| commit | ca97c218b638f940796b554ca266334151dd674f | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Jan 22 00:43:23 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Jan 22 00:43:23 2024 +0000 |
| tree | d6442cb8ca9eb0a0ba7bf8c0e4c1107eba600f0d | |
| parent | 27cb475062a9c9cdbf1cf3655b2f6576ae61b227 [diff] |
[third_party/pigweed/src] Roll 37 commits 0380161bd68c216 roll: gn ee7c25d76da067d roll: 310, 311, 38, 39 367c357d0886c41 roll: bazel 6fc6f6debcbae24 pw_ide: Fix typo 858c1dd3b1e55a1 docs: Auto-generate module source code and issues b2a685f4fcbe72f pw_bytes: Make _b literals error on values >255 9425a61193fea1b pw_toolchain_bazel: Add pw_cc_feature f841613e7c2c460 pw_ide: Launch activated terminals in VSC 41486b684207edc pw_bluetooth: Move emboss structures from hci_comm d79c2d390cb54f0 pw_digital_io: Document the private virtual API re ca5ff7956df3e57 pw_ide: VSC extension 0.1.3 release ce555a7140739ac pw_toolchain_bazel: Set exec_transition_for_inputs 7db0c54237bf01c pw_tokenizer: Allow use of static_assert in C99 te 0b0e6706fed87eb pw_bluetooth: Reorganize hci_vendor.emb 9b5ca82fd24f5be *: Remove module-level README.md files b2f23b4e8480985 pw_hdlc: Remove unused targets 43ce44233375111 pw_protobuf: Fix undefined pointer deref in fuzz t fd1e0b737fdd7ab pw_hdlc: Remove unused rpc packet processor target 407998efe3bc816 pw_polyfill: Remove _Static_assert workaround 6dbf91509a7c697 pw_protobuf: Fix out-of-range read 580207197edbf60 pw_web: Init. improvements to resize performance bc12815c3e28dfe docs: Minor updates to the FAQ 79d372338caadd0 pw_console: Upgrade to ptpython 3.0.25 bdf2eb22cede007 pw_toolchain_bazel: Remove check_deps_provide 0d006b2d8864259 pw_polyfill: Provide static_assert polyfill for C 4df1a0780e47de9 pw_presubmit: Trim paths in ninja summary 463799bf5fa059c pw_tokenizer: Adjust rustdocs deps to only be in s 0df2560002f2cc4 Revert "pw_emu: Remove psutil dependency" 1959a5e4cd70fef pw_transfer: Use handles for cancellation in C++ c f27a19b15084f41 pw_bluetooth: Add new event definitions 8801bdaaea0d83b SEED-0123: Claim SEED number 6aa19d187985c70 pw_persistent_ram: Add more tests to PersistentBuf a38ad878ad45161 pw_presubmit: No copyright for MODULE.bazel.lock afd7bfda26d88ac pw_doctor: Update expected tools on POSIX 47524c5a8de1e71 pw_containers: Protected InlineQueue/Deque<T> dest db66e1ef97700ad pw_containers: Make Vector<T> destructor protected 9ad961bb7bbd376 roll: go https://pigweed.googlesource.com/pigweed/pigweed third_party/pigweed/src Rolled-Commits: 9640cdef100f87d..0380161bd68c216 Roller-URL: https://ci.chromium.org/b/8758244748561987777 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I82beba70cb257ff0d8d3cd8371c74321f0e402b8 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/188593 Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.