diff options
author | Janis Danisevskis <jdanis@google.com> | 2021-10-11 13:47:46 -0700 |
---|---|---|
committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-10-15 23:16:08 +0000 |
commit | 0ad296aa02db8ecbafae8903dd9ca6a4ead51ba6 (patch) | |
tree | 4774b2f63ba8494913c704dcd80e21a1724d7160 /src | |
parent | 5fa29e05de0cb7c89502c02aa97c1071eb37a38a (diff) | |
download | open-dice-0ad296aa02db8ecbafae8903dd9ca6a4ead51ba6.tar.gz |
Make DICE_ID_SIZE a constant.
This patch introduces DICE_ID_SIZE replacing literal 20 as id size.
Test: N/A
Change-Id: I2b1ccfb1f6925360378493f689baf41a364ef800
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/65580
Reviewed-by: Andrew Scull <ascull@google.com>
Reviewed-by: Darren Krahn <dkrahn@google.com>
Pigweed-Auto-Submit: Janis Danisevskis <jdanis@google.com>
Commit-Queue: Janis Danisevskis <jdanis@google.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/boringssl_cert_op.c | 27 | ||||
-rw-r--r-- | src/cbor_cert_op.c | 4 | ||||
-rw-r--r-- | src/dice.c | 2 | ||||
-rw-r--r-- | src/mbedtls_ops.c | 21 | ||||
-rw-r--r-- | src/template_cbor_cert_op.c | 4 | ||||
-rw-r--r-- | src/template_cert_op.c | 4 | ||||
-rw-r--r-- | src/test_utils.cc | 14 |
7 files changed, 40 insertions, 36 deletions
diff --git a/src/boringssl_cert_op.c b/src/boringssl_cert_op.c index c4cd73a..8ff0503 100644 --- a/src/boringssl_cert_op.c +++ b/src/boringssl_cert_op.c @@ -54,8 +54,8 @@ ASN1_SEQUENCE(DiceExtensionAsn1) = { DECLARE_ASN1_FUNCTIONS(DiceExtensionAsn1) IMPLEMENT_ASN1_FUNCTIONS(DiceExtensionAsn1) -static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20], - const uint8_t authority_id[20]) { +static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[DICE_ID_SIZE], + const uint8_t authority_id[DICE_ID_SIZE]) { // clang-format on DiceResult result = kDiceResultOk; @@ -98,7 +98,7 @@ static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20], goto out; } - serial_bn = BN_bin2bn(subject_id, 20, NULL); + serial_bn = BN_bin2bn(subject_id, DICE_ID_SIZE, NULL); if (!serial_bn) { result = kDiceResultPlatformError; goto out; @@ -110,7 +110,7 @@ static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20], } uint8_t id_hex[40]; - DiceHexEncode(authority_id, 20, id_hex, sizeof(id_hex)); + DiceHexEncode(authority_id, DICE_ID_SIZE, id_hex, sizeof(id_hex)); if (!X509_NAME_add_entry_by_NID(issuer_name, NID_serialNumber, MBSTRING_UTF8, id_hex, sizeof(id_hex), 0, 0)) { result = kDiceResultPlatformError; @@ -121,7 +121,7 @@ static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20], goto out; } - DiceHexEncode(subject_id, 20, id_hex, sizeof(id_hex)); + DiceHexEncode(subject_id, DICE_ID_SIZE, id_hex, sizeof(id_hex)); if (!X509_NAME_add_entry_by_NID(subject_name, NID_serialNumber, MBSTRING_UTF8, id_hex, sizeof(id_hex), 0, 0)) { result = kDiceResultPlatformError; @@ -174,9 +174,9 @@ out: return result; } -static DiceResult AddStandardExtensions(X509* x509, - const uint8_t subject_id[20], - const uint8_t authority_id[20]) { +static DiceResult AddStandardExtensions( + X509* x509, const uint8_t subject_id[DICE_ID_SIZE], + const uint8_t authority_id[DICE_ID_SIZE]) { DiceResult result = kDiceResultOk; // Initialize variables that are cleaned up on 'goto out'. @@ -201,7 +201,8 @@ static DiceResult AddStandardExtensions(X509* x509, result = kDiceResultPlatformError; goto out; } - if (!ASN1_OCTET_STRING_set(authority_key_id->keyid, authority_id, 20)) { + if (!ASN1_OCTET_STRING_set(authority_key_id->keyid, authority_id, + DICE_ID_SIZE)) { result = kDiceResultPlatformError; goto out; } @@ -213,7 +214,7 @@ static DiceResult AddStandardExtensions(X509* x509, result = kDiceResultPlatformError; goto out; } - if (!ASN1_OCTET_STRING_set(subject_key_id, subject_id, 20)) { + if (!ASN1_OCTET_STRING_set(subject_key_id, subject_id, DICE_ID_SIZE)) { result = kDiceResultPlatformError; goto out; } @@ -497,7 +498,7 @@ out: } static DiceResult GetIdFromKey(void* context, const EVP_PKEY* key, - uint8_t id[20]) { + uint8_t id[DICE_ID_SIZE]) { uint8_t raw_public_key[32]; size_t raw_public_key_size = sizeof(raw_public_key); if (!EVP_PKEY_get_raw_public_key(key, raw_public_key, &raw_public_key_size)) { @@ -544,12 +545,12 @@ DiceResult DiceGenerateCertificate( goto out; } - uint8_t authority_id[20]; + uint8_t authority_id[DICE_ID_SIZE]; result = GetIdFromKey(context, authority_key, authority_id); if (result != kDiceResultOk) { goto out; } - uint8_t subject_id[20]; + uint8_t subject_id[DICE_ID_SIZE]; result = GetIdFromKey(context, subject_key, subject_id); if (result != kDiceResultOk) { goto out; diff --git a/src/cbor_cert_op.c b/src/cbor_cert_op.c index 3e9ebeb..915d443 100644 --- a/src/cbor_cert_op.c +++ b/src/cbor_cert_op.c @@ -325,7 +325,7 @@ DiceResult DiceGenerateCertificate( goto out; } - uint8_t subject_id[20]; + uint8_t subject_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, subject_public_key, DICE_PUBLIC_KEY_SIZE, subject_id); if (result != kDiceResultOk) { @@ -343,7 +343,7 @@ DiceResult DiceGenerateCertificate( goto out; } - uint8_t authority_id[20]; + uint8_t authority_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, authority_public_key, DICE_PUBLIC_KEY_SIZE, authority_id); if (result != kDiceResultOk) { @@ -49,7 +49,7 @@ DiceResult DiceDeriveCdiPrivateKeySeed( DiceResult DiceDeriveCdiCertificateId(void* context, const uint8_t* cdi_public_key, size_t cdi_public_key_size, - uint8_t id[20]) { + uint8_t id[DICE_ID_SIZE]) { // Use the public key as input key material, with fixed salt and info. DiceResult result = DiceKdf(context, /*length=*/20, cdi_public_key, cdi_public_key_size, diff --git a/src/mbedtls_ops.c b/src/mbedtls_ops.c index de928d7..7190d0e 100644 --- a/src/mbedtls_ops.c +++ b/src/mbedtls_ops.c @@ -72,7 +72,7 @@ out: static DiceResult GetIdFromKey(void* context, const mbedtls_pk_context* pk_context, - uint8_t id[20]) { + uint8_t id[DICE_ID_SIZE]) { uint8_t raw_public_key[33]; size_t raw_public_key_size = 0; mbedtls_ecp_keypair* key = mbedtls_pk_ec(*pk_context); @@ -87,17 +87,19 @@ static DiceResult GetIdFromKey(void* context, } // 54 byte name is prefix (13), hex id (40), and a null terminator. -static void GetNameFromId(const uint8_t id[20], char name[54]) { +static void GetNameFromId(const uint8_t id[DICE_ID_SIZE], char name[54]) { strcpy(name, "serialNumber="); - DiceHexEncode(id, /*num_bytes=*/20, (uint8_t*)&name[13], /*out_size=*/40); + DiceHexEncode(id, /*num_bytes=*/DICE_ID_SIZE, (uint8_t*)&name[13], + /*out_size=*/40); name[53] = '\0'; } -static DiceResult GetSubjectKeyIdFromId(const uint8_t id[20], +static DiceResult GetSubjectKeyIdFromId(const uint8_t id[DICE_ID_SIZE], size_t buffer_size, uint8_t* buffer, size_t* actual_size) { uint8_t* pos = buffer + buffer_size; - int length_or_error = mbedtls_asn1_write_octet_string(&pos, buffer, id, 20); + int length_or_error = + mbedtls_asn1_write_octet_string(&pos, buffer, id, DICE_ID_SIZE); if (length_or_error < 0) { return kDiceResultPlatformError; } @@ -126,11 +128,12 @@ static int AddAuthorityKeyIdEncoding(uint8_t** pos, uint8_t* start, return length; } -static DiceResult GetAuthorityKeyIdFromId(const uint8_t id[20], +static DiceResult GetAuthorityKeyIdFromId(const uint8_t id[DICE_ID_SIZE], size_t buffer_size, uint8_t* buffer, size_t* actual_size) { uint8_t* pos = buffer + buffer_size; - int length_or_error = mbedtls_asn1_write_raw_buffer(&pos, buffer, id, 20); + int length_or_error = + mbedtls_asn1_write_raw_buffer(&pos, buffer, id, DICE_ID_SIZE); if (length_or_error < 0) { return kDiceResultPlatformError; } @@ -330,7 +333,7 @@ DiceResult DiceGenerateCertificate( goto out; } - uint8_t authority_id[20]; + uint8_t authority_id[DICE_ID_SIZE]; result = GetIdFromKey(context, &authority_key_context, authority_id); if (result != kDiceResultOk) { goto out; @@ -350,7 +353,7 @@ DiceResult DiceGenerateCertificate( goto out; } - uint8_t subject_id[20]; + uint8_t subject_id[DICE_ID_SIZE]; result = GetIdFromKey(context, &subject_key_context, subject_id); if (result != kDiceResultOk) { goto out; diff --git a/src/template_cbor_cert_op.c b/src/template_cbor_cert_op.c index 52eb131..c2f6f42 100644 --- a/src/template_cbor_cert_op.c +++ b/src/template_cbor_cert_op.c @@ -191,7 +191,7 @@ DiceResult DiceGenerateCertificate( goto out; } - uint8_t subject_id[20]; + uint8_t subject_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, subject_public_key, DICE_PUBLIC_KEY_SIZE, subject_id); if (result != kDiceResultOk) { @@ -208,7 +208,7 @@ DiceResult DiceGenerateCertificate( goto out; } - uint8_t authority_id[20]; + uint8_t authority_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, authority_public_key, DICE_PUBLIC_KEY_SIZE, authority_id); if (result != kDiceResultOk) { diff --git a/src/template_cert_op.c b/src/template_cert_op.c index 23929ea..0df423a 100644 --- a/src/template_cert_op.c +++ b/src/template_cert_op.c @@ -195,7 +195,7 @@ DiceResult DiceGenerateCertificate( ED25519_keypair_from_seed(subject_public_key, subject_bssl_private_key, subject_private_key_seed); - uint8_t subject_id[20]; + uint8_t subject_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, subject_public_key, 32, subject_id); if (result != kDiceResultOk) { @@ -209,7 +209,7 @@ DiceResult DiceGenerateCertificate( ED25519_keypair_from_seed(authority_public_key, authority_bssl_private_key, authority_private_key_seed); - uint8_t authority_id[20]; + uint8_t authority_id[DICE_ID_SIZE]; result = DiceDeriveCdiCertificateId(context, authority_public_key, 32, authority_id); if (result != kDiceResultOk) { diff --git a/src/test_utils.cc b/src/test_utils.cc index 48949d1..e5dbd6f 100644 --- a/src/test_utils.cc +++ b/src/test_utils.cc @@ -202,7 +202,7 @@ bssl::UniquePtr<EVP_PKEY> KeyFromRawKey( return nullptr; } -void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[20], +void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[DICE_ID_SIZE], uint8_t certificate[dice::test::kTestCertSize], size_t* certificate_size) { bssl::UniquePtr<X509> x509(X509_new()); @@ -213,7 +213,7 @@ void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[20], X509_set_serialNumber(x509.get(), serial.get()); uint8_t id_hex[40]; - DiceHexEncode(id, 20, id_hex, sizeof(id_hex)); + DiceHexEncode(id, DICE_ID_SIZE, id_hex, sizeof(id_hex)); bssl::UniquePtr<X509_NAME> issuer_name(X509_NAME_new()); X509_NAME_add_entry_by_NID(issuer_name.get(), NID_serialNumber, MBSTRING_UTF8, id_hex, sizeof(id_hex), 0, 0); @@ -228,7 +228,7 @@ void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[20], X509_set_notAfter(x509.get(), not_after.get()); bssl::UniquePtr<ASN1_OCTET_STRING> subject_key_id(ASN1_OCTET_STRING_new()); - ASN1_OCTET_STRING_set(subject_key_id.get(), id, 20); + ASN1_OCTET_STRING_set(subject_key_id.get(), id, DICE_ID_SIZE); bssl::UniquePtr<X509_EXTENSION> subject_key_id_ext(X509V3_EXT_i2d( NID_subject_key_identifier, /*crit=*/0, subject_key_id.get())); X509_add_ext(x509.get(), subject_key_id_ext.get(), /*loc=*/-1); @@ -299,8 +299,8 @@ bool VerifyX509CertificateChain(const uint8_t* root_certificate, void CreateCborUdsCertificate( const uint8_t private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE], - const uint8_t id[20], uint8_t certificate[dice::test::kTestCertSize], - size_t* certificate_size) { + const uint8_t id[DICE_ID_SIZE], + uint8_t certificate[dice::test::kTestCertSize], size_t* certificate_size) { const uint8_t kProtectedAttributesCbor[3] = { 0xa1 /* map(1) */, 0x01 /* alg(1) */, 0x27 /* EdDSA(-8) */}; const int64_t kCwtIssuerLabel = 1; @@ -331,7 +331,7 @@ void CreateCborUdsCertificate( // Simple CWT payload with issuer, subject, and use the same subject public // key field as a CDI certificate to make verification easy. char id_hex[41]; - DiceHexEncode(id, 20, id_hex, sizeof(id_hex)); + DiceHexEncode(id, DICE_ID_SIZE, id_hex, sizeof(id_hex)); id_hex[40] = '\0'; ScopedCbor cwt(cn_cbor_map_create(&error)); cn_cbor_mapput_int(cwt.get(), kCwtIssuerLabel, @@ -627,7 +627,7 @@ void CreateFakeUdsCertificate(void* context, const uint8_t uds[32], bssl::UniquePtr<EVP_PKEY> key( KeyFromRawKey(raw_key, key_type, raw_public_key, &raw_public_key_size)); - uint8_t id[20]; + uint8_t id[DICE_ID_SIZE]; DiceDeriveCdiCertificateId(context, raw_public_key, raw_public_key_size, id); if (cert_type == CertificateType_X509) { |