blob: 1697b0ed41eb30810bc28f1df08cf96d950c9514 [file] [log] [blame]
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
// use this file except in compliance with the License. You may obtain a copy of
// the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations under
// the License.
// This is a DiceGenerateCertificate implementation that generates a CWT-style
// CBOR certificate using the P-256 signature algorithm.
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include "dice/cbor_writer.h"
#include "dice/dice.h"
#include "dice/ops.h"
#include "dice/ops/trait/cose.h"
#include "dice/utils.h"
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 64
#error "64 bytes needed to store the public key."
#endif
#if DICE_SIGNATURE_BUFFER_SIZE != 64
#error "64 bytes needed to store the signature."
#endif
DiceResult DiceCoseEncodePublicKey(
void* context_not_used,
const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE], size_t buffer_size,
uint8_t* buffer, size_t* encoded_size) {
(void)context_not_used;
// Constants per RFC 8152.
const int64_t kCoseKeyKtyLabel = 1;
const int64_t kCoseKeyAlgLabel = 3;
const int64_t kCoseKeyAlgValue = DICE_COSE_KEY_ALG_VALUE;
const int64_t kCoseKeyOpsLabel = 4;
const int64_t kCoseKeyOpsValue = 2; // Verify
const int64_t kCoseKeyKtyValue = 2; // EC2
const int64_t kCoseEc2CrvLabel = -1;
const int64_t kCoseEc2CrvValue = 1; // P-256
const int64_t kCoseEc2XLabel = -2;
const int64_t kCoseEc2YLabel = -3;
struct CborOut out;
CborOutInit(buffer, buffer_size, &out);
CborWriteMap(/*num_pairs=*/6, &out);
// Add the key type.
CborWriteInt(kCoseKeyKtyLabel, &out);
CborWriteInt(kCoseKeyKtyValue, &out);
// Add the algorithm.
CborWriteInt(kCoseKeyAlgLabel, &out);
CborWriteInt(kCoseKeyAlgValue, &out);
// Add the KeyOps.
CborWriteInt(kCoseKeyOpsLabel, &out);
CborWriteArray(/*num_elements=*/1, &out);
CborWriteInt(kCoseKeyOpsValue, &out);
// Add the curve.
CborWriteInt(kCoseEc2CrvLabel, &out);
CborWriteInt(kCoseEc2CrvValue, &out);
// Add the subject public key x and y coordinates
CborWriteInt(kCoseEc2XLabel, &out);
CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_BUFFER_SIZE / 2, &public_key[0],
&out);
CborWriteInt(kCoseEc2YLabel, &out);
CborWriteBstr(/*data_size=*/DICE_PUBLIC_KEY_BUFFER_SIZE / 2,
&public_key[DICE_PUBLIC_KEY_BUFFER_SIZE / 2], &out);
*encoded_size = CborOutSize(&out);
if (CborOutOverflowed(&out)) {
return kDiceResultBufferTooSmall;
}
return kDiceResultOk;
}