Include ueid actual size in DPE Platform to support variable sized ueids

chipsalliance · Jan 28, 2025 · ec71ed0 · ec71ed0
1 parent c145caf
commit ec71ed0
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/dpe/src/commands/derive_context.rs b/dpe/src/commands/derive_context.rs
@@ -17,7 +17,7 @@ use caliptra_cfi_derive_git::cfi_impl_fn;
 use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
 use cfg_if::cfg_if;
 
-use platform::Platform;
+use platform::{Platform, PlatformError};
 
 #[repr(C)]
 #[derive(
@@ -302,6 +302,7 @@ impl CommandExecution for DeriveContextCmd {
             cfg_if! {
                 if #[cfg(not(feature = "disable_export_cdi"))] {
                     let ueid = &env.platform.get_ueid()?;
+                    let ueid = ueid.buf.get(..ueid.buf_size as usize).ok_or(DpeErrorCode::Platform(PlatformError::InvalidUeidError))?;
                     let args = CreateDpeCertArgs {
                         handle: &self.handle,
                         locality,

diff --git a/platform/src/default.rs b/platform/src/default.rs
@@ -15,7 +15,7 @@ pub const VENDOR_ID: u32 = 0;
 pub const VENDOR_SKU: u32 = 0;
 pub const NOT_BEFORE: &str = "20230227000000Z";
 pub const NOT_AFTER: &str = "99991231235959Z";
-pub const TEST_UEID: Ueid = [0xA; 17];
+pub const TEST_UEID: [u8; 17] = [0xA; 17];
 
 // Run ./generate.sh to generate all test certs and test private keys
 #[cfg(feature = "dpe_profile_p256_sha256")]
@@ -203,6 +203,12 @@ impl Platform for DefaultPlatform {
         Err(PlatformError::NotImplemented)
     }
     fn get_ueid(&mut self) -> Result<Ueid, PlatformError> {
-        Ok(TEST_UEID)
+        let buf_size = TEST_UEID.len() as u32;
+        let mut ueid = Ueid::default();
+
+        ueid.buf[..buf_size as usize].clone_from_slice(&TEST_UEID);
+        ueid.buf_size = buf_size;
+
+        Ok(ueid)
     }
 }
diff --git a/platform/src/lib.rs b/platform/src/lib.rs
@@ -22,8 +22,22 @@ pub const MAX_SN_SIZE: usize = 20;
 pub const MAX_KEY_IDENTIFIER_SIZE: usize = 20;
 pub const MAX_VALIDITY_SIZE: usize = 24;
 pub const MAX_OTHER_NAME_SIZE: usize = 128;
+// Hash size of the SHA-384 DPE profile
+pub const MAX_UEID_SIZE: usize = 48;
 
-pub type Ueid = [u8; 17];
+pub struct Ueid {
+    pub buf: [u8; MAX_UEID_SIZE],
+    pub buf_size: u32,
+}
+
+impl Default for Ueid {
+    fn default() -> Self {
+        Self {
+            buf: [0; MAX_UEID_SIZE],
+            buf_size: 0,
+        }
+    }
+}
 
 #[derive(Debug, PartialEq, Eq)]
 pub enum SignerIdentifier {
@@ -64,6 +78,7 @@ pub enum PlatformError {
     IssuerKeyIdentifierError(u32) = 0x8,
     SubjectAlternativeNameError(u32) = 0x9,
     MissingUeidError = 0xA,
+    InvalidUeidError = 0xB,
 }
 
 impl PlatformError {
@@ -79,6 +94,7 @@ impl PlatformError {
             PlatformError::CertificateChainError => None,
             PlatformError::NotImplemented => None,
             PlatformError::MissingUeidError => None,
+            PlatformError::InvalidUeidError => None,
             PlatformError::IssuerNameError(code) => Some(*code),
             PlatformError::PrintError(code) => Some(*code),
             PlatformError::SerialNumberError(code) => Some(*code),