Make DICE_ID_SIZE a constant.

This patch introduces DICE_ID_SIZE replacing literal 20 as id size. Test: N/A Change-Id: I2b1ccfb1f6925360378493f689baf41a364ef800 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/65580 Reviewed-by: Andrew Scull <ascull@google.com> Reviewed-by: Darren Krahn <dkrahn@google.com> Pigweed-Auto-Submit: Janis Danisevskis <jdanis@google.com> Commit-Queue: Janis Danisevskis <jdanis@google.com>
author: Janis Danisevskis <jdanis@google.com> 2021-10-11 13:47:46 -0700
committer: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> 2021-10-15 23:16:08 +0000
commit: 0ad296aa02db8ecbafae8903dd9ca6a4ead51ba6 (patch)
tree: 4774b2f63ba8494913c704dcd80e21a1724d7160 /src
parent: 5fa29e05de0cb7c89502c02aa97c1071eb37a38a (diff)
download: open-dice-0ad296aa02db8ecbafae8903dd9ca6a4ead51ba6.tar.gz
7 files changed, 40 insertions, 36 deletions
diff --git a/src/boringssl_cert_op.c b/src/boringssl_cert_op.c
index c4cd73a..8ff0503 100644
--- a/src/boringssl_cert_op.c
+++ b/src/boringssl_cert_op.c
@@ -54,8 +54,8 @@ ASN1_SEQUENCE(DiceExtensionAsn1) = {
 DECLARE_ASN1_FUNCTIONS(DiceExtensionAsn1)
 IMPLEMENT_ASN1_FUNCTIONS(DiceExtensionAsn1)
 
-static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20],
-                                    const uint8_t authority_id[20]) {
+static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[DICE_ID_SIZE],
+                                    const uint8_t authority_id[DICE_ID_SIZE]) {
   // clang-format on
   DiceResult result = kDiceResultOk;
 
@@ -98,7 +98,7 @@ static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20],
     goto out;
   }
 
-  serial_bn = BN_bin2bn(subject_id, 20, NULL);
+  serial_bn = BN_bin2bn(subject_id, DICE_ID_SIZE, NULL);
   if (!serial_bn) {
     result = kDiceResultPlatformError;
     goto out;
@@ -110,7 +110,7 @@ static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20],
   }
 
   uint8_t id_hex[40];
-  DiceHexEncode(authority_id, 20, id_hex, sizeof(id_hex));
+  DiceHexEncode(authority_id, DICE_ID_SIZE, id_hex, sizeof(id_hex));
   if (!X509_NAME_add_entry_by_NID(issuer_name, NID_serialNumber, MBSTRING_UTF8,
                                   id_hex, sizeof(id_hex), 0, 0)) {
     result = kDiceResultPlatformError;
@@ -121,7 +121,7 @@ static DiceResult AddStandardFields(X509* x509, const uint8_t subject_id[20],
     goto out;
   }
 
-  DiceHexEncode(subject_id, 20, id_hex, sizeof(id_hex));
+  DiceHexEncode(subject_id, DICE_ID_SIZE, id_hex, sizeof(id_hex));
   if (!X509_NAME_add_entry_by_NID(subject_name, NID_serialNumber, MBSTRING_UTF8,
                                   id_hex, sizeof(id_hex), 0, 0)) {
     result = kDiceResultPlatformError;
@@ -174,9 +174,9 @@ out:
   return result;
 }
 
-static DiceResult AddStandardExtensions(X509* x509,
-                                        const uint8_t subject_id[20],
-                                        const uint8_t authority_id[20]) {
+static DiceResult AddStandardExtensions(
+    X509* x509, const uint8_t subject_id[DICE_ID_SIZE],
+    const uint8_t authority_id[DICE_ID_SIZE]) {
   DiceResult result = kDiceResultOk;
 
   // Initialize variables that are cleaned up on 'goto out'.
@@ -201,7 +201,8 @@ static DiceResult AddStandardExtensions(X509* x509,
     result = kDiceResultPlatformError;
     goto out;
   }
-  if (!ASN1_OCTET_STRING_set(authority_key_id->keyid, authority_id, 20)) {
+  if (!ASN1_OCTET_STRING_set(authority_key_id->keyid, authority_id,
+                             DICE_ID_SIZE)) {
     result = kDiceResultPlatformError;
     goto out;
   }
@@ -213,7 +214,7 @@ static DiceResult AddStandardExtensions(X509* x509,
     result = kDiceResultPlatformError;
     goto out;
   }
-  if (!ASN1_OCTET_STRING_set(subject_key_id, subject_id, 20)) {
+  if (!ASN1_OCTET_STRING_set(subject_key_id, subject_id, DICE_ID_SIZE)) {
     result = kDiceResultPlatformError;
     goto out;
   }
@@ -497,7 +498,7 @@ out:
 }
 
 static DiceResult GetIdFromKey(void* context, const EVP_PKEY* key,
-                               uint8_t id[20]) {
+                               uint8_t id[DICE_ID_SIZE]) {
   uint8_t raw_public_key[32];
   size_t raw_public_key_size = sizeof(raw_public_key);
   if (!EVP_PKEY_get_raw_public_key(key, raw_public_key, &raw_public_key_size)) {
@@ -544,12 +545,12 @@ DiceResult DiceGenerateCertificate(
     goto out;
   }
 
-  uint8_t authority_id[20];
+  uint8_t authority_id[DICE_ID_SIZE];
   result = GetIdFromKey(context, authority_key, authority_id);
   if (result != kDiceResultOk) {
     goto out;
   }
-  uint8_t subject_id[20];
+  uint8_t subject_id[DICE_ID_SIZE];
   result = GetIdFromKey(context, subject_key, subject_id);
   if (result != kDiceResultOk) {
     goto out;
diff --git a/src/cbor_cert_op.c b/src/cbor_cert_op.c
index 3e9ebeb..915d443 100644
--- a/src/cbor_cert_op.c
+++ b/src/cbor_cert_op.c
@@ -325,7 +325,7 @@ DiceResult DiceGenerateCertificate(
     goto out;
   }
 
-  uint8_t subject_id[20];
+  uint8_t subject_id[DICE_ID_SIZE];
   result = DiceDeriveCdiCertificateId(context, subject_public_key,
                                       DICE_PUBLIC_KEY_SIZE, subject_id);
   if (result != kDiceResultOk) {
@@ -343,7 +343,7 @@ DiceResult DiceGenerateCertificate(
     goto out;
   }
 
-  uint8_t authority_id[20];
+  uint8_t authority_id[DICE_ID_SIZE];
   result = DiceDeriveCdiCertificateId(context, authority_public_key,
                                       DICE_PUBLIC_KEY_SIZE, authority_id);
   if (result != kDiceResultOk) {
diff --git a/src/dice.c b/src/dice.c
index 8edc02b..df1dee3 100644
--- a/src/dice.c
+++ b/src/dice.c
@@ -49,7 +49,7 @@ DiceResult DiceDeriveCdiPrivateKeySeed(
 DiceResult DiceDeriveCdiCertificateId(void* context,
                                       const uint8_t* cdi_public_key,
                                       size_t cdi_public_key_size,
-                                      uint8_t id[20]) {
+                                      uint8_t id[DICE_ID_SIZE]) {
   // Use the public key as input key material, with fixed salt and info.
   DiceResult result =
       DiceKdf(context, /*length=*/20, cdi_public_key, cdi_public_key_size,
diff --git a/src/mbedtls_ops.c b/src/mbedtls_ops.c
index de928d7..7190d0e 100644
--- a/src/mbedtls_ops.c
+++ b/src/mbedtls_ops.c
@@ -72,7 +72,7 @@ out:
 
 static DiceResult GetIdFromKey(void* context,
                                const mbedtls_pk_context* pk_context,
-                               uint8_t id[20]) {
+                               uint8_t id[DICE_ID_SIZE]) {
   uint8_t raw_public_key[33];
   size_t raw_public_key_size = 0;
   mbedtls_ecp_keypair* key = mbedtls_pk_ec(*pk_context);
@@ -87,17 +87,19 @@ static DiceResult GetIdFromKey(void* context,
 }
 
 // 54 byte name is prefix (13), hex id (40), and a null terminator.
-static void GetNameFromId(const uint8_t id[20], char name[54]) {
+static void GetNameFromId(const uint8_t id[DICE_ID_SIZE], char name[54]) {
   strcpy(name, "serialNumber=");
-  DiceHexEncode(id, /*num_bytes=*/20, (uint8_t*)&name[13], /*out_size=*/40);
+  DiceHexEncode(id, /*num_bytes=*/DICE_ID_SIZE, (uint8_t*)&name[13],
+                /*out_size=*/40);
   name[53] = '\0';
 }
 
-static DiceResult GetSubjectKeyIdFromId(const uint8_t id[20],
+static DiceResult GetSubjectKeyIdFromId(const uint8_t id[DICE_ID_SIZE],
                                         size_t buffer_size, uint8_t* buffer,
                                         size_t* actual_size) {
   uint8_t* pos = buffer + buffer_size;
-  int length_or_error = mbedtls_asn1_write_octet_string(&pos, buffer, id, 20);
+  int length_or_error =
+      mbedtls_asn1_write_octet_string(&pos, buffer, id, DICE_ID_SIZE);
   if (length_or_error < 0) {
     return kDiceResultPlatformError;
   }
@@ -126,11 +128,12 @@ static int AddAuthorityKeyIdEncoding(uint8_t** pos, uint8_t* start,
   return length;
 }
 
-static DiceResult GetAuthorityKeyIdFromId(const uint8_t id[20],
+static DiceResult GetAuthorityKeyIdFromId(const uint8_t id[DICE_ID_SIZE],
                                           size_t buffer_size, uint8_t* buffer,
                                           size_t* actual_size) {
   uint8_t* pos = buffer + buffer_size;
-  int length_or_error = mbedtls_asn1_write_raw_buffer(&pos, buffer, id, 20);
+  int length_or_error =
+      mbedtls_asn1_write_raw_buffer(&pos, buffer, id, DICE_ID_SIZE);
   if (length_or_error < 0) {
     return kDiceResultPlatformError;
   }
@@ -330,7 +333,7 @@ DiceResult DiceGenerateCertificate(
     goto out;
   }
 
-  uint8_t authority_id[20];
+  uint8_t authority_id[DICE_ID_SIZE];
   result = GetIdFromKey(context, &authority_key_context, authority_id);
   if (result != kDiceResultOk) {
     goto out;
@@ -350,7 +353,7 @@ DiceResult DiceGenerateCertificate(
     goto out;
   }
 
-  uint8_t subject_id[20];
+  uint8_t subject_id[DICE_ID_SIZE];
   result = GetIdFromKey(context, &subject_key_context, subject_id);
   if (result != kDiceResultOk) {
     goto out;
diff --git a/src/template_cbor_cert_op.c b/src/template_cbor_cert_op.c
index 52eb131..c2f6f42 100644
--- a/src/template_cbor_cert_op.c
+++ b/src/template_cbor_cert_op.c
@@ -191,7 +191,7 @@ DiceResult DiceGenerateCertificate(
     goto out;
   }
 
-  uint8_t subject_id[20];
+  uint8_t subject_id[DICE_ID_SIZE];
   result = DiceDeriveCdiCertificateId(context, subject_public_key,
                                       DICE_PUBLIC_KEY_SIZE, subject_id);
   if (result != kDiceResultOk) {
@@ -208,7 +208,7 @@ DiceResult DiceGenerateCertificate(
     goto out;
   }
 
-  uint8_t authority_id[20];
+  uint8_t authority_id[DICE_ID_SIZE];
   result = DiceDeriveCdiCertificateId(context, authority_public_key,
                                       DICE_PUBLIC_KEY_SIZE, authority_id);
   if (result != kDiceResultOk) {
diff --git a/src/template_cert_op.c b/src/template_cert_op.c
index 23929ea..0df423a 100644
--- a/src/template_cert_op.c
+++ b/src/template_cert_op.c
@@ -195,7 +195,7 @@ DiceResult DiceGenerateCertificate(
   ED25519_keypair_from_seed(subject_public_key, subject_bssl_private_key,
                             subject_private_key_seed);
 
-  uint8_t subject_id[20];
+  uint8_t subject_id[DICE_ID_SIZE];
   result =
       DiceDeriveCdiCertificateId(context, subject_public_key, 32, subject_id);
   if (result != kDiceResultOk) {
@@ -209,7 +209,7 @@ DiceResult DiceGenerateCertificate(
   ED25519_keypair_from_seed(authority_public_key, authority_bssl_private_key,
                             authority_private_key_seed);
 
-  uint8_t authority_id[20];
+  uint8_t authority_id[DICE_ID_SIZE];
   result = DiceDeriveCdiCertificateId(context, authority_public_key, 32,
                                       authority_id);
   if (result != kDiceResultOk) {
diff --git a/src/test_utils.cc b/src/test_utils.cc
index 48949d1..e5dbd6f 100644
--- a/src/test_utils.cc
+++ b/src/test_utils.cc
@@ -202,7 +202,7 @@ bssl::UniquePtr<EVP_PKEY> KeyFromRawKey(
   return nullptr;
 }
 
-void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[20],
+void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[DICE_ID_SIZE],
                               uint8_t certificate[dice::test::kTestCertSize],
                               size_t* certificate_size) {
   bssl::UniquePtr<X509> x509(X509_new());
@@ -213,7 +213,7 @@ void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[20],
   X509_set_serialNumber(x509.get(), serial.get());
 
   uint8_t id_hex[40];
-  DiceHexEncode(id, 20, id_hex, sizeof(id_hex));
+  DiceHexEncode(id, DICE_ID_SIZE, id_hex, sizeof(id_hex));
   bssl::UniquePtr<X509_NAME> issuer_name(X509_NAME_new());
   X509_NAME_add_entry_by_NID(issuer_name.get(), NID_serialNumber, MBSTRING_UTF8,
                              id_hex, sizeof(id_hex), 0, 0);
@@ -228,7 +228,7 @@ void CreateX509UdsCertificate(EVP_PKEY* key, const uint8_t id[20],
   X509_set_notAfter(x509.get(), not_after.get());
 
   bssl::UniquePtr<ASN1_OCTET_STRING> subject_key_id(ASN1_OCTET_STRING_new());
-  ASN1_OCTET_STRING_set(subject_key_id.get(), id, 20);
+  ASN1_OCTET_STRING_set(subject_key_id.get(), id, DICE_ID_SIZE);
   bssl::UniquePtr<X509_EXTENSION> subject_key_id_ext(X509V3_EXT_i2d(
       NID_subject_key_identifier, /*crit=*/0, subject_key_id.get()));
   X509_add_ext(x509.get(), subject_key_id_ext.get(), /*loc=*/-1);
@@ -299,8 +299,8 @@ bool VerifyX509CertificateChain(const uint8_t* root_certificate,
 
 void CreateCborUdsCertificate(
     const uint8_t private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE],
-    const uint8_t id[20], uint8_t certificate[dice::test::kTestCertSize],
-    size_t* certificate_size) {
+    const uint8_t id[DICE_ID_SIZE],
+    uint8_t certificate[dice::test::kTestCertSize], size_t* certificate_size) {
   const uint8_t kProtectedAttributesCbor[3] = {
       0xa1 /* map(1) */, 0x01 /* alg(1) */, 0x27 /* EdDSA(-8) */};
   const int64_t kCwtIssuerLabel = 1;
@@ -331,7 +331,7 @@ void CreateCborUdsCertificate(
   // Simple CWT payload with issuer, subject, and use the same subject public
   // key field as a CDI certificate to make verification easy.
   char id_hex[41];
-  DiceHexEncode(id, 20, id_hex, sizeof(id_hex));
+  DiceHexEncode(id, DICE_ID_SIZE, id_hex, sizeof(id_hex));
   id_hex[40] = '\0';
   ScopedCbor cwt(cn_cbor_map_create(&error));
   cn_cbor_mapput_int(cwt.get(), kCwtIssuerLabel,
@@ -627,7 +627,7 @@ void CreateFakeUdsCertificate(void* context, const uint8_t uds[32],
   bssl::UniquePtr<EVP_PKEY> key(
       KeyFromRawKey(raw_key, key_type, raw_public_key, &raw_public_key_size));
 
-  uint8_t id[20];
+  uint8_t id[DICE_ID_SIZE];
   DiceDeriveCdiCertificateId(context, raw_public_key, raw_public_key_size, id);
 
   if (cert_type == CertificateType_X509) {
author	Janis Danisevskis <jdanis@google.com>	2021-10-11 13:47:46 -0700
committer	CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>	2021-10-15 23:16:08 +0000
commit	0ad296aa02db8ecbafae8903dd9ca6a4ead51ba6 (patch)
tree	4774b2f63ba8494913c704dcd80e21a1724d7160 /src
parent	5fa29e05de0cb7c89502c02aa97c1071eb37a38a (diff)
download	open-dice-0ad296aa02db8ecbafae8903dd9ca6a4ead51ba6.tar.gz