Merge upstream changes am: 28e80a8911 am: 5f90aa464b am: 593d568d83

Original change: https://android-review.googlesource.com/c/platform/external/open-dice/+/2841613 Change-Id: I1e7cf0aeb2ff471e389d07fdbec0c8bfaecc5f67 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Alan Stokes <alanstokes@google.com> 2023-11-28 17:50:38 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-11-28 17:50:38 +0000
commit: fdf253cd4a181cfdf8586af0af55531828fce6b2 (patch)
tree: a6db87a2b2c2b6c18ec95379a965522bec189b37
parent: 2555fcd27978ba6a95e25f383d62a79450f82e4f (diff)
parent: 593d568d83eb00f37c2c415199761111ab550114 (diff)
download: open-dice-fdf253cd4a181cfdf8586af0af55531828fce6b2.tar.gz
6 files changed, 48 insertions, 17 deletions
diff --git a/docs/android.md b/docs/android.md
index fd65f12..6398996 100644
--- a/docs/android.md
+++ b/docs/android.md
@@ -82,6 +82,29 @@ Component&nbsp;name    | -70002 | tstr                 | Name of the component
 Component&nbsp;version | -70003 | int&nbsp;/&nbsp;tstr | Version of the component
 Resettable             | -70004 | null                 | If present, key changes on factory reset
 Security&nbsp;version  | -70005 | uint                 | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version, for example, the anti-rollback counter
+[RKP&nbsp;VM][rkp-vm]&nbsp;marker | -70006 | null      | If present, the component can take part in running a VM that can receive an attestation certificate from an [RKP Service][rkp-service].
+
+[rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/service_vm/README.md#rkp-vm-remote-key-provisioning-virtual-machine
+[rkp-service]: https://source.android.com/docs/core/ota/modular-system/remote-key-provisioning#stack-architecture
+
+### RKP VM
+
+The RKP VM marker is used to distinguish the RKP VM from other components.
+
+When parsing a DICE chain compliant with this profile, there are multiple types
+of components that may be described by a given chain:
+1. RKP VM: If a DICE chain has zero or more certificates without the RKP VM
+   marker followed by one or more certificates with the marker, then that chain
+   describes an RKP VM. If there are further certificates without the RKP VM
+   marker, then the chain does not describe an RKP VM.
+
+   Implementations must include the first RPK VM marker as early as possible
+   after the point of divergence between TEE and non-TEE components in the DICE
+   chain, prior to loading the Android Bootloader (ABL).
+2. A TEE Component (e.g. KeyMint): If there are no certificates with the RKP VM
+   marker then it describes a TEE component.
+3. Other: Any component described by a DICE chain that does not match the above
+   two categories.
 
 ### Versions
 
diff --git a/include/dice/android.h b/include/dice/android.h
index 7a64cc6..7ca1df8 100644
--- a/include/dice/android.h
+++ b/include/dice/android.h
@@ -27,6 +27,7 @@ extern "C" {
 #define DICE_ANDROID_CONFIG_COMPONENT_VERSION (1 << 1)
 #define DICE_ANDROID_CONFIG_RESETTABLE (1 << 2)
 #define DICE_ANDROID_CONFIG_SECURITY_VERSION (1 << 3)
+#define DICE_ANDROID_CONFIG_RKP_VM_MARKER (1 << 4)
 
 // Contains the input values used to construct the Android Profile for DICE
 // configuration descriptor. The fields to include in the configuration
diff --git a/src/android.c b/src/android.c
index 39ee7d0..cf540db 100644
--- a/src/android.c
+++ b/src/android.c
@@ -37,7 +37,8 @@ DiceResult DiceAndroidFormatConfigDescriptor(
   static const int64_t kComponentNameLabel = -70002;
   static const int64_t kComponentVersionLabel = -70003;
   static const int64_t kResettableLabel = -70004;
-  static const int64_t kSecurityVersion = -70005;
+  static const int64_t kSecurityVersionLabel = -70005;
+  static const int64_t kRkpVmMarkerLabel = -70006;
 
   // AndroidConfigDescriptor = {
   //   ? -70002 : tstr,     ; Component name
@@ -61,9 +62,13 @@ DiceResult DiceAndroidFormatConfigDescriptor(
     CborWriteNull(&out);
   }
   if (config_values->configs & DICE_ANDROID_CONFIG_SECURITY_VERSION) {
-    CborWriteInt(kSecurityVersion, &out);
+    CborWriteInt(kSecurityVersionLabel, &out);
     CborWriteUint(config_values->security_version, &out);
   }
+  if (config_values->configs & DICE_ANDROID_CONFIG_RKP_VM_MARKER) {
+    CborWriteInt(kRkpVmMarkerLabel, &out);
+    CborWriteNull(&out);
+  }
   *actual_size = CborOutSize(&out);
   if (CborOutOverflowed(&out)) {
     return kDiceResultBufferTooSmall;
@@ -117,22 +122,23 @@ DiceResult DiceAndroidMainFlow(void* context,
   struct CborOut out;
   CborOutInit(buffer, buffer_size, &out);
   CborWriteArray(chain_item_count + 1, &out);
+  size_t new_chain_prefix_size = CborOutSize(&out);
   if (CborOutOverflowed(&out) ||
-      chain_items_size > buffer_size - CborOutSize(&out)) {
+      chain_items_size > buffer_size - new_chain_prefix_size) {
     // Continue with an empty buffer to measure the required size.
     buffer_size = 0;
   } else {
-    memcpy(buffer + CborOutSize(&out), chain + chain_items_offset,
+    memcpy(buffer + new_chain_prefix_size, chain + chain_items_offset,
            chain_items_size);
-    buffer += CborOutSize(&out) + chain_items_size;
-    buffer_size -= CborOutSize(&out) + chain_items_size;
+    buffer += new_chain_prefix_size + chain_items_size;
+    buffer_size -= new_chain_prefix_size + chain_items_size;
   }
 
   size_t certificate_size;
   result = DiceMainFlow(context, current_cdi_attest, current_cdi_seal,
                         input_values, buffer_size, buffer, &certificate_size,
                         next_cdi_attest, next_cdi_seal);
-  *actual_size = CborOutSize(&out) + chain_items_size + certificate_size;
+  *actual_size = new_chain_prefix_size + chain_items_size + certificate_size;
   return result;
 }
 
diff --git a/src/android_test.cc b/src/android_test.cc
index c90bed1..86e1cb5 100644
--- a/src/android_test.cc
+++ b/src/android_test.cc
@@ -45,7 +45,8 @@ TEST(DiceAndroidConfigTest, AllConfigFields) {
       .configs = DICE_ANDROID_CONFIG_COMPONENT_NAME |
                  DICE_ANDROID_CONFIG_COMPONENT_VERSION |
                  DICE_ANDROID_CONFIG_RESETTABLE |
-                 DICE_ANDROID_CONFIG_SECURITY_VERSION,
+                 DICE_ANDROID_CONFIG_SECURITY_VERSION |
+                 DICE_ANDROID_CONFIG_RKP_VM_MARKER,
       .component_name = "Test Component Name",
       .component_version = 0x232a13dec90f42b5,
       .security_version = 0xfab777c1,
@@ -56,16 +57,17 @@ TEST(DiceAndroidConfigTest, AllConfigFields) {
   EXPECT_EQ(kDiceResultBufferTooSmall, result);
   std::vector<uint8_t> buffer(buffer_size);
   const uint8_t expected[] = {
-      0xa4, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x73, 'T',  'e',  's',  't',  ' ',
-      'C',  'o',  'm',  'p',  'o',  'n',  'e',  'n',  't',  ' ',  'N',  'a',
-      'm',  'e',  0x3a, 0x00, 0x01, 0x11, 0x72, 0x1b, 0x23, 0x2a, 0x13, 0xde,
-      0xc9, 0x0f, 0x42, 0xb5, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00,
-      0x01, 0x11, 0x74, 0x1a, 0xfa, 0xb7, 0x77, 0xc1};
+      0xa5, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x73, 'T',  'e',  's',  't',
+      ' ',  'C',  'o',  'm',  'p',  'o',  'n',  'e',  'n',  't',  ' ',
+      'N',  'a',  'm',  'e',  0x3a, 0x00, 0x01, 0x11, 0x72, 0x1b, 0x23,
+      0x2a, 0x13, 0xde, 0xc9, 0x0f, 0x42, 0xb5, 0x3a, 0x00, 0x01, 0x11,
+      0x73, 0xf6, 0x3a, 0x00, 0x01, 0x11, 0x74, 0x1a, 0xfa, 0xb7, 0x77,
+      0xc1, 0x3a, 0x00, 0x01, 0x11, 0x75, 0xf6};
   EXPECT_EQ(sizeof(expected), buffer.size());
   result = DiceAndroidFormatConfigDescriptor(&config_values, buffer.size(),
                                              buffer.data(), &buffer_size);
   EXPECT_EQ(sizeof(expected), buffer_size);
-  EXPECT_EQ(0, memcmp(expected, buffer.data(), buffer.size()));
+  EXPECT_EQ(0, memcmp(expected, buffer.data(), sizeof(expected)));
 }
 
 TEST(DiceAndroidTest, PreservesPreviousEntries) {
diff --git a/src/boringssl_p384_ops.c b/src/boringssl_p384_ops.c
index ca5e88b..d5a0d0c 100644
--- a/src/boringssl_p384_ops.c
+++ b/src/boringssl_p384_ops.c
@@ -12,8 +12,7 @@
 // License for the specific language governing permissions and limitations under
 // the License.
 
-// This is an implementation of the crypto operations that uses boringssl. The
-// algorithms used are SHA512, HKDF-SHA512, and Ed25519-SHA512.
+// This is an implementation of P-384 signature operations using boringssl.
 
 #include <stdint.h>
 #include <stdio.h>
diff --git a/src/cbor_p384_cert_op.c b/src/cbor_p384_cert_op.c
index a263573..8e9df7a 100644
--- a/src/cbor_p384_cert_op.c
+++ b/src/cbor_p384_cert_op.c
@@ -13,7 +13,7 @@
 // the License.
 
 // This is a DiceGenerateCertificate implementation that generates a CWT-style
-// CBOR certificate using the ED25519-SHA512 signature scheme.
+// CBOR certificate using the P-384 signature algorithm.
 
 #include <stddef.h>
 #include <stdint.h>
author	Alan Stokes <alanstokes@google.com>	2023-11-28 17:50:38 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-11-28 17:50:38 +0000
commit	fdf253cd4a181cfdf8586af0af55531828fce6b2 (patch)
tree	a6db87a2b2c2b6c18ec95379a965522bec189b37
parent	2555fcd27978ba6a95e25f383d62a79450f82e4f (diff)
parent	593d568d83eb00f37c2c415199761111ab550114 (diff)
download	open-dice-fdf253cd4a181cfdf8586af0af55531828fce6b2.tar.gz