minimum self-signed DICE (oxidecomputer#698)

* Update lpc55_support for compatibility with latest zeroize crate.

* lib-dice: Add new library with types for DICE artifacts and certs.

The current cert implementation is limited to the creation of a self
signed cert for the DeviceId & the Alias cert. Cert creation is as
simple as possible with a template for each cert (DER) that is populated
with fixed length data like the platform serial number, certificate
serial number, public key & signature. Future work will address
programatic generation of these templates at build time to replace the
currently static ones.

* lpc55/chip.toml: Add memory regions for DICE artifact handoff.

The memory used in this commit is SRAM intended for use by USB. The
choice of using this memory region was mostly driven by convenience and
pivoting to a different range should be straight forward. The size of
this region was chosen based on the estimated size of the data passed.
The DeviceId and Alias cert are each ~600 bytes and the seed required to
reconstruct the Alias key is 32 bytes. All of this fits comfortably in
2k.

* stage0: Use the dice library to implement minimal self-signed credentials.

This commit collects the DICE CDI from the NXP ROM, creates an ed25519
key pair from it (effectively the DeviceId) and uses this key to create
a self-signed DeviceId cert. The hash of the hubris image that will be
launched by stage0 is then hashed and the output used to generate the
Alias credentials (used for attestation). Finally the keying material
used to create the Alias key, and the cert chain from the Alias back to
the DeviceId are written to memory for use in an attestation exchange by
a future hubris task.

If run on an lpc55 with DICE disabled (the default config) none of the
DICE artifacts will be created and hubris will be booted as usual.

Author: flihp

Cargo.lock

@@ -2,15 +2,15 @@ name = "lpc55xpresso"
 target = "thumbv8m.main-none-eabihf"
 board = "lpcxpresso55s69"
 chip = "../../chips/lpc55"
-stacksize = 1024
 secure-separation = true
 image-names = ["stage0"]
 external-images = ["a", "b"]
 
 [kernel]
 name = "stage0"
-requires = {flash = 0x4000, ram = 4096}
-features = ["tz_support"]
+requires = {flash = 0x7000, ram = 8192}
+features = ["tz_support", "dice"]
+stacksize = 8000
 
 [tasks.idle]
 name = "task-idle"

app/lpc55xpresso/stage0.toml

@@ -40,4 +40,4 @@ zerocopy = "0.6.1"
 # For NXP signing
 [dependencies.lpc55_sign]
 git = "https://github.com/oxidecomputer/lpc55_support"
-rev = "edbc00749b708d5bc48c5fe0f1df0d1ed6f054c2"
+rev = "f7ccf6d607b1a51fcb5f93a9f53d6c2f8366cc5a"

build/xtask/Cargo.toml

@@ -46,6 +46,12 @@ size = 4096
 address = 0x4003A000
 size = 4096
 
+# this is the start of the USB SRAM AHB peripheral (0x4000 bytes total)
+# we appropriate this SRAM for passing DICE artifacts
+[dice_alias]
+address = 0x40100000
+size = 0x800
+
 [flash]
 address = 0x50034000
 size = 0x1000

chips/lpc55/chip.toml

@@ -0,0 +1,18 @@
+[package]
+name = "dice"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+hkdf = { version = "0.12", default-features = false }
+hubpack = "0.1"
+lpc55-pac = "0.3"
+salty = "0.2"
+serde = { version = "1", default-features = false, features = ["derive"] }
+serde-big-array = "0.4"
+sha3 = { version = "0.10", default-features = false }
+unwrap-lite = { path = "../unwrap-lite" }
+zeroize = { version = "1.5.7", default-features = false, features = ["zeroize_derive"] }
+
+[dev-dependencies]
+chrono = "0.4"

lib/dice/Cargo.toml

@@ -0,0 +1,107 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+// NOTE: This DER blob, offsets & lengths is mostly generated code. This was
+// accomplished by creating a certificate with the desired structure (including
+// DICE specific extensions and policy) using the openssl ca tools. The fields
+// that we need to operate on were identified and their offsets recorded. The
+// values in these regions (signatureValue, serialNumber, issuer, subject,
+// validity etc) are then removed.
+//
+// TODO: generate cert template DER from ASN.1 & text config
+#[allow(dead_code)]
+pub const SIZE: usize = 608;
+#[allow(dead_code)]
+pub const SERIAL_NUMBER_START: usize = 15;
+#[allow(dead_code)]
+pub const SERIAL_NUMBER_END: usize = 16;
+#[allow(dead_code)]
+pub const ISSUER_SN_START: usize = 169;
+#[allow(dead_code)]
+pub const ISSUER_SN_END: usize = 181;
+#[allow(dead_code)]
+pub const SN_LENGTH: usize = 12;
+#[allow(dead_code)]
+pub const NOTBEFORE_START: usize = 185;
+#[allow(dead_code)]
+pub const NOTBEFORE_END: usize = 198;
+#[allow(dead_code)]
+pub const NOTBEFORE_LENGTH: usize = 13;
+#[allow(dead_code)]
+pub const SUBJECT_SN_START: usize = 357;
+#[allow(dead_code)]
+pub const SUBJECT_SN_END: usize = 369;
+#[allow(dead_code)]
+pub const PUB_START: usize = 381;
+#[allow(dead_code)]
+pub const PUB_END: usize = 413;
+#[allow(dead_code)]
+pub const SIG_START: usize = 544;
+#[allow(dead_code)]
+pub const SIG_END: usize = 608;
+#[allow(dead_code)]
+pub const SIGNDATA_START: usize = 4;
+#[allow(dead_code)]
+pub const SIGNDATA_END: usize = 534;
+#[allow(dead_code)]
+pub const SIGNDATA_LENGTH: usize = 530;
+#[allow(dead_code)]
+pub const FWID_START: usize = 502;
+#[allow(dead_code)]
+pub const FWID_END: usize = 534;
+#[allow(dead_code)]
+pub const FWID_LENGTH: usize = 32;
+pub const CERT_TMPL: [u8; 608] = [
+    0x30, 0x82, 0x02, 0x5c, 0x30, 0x82, 0x02, 0x0e, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30,
+    0x81, 0x9b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+    0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+    0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61,
+    0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0a, 0x45,
+    0x6d, 0x65, 0x72, 0x79, 0x76, 0x69, 0x6c, 0x6c, 0x65, 0x31, 0x1f, 0x30,
+    0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x16, 0x4f, 0x78, 0x69, 0x64,
+    0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20, 0x43,
+    0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x4d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63,
+    0x74, 0x75, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x09, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x2d,
+    0x69, 0x64, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x05, 0x13,
+    0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x37, 0x33, 0x31, 0x31,
+    0x37, 0x30, 0x30, 0x34, 0x34, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39, 0x39,
+    0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30,
+    0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+    0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+    0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61,
+    0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0a, 0x45,
+    0x6d, 0x65, 0x72, 0x79, 0x76, 0x69, 0x6c, 0x6c, 0x65, 0x31, 0x1f, 0x30,
+    0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x16, 0x4f, 0x78, 0x69, 0x64,
+    0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20, 0x43,
+    0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x4d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63,
+    0x74, 0x75, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x05, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x31, 0x15,
+    0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x05, 0x13, 0x0c, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x2a, 0x30,
+    0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0xa3, 0x77, 0x30, 0x75, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x03, 0xa8,
+    0x30, 0x17, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x01, 0x01, 0xff, 0x04, 0x0d,
+    0x30, 0x0b, 0x30, 0x09, 0x06, 0x07, 0x67, 0x81, 0x05, 0x05, 0x04, 0x64,
+    0x08, 0x30, 0x3f, 0x06, 0x05, 0x67, 0x81, 0x05, 0x05, 0x04, 0x01, 0x01,
+    0xff, 0x04, 0x33, 0x30, 0x31, 0xa6, 0x2f, 0x30, 0x2d, 0x06, 0x09, 0x60,
+    0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08, 0x04, 0x20, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+    0x70, 0x03, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+];