Skip to content

Commit

Permalink
Revert "Update DPE to latest CFI revision"
Browse files Browse the repository at this point in the history
This reverts commit ec25bd7.
  • Loading branch information
sree-revoori1 authored and jhand2 committed Mar 20, 2024
1 parent cfb692d commit 8690f1f
Show file tree
Hide file tree
Showing 17 changed files with 63 additions and 57 deletions.
16 changes: 8 additions & 8 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ members = [
]

[workspace.dependencies]
caliptra-cfi-lib = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-lib", rev = "25473cebb25f638646091c54b5e337b9a2697f07", default-features = false, features = ["cfi", "cfi-counter" ] }
caliptra-cfi-derive = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-derive", rev = "25473cebb25f638646091c54b5e337b9a2697f07"}
caliptra-cfi-lib-git = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-lib-git", rev = "a98e499d279e81ae85881991b1e9eee354151189", default-features = false, features = ["cfi", "cfi-counter" ] }
caliptra-cfi-derive-git = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-derive-git", rev = "a98e499d279e81ae85881991b1e9eee354151189"}
zerocopy = "0.6.6"
openssl = "0.10.64"
4 changes: 2 additions & 2 deletions crypto/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ no-cfi = []

[dependencies]
arrayvec = { version = "0.7.4", default-features = false, features = ["zeroize"] }
caliptra-cfi-lib = { workspace = true, default-features = false, features = ["cfi", "cfi-counter" ] }
caliptra-cfi-derive.workspace = true
caliptra-cfi-lib-git = { workspace = true, default-features = false, features = ["cfi", "cfi-counter" ] }
caliptra-cfi-derive-git.workspace = true
ecdsa = { version = "0.16.9", optional = true, features = ["pem"]}
hkdf = { version = "0.12.3", optional = true }
hmac = {version="0.12.1", optional = true}
Expand Down
2 changes: 1 addition & 1 deletion crypto/src/openssl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

use crate::{hkdf::*, AlgLen, Crypto, CryptoBuf, CryptoError, Digest, EcdsaPub, Hasher, HmacSig};
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_derive_git::cfi_impl_fn;
use openssl::{
bn::{BigNum, BigNumContext},
ec::{EcGroup, EcKey, EcPoint},
Expand Down
6 changes: 3 additions & 3 deletions dpe/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ no-cfi = ["crypto/no-cfi"]

[dependencies]
bitflags = "2.4.0"
caliptra-cfi-lib = { workspace = true, default-features = false, features = ["cfi", "cfi-counter" ] }
caliptra-cfi-derive.workspace = true
caliptra-cfi-lib-git = { workspace = true, default-features = false, features = ["cfi", "cfi-counter" ] }
caliptra-cfi-derive-git.workspace = true
constant_time_eq = "0.3.0"
crypto = {path = "../crypto", default-features = false}
platform = {path = "../platform", default-features = false}
Expand All @@ -38,7 +38,7 @@ cfg-if = "1.0.0"

[dev-dependencies]
asn1 = "0.13.0"
caliptra-cfi-lib = { workspace = true, features = ["cfi-test"] }
caliptra-cfi-lib-git = { workspace = true, features = ["cfi-test"] }
openssl.workspace = true
x509-parser = "0.15.1"
crypto = {path = "../crypto", features = ["deterministic_rand", "openssl"]}
Expand Down
16 changes: 8 additions & 8 deletions dpe/fuzz/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions dpe/src/commands/certify_key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ use crate::{
};
use bitflags::bitflags;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_lib::cfi_launder;
use caliptra_cfi_derive_git::cfi_impl_fn;
use caliptra_cfi_lib_git::cfi_launder;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq};
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
use cfg_if::cfg_if;
use crypto::{Crypto, Hasher};
use platform::{Platform, MAX_ISSUER_NAME_SIZE, MAX_KEY_IDENTIFIER_SIZE};
Expand Down Expand Up @@ -277,7 +277,7 @@ mod tests {
x509::tests::TcbInfo,
DpeProfile,
};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use cms::{
content_info::{CmsVersion, ContentInfo},
signed_data::{SignedData, SignerIdentifier},
Expand Down
6 changes: 3 additions & 3 deletions dpe/src/commands/derive_context.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ use crate::{
};
use bitflags::bitflags;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_derive_git::cfi_impl_fn;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq};
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
use cfg_if::cfg_if;

#[repr(C)]
Expand Down Expand Up @@ -343,7 +343,7 @@ mod tests {
support::Support,
MAX_HANDLES,
};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::{Crypto, Hasher, OpensslCrypto};
use openssl::x509::X509;
use openssl::{bn::BigNum, ecdsa::EcdsaSig};
Expand Down
8 changes: 4 additions & 4 deletions dpe/src/commands/destroy_context.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ use crate::{
MAX_HANDLES,
};
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_lib::cfi_launder;
use caliptra_cfi_derive_git::cfi_impl_fn;
use caliptra_cfi_lib_git::cfi_launder;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq};
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};

#[repr(C)]
#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)]
Expand Down Expand Up @@ -94,7 +94,7 @@ mod tests {
support::{test::SUPPORT, Support},
DPE_PROFILE,
};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::OpensslCrypto;
use platform::default::DefaultPlatform;
use zerocopy::AsBytes;
Expand Down
4 changes: 2 additions & 2 deletions dpe/src/commands/get_certificate_chain.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use crate::{
response::{DpeErrorCode, GetCertificateChainResp, Response, ResponseHdr},
};
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_derive_git::cfi_impl_fn;
use platform::{Platform, MAX_CHUNK_SIZE};

#[repr(C)]
Expand Down Expand Up @@ -48,7 +48,7 @@ mod tests {
dpe_instance::tests::{TestTypes, TEST_LOCALITIES},
support::test::SUPPORT,
};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::OpensslCrypto;
use platform::default::DefaultPlatform;
use zerocopy::AsBytes;
Expand Down
6 changes: 3 additions & 3 deletions dpe/src/commands/initialize_context.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ use crate::{
};
use bitflags::bitflags;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_derive_git::cfi_impl_fn;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq};
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
use cfg_if::cfg_if;

#[repr(C)]
Expand Down Expand Up @@ -109,7 +109,7 @@ mod tests {
dpe_instance::tests::{TestTypes, TEST_LOCALITIES},
support::Support,
};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::OpensslCrypto;
use platform::default::DefaultPlatform;
use zerocopy::AsBytes;
Expand Down
2 changes: 1 addition & 1 deletion dpe/src/commands/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ impl TryFrom<&[u8]> for CommandHdr {
pub mod tests {
use super::*;
use crate::{DpeProfile, DPE_PROFILE};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use zerocopy::AsBytes;

#[cfg(feature = "dpe_profile_p256_sha256")]
Expand Down
8 changes: 4 additions & 4 deletions dpe/src/commands/rotate_context.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ use crate::{
};
use bitflags::bitflags;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_lib::cfi_launder;
use caliptra_cfi_derive_git::cfi_impl_fn;
use caliptra_cfi_lib_git::cfi_launder;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq};
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};

#[repr(C)]
#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)]
Expand Down Expand Up @@ -117,7 +117,7 @@ mod tests {
},
support::Support,
};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::OpensslCrypto;
use platform::default::DefaultPlatform;
use zerocopy::AsBytes;
Expand Down
8 changes: 4 additions & 4 deletions dpe/src/commands/sign.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ use crate::{
};
use bitflags::bitflags;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_lib::cfi_launder;
use caliptra_cfi_derive_git::cfi_impl_fn;
use caliptra_cfi_lib_git::cfi_launder;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq, cfi_assert_ne};
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq, cfi_assert_ne};
use cfg_if::cfg_if;
use crypto::{Crypto, CryptoBuf, Digest, EcdsaSig, HmacSig};

Expand Down Expand Up @@ -185,7 +185,7 @@ mod tests {
dpe_instance::tests::{TestTypes, RANDOM_HANDLE, SIMULATION_HANDLE, TEST_LOCALITIES},
support::{test::SUPPORT, Support},
};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::OpensslCrypto;
use openssl::x509::X509;
use openssl::{bn::BigNum, ecdsa::EcdsaSig};
Expand Down
8 changes: 4 additions & 4 deletions dpe/src/dpe_instance.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ use crate::{
U8Bool, DPE_PROFILE, INTERNAL_INPUT_INFO_SIZE, MAX_HANDLES,
};
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_lib::cfi_launder;
use caliptra_cfi_derive_git::cfi_impl_fn;
use caliptra_cfi_lib_git::cfi_launder;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq};
use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
use cfg_if::cfg_if;
use constant_time_eq::constant_time_eq;
use crypto::{Crypto, Digest, Hasher};
Expand Down Expand Up @@ -519,7 +519,7 @@ pub mod tests {
use crate::response::NewHandleResp;
use crate::support::test::SUPPORT;
use crate::{commands::CommandHdr, CURRENT_PROFILE_MAJOR_VERSION};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::OpensslCrypto;
use platform::default::{DefaultPlatform, AUTO_INIT_LOCALITY, TEST_CERT_CHAIN};
use zerocopy::AsBytes;
Expand Down
10 changes: 6 additions & 4 deletions dpe/src/validation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,12 @@ use crate::{
};

#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_derive::cfi_impl_fn;
use caliptra_cfi_lib::cfi_launder;
use caliptra_cfi_derive_git::cfi_impl_fn;
use caliptra_cfi_lib_git::cfi_launder;
#[cfg(not(feature = "no-cfi"))]
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq, cfi_assert_le, cfi_assert_lt, cfi_assert_ne};
use caliptra_cfi_lib_git::{
cfi_assert, cfi_assert_eq, cfi_assert_le, cfi_assert_lt, cfi_assert_ne,
};
use cfg_if::cfg_if;

#[derive(Debug, PartialEq, Eq, Clone, Copy)]
Expand Down Expand Up @@ -447,7 +449,7 @@ impl<'a> DpeValidator<'a> {

#[cfg(test)]
pub mod tests {
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib_git::CfiCounter;
use crypto::OpensslCrypto;
use platform::default::DefaultPlatform;

Expand Down
4 changes: 4 additions & 0 deletions verification/testing/certifyKey.go
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,10 @@ func checkCertificateStructure(t *testing.T, certBytes []byte) *x509.Certificate
// strictly worse and mixing the two formats does not lend itself well
// to fixed-sized X.509 templating.
"e_wrong_time_format_pre2050",
// Certs in the Caliptra cert chain fail this lint currently.
// We will need to truncate the serial numbers for those certs and
// then enable this lint.
"e_subject_dn_serial_number_max_length",
},
})
if err != nil {
Expand Down

0 comments on commit 8690f1f

Please sign in to comment.