diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 32da872b..aaa97be2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: SCCACHE_GHA_CACHE_FROM: sccache-caliptra-sw # Change this to a new random value if you suspect the cache is corrupted - SCCACHE_C_CUSTOM_CACHE_BUSTER: db7245ea5da5 + SCCACHE_C_CUSTOM_CACHE_BUSTER: 060cf1f01c44 steps: @@ -50,7 +50,7 @@ jobs: - name: Install sccache if: steps.sccache_bin_restore.outputs.cache-hit != 'true' run: | - cargo install sccache --version ${SCCACHE_VERSION} --no-default-features --features=gha + cargo install sccache --version ${SCCACHE_VERSION} --no-default-features --features=gha --locked # Save the sccache binary immediately so we can reuse it in future runs # even if the rest of the current run fails. diff --git a/verification/client/abi.go b/verification/client/abi.go index 29987981..b6075baa 100644 --- a/verification/client/abi.go +++ b/verification/client/abi.go @@ -378,11 +378,12 @@ func getProfile(t Transport) (*GetProfileResp, error) { }, nil } +// GetProfileABI calls the DPE GetProfile for this ABI func (c *DPEABI[_, _]) GetProfileABI() (*GetProfileResp, error) { return getProfile(c.transport) } -// Send the command to destroy a context. +// DestroyContextABI calls the DPE DestroyContext for this ABI func (c *DPEABI[_, _]) DestroyContextABI(cmd *DestroyCtxCmd) error { // DestroyContext does not return any parameters. respStruct := struct{}{} @@ -394,7 +395,7 @@ func (c *DPEABI[_, _]) DestroyContextABI(cmd *DestroyCtxCmd) error { return nil } -// CertifyKey calls the DPE CertifyKey command. +// CertifyKeyABI calls the DPE CertifyKey command. func (c *DPEABI[CurveParameter, Digest]) CertifyKeyABI(cmd *CertifyKeyReq[Digest]) (*CertifyKeyResp[CurveParameter, Digest], error) { // Define an anonymous struct for the response, because we have to accept the variable-sized certificate. respStruct := struct { @@ -423,7 +424,7 @@ func (c *DPEABI[CurveParameter, Digest]) CertifyKeyABI(cmd *CertifyKeyReq[Digest }, nil } -// GetCertificateChain calls the DPE GetCertificateChain command. +// GetCertificateChainABI calls the DPE GetCertificateChain command. func (c *DPEABI[_, _]) GetCertificateChainABI() (*GetCertificateChainResp, error) { var certs GetCertificateChainResp @@ -462,7 +463,7 @@ func (c *DPEABI[_, _]) GetCertificateChainABI() (*GetCertificateChainResp, error return &certs, nil } -// DeriveChild calls DPE DeriveChild command. +// DeriveChildABI calls DPE DeriveChild command. func (c *DPEABI[_, Digest]) DeriveChildABI(cmd *DeriveChildReq[Digest]) (*DeriveChildResp, error) { var respStruct DeriveChildResp @@ -474,7 +475,7 @@ func (c *DPEABI[_, Digest]) DeriveChildABI(cmd *DeriveChildReq[Digest]) (*Derive return &respStruct, err } -// RotateContextHandle calls DPE RotateContextHandle command. +// RotateContextHandleABI calls DPE RotateContextHandle command. func (c *DPEABI[_, Digest]) RotateContextABI(cmd *RotateContextHandleCmd) (*RotatedContextHandle, error) { var respStruct RotatedContextHandle @@ -486,7 +487,7 @@ func (c *DPEABI[_, Digest]) RotateContextABI(cmd *RotateContextHandleCmd) (*Rota return &respStruct, err } -// Sign calls the DPE Sign command. +// SignABI calls the DPE Sign command. func (c *DPEABI[_, Digest]) SignABI(cmd *SignReq[Digest]) (*SignResp[Digest], error) { var respStruct SignResp[Digest] @@ -498,7 +499,7 @@ func (c *DPEABI[_, Digest]) SignABI(cmd *SignReq[Digest]) (*SignResp[Digest], er return &respStruct, nil } -// ExtendTCI calls the DPE ExtendTCI command. +// ExtendTCIABI calls the DPE ExtendTCI command. func (c *DPEABI[_, Digest]) ExtendTCIABI(cmd *ExtendTCIReq[Digest]) (*ExtendTCIResp, error) { var respStruct ExtendTCIResp @@ -510,6 +511,7 @@ func (c *DPEABI[_, Digest]) ExtendTCIABI(cmd *ExtendTCIReq[Digest]) (*ExtendTCIR return &respStruct, nil } +// InitializeContext calls the DPE InitializeContext command func (c *DPEABI[_, _]) InitializeContext(flags InitCtxFlags) (*ContextHandle, error) { cmd := InitCtxCmd{flags: flags} resp, err := c.InitializeContextABI(&cmd) @@ -520,10 +522,12 @@ func (c *DPEABI[_, _]) InitializeContext(flags InitCtxFlags) (*ContextHandle, er return &resp.Handle, nil } +// GetProfile calls the DPE GetProfile command func (c *DPEABI[_, _]) GetProfile() (*GetProfileResp, error) { return c.GetProfileABI() } +// CertifyKey calls the DPE CertifyKey command func (c *DPEABI[_, Digest]) CertifyKey(handle *ContextHandle, label []byte, format CertifyKeyFormat, flags CertifyKeyFlags) (*CertifiedKey, error) { if len(label) != DigestLen[Digest]() { return nil, fmt.Errorf("invalid label length") @@ -558,6 +562,7 @@ func (c *DPEABI[_, Digest]) CertifyKey(handle *ContextHandle, label []byte, form return key, nil } +// DestroyContext calls DPE DestroyContext command func (c *DPEABI[_, _]) DestroyContext(handle *ContextHandle, flags DestroyCtxFlags) error { cmd := DestroyCtxCmd{ handle: *handle, @@ -567,6 +572,7 @@ func (c *DPEABI[_, _]) DestroyContext(handle *ContextHandle, flags DestroyCtxFla return c.DestroyContextABI(&cmd) } +// GetCertificateChain calls DPE GetCertificateChain command func (c *DPEABI[_, _]) GetCertificateChain() ([]byte, error) { resp, err := c.GetCertificateChainABI() if err != nil { @@ -576,6 +582,7 @@ func (c *DPEABI[_, _]) GetCertificateChain() ([]byte, error) { return resp.CertificateChain, nil } +// DeriveChild calls DPE DeriveChild command func (c *DPEABI[_, Digest]) DeriveChild(handle *ContextHandle, inputData []byte, flags DeriveChildFlags, tciType uint32, targetLocality uint32) (*DeriveChildResp, error) { if len(inputData) != DigestLen[Digest]() { return nil, fmt.Errorf("invalid digest length") @@ -601,6 +608,7 @@ func (c *DPEABI[_, Digest]) DeriveChild(handle *ContextHandle, inputData []byte, return resp, nil } +// RotateContextHandle calls DPE RotateContextHandle command func (c *DPEABI[_, _]) RotateContextHandle(handle *ContextHandle, flags RotateContextHandleFlags) (*ContextHandle, error) { cmd := RotateContextHandleCmd{ Handle: *handle, @@ -613,6 +621,7 @@ func (c *DPEABI[_, _]) RotateContextHandle(handle *ContextHandle, flags RotateCo return &resp.NewContextHandle, nil } +// Sign calls DPE Sign command func (c *DPEABI[_, Digest]) Sign(handle *ContextHandle, label []byte, flags SignFlags, toBeSigned []byte) (*DPESignedHash, error) { dLen := DigestLen[Digest]() if len(label) != dLen { @@ -653,6 +662,7 @@ func (c *DPEABI[_, Digest]) Sign(handle *ContextHandle, label []byte, flags Sign return signedResp, nil } +// ExtendTCI calls DPE ExtendTCI command func (c *DPEABI[_, Digest]) ExtendTCI(handle *ContextHandle, inputData []byte) (*ContextHandle, error) { if len(inputData) != DigestLen[Digest]() { diff --git a/verification/client/client.go b/verification/client/client.go index ea682b48..7bedf243 100644 --- a/verification/client/client.go +++ b/verification/client/client.go @@ -1,5 +1,7 @@ // Licensed under the Apache-2.0 license +// Package client provides a modular DPE client that can be used to +// communicate with DPE over different transports. package client import ( diff --git a/verification/testing/verification.go b/verification/testing/verification.go index 772cba1f..6dc217c7 100644 --- a/verification/testing/verification.go +++ b/verification/testing/verification.go @@ -1,10 +1,6 @@ // Licensed under the Apache-2.0 license // Package verification provides verification tests for implementations of the DPE iRoT profile. -// -// This packages also includes a modular DPE client that can be used to -// communicate with DPE over different transports. A transport for the DPE -// rust simulator is provided in this package. package verification import (