} // extern "C"
	#endif

	#endif // DICE_DICE_H_