Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make MAX_HANDLES configurable at runtime #303

Merged
merged 1 commit into from
Jan 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions dpe/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,18 @@ edition = "2021"
default = ["dpe_profile_p256_sha256"]
dpe_profile_p256_sha256 = ["platform/dpe_profile_p256_sha256"]
dpe_profile_p384_sha384 = ["platform/dpe_profile_p384_sha384"]
# Run ARBITRARY_MAX_HANDLES=n cargo build --features arbitrary_max_handles to use this feature
arbitrary_max_handles = []
sree-revoori1 marked this conversation as resolved.
Show resolved Hide resolved
disable_simulation = []
disable_extend_tci = []
disable_auto_init = []
disable_rotate_context = []
disable_x509 = []
disable_csr = []
disable_is_symmetric = []
disable_internal_info = []
disable_internal_dice = []
disable_is_ca = []

[dependencies]
bitflags = "2.4.0"
Expand All @@ -28,3 +40,4 @@ platform = {path = "../platform", default-features = false, features = ["openssl
cms = "0.2.2"
der = "0.7.8"
spki = "0.7.2"
rand = "0.8.5"
30 changes: 30 additions & 0 deletions dpe/build.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
// Licensed under the Apache-2.0 license

use std::env;
use std::fs::File;
use std::io::Write;

fn main() {
let default_value: usize = 24;

let arbitrary_max_handles = env::var("ARBITRARY_MAX_HANDLES")
.ok()
.and_then(|value| value.parse().ok())
.unwrap_or(default_value);

let out_dir = env::var("OUT_DIR").unwrap();
let dest_path = format!("{}/arbitrary_max_handles.rs", out_dir);

println!("cargo:rerun-if-env-changed=ARBITRARY_MAX_HANDLES");
println!("cargo:rerun-if-changed=build.rs");

let mut file = File::create(&dest_path).unwrap();
write!(
file,
"pub const MAX_HANDLES: usize = {};",
arbitrary_max_handles
)
.unwrap();

println!("cargo:rerun-if-changed={}", dest_path);
}
55 changes: 20 additions & 35 deletions dpe/src/context.rs
Original file line number Diff line number Diff line change
Expand Up @@ -257,32 +257,34 @@ impl<'a> Iterator for ChildToRootIter<'a> {
#[cfg(test)]
mod tests {
use super::*;
use rand::{rngs::StdRng, seq::SliceRandom, SeedableRng};

const CONTEXT_INITIALIZER: Context = Context::new();

#[test]
fn test_child_to_root_iter() {
let mut contexts = [CONTEXT_INITIALIZER; MAX_HANDLES];
let root_index = CHAIN_INDICES[0];
assert_eq!(MAX_HANDLES, CHAIN_INDICES.len());
let chain_indices = get_chain_indices();
let root_index = chain_indices[0];
assert_eq!(MAX_HANDLES, chain_indices.len());

// Put the context's index in the handle to make it easy to find later.
contexts[root_index].handle = ContextHandle([root_index as u8; ContextHandle::SIZE]);
contexts[root_index].state = ContextState::Retired;

// Assign all of the children's parents and put their index in the handle.
for (parent_chain_idx, child_idx) in CHAIN_INDICES.iter().skip(1).enumerate() {
let parent_idx = CHAIN_INDICES[parent_chain_idx];
for (parent_chain_idx, child_idx) in chain_indices.iter().skip(1).enumerate() {
let parent_idx = chain_indices[parent_chain_idx];
let context = &mut contexts[*child_idx];
context.parent_idx = parent_idx as u8;
context.handle = ContextHandle([*child_idx as u8; ContextHandle::SIZE]);
context.state = ContextState::Active;
}

let mut count = 0;
let leaf_index = CHAIN_INDICES[CHAIN_INDICES.len() - 1];
let leaf_index = chain_indices[chain_indices.len() - 1];

for (answer, status) in CHAIN_INDICES
for (answer, status) in chain_indices
.iter()
.rev()
.zip(ChildToRootIter::new(leaf_index, &contexts))
Expand All @@ -295,7 +297,7 @@ mod tests {
}

// Check we didn't accidentally skip any.
assert_eq!(CHAIN_INDICES.len(), count);
assert_eq!(chain_indices.len(), count);
}

#[test]
Expand Down Expand Up @@ -372,32 +374,15 @@ mod tests {
///
/// The context's parent context index is the previous value.
///
/// So `dpe.contexts[2]` is the parent of `dpe.contexts[4]` which is the parent of
/// `dpe.contexts[1]` etc.
const CHAIN_INDICES: [usize; MAX_HANDLES] = [
2,
4,
1,
13,
MAX_HANDLES - 1,
3,
0,
9,
5,
6,
7,
8,
10,
11,
12,
14,
15,
16,
17,
18,
19,
20,
21,
22,
];
/// So `dpe.contexts[chain_indices[0]]` is the parent of `dpe.contexts[chain_indices[1]]` which is the parent of
/// `dpe.contexts[chain_indices[2]]` etc. The chain_indices vector is a random permutation of numbers in [0, MAX_HANDLES).
fn get_chain_indices() -> Vec<usize> {
let mut chain_indices: Vec<usize> = (0..MAX_HANDLES).collect();
const SEED: [u8; 32] = [0xFF; 32];
let mut seeded_rng = StdRng::from_seed(SEED);

chain_indices.shuffle(&mut seeded_rng);
println!("{:?}", chain_indices);
chain_indices
}
}
8 changes: 5 additions & 3 deletions dpe/src/dpe_instance.rs
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,11 @@ impl DpeInstance {
env: &mut DpeEnv<impl DpeTypes>,
support: Support,
) -> Result<DpeInstance, DpeErrorCode> {
let updated_support = support.preprocess_support();
const CONTEXT_INITIALIZER: Context = Context::new();
let mut dpe = DpeInstance {
contexts: [CONTEXT_INITIALIZER; MAX_HANDLES],
support,
support: updated_support,
has_initialized: false.into(),
reserved: [0u8; 3],
};
Expand All @@ -80,11 +81,12 @@ impl DpeInstance {
tci_type: u32,
auto_init_measurement: [u8; DPE_PROFILE.get_hash_size()],
) -> Result<DpeInstance, DpeErrorCode> {
let updated_support = support.preprocess_support();
// auto-init must be supported to add an auto init measurement
if !support.auto_init() {
if !updated_support.auto_init() {
return Err(DpeErrorCode::ArgumentNotSupported);
}
let mut dpe = Self::new(env, support)?;
let mut dpe = Self::new(env, updated_support)?;

let locality = env.platform.get_auto_init_locality()?;
let idx = dpe.get_active_context_pos(&ContextHandle::default(), locality)?;
Expand Down
4 changes: 4 additions & 0 deletions dpe/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,11 @@ pub mod x509;
use zerocopy::{AsBytes, FromBytes};

const MAX_CERT_SIZE: usize = 2048;
#[cfg(not(feature = "arbitrary_max_handles"))]
pub const MAX_HANDLES: usize = 24;
#[cfg(feature = "arbitrary_max_handles")]
include!(concat!(env!("OUT_DIR"), "/arbitrary_max_handles.rs"));

const CURRENT_PROFILE_MAJOR_VERSION: u16 = 0;
const CURRENT_PROFILE_MINOR_VERSION: u16 = 8;

Expand Down
47 changes: 46 additions & 1 deletion dpe/src/support.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ use bitflags::bitflags;
use zerocopy::{AsBytes, FromBytes};
use zeroize::Zeroize;

#[derive(Default, AsBytes, FromBytes, Zeroize)]
#[derive(Default, AsBytes, FromBytes, Zeroize, Copy, Clone)]
#[repr(C)]
pub struct Support(u32);

Expand Down Expand Up @@ -53,6 +53,51 @@ impl Support {
pub fn is_ca(&self) -> bool {
self.contains(Support::IS_CA)
}
pub fn preprocess_support(&self) -> Support {
#[allow(unused_mut)]
let mut support = Support::empty();
#[cfg(feature = "disable_simulation")]
{
support.insert(Support::SIMULATION);
}
#[cfg(feature = "disable_extend_tci")]
{
support.insert(Support::EXTEND_TCI);
}
#[cfg(feature = "disable_auto_init")]
{
support.insert(Support::AUTO_INIT);
}
#[cfg(feature = "disable_rotate_context")]
{
support.insert(Support::ROTATE_CONTEXT);
}
#[cfg(feature = "disable_x509")]
{
support.insert(Support::X509);
}
#[cfg(feature = "disable_csr")]
{
support.insert(Support::CSR);
}
#[cfg(feature = "disable_is_symmetric")]
{
support.insert(Support::IS_SYMMETRIC);
}
#[cfg(feature = "disable_internal_info")]
{
support.insert(Support::INTERNAL_INFO);
}
#[cfg(feature = "disable_internal_dice")]
{
support.insert(Support::INTERNAL_DICE);
}
#[cfg(feature = "disable_is_ca")]
{
support.insert(Support::IS_CA);
}
self.difference(support)
}
}

#[cfg(test)]
Expand Down