Rename DICE_PRIVATE_KEY_SIZE to DICE_PRIVATE_KEY_BUFFER_SIZE
Bug: b/357008987
Change-Id: I7fc3233187dde0b8d4231a5eff51dfd29861035c
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/247652
Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
Presubmit-Verified: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Darren Krahn <dkrahn@google.com>
Commit-Queue: Alice Wang <aliceywang@google.com>
Reviewed-by: Dan Fess <dfess@google.com>
diff --git a/include/dice/config/boringssl_ecdsa_p256/dice/config.h b/include/dice/config/boringssl_ecdsa_p256/dice/config.h
index 126c31d..7e390d5 100644
--- a/include/dice/config/boringssl_ecdsa_p256/dice/config.h
+++ b/include/dice/config/boringssl_ecdsa_p256/dice/config.h
@@ -18,7 +18,7 @@
// ECDSA P256
// From table 1 of RFC 9053
#define DICE_PUBLIC_KEY_BUFFER_SIZE 64
-#define DICE_PRIVATE_KEY_SIZE 32
+#define DICE_PRIVATE_KEY_BUFFER_SIZE 32
#define DICE_SIGNATURE_BUFFER_SIZE 64
#endif // DICE_CONFIG_BORINGSSL_ECDSA_P256_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/boringssl_ecdsa_p384/dice/config.h b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
index ea4dc5f..48ff621 100644
--- a/include/dice/config/boringssl_ecdsa_p384/dice/config.h
+++ b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
@@ -18,7 +18,7 @@
// ECDSA P384
// From table 1 of RFC 9053
#define DICE_PUBLIC_KEY_BUFFER_SIZE 96
-#define DICE_PRIVATE_KEY_SIZE 48
+#define DICE_PRIVATE_KEY_BUFFER_SIZE 48
#define DICE_SIGNATURE_BUFFER_SIZE 96
#endif // DICE_CONFIG_BORINGSSL_ECDSA_P384_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/boringssl_ed25519/dice/config.h b/include/dice/config/boringssl_ed25519/dice/config.h
index c44f4c1..79d1eab 100644
--- a/include/dice/config/boringssl_ed25519/dice/config.h
+++ b/include/dice/config/boringssl_ed25519/dice/config.h
@@ -18,7 +18,7 @@
// Ed25519
// COSE Key alg value from Table 2 of RFC9053
#define DICE_PUBLIC_KEY_BUFFER_SIZE 32
-#define DICE_PRIVATE_KEY_SIZE 64
+#define DICE_PRIVATE_KEY_BUFFER_SIZE 64
#define DICE_SIGNATURE_BUFFER_SIZE 64
#endif // DICE_CONFIG_BORINGSSL_ED25519_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/boringssl_multialg/dice/config.h b/include/dice/config/boringssl_multialg/dice/config.h
index 4ddc03b..d8a965d 100644
--- a/include/dice/config/boringssl_multialg/dice/config.h
+++ b/include/dice/config/boringssl_multialg/dice/config.h
@@ -20,9 +20,9 @@
#include "dice/types.h"
-// Upper bound of sizes based on P-384.
+// Upper bound of sizes for all the supported algorithms.
#define DICE_PUBLIC_KEY_BUFFER_SIZE 96
-#define DICE_PRIVATE_KEY_SIZE 64
+#define DICE_PRIVATE_KEY_BUFFER_SIZE 64
#define DICE_SIGNATURE_BUFFER_SIZE 96
#ifdef __cplusplus
diff --git a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
index 66e1956..624682c 100644
--- a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
+++ b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
@@ -17,7 +17,7 @@
// ECDSA-P256
#define DICE_PUBLIC_KEY_BUFFER_SIZE 33
-#define DICE_PRIVATE_KEY_SIZE 32
+#define DICE_PRIVATE_KEY_BUFFER_SIZE 32
#define DICE_SIGNATURE_BUFFER_SIZE 64
#define DICE_PROFILE_NAME "openssl.example.p256_compressed"
diff --git a/include/dice/config/standalone/dice/config.h b/include/dice/config/standalone/dice/config.h
index 4633f52..791e491 100644
--- a/include/dice/config/standalone/dice/config.h
+++ b/include/dice/config/standalone/dice/config.h
@@ -20,7 +20,7 @@
// These value aren't yet used meaningfully in such tests so are given
// placeholder values.
#define DICE_PUBLIC_KEY_BUFFER_SIZE 1
-#define DICE_PRIVATE_KEY_SIZE 1
+#define DICE_PRIVATE_KEY_BUFFER_SIZE 1
#define DICE_SIGNATURE_BUFFER_SIZE 1
#define DICE_PROFILE_NAME NULL
diff --git a/include/dice/ops.h b/include/dice/ops.h
index 6436279..1cde417 100644
--- a/include/dice/ops.h
+++ b/include/dice/ops.h
@@ -47,17 +47,18 @@
// Since this is deterministic, |seed| is as sensitive as a private key and can
// be used directly as the private key. The |private_key| may use an
// implementation defined format so may only be passed to the |sign| operation.
-DiceResult DiceKeypairFromSeed(void* context, DicePrincipal principal,
- const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
- uint8_t private_key[DICE_PRIVATE_KEY_SIZE]);
+DiceResult DiceKeypairFromSeed(
+ void* context, DicePrincipal principal,
+ const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
+ uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]);
// Calculates a signature of |message_size| bytes from |message| using
// |private_key|. |private_key| was generated by |keypair_from_seed| to allow
// an implementation to use their own private key format. |signature| points to
// the buffer where the calculated signature is written.
DiceResult DiceSign(void* context, const uint8_t* message, size_t message_size,
- const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
+ const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE],
uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]);
// Verifies, using |public_key|, that |signature| covers |message_size| bytes
diff --git a/include/dice/ops/trait/cose.h b/include/dice/ops/trait/cose.h
index 3fc7054..0ac0dc1 100644
--- a/include/dice/ops/trait/cose.h
+++ b/include/dice/ops/trait/cose.h
@@ -48,7 +48,7 @@
DiceResult DiceCoseSignAndEncodeSign1(
void* context, const uint8_t* payload, size_t payload_size,
const uint8_t* aad, size_t aad_size,
- const uint8_t private_key[DICE_PRIVATE_KEY_SIZE], size_t buffer_size,
+ const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE], size_t buffer_size,
uint8_t* buffer, size_t* encoded_size);
#ifdef __cplusplus
diff --git a/src/android.c b/src/android.c
index 2a0143a..86cd851 100644
--- a/src/android.c
+++ b/src/android.c
@@ -150,7 +150,7 @@
uint8_t next_cdi_seal[DICE_CDI_SIZE]) {
uint8_t current_cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE];
uint8_t attestation_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
- uint8_t attestation_private_key[DICE_PRIVATE_KEY_SIZE];
+ uint8_t attestation_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE];
// Derive an asymmetric private key seed from the current attestation CDI
// value.
DiceResult result = DiceDeriveCdiPrivateKeySeed(context, current_cdi_attest,
diff --git a/src/boringssl_ed25519_ops.c b/src/boringssl_ed25519_ops.c
index f4863e8..7d94bff 100644
--- a/src/boringssl_ed25519_ops.c
+++ b/src/boringssl_ed25519_ops.c
@@ -27,7 +27,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 32
#error "Ed25519 needs 32 bytes to store the public key."
#endif
-#if DICE_PRIVATE_KEY_SIZE != 64
+#if DICE_PRIVATE_KEY_BUFFER_SIZE != 64
#error "This Ed25519 implementation needs 64 bytes for the private key."
#endif
#if DICE_SIGNATURE_BUFFER_SIZE != 64
@@ -51,11 +51,11 @@
return kDiceResultOk;
}
-DiceResult DiceKeypairFromSeed(void* context_not_used,
- DicePrincipal principal_not_used,
- const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
- uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) {
+DiceResult DiceKeypairFromSeed(
+ void* context_not_used, DicePrincipal principal_not_used,
+ const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
+ uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]) {
(void)context_not_used;
(void)principal_not_used;
ED25519_keypair_from_seed(public_key, private_key, seed);
@@ -64,7 +64,7 @@
DiceResult DiceSign(void* context_not_used, const uint8_t* message,
size_t message_size,
- const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
+ const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE],
uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
(void)context_not_used;
if (1 != ED25519_sign(signature, message, message_size, private_key)) {
diff --git a/src/boringssl_multialg_ops.c b/src/boringssl_multialg_ops.c
index 0553a44..80c0903 100644
--- a/src/boringssl_multialg_ops.c
+++ b/src/boringssl_multialg_ops.c
@@ -30,7 +30,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 96
#error "Multialg needs 96 bytes to for the public key (P-384)"
#endif
-#if DICE_PRIVATE_KEY_SIZE != 64
+#if DICE_PRIVATE_KEY_BUFFER_SIZE != 64
#error "Multialg needs 64 bytes for the private key (Ed25519)"
#endif
#if DICE_SIGNATURE_BUFFER_SIZE != 96
@@ -75,10 +75,11 @@
return kDiceResultPlatformError;
}
-DiceResult DiceKeypairFromSeed(void* context, DicePrincipal principal,
- const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
- uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) {
+DiceResult DiceKeypairFromSeed(
+ void* context, DicePrincipal principal,
+ const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
+ uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]) {
switch (DiceGetKeyAlgorithm(context, principal)) {
case kDiceKeyAlgorithmEd25519:
ED25519_keypair_from_seed(public_key, private_key, seed);
@@ -98,7 +99,7 @@
}
DiceResult DiceSign(void* context, const uint8_t* message, size_t message_size,
- const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
+ const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE],
uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
switch (DiceGetKeyAlgorithm(context, kDicePrincipalAuthority)) {
case kDiceKeyAlgorithmEd25519:
diff --git a/src/boringssl_p256_ops.c b/src/boringssl_p256_ops.c
index 7913d30..a39f3b8 100644
--- a/src/boringssl_p256_ops.c
+++ b/src/boringssl_p256_ops.c
@@ -28,7 +28,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 64
#error "This P-256 implementation needs 64 bytes to store the public key."
#endif
-#if DICE_PRIVATE_KEY_SIZE != 32
+#if DICE_PRIVATE_KEY_BUFFER_SIZE != 32
#error "P-256 needs 32 bytes for the private key."
#endif
#if DICE_SIGNATURE_BUFFER_SIZE != 64
@@ -52,11 +52,11 @@
return kDiceResultOk;
}
-DiceResult DiceKeypairFromSeed(void* context_not_used,
- DicePrincipal principal_not_used,
- const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
- uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) {
+DiceResult DiceKeypairFromSeed(
+ void* context_not_used, DicePrincipal principal_not_used,
+ const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
+ uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]) {
(void)context_not_used;
(void)principal_not_used;
if (1 == P256KeypairFromSeed(public_key, private_key, seed)) {
@@ -67,7 +67,7 @@
DiceResult DiceSign(void* context_not_used, const uint8_t* message,
size_t message_size,
- const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
+ const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE],
uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P256Sign(signature, message, message_size, private_key)) {
diff --git a/src/boringssl_p384_ops.c b/src/boringssl_p384_ops.c
index 19a52da..9ff53c9 100644
--- a/src/boringssl_p384_ops.c
+++ b/src/boringssl_p384_ops.c
@@ -28,7 +28,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 96
#error "This P-384 implementation needs 96 bytes to store the public key."
#endif
-#if DICE_PRIVATE_KEY_SIZE != 48
+#if DICE_PRIVATE_KEY_BUFFER_SIZE != 48
#error "P-384 needs 48 bytes for the private key."
#endif
#if DICE_SIGNATURE_BUFFER_SIZE != 96
@@ -52,11 +52,11 @@
return kDiceResultOk;
}
-DiceResult DiceKeypairFromSeed(void* context_not_used,
- DicePrincipal principal_not_used,
- const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
- uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) {
+DiceResult DiceKeypairFromSeed(
+ void* context_not_used, DicePrincipal principal_not_used,
+ const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
+ uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE]) {
(void)context_not_used;
(void)principal_not_used;
if (1 == P384KeypairFromSeed(public_key, private_key, seed)) {
@@ -67,7 +67,7 @@
DiceResult DiceSign(void* context_not_used, const uint8_t* message,
size_t message_size,
- const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
+ const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE],
uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P384Sign(signature, message, message_size, private_key)) {
diff --git a/src/cbor_cert_op.c b/src/cbor_cert_op.c
index df4e55a..847f3c7 100644
--- a/src/cbor_cert_op.c
+++ b/src/cbor_cert_op.c
@@ -130,7 +130,7 @@
DiceResult DiceCoseSignAndEncodeSign1(
void* context, const uint8_t* payload, size_t payload_size,
const uint8_t* aad, size_t aad_size,
- const uint8_t private_key[DICE_PRIVATE_KEY_SIZE], size_t buffer_size,
+ const uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE], size_t buffer_size,
uint8_t* buffer, size_t* encoded_size) {
DiceResult result;
@@ -318,8 +318,8 @@
}
// Declare buffers which are cleared on 'goto out'.
- uint8_t subject_private_key[DICE_PRIVATE_KEY_SIZE];
- uint8_t authority_private_key[DICE_PRIVATE_KEY_SIZE];
+ uint8_t subject_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE];
+ uint8_t authority_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE];
// Derive keys and IDs from the private key seeds.
uint8_t subject_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
diff --git a/src/cbor_cert_op_test.cc b/src/cbor_cert_op_test.cc
index b8f1229..db7545f 100644
--- a/src/cbor_cert_op_test.cc
+++ b/src/cbor_cert_op_test.cc
@@ -250,7 +250,7 @@
private_key_seed);
ASSERT_EQ(kDiceResultOk, result);
- uint8_t private_key[DICE_PRIVATE_KEY_SIZE];
+ uint8_t private_key[DICE_PRIVATE_KEY_BUFFER_SIZE];
uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
result = DiceKeypairFromSeed(NULL, kDicePrincipalAuthority, private_key_seed,
public_key, private_key);
diff --git a/src/template_cbor_cert_op.c b/src/template_cbor_cert_op.c
index 0633047..3492505 100644
--- a/src/template_cbor_cert_op.c
+++ b/src/template_cbor_cert_op.c
@@ -184,8 +184,8 @@
}
// Declare buffers which are cleared on 'goto out'.
- uint8_t subject_private_key[DICE_PRIVATE_KEY_SIZE];
- uint8_t authority_private_key[DICE_PRIVATE_KEY_SIZE];
+ uint8_t subject_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE];
+ uint8_t authority_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE];
// Derive keys and IDs from the private key seeds.
uint8_t subject_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
