Rename DICE_SIGNATURE_SIZE to DICE_SIGNATURE_BUFFER_SIZE
As this will be the max size of a signature in the multi-alg
version of open-dice.
Bug: 357008987
Change-Id: I84b15339e6f9979c3c98cd7b1e4c10389b8a70a9
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/243173
Presubmit-Verified: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Alice Wang <aliceywang@google.com>
Reviewed-by: Darren Krahn <dkrahn@google.com>
Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
diff --git a/include/dice/config/boringssl_ecdsa_p256/dice/config.h b/include/dice/config/boringssl_ecdsa_p256/dice/config.h
index ecf415b..6011005 100644
--- a/include/dice/config/boringssl_ecdsa_p256/dice/config.h
+++ b/include/dice/config/boringssl_ecdsa_p256/dice/config.h
@@ -20,7 +20,7 @@
#define DICE_COSE_KEY_ALG_VALUE (-7)
#define DICE_PUBLIC_KEY_BUFFER_SIZE 64
#define DICE_PRIVATE_KEY_SIZE 32
-#define DICE_SIGNATURE_SIZE 64
+#define DICE_SIGNATURE_BUFFER_SIZE 64
#define DICE_PROFILE_NAME "opendice.example.p256"
#endif // DICE_CONFIG_BORINGSSL_ECDSA_P256_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/boringssl_ecdsa_p384/dice/config.h b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
index 42f8dac..a405ce8 100644
--- a/include/dice/config/boringssl_ecdsa_p384/dice/config.h
+++ b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
@@ -20,7 +20,7 @@
#define DICE_COSE_KEY_ALG_VALUE (-35)
#define DICE_PUBLIC_KEY_BUFFER_SIZE 96
#define DICE_PRIVATE_KEY_SIZE 48
-#define DICE_SIGNATURE_SIZE 96
+#define DICE_SIGNATURE_BUFFER_SIZE 96
#define DICE_PROFILE_NAME "opendice.example.p384"
#endif // DICE_CONFIG_BORINGSSL_ECDSA_P384_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/boringssl_ed25519/dice/config.h b/include/dice/config/boringssl_ed25519/dice/config.h
index e84aeed..973bcbd 100644
--- a/include/dice/config/boringssl_ed25519/dice/config.h
+++ b/include/dice/config/boringssl_ed25519/dice/config.h
@@ -20,7 +20,7 @@
#define DICE_COSE_KEY_ALG_VALUE (-8)
#define DICE_PUBLIC_KEY_BUFFER_SIZE 32
#define DICE_PRIVATE_KEY_SIZE 64
-#define DICE_SIGNATURE_SIZE 64
+#define DICE_SIGNATURE_BUFFER_SIZE 64
#define DICE_PROFILE_NAME NULL
#endif // DICE_CONFIG_BORINGSSL_ED25519_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
index 41332fa..66e1956 100644
--- a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
+++ b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
@@ -18,7 +18,7 @@
// ECDSA-P256
#define DICE_PUBLIC_KEY_BUFFER_SIZE 33
#define DICE_PRIVATE_KEY_SIZE 32
-#define DICE_SIGNATURE_SIZE 64
+#define DICE_SIGNATURE_BUFFER_SIZE 64
#define DICE_PROFILE_NAME "openssl.example.p256_compressed"
#endif // DICE_CONFIG_MBEDTLS_ECDSA_P256_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/standalone/dice/config.h b/include/dice/config/standalone/dice/config.h
index 6dcd4d3..4633f52 100644
--- a/include/dice/config/standalone/dice/config.h
+++ b/include/dice/config/standalone/dice/config.h
@@ -21,7 +21,7 @@
// placeholder values.
#define DICE_PUBLIC_KEY_BUFFER_SIZE 1
#define DICE_PRIVATE_KEY_SIZE 1
-#define DICE_SIGNATURE_SIZE 1
+#define DICE_SIGNATURE_BUFFER_SIZE 1
#define DICE_PROFILE_NAME NULL
#endif // DICE_CONFIG_STANDALONE_DICE_CONFIG_H_
diff --git a/include/dice/ops.h b/include/dice/ops.h
index c35aeab..f4bcd88 100644
--- a/include/dice/ops.h
+++ b/include/dice/ops.h
@@ -53,13 +53,13 @@
// the buffer where the calculated signature is written.
DiceResult DiceSign(void* context, const uint8_t* message, size_t message_size,
const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
- uint8_t signature[DICE_SIGNATURE_SIZE]);
+ uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]);
// Verifies, using |public_key|, that |signature| covers |message_size| bytes
// from |message|.
DiceResult DiceVerify(void* context, const uint8_t* message,
size_t message_size,
- const uint8_t signature[DICE_SIGNATURE_SIZE],
+ const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE],
const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]);
// Generates an X.509 certificate, or an alternative certificate format, from
diff --git a/src/boringssl_ed25519_ops.c b/src/boringssl_ed25519_ops.c
index d98c05d..6e93a83 100644
--- a/src/boringssl_ed25519_ops.c
+++ b/src/boringssl_ed25519_ops.c
@@ -30,7 +30,7 @@
#if DICE_PRIVATE_KEY_SIZE != 64
#error "This Ed25519 implementation needs 64 bytes for the private key."
#endif
-#if DICE_SIGNATURE_SIZE != 64
+#if DICE_SIGNATURE_BUFFER_SIZE != 64
#error "Ed25519 needs 64 bytes to store the signature."
#endif
@@ -46,7 +46,7 @@
DiceResult DiceSign(void* context_not_used, const uint8_t* message,
size_t message_size,
const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
- uint8_t signature[DICE_SIGNATURE_SIZE]) {
+ uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
(void)context_not_used;
if (1 != ED25519_sign(signature, message, message_size, private_key)) {
return kDiceResultPlatformError;
@@ -56,7 +56,7 @@
DiceResult DiceVerify(void* context_not_used, const uint8_t* message,
size_t message_size,
- const uint8_t signature[DICE_SIGNATURE_SIZE],
+ const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE],
const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]) {
(void)context_not_used;
if (1 != ED25519_verify(message, message_size, signature, public_key)) {
diff --git a/src/boringssl_p256_ops.c b/src/boringssl_p256_ops.c
index 4001806..3fef13a 100644
--- a/src/boringssl_p256_ops.c
+++ b/src/boringssl_p256_ops.c
@@ -30,7 +30,7 @@
#if DICE_PRIVATE_KEY_SIZE != 32
#error "P-256 needs 32 bytes for the private key."
#endif
-#if DICE_SIGNATURE_SIZE != 64
+#if DICE_SIGNATURE_BUFFER_SIZE != 64
#error "P-256 needs 64 bytes to store the signature."
#endif
@@ -48,7 +48,7 @@
DiceResult DiceSign(void* context_not_used, const uint8_t* message,
size_t message_size,
const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
- uint8_t signature[DICE_SIGNATURE_SIZE]) {
+ uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P256Sign(signature, message, message_size, private_key)) {
return kDiceResultOk;
@@ -58,7 +58,7 @@
DiceResult DiceVerify(void* context_not_used, const uint8_t* message,
size_t message_size,
- const uint8_t signature[DICE_SIGNATURE_SIZE],
+ const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE],
const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P256Verify(message, message_size, signature, public_key)) {
diff --git a/src/boringssl_p384_ops.c b/src/boringssl_p384_ops.c
index 6a87744..5c94afc 100644
--- a/src/boringssl_p384_ops.c
+++ b/src/boringssl_p384_ops.c
@@ -30,7 +30,7 @@
#if DICE_PRIVATE_KEY_SIZE != 48
#error "P-384 needs 48 bytes for the private key."
#endif
-#if DICE_SIGNATURE_SIZE != 96
+#if DICE_SIGNATURE_BUFFER_SIZE != 96
#error "P-384 needs 96 bytes to store the signature."
#endif
@@ -48,7 +48,7 @@
DiceResult DiceSign(void* context_not_used, const uint8_t* message,
size_t message_size,
const uint8_t private_key[DICE_PRIVATE_KEY_SIZE],
- uint8_t signature[DICE_SIGNATURE_SIZE]) {
+ uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P384Sign(signature, message, message_size, private_key)) {
return kDiceResultOk;
@@ -58,7 +58,7 @@
DiceResult DiceVerify(void* context_not_used, const uint8_t* message,
size_t message_size,
- const uint8_t signature[DICE_SIGNATURE_SIZE],
+ const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE],
const uint8_t public_key[DICE_PUBLIC_KEY_BUFFER_SIZE]) {
(void)context_not_used;
if (1 == P384Verify(message, message_size, signature, public_key)) {
diff --git a/src/cbor_cert_op.c b/src/cbor_cert_op.c
index 4196e2f..2e9605b 100644
--- a/src/cbor_cert_op.c
+++ b/src/cbor_cert_op.c
@@ -74,13 +74,11 @@
return kDiceResultOk;
}
-static DiceResult EncodeCoseSign1(const uint8_t* protected_attributes,
- size_t protected_attributes_size,
- const uint8_t* payload, size_t payload_size,
- bool move_payload,
- const uint8_t signature[DICE_SIGNATURE_SIZE],
- size_t buffer_size, uint8_t* buffer,
- size_t* encoded_size) {
+static DiceResult EncodeCoseSign1(
+ const uint8_t* protected_attributes, size_t protected_attributes_size,
+ const uint8_t* payload, size_t payload_size, bool move_payload,
+ const uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE], size_t buffer_size,
+ uint8_t* buffer, size_t* encoded_size) {
struct CborOut out;
CborOutInit(buffer, buffer_size, &out);
// COSE_Sign1 is an array of four elements.
@@ -106,7 +104,7 @@
CborWriteBstr(payload_size, payload, &out);
}
// Signature.
- CborWriteBstr(/*num_elements=*/DICE_SIGNATURE_SIZE, signature, &out);
+ CborWriteBstr(/*num_elements=*/DICE_SIGNATURE_BUFFER_SIZE, signature, &out);
*encoded_size = CborOutSize(&out);
if (CborOutOverflowed(&out)) {
return kDiceResultBufferTooSmall;
@@ -154,7 +152,7 @@
memcpy(payload_buffer, payload, payload_size);
// Sign the TBS with the authority key.
- uint8_t signature[DICE_SIGNATURE_SIZE];
+ uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE];
result = DiceSign(context, buffer, *encoded_size, private_key, signature);
if (result != kDiceResultOk) {
return result;
@@ -405,7 +403,7 @@
}
// Sign the now-complete TBS.
- uint8_t signature[DICE_SIGNATURE_SIZE];
+ uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE];
result = DiceSign(context, certificate, tbs_size, authority_private_key,
signature);
if (result != kDiceResultOk) {
diff --git a/src/cbor_ed25519_cert_op.c b/src/cbor_ed25519_cert_op.c
index 974f4d9..085a9c0 100644
--- a/src/cbor_ed25519_cert_op.c
+++ b/src/cbor_ed25519_cert_op.c
@@ -22,7 +22,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 32
#error "Only Ed25519 is supported; 32 bytes needed to store the public key."
#endif
-#if DICE_SIGNATURE_SIZE != 64
+#if DICE_SIGNATURE_BUFFER_SIZE != 64
#error "Only Ed25519 is supported; 64 bytes needed to store the signature."
#endif
diff --git a/src/cbor_p256_cert_op.c b/src/cbor_p256_cert_op.c
index f3c3354..1697b0e 100644
--- a/src/cbor_p256_cert_op.c
+++ b/src/cbor_p256_cert_op.c
@@ -28,7 +28,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 64
#error "64 bytes needed to store the public key."
#endif
-#if DICE_SIGNATURE_SIZE != 64
+#if DICE_SIGNATURE_BUFFER_SIZE != 64
#error "64 bytes needed to store the signature."
#endif
diff --git a/src/cbor_p256_cert_op_test.cc b/src/cbor_p256_cert_op_test.cc
index 32fc2e2..c345e8b 100644
--- a/src/cbor_p256_cert_op_test.cc
+++ b/src/cbor_p256_cert_op_test.cc
@@ -56,9 +56,10 @@
next_state.certificate_size);
// Comparing everything except for the signature, since ECDSA signatures are
// not deterministic
- EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP256Cert_ZeroInput,
- next_state.certificate,
- next_state.certificate_size - DICE_SIGNATURE_SIZE));
+ EXPECT_EQ(0,
+ memcmp(dice::test::kExpectedCborP256Cert_ZeroInput,
+ next_state.certificate,
+ next_state.certificate_size - DICE_SIGNATURE_BUFFER_SIZE));
}
TEST(DiceOpsTest, KnownAnswerHashOnlyInput) {
@@ -92,9 +93,10 @@
DICE_CDI_SIZE));
ASSERT_EQ(sizeof(dice::test::kExpectedCborP256Cert_HashOnlyInput),
next_state.certificate_size);
- EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP256Cert_HashOnlyInput,
- next_state.certificate,
- next_state.certificate_size - DICE_SIGNATURE_SIZE));
+ EXPECT_EQ(0,
+ memcmp(dice::test::kExpectedCborP256Cert_HashOnlyInput,
+ next_state.certificate,
+ next_state.certificate_size - DICE_SIGNATURE_BUFFER_SIZE));
}
TEST(DiceOpsTest, KnownAnswerDescriptorInput) {
@@ -141,9 +143,10 @@
dice::test::kExpectedCdiSeal_DescriptorInput, DICE_CDI_SIZE));
ASSERT_EQ(sizeof(dice::test::kExpectedCborP256Cert_DescriptorInput),
next_state.certificate_size);
- EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP256Cert_DescriptorInput,
- next_state.certificate,
- next_state.certificate_size - DICE_SIGNATURE_SIZE));
+ EXPECT_EQ(0,
+ memcmp(dice::test::kExpectedCborP256Cert_DescriptorInput,
+ next_state.certificate,
+ next_state.certificate_size - DICE_SIGNATURE_BUFFER_SIZE));
}
TEST(DiceOpsTest, NonZeroMode) {
diff --git a/src/cbor_p384_cert_op.c b/src/cbor_p384_cert_op.c
index db8ceb4..de623ed 100644
--- a/src/cbor_p384_cert_op.c
+++ b/src/cbor_p384_cert_op.c
@@ -28,7 +28,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 96
#error "96 bytes needed to store the public key."
#endif
-#if DICE_SIGNATURE_SIZE != 96
+#if DICE_SIGNATURE_BUFFER_SIZE != 96
#error "96 bytes needed to store the signature."
#endif
diff --git a/src/cbor_p384_cert_op_test.cc b/src/cbor_p384_cert_op_test.cc
index 21d0331..44624e6 100644
--- a/src/cbor_p384_cert_op_test.cc
+++ b/src/cbor_p384_cert_op_test.cc
@@ -56,9 +56,10 @@
next_state.certificate_size);
// Comparing everything except for the signature, since ECDSA signatures are
// not deterministic
- EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP384Cert_ZeroInput,
- next_state.certificate,
- next_state.certificate_size - DICE_SIGNATURE_SIZE));
+ EXPECT_EQ(0,
+ memcmp(dice::test::kExpectedCborP384Cert_ZeroInput,
+ next_state.certificate,
+ next_state.certificate_size - DICE_SIGNATURE_BUFFER_SIZE));
}
TEST(DiceOpsTest, KnownAnswerHashOnlyInput) {
@@ -92,9 +93,10 @@
DICE_CDI_SIZE));
ASSERT_EQ(sizeof(dice::test::kExpectedCborP384Cert_HashOnlyInput),
next_state.certificate_size);
- EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP384Cert_HashOnlyInput,
- next_state.certificate,
- next_state.certificate_size - DICE_SIGNATURE_SIZE));
+ EXPECT_EQ(0,
+ memcmp(dice::test::kExpectedCborP384Cert_HashOnlyInput,
+ next_state.certificate,
+ next_state.certificate_size - DICE_SIGNATURE_BUFFER_SIZE));
}
TEST(DiceOpsTest, KnownAnswerDescriptorInput) {
@@ -141,9 +143,10 @@
dice::test::kExpectedCdiSeal_DescriptorInput, DICE_CDI_SIZE));
ASSERT_EQ(sizeof(dice::test::kExpectedCborP384Cert_DescriptorInput),
next_state.certificate_size);
- EXPECT_EQ(0, memcmp(dice::test::kExpectedCborP384Cert_DescriptorInput,
- next_state.certificate,
- next_state.certificate_size - DICE_SIGNATURE_SIZE));
+ EXPECT_EQ(0,
+ memcmp(dice::test::kExpectedCborP384Cert_DescriptorInput,
+ next_state.certificate,
+ next_state.certificate_size - DICE_SIGNATURE_BUFFER_SIZE));
}
TEST(DiceOpsTest, NonZeroMode) {
diff --git a/src/template_cbor_cert_op.c b/src/template_cbor_cert_op.c
index 7a186b4..88f72bc 100644
--- a/src/template_cbor_cert_op.c
+++ b/src/template_cbor_cert_op.c
@@ -45,7 +45,7 @@
#if DICE_PUBLIC_KEY_BUFFER_SIZE != 32
#error "Only Ed25519 is supported; 32 bytes needed to store the public key."
#endif
-#if DICE_SIGNATURE_SIZE != 64
+#if DICE_SIGNATURE_BUFFER_SIZE != 64
#error "Only Ed25519 is supported; 64 bytes needed to store the signature."
#endif
@@ -235,7 +235,7 @@
&certificate[kFieldTable[kFieldIndexPayload].offset],
kFieldTable[kFieldIndexPayload].length);
- uint8_t signature[DICE_SIGNATURE_SIZE];
+ uint8_t signature[DICE_SIGNATURE_BUFFER_SIZE];
result =
DiceSign(context, tbs, sizeof(tbs), authority_private_key, signature);
if (result != kDiceResultOk) {
