Skip to content

Commit

Permalink
Make all of DpeInstance use zerocopy
Browse files Browse the repository at this point in the history 
Make all of the DpeInstance data implement FromBytes/AsBytes. This allows for
persisting DPE state across resets in a stable way.
  • Loading branch information
@jhand2
jhand2 committed Aug 24, 2023
1 parent 0ca37d7 commit a28b6b7
Show file tree
Hide file tree
Showing 15 changed files with 313 additions and 159 deletions.
17 changes: 9 additions & 8 deletions dpe/src/commands/certify_key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,18 +41,18 @@ impl CommandExecution for CertifyKeyCmd {
let idx = dpe.get_active_context_pos(&self.handle, locality)?;
let context = &dpe.contexts[idx];

if self.uses_is_ca() && !dpe.support.is_ca {
if self.uses_is_ca() && !dpe.support.is_ca() {
return Err(DpeErrorCode::ArgumentNotSupported);
}
if self.uses_is_ca() && !context.allow_ca {
if self.uses_is_ca() && !context.allow_ca() {
return Err(DpeErrorCode::InvalidArgument);
}

if self.format == Self::FORMAT_X509 {
if !dpe.support.x509 {
if !dpe.support.x509() {
return Err(DpeErrorCode::ArgumentNotSupported);
}
if !context.allow_x509 {
if !context.allow_x509() {
return Err(DpeErrorCode::InvalidArgument);
}
}
Expand Down Expand Up @@ -130,7 +130,7 @@ impl CommandExecution for CertifyKeyCmd {
u32::try_from(bytes_written).map_err(|_| DpeErrorCode::InternalError)?
}
Self::FORMAT_CSR => {
if !dpe.support.csr {
if !dpe.support.csr() {
return Err(DpeErrorCode::ArgumentNotSupported);
}
return Err(DpeErrorCode::ArgumentNotSupported);
Expand Down Expand Up @@ -159,6 +159,7 @@ mod tests {
commands::{Command, CommandHdr, InitCtxCmd},
dpe_instance::tests::{TestTypes, SIMULATION_HANDLE, TEST_LOCALITIES},
support::Support,
U8Bool,
};
use crypto::OpensslCrypto;
use platform::DefaultPlatform;
Expand Down Expand Up @@ -195,7 +196,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
x509: true,
x509: U8Bool::new(true),
..Support::default()
},
)
Expand Down Expand Up @@ -242,8 +243,8 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
x509: true,
is_ca: true,
x509: U8Bool::new(true),
is_ca: U8Bool::new(true),
..Support::default()
},
)
Expand Down
27 changes: 14 additions & 13 deletions dpe/src/commands/derive_child.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,19 +88,20 @@ impl CommandExecution for DeriveChildCmd {
locality: u32,
) -> Result<Response, DpeErrorCode> {
// Make sure the operation is supported.
if (!dpe.support.internal_info && self.uses_internal_info_input())
|| (!dpe.support.internal_dice && self.uses_internal_dice_input())
if (!dpe.support.internal_info() && self.uses_internal_info_input())
|| (!dpe.support.internal_dice() && self.uses_internal_dice_input())
{
return Err(DpeErrorCode::ArgumentNotSupported);
}

if (!dpe.support.is_ca && self.allows_ca()) || (!dpe.support.x509 && self.allows_x509()) {
if (!dpe.support.is_ca() && self.allows_ca()) || (!dpe.support.x509() && self.allows_x509())
{
return Err(DpeErrorCode::ArgumentNotSupported);
}

let parent_idx = dpe.get_active_context_pos(&self.handle, locality)?;
if (!dpe.contexts[parent_idx].allow_ca && self.allows_ca())
|| (!dpe.contexts[parent_idx].allow_x509 && self.allows_x509())
if (!dpe.contexts[parent_idx].allow_ca() && self.allows_ca())
|| (!dpe.contexts[parent_idx].allow_x509() && self.allows_x509())
{
return Err(DpeErrorCode::InvalidArgument);
}
Expand All @@ -109,8 +110,8 @@ impl CommandExecution for DeriveChildCmd {
.get_next_inactive_context_pos()
.ok_or(DpeErrorCode::MaxTcis)?;

dpe.contexts[parent_idx].uses_internal_input_info = self.uses_internal_info_input();
dpe.contexts[parent_idx].uses_internal_input_dice = self.uses_internal_dice_input();
dpe.contexts[parent_idx].uses_internal_input_info = self.uses_internal_info_input().into();
dpe.contexts[parent_idx].uses_internal_input_dice = self.uses_internal_dice_input().into();

let target_locality = if !self.changes_locality() {
locality
Expand Down Expand Up @@ -171,7 +172,7 @@ mod tests {
commands::{tests::TEST_DIGEST, Command, CommandHdr, InitCtxCmd},
dpe_instance::tests::{TestTypes, SIMULATION_HANDLE, TEST_LOCALITIES},
support::Support,
MAX_HANDLES,
U8Bool, MAX_HANDLES,
};
use crypto::OpensslCrypto;
use platform::DefaultPlatform;
Expand Down Expand Up @@ -232,7 +233,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
auto_init: true,
auto_init: U8Bool::new(true),
..Support::default()
},
)
Expand Down Expand Up @@ -274,7 +275,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
auto_init: true,
auto_init: U8Bool::new(true),
..Support::default()
},
)
Expand Down Expand Up @@ -315,7 +316,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
auto_init: true,
auto_init: U8Bool::new(true),
..Support::default()
},
)
Expand Down Expand Up @@ -349,7 +350,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
auto_init: true,
auto_init: U8Bool::new(true),
..Support::default()
},
)
Expand Down Expand Up @@ -399,7 +400,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
auto_init: true,
auto_init: U8Bool::new(true),
..Support::default()
},
)
Expand Down
7 changes: 4 additions & 3 deletions dpe/src/commands/extend_tci.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ impl CommandExecution for ExtendTciCmd {
locality: u32,
) -> Result<Response, DpeErrorCode> {
// Make sure this command is supported.
if !dpe.support.extend_tci {
if !dpe.support.extend_tci() {
return Err(DpeErrorCode::InvalidCommand);
}

Expand All @@ -47,6 +47,7 @@ mod tests {
commands::{tests::TEST_DIGEST, Command, CommandHdr, InitCtxCmd},
dpe_instance::tests::{TestTypes, SIMULATION_HANDLE, TEST_LOCALITIES},
support::Support,
U8Bool,
};
use crypto::OpensslCrypto;
use platform::{DefaultPlatform, AUTO_INIT_LOCALITY};
Expand Down Expand Up @@ -87,7 +88,7 @@ mod tests {
);

// Turn on support.
dpe.support.extend_tci = true;
dpe.support.extend_tci = U8Bool::new(true);
InitCtxCmd::new_use_default()
.execute(&mut dpe, &mut env, TEST_LOCALITIES[0])
.unwrap();
Expand Down Expand Up @@ -126,7 +127,7 @@ mod tests {
// Make sure cached private key is invalidated

let sim_local = TEST_LOCALITIES[1];
dpe.support.simulation = true;
dpe.support.simulation = U8Bool::new(true);
InitCtxCmd::new_simulation()
.execute(&mut dpe, &mut env, sim_local)
.unwrap();
Expand Down
4 changes: 2 additions & 2 deletions dpe/src/commands/get_tagged_tci.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ impl CommandExecution for GetTaggedTciCmd {
_: u32,
) -> Result<Response, DpeErrorCode> {
// Make sure this command is supported.
if !dpe.support.tagging {
if !dpe.support.tagging() {
return Err(DpeErrorCode::InvalidCommand);
}

Expand All @@ -29,7 +29,7 @@ impl CommandExecution for GetTaggedTciCmd {
let ctx = dpe
.contexts
.iter()
.find(|c| c.has_tag && c.tag == self.tag)
.find(|c| c.has_tag() && c.tag == self.tag)
.ok_or(DpeErrorCode::BadTag)?;

Ok(Response::GetTaggedTci(GetTaggedTciResp {
Expand Down
9 changes: 5 additions & 4 deletions dpe/src/commands/initialize_context.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ impl CommandExecution for InitCtxCmd {
locality: u32,
) -> Result<Response, DpeErrorCode> {
// This function can only be called once for non-simulation contexts.
if (self.flag_is_default() && dpe.has_initialized)
|| (self.flag_is_simulation() && !dpe.support.simulation)
if (self.flag_is_default() && dpe.has_initialized())
|| (self.flag_is_simulation() && !dpe.support.simulation())
{
return Err(DpeErrorCode::ArgumentNotSupported);
}
Expand All @@ -64,7 +64,7 @@ impl CommandExecution for InitCtxCmd {
.get_next_inactive_context_pos()
.ok_or(DpeErrorCode::MaxTcis)?;
let (context_type, handle) = if self.flag_is_default() {
dpe.has_initialized = true;
dpe.has_initialized = true.into();
(ContextType::Normal, ContextHandle::default())
} else {
// Simulation.
Expand Down Expand Up @@ -95,6 +95,7 @@ mod tests {
context::ContextState,
dpe_instance::tests::{TestTypes, TEST_LOCALITIES},
support::Support,
U8Bool,
};
use crypto::OpensslCrypto;
use platform::DefaultPlatform;
Expand Down Expand Up @@ -154,7 +155,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
simulation: true,
simulation: U8Bool::new(true),
..Support::default()
},
)
Expand Down
5 changes: 3 additions & 2 deletions dpe/src/commands/rotate_context.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ impl CommandExecution for RotateCtxCmd {
env: &mut DpeEnv<impl DpeTypes>,
locality: u32,
) -> Result<Response, DpeErrorCode> {
if !dpe.support.rotate_context {
if !dpe.support.rotate_context() {
return Err(DpeErrorCode::InvalidCommand);
}
let idx = dpe.get_active_context_pos(&self.handle, locality)?;
Expand Down Expand Up @@ -64,6 +64,7 @@ mod tests {
commands::{Command, CommandHdr, InitCtxCmd},
dpe_instance::tests::{TestTypes, SIMULATION_HANDLE, TEST_HANDLE, TEST_LOCALITIES},
support::Support,
U8Bool,
};
use crypto::OpensslCrypto;
use platform::DefaultPlatform;
Expand Down Expand Up @@ -109,7 +110,7 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
rotate_context: true,
rotate_context: U8Bool::new(true),
..Support::default()
},
)
Expand Down
7 changes: 4 additions & 3 deletions dpe/src/commands/sign.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ impl CommandExecution for SignCmd {
locality: u32,
) -> Result<Response, DpeErrorCode> {
// Make sure the operation is supported.
if !dpe.support.is_symmetric && self.uses_symmetric() {
if !dpe.support.is_symmetric() && self.uses_symmetric() {
return Err(DpeErrorCode::InvalidArgument);
}

Expand Down Expand Up @@ -121,6 +121,7 @@ mod tests {
},
dpe_instance::tests::{TestTypes, SIMULATION_HANDLE, TEST_LOCALITIES},
support::{test::SUPPORT, Support},
U8Bool,
};
use crypto::OpensslCrypto;
use openssl::x509::X509;
Expand Down Expand Up @@ -309,8 +310,8 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
auto_init: true,
is_symmetric: true,
auto_init: U8Bool::new(true),
is_symmetric: U8Bool::new(true),
..Support::default()
},
)
Expand Down
17 changes: 11 additions & 6 deletions dpe/src/commands/tag_tci.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,24 +22,28 @@ impl CommandExecution for TagTciCmd {
locality: u32,
) -> Result<Response, DpeErrorCode> {
// Make sure this command is supported.
if !dpe.support.tagging {
if !dpe.support.tagging() {
return Err(DpeErrorCode::InvalidCommand);
}
// Make sure the tag isn't used by any other contexts.
if dpe.contexts.iter().any(|c| c.has_tag && c.tag == self.tag) {
if dpe
.contexts
.iter()
.any(|c| c.has_tag() && c.tag == self.tag)
{
return Err(DpeErrorCode::BadTag);
}

let idx = dpe.get_active_context_pos(&self.handle, locality)?;

if dpe.contexts[idx].has_tag {
if dpe.contexts[idx].has_tag() {
return Err(DpeErrorCode::BadTag);
}

// Because handles are one-time use, let's rotate the handle, if it isn't the default.
dpe.roll_onetime_use_handle(env, idx)?;
let context = &mut dpe.contexts[idx];
context.has_tag = true;
context.has_tag = true.into();
context.tag = self.tag;

Ok(Response::TagTci(NewHandleResp {
Expand All @@ -56,6 +60,7 @@ mod tests {
commands::{Command, CommandHdr, InitCtxCmd},
dpe_instance::tests::{TestTypes, SIMULATION_HANDLE, TEST_HANDLE, TEST_LOCALITIES},
support::Support,
U8Bool,
};
use crypto::OpensslCrypto;
use platform::DefaultPlatform;
Expand Down Expand Up @@ -99,8 +104,8 @@ mod tests {
let mut dpe = DpeInstance::new(
&mut env,
Support {
tagging: true,
simulation: true,
tagging: U8Bool::new(true),
simulation: U8Bool::new(true),
..Support::default()
},
)
Expand Down
Loading

0 comments on commit a28b6b7

Please sign in to comment.