Skip to content

Commit

Permalink
Allow golang client to be used with go 1.18
Browse files Browse the repository at this point in the history
Make some small tweaks to allow the DPE client to be used with go 1.18.

In particular, go 1.18 does not allow constructing an array from a
slice. The copy must be done manually.

Additionally, fix an issue where a Digest is constructed before the
length is verified, which may panic.
  • Loading branch information
jhand2 committed Jan 4, 2024
1 parent 78e6466 commit f95f68f
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 12 deletions.
46 changes: 36 additions & 10 deletions verification/client/abi.go
Original file line number Diff line number Diff line change
Expand Up @@ -525,14 +525,19 @@ func (c *DPEABI[_, _]) GetProfile() (*GetProfileResp, error) {
}

func (c *DPEABI[_, Digest]) CertifyKey(handle *ContextHandle, label []byte, format CertifyKeyFormat, flags CertifyKeyFlags) (*CertifiedKey, error) {
if len(label) != len(Digest(label)) {
if len(label) != DigestLen[Digest]() {
return nil, fmt.Errorf("invalid label length")
}

l, err := NewDigest[Digest](label)
if err != nil {
return nil, err
}

cmd := CertifyKeyReq[Digest]{
ContextHandle: *handle,
Flags: flags,
Label: Digest(label),
Label: l,
Format: format,
}

Expand Down Expand Up @@ -572,13 +577,18 @@ func (c *DPEABI[_, _]) GetCertificateChain() ([]byte, error) {
}

func (c *DPEABI[_, Digest]) DeriveChild(handle *ContextHandle, inputData []byte, flags DeriveChildFlags, tciType uint32, targetLocality uint32) (*DeriveChildResp, error) {
if len(inputData) != len(Digest(inputData)) {
if len(inputData) != DigestLen[Digest]() {
return nil, fmt.Errorf("invalid digest length")
}

input, err := NewDigest[Digest](inputData)
if err != nil {
return nil, err
}

cmd := DeriveChildReq[Digest]{
ContextHandle: *handle,
InputData: Digest(inputData),
InputData: input,
Flags: flags,
TciType: tciType,
TargetLocality: targetLocality,
Expand All @@ -604,19 +614,30 @@ func (c *DPEABI[_, _]) RotateContextHandle(handle *ContextHandle, flags RotateCo
}

func (c *DPEABI[_, Digest]) Sign(handle *ContextHandle, label []byte, flags SignFlags, toBeSigned []byte) (*DPESignedHash, error) {
if len(label) != len(Digest(label)) {
dLen := DigestLen[Digest]()
if len(label) != dLen {
return nil, fmt.Errorf("invalid label length")
}

if len(toBeSigned) != len(Digest(toBeSigned)) {
if len(toBeSigned) != dLen {
return nil, fmt.Errorf("invalid toBeSigned length")
}

l, err := NewDigest[Digest](label)
if err != nil {
return nil, err
}

tbs, err := NewDigest[Digest](toBeSigned)
if err != nil {
return nil, err
}

cmd := SignReq[Digest]{
ContextHandle: *handle,
Label: Digest(label),
Label: l,
Flags: flags,
ToBeSigned: Digest(toBeSigned),
ToBeSigned: tbs,
}
resp, err := c.SignABI(&cmd)
if err != nil {
Expand All @@ -634,13 +655,18 @@ func (c *DPEABI[_, Digest]) Sign(handle *ContextHandle, label []byte, flags Sign

func (c *DPEABI[_, Digest]) ExtendTCI(handle *ContextHandle, inputData []byte) (*ContextHandle, error) {

if len(inputData) != len(Digest(inputData)) {
if len(inputData) != DigestLen[Digest]() {
return nil, fmt.Errorf("invalid digest length")
}

input, err := NewDigest[Digest](inputData)
if err != nil {
return nil, err
}

cmd := ExtendTCIReq[Digest]{
ContextHandle: *handle,
InputData: Digest(inputData),
InputData: input,
}

resp, err := c.ExtendTCIABI(&cmd)
Expand Down
2 changes: 1 addition & 1 deletion verification/client/go.mod
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
module github.com/chipsalliance/caliptra-dpe/verification/client

go 1.20
go 1.18
27 changes: 26 additions & 1 deletion verification/client/profile.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@

package client

import "fmt"
import (
"fmt"
"reflect"
)

// Profile represents a supported algorithm profile (i.e., hash algorithm and ECC curve).
type Profile uint32
Expand Down Expand Up @@ -53,6 +56,10 @@ type Curve interface {
Bytes() []byte
}

func CurveIntLen[C Curve]() int {
return reflect.TypeOf((*C)(nil)).Elem().Len()
}

// NISTP256Parameter represents a NIST P-256 curve parameter, i.e., an x, y, r, or s value.
type NISTP256Parameter [32]byte

Expand All @@ -76,6 +83,24 @@ type DigestAlgorithm interface {
Bytes() []byte
}

func NewDigest[D DigestAlgorithm](b []byte) (D, error) {
var d D
switch tmp := any(&d).(type) {
case *SHA256Digest:
copy(tmp[:], b[:])
case *SHA384Digest:
copy(tmp[:], b[:])
default:
return d, fmt.Errorf("Invalid digest type %v", reflect.TypeOf(tmp))
}

return d, nil
}

func DigestLen[D DigestAlgorithm]() int {
return reflect.TypeOf((*D)(nil)).Elem().Len()
}

// SHA256Digest represents a SHA-256 digest value.
type SHA256Digest [32]byte

Expand Down

0 comments on commit f95f68f

Please sign in to comment.