Rename DICE_PUBLIC_KEY_SIZE to DICE_PUBLIC_KEY_BUFFER_SIZE
As this will be the max size a public key can be in the multi-alg
version of open-dice.
Bug: 357008987
Change-Id: Idaabf606c1ad25719a1995e0365d0355a478cd35
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/243172
Commit-Queue: Alice Wang <aliceywang@google.com>
Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
Reviewed-by: Darren Krahn <dkrahn@google.com>
Presubmit-Verified: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/include/dice/config/boringssl_ecdsa_p256/dice/config.h b/include/dice/config/boringssl_ecdsa_p256/dice/config.h
index 98045f7..ecf415b 100644
--- a/include/dice/config/boringssl_ecdsa_p256/dice/config.h
+++ b/include/dice/config/boringssl_ecdsa_p256/dice/config.h
@@ -18,7 +18,7 @@
// ECDSA P256
// From table 1 of RFC 9053
#define DICE_COSE_KEY_ALG_VALUE (-7)
-#define DICE_PUBLIC_KEY_SIZE 64
+#define DICE_PUBLIC_KEY_BUFFER_SIZE 64
#define DICE_PRIVATE_KEY_SIZE 32
#define DICE_SIGNATURE_SIZE 64
#define DICE_PROFILE_NAME "opendice.example.p256"
diff --git a/include/dice/config/boringssl_ecdsa_p384/dice/config.h b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
index e5deb98..42f8dac 100644
--- a/include/dice/config/boringssl_ecdsa_p384/dice/config.h
+++ b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
@@ -18,7 +18,7 @@
// ECDSA P384
// From table 1 of RFC 9053
#define DICE_COSE_KEY_ALG_VALUE (-35)
-#define DICE_PUBLIC_KEY_SIZE 96
+#define DICE_PUBLIC_KEY_BUFFER_SIZE 96
#define DICE_PRIVATE_KEY_SIZE 48
#define DICE_SIGNATURE_SIZE 96
#define DICE_PROFILE_NAME "opendice.example.p384"
diff --git a/include/dice/config/boringssl_ed25519/dice/config.h b/include/dice/config/boringssl_ed25519/dice/config.h
index ce5a8be..e84aeed 100644
--- a/include/dice/config/boringssl_ed25519/dice/config.h
+++ b/include/dice/config/boringssl_ed25519/dice/config.h
@@ -18,7 +18,7 @@
// Ed25519
// COSE Key alg value from Table 2 of RFC9053
#define DICE_COSE_KEY_ALG_VALUE (-8)
-#define DICE_PUBLIC_KEY_SIZE 32
+#define DICE_PUBLIC_KEY_BUFFER_SIZE 32
#define DICE_PRIVATE_KEY_SIZE 64
#define DICE_SIGNATURE_SIZE 64
#define DICE_PROFILE_NAME NULL
diff --git a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
index c5e23e1..41332fa 100644
--- a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
+++ b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
@@ -16,7 +16,7 @@
#define DICE_CONFIG_MBEDTLS_ECDSA_P256_DICE_CONFIG_H_
// ECDSA-P256
-#define DICE_PUBLIC_KEY_SIZE 33
+#define DICE_PUBLIC_KEY_BUFFER_SIZE 33
#define DICE_PRIVATE_KEY_SIZE 32
#define DICE_SIGNATURE_SIZE 64
#define DICE_PROFILE_NAME "openssl.example.p256_compressed"
diff --git a/include/dice/config/standalone/dice/config.h b/include/dice/config/standalone/dice/config.h
index d71ec76..6dcd4d3 100644
--- a/include/dice/config/standalone/dice/config.h
+++ b/include/dice/config/standalone/dice/config.h
@@ -19,7 +19,7 @@
// for tests that focus on the core aspects of the library and not the ops.
// These value aren't yet used meaningfully in such tests so are given
// placeholder values.
-#define DICE_PUBLIC_KEY_SIZE 1
+#define DICE_PUBLIC_KEY_BUFFER_SIZE 1
#define DICE_PRIVATE_KEY_SIZE 1
#define DICE_SIGNATURE_SIZE 1
#define DICE_PROFILE_NAME NULL
diff --git a/include/dice/ops.h b/include/dice/ops.h
index 53f8d8e..c35aeab 100644
--- a/include/dice/ops.h
+++ b/include/dice/ops.h
@@ -44,7 +44,7 @@
// implementation defined format so may only be passed to the |sign| operation.
DiceResult DiceKeypairFromSeed(void* context,
const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
uint8_t private_key[DICE_PRIVATE_KEY_SIZE]);
// Calculates a signature of |message_size| bytes from |message| using
@@ -60,7 +60,7 @@
DiceResult DiceVerify(void* context, const uint8_t* message,
size_t message_size,
const uint8_t signature[DICE_SIGNATURE_SIZE],
- const uint8_t public_key[DICE_PUBLIC_KEY_SIZE]);
+ const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]);
// Generates an X.509 certificate, or an alternative certificate format, from
// the given |subject_private_key_seed| and |input_values|, and signed by
diff --git a/include/dice/ops/trait/cose.h b/include/dice/ops/trait/cose.h
index 78cb838..7b11c89 100644
--- a/include/dice/ops/trait/cose.h
+++ b/include/dice/ops/trait/cose.h
@@ -33,7 +33,7 @@
// kDiceResultBufferTooSmall is returned |encoded_size| will be set to the
// required size of the buffer.
DiceResult DiceCoseEncodePublicKey(
- void* context, const uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
+ void* context, const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
size_t buffer_size, uint8_t* buffer, size_t* encoded_size);
// Signs the payload and additional authenticated data, formatting the result
diff --git a/src/android.c b/src/android.c
index cf540db..e0c2ada 100644
--- a/src/android.c
+++ b/src/android.c
@@ -149,7 +149,7 @@
size_t* chain_size, uint8_t next_cdi_attest[DICE_CDI_SIZE],
uint8_t next_cdi_seal[DICE_CDI_SIZE]) {
uint8_t current_cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE];
- uint8_t attestation_public_key[DICE_PUBLIC_KEY_SIZE];
+ uint8_t attestation_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
uint8_t attestation_private_key[DICE_PRIVATE_KEY_SIZE];
// Derive an asymmetric private key seed from the current attestation CDI
// value.
diff --git a/src/boringssl_ed25519_ops.c b/src/boringssl_ed25519_ops.c
index a1b9797..d98c05d 100644
--- a/src/boringssl_ed25519_ops.c
+++ b/src/boringssl_ed25519_ops.c
@@ -24,7 +24,7 @@
#if DICE_PRIVATE_KEY_SEED_SIZE != 32
#error "Private key seed is expected to be 32 bytes."
#endif
-#if DICE_PUBLIC_KEY_SIZE != 32
+#if DICE_PUBLIC_KEY_BUFFER_SIZE != 32
#error "Ed25519 needs 32 bytes to store the public key."
#endif
#if DICE_PRIVATE_KEY_SIZE != 64
@@ -36,7 +36,7 @@
DiceResult DiceKeypairFromSeed(void* context_not_used,
const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) {
(void)context_not_used;
ED25519_keypair_from_seed(public_key, private_key, seed);
@@ -57,7 +57,7 @@
DiceResult DiceVerify(void* context_not_used, const uint8_t* message,
size_t message_size,
const uint8_t signature[DICE_SIGNATURE_SIZE],
- const uint8_t public_key[DICE_PUBLIC_KEY_SIZE]) {
+ const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]) {
(void)context_not_used;
if (1 != ED25519_verify(message, message_size, signature, public_key)) {
return kDiceResultPlatformError;
diff --git a/src/boringssl_p256_ops.c b/src/boringssl_p256_ops.c
index e6e030a..4001806 100644
--- a/src/boringssl_p256_ops.c
+++ b/src/boringssl_p256_ops.c
@@ -24,7 +24,7 @@
#if DICE_PRIVATE_KEY_SEED_SIZE != 32
#error "Private key seed is expected to be 32 bytes."
#endif
-#if DICE_PUBLIC_KEY_SIZE != 64
+#if DICE_PUBLIC_KEY_BUFFER_SIZE != 64
#error "This P-256 implementation needs 64 bytes to store the public key."
#endif
#if DICE_PRIVATE_KEY_SIZE != 32
@@ -36,7 +36,7 @@
DiceResult DiceKeypairFromSeed(void* context_not_used,
const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) {
(void)context_not_used;
if (1 == P256KeypairFromSeed(public_key, private_key, seed)) {
@@ -59,7 +59,7 @@
DiceResult DiceVerify(void* context_not_used, const uint8_t* message,
size_t message_size,
const uint8_t signature[DICE_SIGNATURE_SIZE],
- const uint8_t public_key[DICE_PUBLIC_KEY_SIZE]) {
+ const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P256Verify(message, message_size, signature, public_key)) {
return kDiceResultOk;
diff --git a/src/boringssl_p384_ops.c b/src/boringssl_p384_ops.c
index d5a0d0c..6a87744 100644
--- a/src/boringssl_p384_ops.c
+++ b/src/boringssl_p384_ops.c
@@ -24,7 +24,7 @@
#if DICE_PRIVATE_KEY_SEED_SIZE != 32
#error "Private key seed is expected to be 32 bytes."
#endif
-#if DICE_PUBLIC_KEY_SIZE != 96
+#if DICE_PUBLIC_KEY_BUFFER_SIZE != 96
#error "This P-384 implementation needs 96 bytes to store the public key."
#endif
#if DICE_PRIVATE_KEY_SIZE != 48
@@ -36,7 +36,7 @@
DiceResult DiceKeypairFromSeed(void* context_not_used,
const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE],
- uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE],
uint8_t private_key[DICE_PRIVATE_KEY_SIZE]) {
(void)context_not_used;
if (1 == P384KeypairFromSeed(public_key, private_key, seed)) {
@@ -59,7 +59,7 @@
DiceResult DiceVerify(void* context_not_used, const uint8_t* message,
size_t message_size,
const uint8_t signature[DICE_SIGNATURE_SIZE],
- const uint8_t public_key[DICE_PUBLIC_KEY_SIZE]) {
+ const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P384Verify(message, message_size, signature, public_key)) {
return kDiceResultOk;
diff --git a/src/cbor_cert_op.c b/src/cbor_cert_op.c
index 5416958..4196e2f 100644
--- a/src/cbor_cert_op.c
+++ b/src/cbor_cert_op.c
@@ -27,7 +27,7 @@
#include "dice/utils.h"
// Max size of COSE_Key encoding.
-#define DICE_MAX_PUBLIC_KEY_SIZE (DICE_PUBLIC_KEY_SIZE + 32)
+#define DICE_MAX_PUBLIC_KEY_SIZE (DICE_PUBLIC_KEY_BUFFER_SIZE + 32)
// Max size of the COSE_Sign1 protected attributes.
#define DICE_MAX_PROTECTED_ATTRIBUTES_SIZE 16
@@ -300,7 +300,7 @@
uint8_t authority_private_key[DICE_PRIVATE_KEY_SIZE];
// Derive keys and IDs from the private key seeds.
- uint8_t subject_public_key[DICE_PUBLIC_KEY_SIZE];
+ uint8_t subject_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
result = DiceKeypairFromSeed(context, subject_private_key_seed,
subject_public_key, subject_private_key);
if (result != kDiceResultOk) {
@@ -309,7 +309,7 @@
uint8_t subject_id[DICE_ID_SIZE];
result = DiceDeriveCdiCertificateId(context, subject_public_key,
- DICE_PUBLIC_KEY_SIZE, subject_id);
+ DICE_PUBLIC_KEY_BUFFER_SIZE, subject_id);
if (result != kDiceResultOk) {
goto out;
}
@@ -318,7 +318,7 @@
sizeof(subject_id_hex));
subject_id_hex[sizeof(subject_id_hex) - 1] = '\0';
- uint8_t authority_public_key[DICE_PUBLIC_KEY_SIZE];
+ uint8_t authority_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
result = DiceKeypairFromSeed(context, authority_private_key_seed,
authority_public_key, authority_private_key);
if (result != kDiceResultOk) {
@@ -326,8 +326,8 @@
}
uint8_t authority_id[DICE_ID_SIZE];
- result = DiceDeriveCdiCertificateId(context, authority_public_key,
- DICE_PUBLIC_KEY_SIZE, authority_id);
+ result = DiceDeriveCdiCertificateId(
+ context, authority_public_key, DICE_PUBLIC_KEY_BUFFER_SIZE, authority_id);
if (result != kDiceResultOk) {
goto out;
}
diff --git a/src/cbor_cert_op_test.cc b/src/cbor_cert_op_test.cc
index 46ae094..a692305 100644
--- a/src/cbor_cert_op_test.cc
+++ b/src/cbor_cert_op_test.cc
@@ -251,11 +251,11 @@
ASSERT_EQ(kDiceResultOk, result);
uint8_t private_key[DICE_PRIVATE_KEY_SIZE];
- uint8_t public_key[DICE_PUBLIC_KEY_SIZE];
+ uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
result = DiceKeypairFromSeed(NULL, private_key_seed, public_key, private_key);
ASSERT_EQ(kDiceResultOk, result);
- uint8_t encoded_public_key[DICE_PUBLIC_KEY_SIZE + 32];
+ uint8_t encoded_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE + 32];
size_t encoded_public_key_size = 0;
result =
DiceCoseEncodePublicKey(NULL, public_key, sizeof(encoded_public_key),
diff --git a/src/cbor_ed25519_cert_op.c b/src/cbor_ed25519_cert_op.c
index a2c5fbf..974f4d9 100644
--- a/src/cbor_ed25519_cert_op.c
+++ b/src/cbor_ed25519_cert_op.c
@@ -19,7 +19,7 @@
#include "dice/cbor_writer.h"
#include "dice/ops/trait/cose.h"
-#if DICE_PUBLIC_KEY_SIZE != 32
+#if DICE_PUBLIC_KEY_BUFFER_SIZE != 32
#error "Only Ed25519 is supported; 32 bytes needed to store the public key."
#endif
#if DICE_SIGNATURE_SIZE != 64
@@ -27,8 +27,9 @@
#endif
DiceResult DiceCoseEncodePublicKey(
- void* context_not_used, const uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
- size_t buffer_size, uint8_t* buffer, size_t* encoded_size) {
+ void* context_not_used,
+ const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE], size_t buffer_size,
+ uint8_t* buffer, size_t* encoded_size) {
(void)context_not_used;
// Constants per RFC 8152.
@@ -60,7 +61,7 @@
CborWriteInt(kCoseCrvEd25519, &out);
// Add the public key.
CborWriteInt(kCoseOkpXLabel, &out);
- CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE, public_key, &out);
+ CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_BUFFER_SIZE, public_key, &out);
*encoded_size = CborOutSize(&out);
if (CborOutOverflowed(&out)) {
diff --git a/src/cbor_p256_cert_op.c b/src/cbor_p256_cert_op.c
index fdc7e11..f3c3354 100644
--- a/src/cbor_p256_cert_op.c
+++ b/src/cbor_p256_cert_op.c
@@ -25,7 +25,7 @@
#include "dice/ops/trait/cose.h"
#include "dice/utils.h"
-#if DICE_PUBLIC_KEY_SIZE != 64
+#if DICE_PUBLIC_KEY_BUFFER_SIZE != 64
#error "64 bytes needed to store the public key."
#endif
#if DICE_SIGNATURE_SIZE != 64
@@ -33,8 +33,9 @@
#endif
DiceResult DiceCoseEncodePublicKey(
- void* context_not_used, const uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
- size_t buffer_size, uint8_t* buffer, size_t* encoded_size) {
+ void* context_not_used,
+ const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE], size_t buffer_size,
+ uint8_t* buffer, size_t* encoded_size) {
(void)context_not_used;
// Constants per RFC 8152.
@@ -67,10 +68,11 @@
CborWriteInt(kCoseEc2CrvValue, &out);
// Add the subject public key x and y coordinates
CborWriteInt(kCoseEc2XLabel, &out);
- CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE / 2, &public_key[0], &out);
+ CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_BUFFER_SIZE / 2, &public_key[0],
+ &out);
CborWriteInt(kCoseEc2YLabel, &out);
- CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE / 2,
- &public_key[DICE_PUBLIC_KEY_SIZE / 2], &out);
+ CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_BUFFER_SIZE / 2,
+ &public_key[DICE_PUBLIC_KEY_BUFFER_SIZE / 2], &out);
*encoded_size = CborOutSize(&out);
if (CborOutOverflowed(&out)) {
diff --git a/src/cbor_p384_cert_op.c b/src/cbor_p384_cert_op.c
index 8e9df7a..db8ceb4 100644
--- a/src/cbor_p384_cert_op.c
+++ b/src/cbor_p384_cert_op.c
@@ -25,7 +25,7 @@
#include "dice/ops/trait/cose.h"
#include "dice/utils.h"
-#if DICE_PUBLIC_KEY_SIZE != 96
+#if DICE_PUBLIC_KEY_BUFFER_SIZE != 96
#error "96 bytes needed to store the public key."
#endif
#if DICE_SIGNATURE_SIZE != 96
@@ -33,8 +33,9 @@
#endif
DiceResult DiceCoseEncodePublicKey(
- void* context_not_used, const uint8_t public_key[DICE_PUBLIC_KEY_SIZE],
- size_t buffer_size, uint8_t* buffer, size_t* encoded_size) {
+ void* context_not_used,
+ const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE], size_t buffer_size,
+ uint8_t* buffer, size_t* encoded_size) {
(void)context_not_used;
// Constants per RFC 8152.
@@ -67,10 +68,11 @@
CborWriteInt(kCoseEc2CrvValue, &out);
// Add the subject public key x and y coordinates
CborWriteInt(kCoseEc2XLabel, &out);
- CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE / 2, &public_key[0], &out);
+ CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_BUFFER_SIZE / 2, &public_key[0],
+ &out);
CborWriteInt(kCoseEc2YLabel, &out);
- CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_SIZE / 2,
- &public_key[DICE_PUBLIC_KEY_SIZE / 2], &out);
+ CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_BUFFER_SIZE / 2,
+ &public_key[DICE_PUBLIC_KEY_BUFFER_SIZE / 2], &out);
*encoded_size = CborOutSize(&out);
if (CborOutOverflowed(&out)) {
diff --git a/src/template_cbor_cert_op.c b/src/template_cbor_cert_op.c
index c935dfb..7a186b4 100644
--- a/src/template_cbor_cert_op.c
+++ b/src/template_cbor_cert_op.c
@@ -42,7 +42,7 @@
#include "dice/ops.h"
#include "dice/utils.h"
-#if DICE_PUBLIC_KEY_SIZE != 32
+#if DICE_PUBLIC_KEY_BUFFER_SIZE != 32
#error "Only Ed25519 is supported; 32 bytes needed to store the public key."
#endif
#if DICE_SIGNATURE_SIZE != 64
@@ -182,7 +182,7 @@
uint8_t authority_private_key[DICE_PRIVATE_KEY_SIZE];
// Derive keys and IDs from the private key seeds.
- uint8_t subject_public_key[DICE_PUBLIC_KEY_SIZE];
+ uint8_t subject_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
result = DiceKeypairFromSeed(context, subject_private_key_seed,
subject_public_key, subject_private_key);
if (result != kDiceResultOk) {
@@ -191,7 +191,7 @@
uint8_t subject_id[DICE_ID_SIZE];
result = DiceDeriveCdiCertificateId(context, subject_public_key,
- DICE_PUBLIC_KEY_SIZE, subject_id);
+ DICE_PUBLIC_KEY_BUFFER_SIZE, subject_id);
if (result != kDiceResultOk) {
goto out;
}
@@ -199,7 +199,7 @@
DiceHexEncode(subject_id, sizeof(subject_id), subject_id_hex,
sizeof(subject_id_hex));
- uint8_t authority_public_key[DICE_PUBLIC_KEY_SIZE];
+ uint8_t authority_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
result = DiceKeypairFromSeed(context, authority_private_key_seed,
authority_public_key, authority_private_key);
if (result != kDiceResultOk) {
@@ -207,8 +207,8 @@
}
uint8_t authority_id[DICE_ID_SIZE];
- result = DiceDeriveCdiCertificateId(context, authority_public_key,
- DICE_PUBLIC_KEY_SIZE, authority_id);
+ result = DiceDeriveCdiCertificateId(
+ context, authority_public_key, DICE_PUBLIC_KEY_BUFFER_SIZE, authority_id);
if (result != kDiceResultOk) {
goto out;
}
