blob: da668f164c2c2c02d167080eb419ff4e27952a11 [file] [log] [blame]
// Copyright 2020 Google LLC
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
// use this file except in compliance with the License. You may obtain a copy of
// the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations under
// the License.
#include "dice/dice.h"
#ifdef __cplusplus
extern "C" {
// This function implements the 'DiceOps::generate_certificate' callback
// documented in dice.h. It generates an X.509 certificate based on a template
// using the ED25519-SHA512 signature scheme.
// If no variable length descriptors are used in a DICE certificate, the
// certificate can be constructed from a template instead of using an ASN.1
// library. This implementation includes only hashes and inline configuration in
// the DICE extension. For convenience this uses the lower level curve25519
// implementation in boringssl but does not use anything else (no ASN.1, X.509,
// etc). This approach may be especially useful in very low level components
// where simplicity is paramount.
// This function will return kDiceResultInvalidInput if 'input_values' specifies
// any variable length descriptors. In particular:
// * code_descriptor_size must be zero
// * authority_descriptor_size must be zero
// * config_type must be kDiceConfigTypeInline
DiceResult DiceGenerateCertificateFromTemplateOp(
const DiceOps* ops,
const uint8_t subject_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE],
const uint8_t authority_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE],
const DiceInputValues* input_values, size_t certificate_buffer_size,
uint8_t* certificate, size_t* certificate_actual_size);
#ifdef __cplusplus
} // extern "C"