diff --git a/Cargo.lock b/Cargo.lock index d06d109b..dd4aff70 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -167,12 +167,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "byteorder" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" - [[package]] name = "caliptra-cfi-derive-git" version = "0.1.0" @@ -244,7 +238,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] [[package]] @@ -387,7 +381,7 @@ checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] [[package]] @@ -419,7 +413,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] [[package]] @@ -745,7 +739,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] [[package]] @@ -859,18 +853,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.69" +version = "1.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +checksum = "b3e4daa0dcf6feba26f985457cdf104d4b4256fc5a09547140f3631bb076b19a" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1003,7 +997,7 @@ checksum = "d6c7207fbec9faa48073f3e3074cbe553af6ea512d7c21ba46e434e70ea9fbc1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] [[package]] @@ -1095,9 +1089,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.39" +version = "2.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "89132cd0bf050864e1d38dc3bbc07a0eb8e7530af26344d3d2bbbef83499f590" dependencies = [ "proc-macro2", "quote", @@ -1142,7 +1136,7 @@ checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] [[package]] @@ -1378,23 +1372,22 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.6.6" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "854e949ac82d619ee9a14c66a1b674ac730422372ccb759ce0c39cabcf2bf8e6" +checksum = "199837a02c176ffe66ac6e3f6195ff49ed0ae9c0fc9c905970f924909812aba6" dependencies = [ - "byteorder", "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.6.6" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" +checksum = "8c76c8bc3d9d3594dabe11d4ffab6cd71cc2c3ce38526c6de5a0d81dd0039627" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] [[package]] @@ -1414,5 +1407,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.79", ] diff --git a/Cargo.toml b/Cargo.toml index 97a0c0b7..0f9c036b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,7 @@ members = [ [workspace.dependencies] caliptra-cfi-lib-git = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-lib-git", rev = "a98e499d279e81ae85881991b1e9eee354151189", default-features = false, features = ["cfi", "cfi-counter" ] } caliptra-cfi-derive-git = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-derive-git", rev = "a98e499d279e81ae85881991b1e9eee354151189"} -zerocopy = "0.6.6" +zerocopy = { version = "0.8.3", features = ["derive"] } openssl = "0.10.64" [profile.firmware] @@ -21,4 +21,4 @@ inherits = "release" panic = "abort" lto = true opt-level = "s" -codegen-units = 1 \ No newline at end of file +codegen-units = 1 diff --git a/ci.sh b/ci.sh index 288256de..fd70b448 100755 --- a/ci.sh +++ b/ci.sh @@ -87,7 +87,9 @@ run_verification_tests dpe_profile_p384_sha384 rustcrypto cargo fmt --check cargo clippy --features libfuzzer-sys cargo clippy --features afl - cargo +nightly-2023-11-16 fuzz build --features libfuzzer-sys + # https://github.com/google/zerocopy/issues/1867 + # Currently this fuzzer fails to compile when using zerocopy v0.8.3. + # cargo +nightly-2023-11-16 fuzz build --features libfuzzer-sys cargo +nightly-2023-11-16 afl build --features afl ) diff --git a/dpe/src/commands/certify_key.rs b/dpe/src/commands/certify_key.rs index a2c23e76..7403ff54 100644 --- a/dpe/src/commands/certify_key.rs +++ b/dpe/src/commands/certify_key.rs @@ -21,7 +21,15 @@ use platform::MAX_ISSUER_NAME_SIZE; use platform::{Platform, PlatformError, MAX_KEY_IDENTIFIER_SIZE}; #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct CertifyKeyFlags(u32); bitflags! { @@ -31,7 +39,15 @@ bitflags! { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct CertifyKeyCmd { pub handle: ContextHandle, pub flags: CertifyKeyFlags, @@ -322,7 +338,7 @@ mod tests { use x509_parser::prelude::X509CertificateParser; use x509_parser::prelude::X509CertificationRequest; use x509_parser::prelude::*; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; const TEST_CERTIFY_KEY_CMD: CertifyKeyCmd = CertifyKeyCmd { handle: SIMULATION_HANDLE, diff --git a/dpe/src/commands/derive_context.rs b/dpe/src/commands/derive_context.rs index 9ca26996..d4c582c0 100644 --- a/dpe/src/commands/derive_context.rs +++ b/dpe/src/commands/derive_context.rs @@ -15,7 +15,15 @@ use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq}; use cfg_if::cfg_if; #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct DeriveContextFlags(u32); bitflags! { @@ -32,7 +40,15 @@ bitflags! { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct DeriveContextCmd { pub handle: ContextHandle, pub data: [u8; DPE_PROFILE.get_hash_size()], @@ -356,7 +372,7 @@ mod tests { use openssl::x509::X509; use openssl::{bn::BigNum, ecdsa::EcdsaSig}; use platform::default::DefaultPlatform; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; const TEST_DERIVE_CONTEXT_CMD: DeriveContextCmd = DeriveContextCmd { handle: SIMULATION_HANDLE, diff --git a/dpe/src/commands/destroy_context.rs b/dpe/src/commands/destroy_context.rs index c1e6aec6..86eba201 100644 --- a/dpe/src/commands/destroy_context.rs +++ b/dpe/src/commands/destroy_context.rs @@ -13,7 +13,15 @@ use caliptra_cfi_lib_git::cfi_launder; use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq}; #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct DestroyCtxCmd { pub handle: ContextHandle, } @@ -97,7 +105,7 @@ mod tests { use caliptra_cfi_lib_git::CfiCounter; use crypto::OpensslCrypto; use platform::default::DefaultPlatform; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; const TEST_DESTROY_CTX_CMD: DestroyCtxCmd = DestroyCtxCmd { handle: SIMULATION_HANDLE, diff --git a/dpe/src/commands/get_certificate_chain.rs b/dpe/src/commands/get_certificate_chain.rs index c110e920..c92ef71f 100644 --- a/dpe/src/commands/get_certificate_chain.rs +++ b/dpe/src/commands/get_certificate_chain.rs @@ -9,7 +9,15 @@ use caliptra_cfi_derive_git::cfi_impl_fn; use platform::{Platform, MAX_CHUNK_SIZE}; #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct GetCertificateChainCmd { pub offset: u32, pub size: u32, @@ -51,7 +59,7 @@ mod tests { use caliptra_cfi_lib_git::CfiCounter; use crypto::OpensslCrypto; use platform::default::DefaultPlatform; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; const TEST_GET_CERTIFICATE_CHAIN_CMD: GetCertificateChainCmd = GetCertificateChainCmd { offset: 0, diff --git a/dpe/src/commands/initialize_context.rs b/dpe/src/commands/initialize_context.rs index e460e78a..b7ac8fe9 100644 --- a/dpe/src/commands/initialize_context.rs +++ b/dpe/src/commands/initialize_context.rs @@ -13,7 +13,15 @@ use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq}; use cfg_if::cfg_if; #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct InitCtxCmd(u32); bitflags! { @@ -112,7 +120,7 @@ mod tests { use caliptra_cfi_lib_git::CfiCounter; use crypto::OpensslCrypto; use platform::default::DefaultPlatform; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; const TEST_INIT_CTX_CMD: InitCtxCmd = InitCtxCmd(0x1234_5678); diff --git a/dpe/src/commands/mod.rs b/dpe/src/commands/mod.rs index 4a15eaf9..cdcd2160 100644 --- a/dpe/src/commands/mod.rs +++ b/dpe/src/commands/mod.rs @@ -84,9 +84,9 @@ impl Command { build: impl FnOnce(T) -> Command, bytes: &[u8], ) -> Result { - Ok(build( - T::read_from_prefix(bytes).ok_or(DpeErrorCode::InvalidArgument)?, - )) + let (prefix, _remaining_bytes) = + T::read_from_prefix(bytes).map_err(|_| DpeErrorCode::InvalidArgument)?; + Ok(build(prefix)) } } @@ -130,7 +130,15 @@ pub trait CommandExecution { // ABI Command structures #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct CommandHdr { pub magic: u32, pub cmd_id: u32, @@ -153,7 +161,8 @@ impl TryFrom<&[u8]> for CommandHdr { type Error = DpeErrorCode; fn try_from(raw: &[u8]) -> Result { - let header = CommandHdr::read_from_prefix(raw).ok_or(DpeErrorCode::InvalidCommand)?; + let (header, _remaining_bytes) = + CommandHdr::read_from_prefix(raw).map_err(|_| DpeErrorCode::InvalidCommand)?; if header.magic != Self::DPE_COMMAND_MAGIC { return Err(DpeErrorCode::InvalidCommand); } @@ -171,7 +180,7 @@ pub mod tests { use super::*; use crate::{DpeProfile, DPE_PROFILE}; use caliptra_cfi_lib_git::CfiCounter; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; #[cfg(feature = "dpe_profile_p256_sha256")] pub const TEST_DIGEST: [u8; DPE_PROFILE.get_hash_size()] = [ diff --git a/dpe/src/commands/rotate_context.rs b/dpe/src/commands/rotate_context.rs index f8198dd2..94937ff6 100644 --- a/dpe/src/commands/rotate_context.rs +++ b/dpe/src/commands/rotate_context.rs @@ -13,7 +13,15 @@ use caliptra_cfi_lib_git::cfi_launder; use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq}; #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct RotateCtxFlags(u32); bitflags! { @@ -23,7 +31,15 @@ bitflags! { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::FromBytes, + zerocopy::IntoBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct RotateCtxCmd { pub handle: ContextHandle, pub flags: RotateCtxFlags, @@ -120,7 +136,7 @@ mod tests { use caliptra_cfi_lib_git::CfiCounter; use crypto::OpensslCrypto; use platform::default::DefaultPlatform; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; const TEST_ROTATE_CTX_CMD: RotateCtxCmd = RotateCtxCmd { flags: RotateCtxFlags(0x1234_5678), diff --git a/dpe/src/commands/sign.rs b/dpe/src/commands/sign.rs index 23ecb7ad..657dee3e 100644 --- a/dpe/src/commands/sign.rs +++ b/dpe/src/commands/sign.rs @@ -18,7 +18,15 @@ use crypto::{Crypto, Digest, EcdsaSig}; use crypto::{CryptoBuf, HmacSig}; #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct SignFlags(u32); bitflags! { @@ -28,7 +36,15 @@ bitflags! { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct SignCmd { pub handle: ContextHandle, pub label: [u8; DPE_PROFILE.get_hash_size()], @@ -199,7 +215,7 @@ mod tests { use openssl::x509::X509; use openssl::{bn::BigNum, ecdsa::EcdsaSig}; use platform::default::DefaultPlatform; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; const TEST_SIGN_CMD: SignCmd = SignCmd { handle: SIMULATION_HANDLE, diff --git a/dpe/src/context.rs b/dpe/src/context.rs index d5372c49..162857e0 100644 --- a/dpe/src/context.rs +++ b/dpe/src/context.rs @@ -1,11 +1,11 @@ // Licensed under the Apache-2.0 license. use crate::{response::DpeErrorCode, tci::TciNodeData, U8Bool, MAX_HANDLES}; use constant_time_eq::constant_time_eq_16; -use zerocopy::{AsBytes, FromBytes}; +use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout, TryFromBytes}; use zeroize::Zeroize; #[repr(C, align(4))] -#[derive(AsBytes, FromBytes, Copy, Clone, PartialEq, Eq, Zeroize)] +#[derive(IntoBytes, TryFromBytes, KnownLayout, Immutable, Copy, Clone, PartialEq, Eq, Zeroize)] pub struct Context { pub handle: ContextHandle, pub tci: TciNodeData, @@ -108,7 +108,9 @@ impl Context { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, Clone, Copy, zerocopy::AsBytes, zerocopy::FromBytes, Zeroize)] +#[derive( + Debug, PartialEq, Eq, Clone, Copy, IntoBytes, FromBytes, Immutable, KnownLayout, Zeroize, +)] pub struct ContextHandle(pub [u8; ContextHandle::SIZE]); impl ContextHandle { @@ -131,7 +133,7 @@ impl ContextHandle { } } -#[derive(Debug, PartialEq, Eq, AsBytes, FromBytes, Copy, Clone, Zeroize)] +#[derive(Debug, PartialEq, Eq, IntoBytes, TryFromBytes, KnownLayout, Immutable, Copy, Clone, Zeroize)] #[repr(u8, align(1))] #[rustfmt::skip] pub enum ContextState { @@ -144,26 +146,9 @@ pub enum ContextState { /// TCI data, but the handle is no longer valid. Because the handle is no longer valid, a client /// cannot command it to be destroyed. Retired, - // These are unused values to allow AsBytes and FromBytes to be able to use the enum. - _03, _04, _05, _06, _07, _08, _09, _0a, _0b, _0c, _0d, _0e, _0f, - _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _1a, _1b, _1c, _1d, _1e, _1f, - _20, _21, _22, _23, _24, _25, _26, _27, _28, _29, _2a, _2b, _2c, _2d, _2e, _2f, - _30, _31, _32, _33, _34, _35, _36, _37, _38, _39, _3a, _3b, _3c, _3d, _3e, _3f, - _40, _41, _42, _43, _44, _45, _46, _47, _48, _49, _4a, _4b, _4c, _4d, _4e, _4f, - _50, _51, _52, _53, _54, _55, _56, _57, _58, _59, _5a, _5b, _5c, _5d, _5e, _5f, - _60, _61, _62, _63, _64, _65, _66, _67, _68, _69, _6a, _6b, _6c, _6d, _6e, _6f, - _70, _71, _72, _73, _74, _75, _76, _77, _78, _79, _7a, _7b, _7c, _7d, _7e, _7f, - _80, _81, _82, _83, _84, _85, _86, _87, _88, _89, _8a, _8b, _8c, _8d, _8e, _8f, - _90, _91, _92, _93, _94, _95, _96, _97, _98, _99, _9a, _9b, _9c, _9d, _9e, _9f, - _A0, _A1, _A2, _A3, _A4, _A5, _A6, _A7, _A8, _A9, _Aa, _Ab, _Ac, _Ad, _Ae, _Af, - _B0, _B1, _B2, _B3, _B4, _B5, _B6, _B7, _B8, _B9, _Ba, _Bb, _Bc, _Bd, _Be, _Bf, - _C0, _C1, _C2, _C3, _C4, _C5, _C6, _C7, _C8, _C9, _Ca, _Cb, _Cc, _Cd, _Ce, _Cf, - _D0, _D1, _D2, _D3, _D4, _D5, _D6, _D7, _D8, _D9, _Da, _Db, _Dc, _Dd, _De, _Df, - _E0, _E1, _E2, _E3, _E4, _E5, _E6, _E7, _E8, _E9, _Ea, _Eb, _Ec, _Ed, _Ee, _Ef, - _F0, _F1, _F2, _F3, _F4, _F5, _F6, _F7, _F8, _F9, _Fa, _Fb, _Fc, _Fd, _Fe, _Ff, } -#[derive(Debug, PartialEq, Eq, Clone, Copy, AsBytes, FromBytes, Zeroize)] +#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoBytes, TryFromBytes, KnownLayout, Immutable, Zeroize)] #[repr(u8, align(1))] #[rustfmt::skip] pub enum ContextType { @@ -171,23 +156,6 @@ pub enum ContextType { Normal, /// Has limitations on what operations can be done. Simulation, - // These are unused values to allow AsBytes and FromBytes to be able to use the enum. - _02, _03, _04, _05, _06, _07, _08, _09, _0a, _0b, _0c, _0d, _0e, _0f, - _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _1a, _1b, _1c, _1d, _1e, _1f, - _20, _21, _22, _23, _24, _25, _26, _27, _28, _29, _2a, _2b, _2c, _2d, _2e, _2f, - _30, _31, _32, _33, _34, _35, _36, _37, _38, _39, _3a, _3b, _3c, _3d, _3e, _3f, - _40, _41, _42, _43, _44, _45, _46, _47, _48, _49, _4a, _4b, _4c, _4d, _4e, _4f, - _50, _51, _52, _53, _54, _55, _56, _57, _58, _59, _5a, _5b, _5c, _5d, _5e, _5f, - _60, _61, _62, _63, _64, _65, _66, _67, _68, _69, _6a, _6b, _6c, _6d, _6e, _6f, - _70, _71, _72, _73, _74, _75, _76, _77, _78, _79, _7a, _7b, _7c, _7d, _7e, _7f, - _80, _81, _82, _83, _84, _85, _86, _87, _88, _89, _8a, _8b, _8c, _8d, _8e, _8f, - _90, _91, _92, _93, _94, _95, _96, _97, _98, _99, _9a, _9b, _9c, _9d, _9e, _9f, - _A0, _A1, _A2, _A3, _A4, _A5, _A6, _A7, _A8, _A9, _Aa, _Ab, _Ac, _Ad, _Ae, _Af, - _B0, _B1, _B2, _B3, _B4, _B5, _B6, _B7, _B8, _B9, _Ba, _Bb, _Bc, _Bd, _Be, _Bf, - _C0, _C1, _C2, _C3, _C4, _C5, _C6, _C7, _C8, _C9, _Ca, _Cb, _Cc, _Cd, _Ce, _Cf, - _D0, _D1, _D2, _D3, _D4, _D5, _D6, _D7, _D8, _D9, _Da, _Db, _Dc, _Dd, _De, _Df, - _E0, _E1, _E2, _E3, _E4, _E5, _E6, _E7, _E8, _E9, _Ea, _Eb, _Ec, _Ed, _Ee, _Ef, - _F0, _F1, _F2, _F3, _F4, _F5, _F6, _F7, _F8, _F9, _Fa, _Fb, _Fc, _Fd, _Fe, _Ff, } pub struct ActiveContextArgs<'a> { diff --git a/dpe/src/dpe_instance.rs b/dpe/src/dpe_instance.rs index c5dfc004..db4e2118 100644 --- a/dpe/src/dpe_instance.rs +++ b/dpe/src/dpe_instance.rs @@ -24,7 +24,7 @@ use crypto::{Crypto, Digest, Hasher}; use platform::Platform; #[cfg(not(feature = "disable_internal_dice"))] use platform::MAX_CHUNK_SIZE; -use zerocopy::{AsBytes, FromBytes}; +use zerocopy::{Immutable, IntoBytes, KnownLayout, TryFromBytes}; use zeroize::Zeroize; pub trait DpeTypes { @@ -42,7 +42,7 @@ pub struct DpeEnv<'a, T: DpeTypes + 'a> { } #[repr(C, align(4))] -#[derive(AsBytes, FromBytes, Zeroize)] +#[derive(IntoBytes, TryFromBytes, KnownLayout, Immutable, Zeroize)] pub struct DpeInstance { pub contexts: [Context; MAX_HANDLES], pub(crate) support: Support, @@ -530,7 +530,7 @@ pub mod tests { use caliptra_cfi_lib_git::CfiCounter; use crypto::OpensslCrypto; use platform::default::{DefaultPlatform, AUTO_INIT_LOCALITY, TEST_CERT_CHAIN}; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; pub struct TestTypes; impl DpeTypes for TestTypes { diff --git a/dpe/src/lib.rs b/dpe/src/lib.rs index 311476e2..f5d5e36d 100644 --- a/dpe/src/lib.rs +++ b/dpe/src/lib.rs @@ -23,7 +23,7 @@ use response::GetProfileResp; pub mod tci; pub mod x509; -use zerocopy::{AsBytes, FromBytes}; +use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout}; const MAX_CERT_SIZE: usize = 2048; #[cfg(not(feature = "arbitrary_max_handles"))] @@ -40,7 +40,9 @@ const INTERNAL_INPUT_INFO_SIZE: usize = size_of::() + size_of::< /// A type with u8 backing memory but bool semantics /// This is needed to safely serialize booleans in the persisted DPE state /// using zerocopy. -#[derive(Default, AsBytes, FromBytes, Copy, Clone, PartialEq, Eq, Zeroize)] +#[derive( + Default, IntoBytes, FromBytes, Copy, Clone, PartialEq, Eq, Zeroize, Immutable, KnownLayout, +)] #[repr(C, align(1))] pub struct U8Bool { val: u8, diff --git a/dpe/src/response.rs b/dpe/src/response.rs index d01927d2..384d4f0e 100644 --- a/dpe/src/response.rs +++ b/dpe/src/response.rs @@ -10,7 +10,7 @@ use crate::{ }; use crypto::CryptoError; use platform::PlatformError; -use zerocopy::AsBytes; +use zerocopy::IntoBytes; #[cfg_attr(test, derive(PartialEq, Debug, Eq))] #[allow(clippy::large_enum_variant)] @@ -45,7 +45,15 @@ impl Response { // ABI Response structures #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct ResponseHdr { pub magic: u32, pub status: u32, @@ -65,7 +73,15 @@ impl ResponseHdr { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct GetProfileResp { pub resp_hdr: ResponseHdr, pub major_version: u16, @@ -95,14 +111,30 @@ impl GetProfileResp { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::KnownLayout, + zerocopy::Immutable, +)] pub struct NewHandleResp { pub resp_hdr: ResponseHdr, pub handle: ContextHandle, } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct DeriveContextResp { pub resp_hdr: ResponseHdr, pub handle: ContextHandle, @@ -110,7 +142,15 @@ pub struct DeriveContextResp { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct CertifyKeyResp { pub resp_hdr: ResponseHdr, pub new_context_handle: ContextHandle, @@ -121,7 +161,15 @@ pub struct CertifyKeyResp { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct SignResp { pub resp_hdr: ResponseHdr, pub new_context_handle: ContextHandle, @@ -130,7 +178,15 @@ pub struct SignResp { } #[repr(C)] -#[derive(Debug, PartialEq, Eq, zerocopy::AsBytes, zerocopy::FromBytes)] +#[derive( + Debug, + PartialEq, + Eq, + zerocopy::IntoBytes, + zerocopy::FromBytes, + zerocopy::Immutable, + zerocopy::KnownLayout, +)] pub struct GetCertificateChainResp { pub resp_hdr: ResponseHdr, pub certificate_size: u32, diff --git a/dpe/src/support.rs b/dpe/src/support.rs index 323116a8..b06e8697 100644 --- a/dpe/src/support.rs +++ b/dpe/src/support.rs @@ -1,9 +1,9 @@ // Licensed under the Apache-2.0 license. use bitflags::bitflags; -use zerocopy::{AsBytes, FromBytes}; +use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout}; use zeroize::Zeroize; -#[derive(Default, AsBytes, FromBytes, Zeroize, Copy, Clone)] +#[derive(Default, IntoBytes, FromBytes, KnownLayout, Immutable, Zeroize, Copy, Clone)] #[repr(C)] pub struct Support(u32); diff --git a/dpe/src/tci.rs b/dpe/src/tci.rs index a145af89..6acede96 100644 --- a/dpe/src/tci.rs +++ b/dpe/src/tci.rs @@ -1,10 +1,12 @@ // Licensed under the Apache-2.0 license. use crate::DPE_PROFILE; -use zerocopy::{AsBytes, FromBytes}; +use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout}; use zeroize::Zeroize; #[repr(C, align(4))] -#[derive(Default, Copy, Clone, AsBytes, FromBytes, PartialEq, Eq, Zeroize)] +#[derive( + Default, Copy, Clone, IntoBytes, FromBytes, PartialEq, Eq, KnownLayout, Immutable, Zeroize, +)] pub struct TciNodeData { pub tci_type: u32, pub tci_cumulative: TciMeasurement, @@ -24,7 +26,9 @@ impl TciNodeData { } #[repr(transparent)] -#[derive(Copy, Clone, Debug, AsBytes, FromBytes, PartialEq, Eq, Zeroize)] +#[derive( + Copy, Clone, Debug, IntoBytes, FromBytes, KnownLayout, Immutable, PartialEq, Eq, Zeroize, +)] pub struct TciMeasurement(pub [u8; DPE_PROFILE.get_tci_size()]); impl Default for TciMeasurement { diff --git a/dpe/src/validation.rs b/dpe/src/validation.rs index 3f7ea4a8..f9b81f5d 100644 --- a/dpe/src/validation.rs +++ b/dpe/src/validation.rs @@ -156,9 +156,6 @@ impl<'a> DpeValidator<'a> { cfi_assert_ne(child_context_count, 0); } } - _ => { - return Err(ValidationError::BadContextState); - } } if context.context_type != ContextType::Normal @@ -677,22 +674,8 @@ pub mod tests { Err(ValidationError::DanglingRetiredContext) ); - // bad context state - dpe_validator.dpe.contexts[0].state = ContextState::_03; - assert_eq!( - dpe_validator.validate_dpe_state(), - Err(ValidationError::BadContextState) - ); - - // bad context type - dpe_validator.dpe.contexts[0].state = ContextState::Active; - dpe_validator.dpe.contexts[0].context_type = ContextType::_02; - assert_eq!( - dpe_validator.validate_dpe_state(), - Err(ValidationError::BadContextType) - ); - // locality mismatch + dpe_validator.dpe.contexts[0].state = ContextState::Active; dpe_validator.dpe.contexts[0].context_type = ContextType::Normal; dpe_validator.dpe.contexts[0].locality = 0; dpe_validator.dpe.contexts[0].tci.locality = 1; diff --git a/dpe/src/x509.rs b/dpe/src/x509.rs index 3cde5053..24a20569 100644 --- a/dpe/src/x509.rs +++ b/dpe/src/x509.rs @@ -17,7 +17,7 @@ use platform::CertValidity; #[cfg(not(feature = "disable_csr"))] use platform::SignerIdentifier; use platform::{OtherName, SubjectAltName, MAX_KEY_IDENTIFIER_SIZE}; -use zerocopy::AsBytes; +use zerocopy::IntoBytes; pub enum DirectoryString<'a> { PrintableString(&'a [u8]), @@ -2240,7 +2240,7 @@ pub(crate) mod tests { use x509_parser::nom::Parser; use x509_parser::oid_registry::asn1_rs::oid; use x509_parser::prelude::*; - use zerocopy::AsBytes; + use zerocopy::IntoBytes; #[derive(asn1::Asn1Read)] pub struct Fwid<'a> { diff --git a/platform/src/test_data/cert_256.der b/platform/src/test_data/cert_256.der index 0d23b25c..35a1eac3 100644 Binary files a/platform/src/test_data/cert_256.der and b/platform/src/test_data/cert_256.der differ diff --git a/platform/src/test_data/cert_256.pem b/platform/src/test_data/cert_256.pem index 5a213bc2..fc503ad2 100644 --- a/platform/src/test_data/cert_256.pem +++ b/platform/src/test_data/cert_256.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBlzCCAT2gAwIBAgIUSNUum79QPbl3ji+YB4CyYO5S/mMwCgYIKoZIzj0EAwIw -GTEXMBUGA1UEAwwORFBFIFRlc3QgQWxpYXMwHhcNMjMxMDExMDAxODAwWhcNMjQx -MDEwMDAxODAwWjAZMRcwFQYDVQQDDA5EUEUgVGVzdCBBbGlhczBZMBMGByqGSM49 -AgEGCCqGSM49AwEHA0IABO7HzA5vxTzU97oh7Il3KbnNGj9PTirz/InZ21489TGc -Hl8BiDFmcFvnN13u6cgy6wtM9XAoPYHedgQUVavFbcijYzBhMB0GA1UdDgQWBBT1 -0TRqBIdZaS85p0BJ9PB/xvuyyzAfBgNVHSMEGDAWgBT10TRqBIdZaS85p0BJ9PB/ -xvuyyzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDAKBggqhkjOPQQD -AgNIADBFAiALwtkvq4pIvSraRY67zEYOGmD66wIUa70R5Jr2wQxGJQIhAPIxHmOr -mb7zdmBV8flCBkjNniCbnPNzL8eKru3J0aC/ +MIIBmTCCAT+gAwIBAgIUO0ooMg2tKjzwxL9JmsDfJU4+4P0wCgYIKoZIzj0EAwIw +GTEXMBUGA1UEAwwORFBFIFRlc3QgQWxpYXMwIBcNMjQxMDExMjExOTAxWhgPMzAy +NDAyMTIyMTE5MDFaMBkxFzAVBgNVBAMMDkRQRSBUZXN0IEFsaWFzMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEnH/OkctnyQxNxBE+29NqpKCowtUL8Kkoac8cAvwH +5KiCLhwlgUXG02AROr3GAizzo5uoqlUPT7pibkUjy7s/PqNjMGEwHQYDVR0OBBYE +FMUuA+qwde9WKVMGboD8hePco6abMB8GA1UdIwQYMBaAFMUuA+qwde9WKVMGboD8 +hePco6abMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMAoGCCqGSM49 +BAMCA0gAMEUCIAE2kcauPlu1AZmfk5Fu35hteYjvdrUgHHIS1haAibAeAiEA5SdE +s5qqdKFbqnsxL1SrppBh4OYeOZbUzTtzANMKUzI= -----END CERTIFICATE----- diff --git a/platform/src/test_data/cert_384.der b/platform/src/test_data/cert_384.der index e2d84ded..24bfd309 100644 Binary files a/platform/src/test_data/cert_384.der and b/platform/src/test_data/cert_384.der differ diff --git a/platform/src/test_data/cert_384.pem b/platform/src/test_data/cert_384.pem index e00c459a..aa9e98d1 100644 --- a/platform/src/test_data/cert_384.pem +++ b/platform/src/test_data/cert_384.pem @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIB1DCCAVqgAwIBAgIUEz6Q7Kj5nK3OPlZrretui0Hl+h4wCgYIKoZIzj0EAwIw -GTEXMBUGA1UEAwwORFBFIFRlc3QgQWxpYXMwHhcNMjMxMDExMDAxODAwWhcNMjQx -MDEwMDAxODAwWjAZMRcwFQYDVQQDDA5EUEUgVGVzdCBBbGlhczB2MBAGByqGSM49 -AgEGBSuBBAAiA2IABLSNyM7L+V0Hy+26ZFYaTmfeDuREuN642nRpyLlYJCzXKwMM -GUVpc7zGc8zKEp9IKvIaktT8esetpCjy0fpkPRlyXLMhW/4IugBxDYHD66Z//6vd -e8b9pd0p5vBrLOFlU6NjMGEwHQYDVR0OBBYEFDjuOmKJucxijsOVNwuDx0t2Gmql -MB8GA1UdIwQYMBaAFDjuOmKJucxijsOVNwuDx0t2GmqlMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgIEMAoGCCqGSM49BAMCA2gAMGUCMBsRbi3AvzOeU28K -zNAxVrd5Bnwd2Cf4E8t3VZyF+DMe8o5nPy2fDCbzoRjpzxMeWAIxAIWJ78JJaf0V -niq+esYZTcjCsdJArz/QuGc+AKNSMSIyd7w5RczMqZlnHi4ZZ3v1bg== +MIIB1TCCAVygAwIBAgIUUYAyucQJdxAeQVhaFxTjNi4b4sYwCgYIKoZIzj0EAwIw +GTEXMBUGA1UEAwwORFBFIFRlc3QgQWxpYXMwIBcNMjQxMDExMjExOTAxWhgPMzAy +NDAyMTIyMTE5MDFaMBkxFzAVBgNVBAMMDkRQRSBUZXN0IEFsaWFzMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEyUXZY0z4675+AqzOwefjitMcLBif5qnvC9uw/G8FzkqP +QSkIrLUKk3etSsUUoftG6qHa2k8RHDbKUHYf7ZTYi6EgR5NI+nblbitOHnvJ2hcL +PA9Dc8AJx/jssShUz+ffo2MwYTAdBgNVHQ4EFgQUooy0oiM+HZdvh33/Z6PQPyOA +esAwHwYDVR0jBBgwFoAUooy0oiM+HZdvh33/Z6PQPyOAesAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwIDZwAwZAIwYzezYlM89lM7 +fBTai0nWflgMISD20qqpcDc9kaWJrqTWgm8V2HIbPMmDiQlxg6MmAjB1Aiii6Snr +ZJCYxFHiOQfOFtoK+7vDsU2tlOlAyk/fQ30YQCPGbjeRBPYOBLnE2OI= -----END CERTIFICATE----- diff --git a/platform/src/test_data/generate.sh b/platform/src/test_data/generate.sh index 839d634f..df05ca41 100755 --- a/platform/src/test_data/generate.sh +++ b/platform/src/test_data/generate.sh @@ -4,15 +4,15 @@ set -ex openssl ecparam -name prime256v1 -genkey -noout -out key_256.pem -openssl req -new -key key_256.pem -x509 -nodes -days 365 -out cert_256.pem \ +openssl req -new -key key_256.pem -x509 -nodes -days 365000 -out cert_256.pem \ -addext keyUsage=critical,keyCertSign \ -subj /CN="DPE Test Alias"/ openssl ec -in key_256.pem -outform DER -out key_256.der openssl x509 -in cert_256.pem -outform DER -out cert_256.der openssl ecparam -name secp384r1 -genkey -noout -out key_384.pem -openssl req -new -key key_384.pem -x509 -nodes -days 365 -out cert_384.pem \ +openssl req -new -key key_384.pem -x509 -nodes -days 365000 -out cert_384.pem \ -addext keyUsage=critical,keyCertSign \ -subj /CN="DPE Test Alias"/ openssl ec -in key_384.pem -outform DER -out key_384.der -openssl x509 -in cert_384.pem -outform DER -out cert_384.der \ No newline at end of file +openssl x509 -in cert_384.pem -outform DER -out cert_384.der diff --git a/platform/src/test_data/key_256.der b/platform/src/test_data/key_256.der index 01e41b10..50dc7275 100644 Binary files a/platform/src/test_data/key_256.der and b/platform/src/test_data/key_256.der differ diff --git a/platform/src/test_data/key_256.pem b/platform/src/test_data/key_256.pem index bbdf703e..e7573b55 100644 --- a/platform/src/test_data/key_256.pem +++ b/platform/src/test_data/key_256.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIK5uG+/vMox98U20m1OD9ssOx0murUsD3bpm5VY1Zx8ZoAoGCCqGSM49 -AwEHoUQDQgAE7sfMDm/FPNT3uiHsiXcpuc0aP09OKvP8idnbXjz1MZweXwGIMWZw -W+c3Xe7pyDLrC0z1cCg9gd52BBRVq8VtyA== +MHcCAQEEIJoSu3ylek5gO4QtkBF0ZZEjok7Lc/EvNyhRoWbphdiioAoGCCqGSM49 +AwEHoUQDQgAEnH/OkctnyQxNxBE+29NqpKCowtUL8Kkoac8cAvwH5KiCLhwlgUXG +02AROr3GAizzo5uoqlUPT7pibkUjy7s/Pg== -----END EC PRIVATE KEY----- diff --git a/platform/src/test_data/key_384.der b/platform/src/test_data/key_384.der index 5afdce83..8b32f166 100644 Binary files a/platform/src/test_data/key_384.der and b/platform/src/test_data/key_384.der differ diff --git a/platform/src/test_data/key_384.pem b/platform/src/test_data/key_384.pem index 9b56937a..6f74b527 100644 --- a/platform/src/test_data/key_384.pem +++ b/platform/src/test_data/key_384.pem @@ -1,6 +1,6 @@ -----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDAbq5Ujig5G1GGA5tbU0VEo7ByEeGJvbVz9oTjDNfAHCs/c8gWLoBT1 -io6A/4BhNs6gBwYFK4EEACKhZANiAAS0jcjOy/ldB8vtumRWGk5n3g7kRLjeuNp0 -aci5WCQs1ysDDBlFaXO8xnPMyhKfSCryGpLU/HrHraQo8tH6ZD0ZclyzIVv+CLoA -cQ2Bw+umf/+r3XvG/aXdKebwayzhZVM= +MIGkAgEBBDBvfCm6MgLqpqgOfHZThIxnl1+zTbvH2qEAg0RX2c4Tf1f/KGAYRsc1 +ObHWEY4LTFSgBwYFK4EEACKhZANiAATJRdljTPjrvn4CrM7B5+OK0xwsGJ/mqe8L +27D8bwXOSo9BKQistQqTd61KxRSh+0bqodraTxEcNspQdh/tlNiLoSBHk0j6duVu +K04ee8naFws8D0NzwAnH+OyxKFTP598= -----END EC PRIVATE KEY----- diff --git a/tools/src/sample_dpe_cert.rs b/tools/src/sample_dpe_cert.rs index 3cbf5a13..c6c34090 100644 --- a/tools/src/sample_dpe_cert.rs +++ b/tools/src/sample_dpe_cert.rs @@ -12,7 +12,7 @@ use { dpe::{support::Support, DpeInstance, DPE_PROFILE}, pem::{encode_config, EncodeConfig, LineEnding, Pem}, platform::default::DefaultPlatform, - zerocopy::AsBytes, + zerocopy::IntoBytes, }; pub struct TestTypes {}