Skip to content

Commit

Permalink
Add keyvault with 64b keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@ArthurHeymans
ArthurHeymans committed Nov 20, 2024
1 parent 2f6de53 commit 1c76080
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 36 deletions.
2 changes: 1 addition & 1 deletion sw-emulator/lib/periph/src/asym_ecc384.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -638,7 +638,7 @@ impl AsymEcc384 {

let pcr_digest = self.hash_sha512.pcr_hash_digest();

let signature = Ecc384::sign(&pcr_key, &pcr_digest);
let signature = Ecc384::sign(&pcr_key[..48].try_into().unwrap(), &pcr_digest);
self.sig_r = words_from_bytes_le(&signature.r);
self.sig_s = words_from_bytes_le(&signature.s);
}
Expand Down
20 changes: 16 additions & 4 deletions sw-emulator/lib/periph/src/doe.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,8 +298,14 @@ mod tests {
let mut ku_hmac_key = KeyUsage::default();
ku_hmac_key.set_hmac_key(true);

assert_eq!(key_vault.read_key(2, ku_hmac_data).unwrap(), PLAIN_TEXT_UDS);
assert_eq!(key_vault.read_key(2, ku_hmac_key).unwrap(), PLAIN_TEXT_UDS);
assert_eq!(
key_vault.read_key(2, ku_hmac_data).unwrap()[..48],
PLAIN_TEXT_UDS
);
assert_eq!(
key_vault.read_key(2, ku_hmac_key).unwrap()[..48],
PLAIN_TEXT_UDS
);
}

#[test]
Expand Down Expand Up @@ -364,8 +370,14 @@ mod tests {
let mut ku_hmac_key = KeyUsage::default();
ku_hmac_key.set_hmac_key(true);

assert_eq!(key_vault.read_key(3, ku_hmac_data).unwrap(), PLAIN_TEXT_FE);
assert_eq!(key_vault.read_key(3, ku_hmac_key).unwrap(), PLAIN_TEXT_FE);
assert_eq!(
key_vault.read_key(3, ku_hmac_data).unwrap()[..48],
PLAIN_TEXT_FE
);
assert_eq!(
key_vault.read_key(3, ku_hmac_key).unwrap()[..48],
PLAIN_TEXT_FE
);
}

#[test]
Expand Down
28 changes: 15 additions & 13 deletions sw-emulator/lib/periph/src/hash_sha512.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -536,7 +536,7 @@ impl HashSha512Regs {
// Copy the hash to the PCR if this is the last block and PCR_HASH_EXTEND is set.
let pcr_id = self.block_read_ctrl.reg.read(BlockReadControl::KEY_ID);
self.key_vault
.write_pcr(pcr_id, array_ref![self.hash.data(), 0, KeyVault::KEY_SIZE])
.write_pcr(pcr_id, array_ref![self.hash.data(), 0, KeyVault::PCR_SIZE])
.unwrap();

self.block_read_ctrl
Expand All @@ -560,10 +560,13 @@ impl HashSha512Regs {
// Clear the block
self.block.fill(0);

let result: Result<[u8; KeyVault::KEY_SIZE], BusError> = if pcr_hash_extend == 0 {
let result: Result<[u8; KeyVault::PCR_SIZE], BusError> = if pcr_hash_extend == 0 {
let mut key_usage = KeyUsage::default();
key_usage.set_sha_data(true);
self.key_vault.read_key(key_id, key_usage)
match self.key_vault.read_key(key_id, key_usage) {
Err(x) => Err(x),
Ok(x) => Ok(x[..KeyVault::PCR_SIZE].try_into().unwrap()),
}
} else {
Ok(self.key_vault.read_pcr(key_id))
};
Expand All @@ -582,8 +585,8 @@ impl HashSha512Regs {
if let Some(data) = data {
if pcr_hash_extend != 0 {
// Copy the PCR (48 bytes) to the block registers.
self.block[..KeyVault::KEY_SIZE / 4].copy_from_slice(&words_from_bytes_le(
&<[u8; KeyVault::KEY_SIZE]>::try_from(&data[..KeyVault::KEY_SIZE]).unwrap(),
self.block[..KeyVault::PCR_SIZE / 4].copy_from_slice(&words_from_bytes_le(
&<[u8; KeyVault::PCR_SIZE]>::try_from(&data[..KeyVault::PCR_SIZE]).unwrap(),
));
self.pcr_present = true;
} else {
Expand All @@ -603,13 +606,12 @@ impl HashSha512Regs {
///
/// # Arguments
///
/// * `data_len` - Size of the data
/// * `data` - Data to hash. This is in big-endian format.
///
/// # Error
///
/// * `None`
fn format_block(&mut self, data: &[u8; KeyVault::KEY_SIZE]) {
fn format_block(&mut self, data: &[u8]) {
let mut block_arr = [0u8; SHA512_BLOCK_SIZE];

block_arr[..data.len()].copy_from_slice(&data[..data.len()]);
Expand Down Expand Up @@ -1170,7 +1172,7 @@ mod tests {

#[test]
fn test_sha384_kv_block_read() {
let test_block: [u8; KeyVault::KEY_SIZE] = [
let test_block: [u8; SHA384_HASH_SIZE] = [
0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb,
0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29,
0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7,
Expand All @@ -1196,7 +1198,7 @@ mod tests {

#[test]
fn test_sha384_kv_block_read_fail() {
let test_block: [u8; KeyVault::KEY_SIZE] = [
let test_block: [u8; SHA384_HASH_SIZE] = [
0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb,
0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29,
0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7,
Expand Down Expand Up @@ -1239,7 +1241,7 @@ mod tests {

#[test]
fn test_sha384_kv_hash_write() {
let test_block: [u8; KeyVault::KEY_SIZE] = [
let test_block: [u8; SHA384_HASH_SIZE] = [
0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb,
0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29,
0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7,
Expand All @@ -1265,7 +1267,7 @@ mod tests {

#[test]
fn test_sha384_kv_hash_write_fail() {
let test_block: [u8; KeyVault::KEY_SIZE] = [
let test_block: [u8; SHA384_HASH_SIZE] = [
0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb,
0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29,
0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7,
Expand Down Expand Up @@ -1294,7 +1296,7 @@ mod tests {

#[test]
fn test_sha384_kv_block_read_hash_write() {
let test_block: [u8; KeyVault::KEY_SIZE] = [
let test_block: [u8; SHA384_HASH_SIZE] = [
0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb,
0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29,
0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7,
Expand All @@ -1321,7 +1323,7 @@ mod tests {
}
}

fn test_pcr_hash_extend(data: &[u8], pcr_data: &mut [u8; KeyVault::KEY_SIZE], expected: &[u8]) {
fn test_pcr_hash_extend(data: &[u8], pcr_data: &mut [u8; SHA384_HASH_SIZE], expected: &[u8]) {
// Prime the PCR vault.
let clock = Clock::new();
let pcr_id = 0;
Expand Down
33 changes: 17 additions & 16 deletions sw-emulator/lib/periph/src/key_vault.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ use std::cell::RefCell;
use std::rc::Rc;
use tock_registers::{register_bitfields, LocalRegisterCopy};

mod constants {
pub mod constants {
#![allow(unused)]

// Key Vault
Expand Down Expand Up @@ -109,7 +109,7 @@ mod constants {
pub const PCR_CONTROL_REG_RESET_VAL: u32 = 0;

/// Key Memory Size
pub const KEY_REG_SIZE: usize = 0x600;
pub const KEY_REG_SIZE: usize = 0x800;

/// Key control register reset value
pub const KEY_CONTROL_REG_RESET_VAL: u32 = 0;
Expand Down Expand Up @@ -145,8 +145,9 @@ pub struct KeyVault {
}

impl KeyVault {
pub const PCR_SIZE: usize = 48;
pub const KEY_COUNT: u32 = 32;
pub const KEY_SIZE: usize = 48;
pub const KEY_SIZE: usize = 64;
pub const KEY_CONTROL_REG_OFFSET: u32 = 0;
pub const KEY_CONTROL_REG_WIDTH: u32 = 0x4;

Expand Down Expand Up @@ -725,7 +726,7 @@ mod tests {

#[test]
fn test_key_private_read_write() {
let expected: [u8; KeyVault::KEY_SIZE] = [
let expected: &[u8] = &[
0x11, 0x65, 0xb3, 0x40, 0x6f, 0xf0, 0xb5, 0x2a, 0x3d, 0x24, 0x72, 0x1f, 0x78, 0x54,
0x62, 0xca, 0x22, 0x76, 0xc9, 0xf4, 0x54, 0xa1, 0x16, 0xc2, 0xb2, 0xba, 0x20, 0x17,
0x1a, 0x79, 0x05, 0xea, 0x5a, 0x02, 0x66, 0x82, 0xeb, 0x65, 0x9c, 0x4d, 0x5f, 0x11,
Expand All @@ -738,10 +739,10 @@ mod tests {

for idx in 0..KeyVault::KEY_COUNT {
vault
.write_key(idx, &expected, u32::from(key_usage))
.write_key(idx, expected, u32::from(key_usage))
.unwrap();
let returned = vault.read_key(idx, key_usage).unwrap();
assert_eq!(&returned, &expected);
assert_eq!(&returned[..expected.len()], expected);
}
}

Expand Down Expand Up @@ -773,7 +774,8 @@ mod tests {
0x11, 0x65, 0xb3, 0x40, 0x6f, 0xf0, 0xb5, 0x2a, 0x3d, 0x24, 0x72, 0x1f, 0x78,
0x54, 0x62, 0xca, 0x22, 0x76, 0xc9, 0xf4, 0x54, 0xa1, 0x16, 0xc2, 0xb2, 0xba,
0x20, 0x17, 0x1a, 0x79, 0x05, 0xea, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
]
);
}
Expand Down Expand Up @@ -903,7 +905,7 @@ mod tests {

#[test]
fn test_key_private_read_blocked() {
let expected: [u8; KeyVault::KEY_SIZE] = [
let expected: &[u8] = &[
0x11, 0x65, 0xb3, 0x40, 0x6f, 0xf0, 0xb5, 0x2a, 0x3d, 0x24, 0x72, 0x1f, 0x78, 0x54,
0x62, 0xca, 0x22, 0x76, 0xc9, 0xf4, 0x54, 0xa1, 0x16, 0xc2, 0xb2, 0xba, 0x20, 0x17,
0x1a, 0x79, 0x05, 0xea, 0x5a, 0x02, 0x66, 0x82, 0xeb, 0x65, 0x9c, 0x4d, 0x5f, 0x11,
Expand All @@ -926,7 +928,7 @@ mod tests {
);

assert!(vault
.write_key(key_id, &expected, u32::from(key_usage))
.write_key(key_id, expected, u32::from(key_usage))
.is_ok());

// Block read access to the key.
Expand All @@ -947,7 +949,7 @@ mod tests {

#[test]
fn test_key_private_write_blocked() {
let expected: [u8; KeyVault::KEY_SIZE] = [
let expected: &[u8] = &[
0x11, 0x65, 0xb3, 0x40, 0x6f, 0xf0, 0xb5, 0x2a, 0x3d, 0x24, 0x72, 0x1f, 0x78, 0x54,
0x62, 0xca, 0x22, 0x76, 0xc9, 0xf4, 0x54, 0xa1, 0x16, 0xc2, 0xb2, 0xba, 0x20, 0x17,
0x1a, 0x79, 0x05, 0xea, 0x5a, 0x02, 0x66, 0x82, 0xeb, 0x65, 0x9c, 0x4d, 0x5f, 0x11,
Expand Down Expand Up @@ -975,7 +977,7 @@ mod tests {

assert_eq!(
vault
.write_key(key_id, &expected, u32::from(key_usage))
.write_key(key_id, expected, u32::from(key_usage))
.err(),
Some(BusError::StoreAccessFault)
);
Expand All @@ -984,7 +986,7 @@ mod tests {

#[test]
fn test_key_clear() {
let expected: [u8; KeyVault::KEY_SIZE] = [
let expected: &[u8] = &[
0x11, 0x65, 0xb3, 0x40, 0x6f, 0xf0, 0xb5, 0x2a, 0x3d, 0x24, 0x72, 0x1f, 0x78, 0x54,
0x62, 0xca, 0x22, 0x76, 0xc9, 0xf4, 0x54, 0xa1, 0x16, 0xc2, 0xb2, 0xba, 0x20, 0x17,
0x1a, 0x79, 0x05, 0xea, 0x5a, 0x02, 0x66, 0x82, 0xeb, 0x65, 0x9c, 0x4d, 0x5f, 0x11,
Expand All @@ -1001,12 +1003,11 @@ mod tests {

for key_id in 0..KeyVault::KEY_COUNT {
assert_eq!(
vault
.write_key(key_id, &expected, u32::from(key_usage))
.ok(),
vault.write_key(key_id, expected, u32::from(key_usage)).ok(),
Some(())
);
assert_eq!(&vault.read_key(key_id, key_usage).unwrap(), &expected);
let key = vault.read_key(key_id, key_usage).unwrap();
assert_eq!(&key[..expected.len()], expected);

// Clear the key.
assert_eq!(
Expand Down
6 changes: 4 additions & 2 deletions sw-emulator/lib/periph/src/root_bus.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,7 +415,8 @@ mod tests {
0x00_u8, 0x11, 0x22, 0x33, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
]
);
}
Expand Down Expand Up @@ -446,7 +447,8 @@ mod tests {
0x00_u8, 0x11, 0x22, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
]
);
}
Expand Down

0 comments on commit 1c76080

Please sign in to comment.