diff --git a/FROZEN_IMAGES.sha384sum b/FROZEN_IMAGES.sha384sum index 6b4d5d9475..30edda047b 100644 --- a/FROZEN_IMAGES.sha384sum +++ b/FROZEN_IMAGES.sha384sum @@ -1,3 +1,3 @@ # WARNING: Do not update this file without the approval of the Caliptra TAC -91b951fbe655919a1e123b86add18ab604d049f6d2b2bbefac4cd554a4411eaf22247973c47490e243b9a5b1d197feb3 caliptra-rom-no-log.bin -105cda4bbc0f2f0096d058eda9090670da0d90c8e3066cb44027843e9a490db61933b524ca78fe78351a7fd26a124c03 caliptra-rom-with-log.bin +e4a45236589f76070b0e6eb09995693a49579c4ca8949078f2f007c93e1e423a90e9fa719ac593df1d98174ab448502d caliptra-rom-no-log.bin +b5e10dcbc719846cb1e4b72857dcf1c25395de0ba7f297e3296eadd8893440e3d72e4f98f6167d327baeb6b2c7c9a1dc caliptra-rom-with-log.bin diff --git a/fmc/tests/fmc_integration_tests/test_rtalias.rs b/fmc/tests/fmc_integration_tests/test_rtalias.rs index a36abc35ab..fa209f71c0 100644 --- a/fmc/tests/fmc_integration_tests/test_rtalias.rs +++ b/fmc/tests/fmc_integration_tests/test_rtalias.rs @@ -91,7 +91,7 @@ fn test_fht_info() { let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap(); let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap(); assert_eq!(fht.ldevid_tbs_size, 552); - assert_eq!(fht.fmcalias_tbs_size, 786); + assert_eq!(fht.fmcalias_tbs_size, 771); assert_eq!(fht.ldevid_tbs_addr, 0x50003C00); assert_eq!(fht.fmcalias_tbs_addr, 0x50004000); assert_eq!(fht.pcr_log_addr, 0x50004800); diff --git a/libcaliptra/examples/generic/idev_csr_array.h b/libcaliptra/examples/generic/idev_csr_array.h index 8e5cc3e03f..245232639a 100644 --- a/libcaliptra/examples/generic/idev_csr_array.h +++ b/libcaliptra/examples/generic/idev_csr_array.h @@ -2,28 +2,7 @@ // Generated from test/tests/caliptra_integration_tests/smoke_testdata/idev_csr.der #include -#define IDEV_CSR_LEN 443 +#define IDEV_CSR_LEN 444 uint8_t idev_csr_bytes[IDEV_CSR_LEN] = { - 48, 130, 1, 183, 48, 130, 1, 62, 2, 1, 0, 48, 105, 49, 28, 48, 26, 6, - 3, 85, 4, 3, 12, 19, 67, 97, 108, 105, 112, 116, 114, 97, 32, 49, 46, - 48, 32, 73, 68, 101, 118, 73, 68, 49, 73, 48, 71, 6, 3, 85, 4, 5, 19, - 64, 56, 69, 51, 67, 49, 65, 48, 53, 56, 70, 55, 48, 52, 65, 49, 49, 56, - 50, 49, 70, 55, 66, 52, 56, 68, 51, 52, 48, 65, 69, 70, 57, 57, 68, 68, - 65, 66, 65, 68, 67, 49, 48, 57, 48, 68, 55, 52, 68, 48, 53, 55, 70, 69, - 67, 67, 70, 55, 51, 50, 57, 52, 69, 68, 54, 48, 118, 48, 16, 6, 7, 42, 134, - 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 215, 180, 133, 242, - 159, 17, 92, 28, 179, 4, 107, 132, 11, 69, 137, 181, 120, 98, 245, 235, 249, - 157, 132, 111, 190, 63, 210, 209, 67, 150, 245, 246, 154, 55, 154, 89, 172, - 197, 162, 174, 200, 54, 158, 203, 101, 144, 68, 55, 180, 188, 124, 217, 165, - 168, 64, 60, 91, 177, 145, 82, 35, 170, 134, 190, 242, 193, 188, 146, 20, 95, 252, - 39, 193, 37, 198, 219, 250, 212, 156, 145, 232, 72, 197, 68, 172, 127, 14, 149, 214, - 205, 140, 172, 251, 146, 63, 166, 160, 86, 48, 84, 6, 9, 42, 134, 72, 134, 247, 13, - 1, 9, 14, 49, 71, 48, 69, 48, 18, 6, 3, 85, 29, 19, 1, 1, 255, 4, 8, 48, 6, 1, 1, 255, 2 - , 1, 5, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 2, 4, 48, 31, 6, 6, 103, 129, 5, 5, - 4, 4, 4, 21, 48, 19, 4, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 48, 10, 6, 8, 42, - 134, 72, 206, 61, 4, 3, 3, 3, 103, 0, 48, 100, 2, 48, 124, 116, 253, 40, 206, 15, 249, 233, 218, 239 - ,144, 132, 165, 175, 192, 66, 209, 226, 8, 132, 103, 214, 106, 232, 220, 70, 204, 2, 29, 128, 218, 55, 80, - 145, 238, 117, 9, 237, 21, 85, 15, 49, 21, 35, 201, 187, 230, 225, 2, 48, 36, 253, 27, 91, 71, 204, 20, 74, 102, - 165, 187, 231, 4, 116, 240, 33, 54, 55, 244, 158, 93, 205, 161, 66, 191, 246, 130, 92, 161, 244, 81, 67, 226, 151, - 252, 149, 206, 86, 177, 103, 225, 191, 225, 38, 58, 206, 161, 243, + 0x30, 0x82, 0x01, 0xb8, 0x30, 0x82, 0x01, 0x3e, 0x02, 0x01, 0x00, 0x30, 0x69, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x43, 0x61, 0x6c, 0x69, 0x70, 0x74, 0x72, 0x61, 0x20, 0x31, 0x2e, 0x78, 0x20, 0x49, 0x44, 0x65, 0x76, 0x49, 0x44, 0x31, 0x49, 0x30, 0x47, 0x06, 0x03, 0x55, 0x04, 0x05, 0x13, 0x40, 0x38, 0x45, 0x33, 0x43, 0x31, 0x41, 0x30, 0x35, 0x38, 0x46, 0x37, 0x30, 0x34, 0x41, 0x31, 0x31, 0x38, 0x32, 0x31, 0x46, 0x37, 0x42, 0x34, 0x38, 0x44, 0x33, 0x34, 0x30, 0x41, 0x45, 0x46, 0x39, 0x39, 0x44, 0x44, 0x41, 0x42, 0x41, 0x44, 0x43, 0x31, 0x30, 0x39, 0x30, 0x44, 0x37, 0x34, 0x44, 0x30, 0x35, 0x37, 0x46, 0x45, 0x43, 0x43, 0x46, 0x37, 0x33, 0x32, 0x39, 0x34, 0x45, 0x44, 0x36, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xd7, 0xb4, 0x85, 0xf2, 0x9f, 0x11, 0x5c, 0x1c, 0xb3, 0x04, 0x6b, 0x84, 0x0b, 0x45, 0x89, 0xb5, 0x78, 0x62, 0xf5, 0xeb, 0xf9, 0x9d, 0x84, 0x6f, 0xbe, 0x3f, 0xd2, 0xd1, 0x43, 0x96, 0xf5, 0xf6, 0x9a, 0x37, 0x9a, 0x59, 0xac, 0xc5, 0xa2, 0xae, 0xc8, 0x36, 0x9e, 0xcb, 0x65, 0x90, 0x44, 0x37, 0xb4, 0xbc, 0x7c, 0xd9, 0xa5, 0xa8, 0x40, 0x3c, 0x5b, 0xb1, 0x91, 0x52, 0x23, 0xaa, 0x86, 0xbe, 0xf2, 0xc1, 0xbc, 0x92, 0x14, 0x5f, 0xfc, 0x27, 0xc1, 0x25, 0xc6, 0xdb, 0xfa, 0xd4, 0x9c, 0x91, 0xe8, 0x48, 0xc5, 0x44, 0xac, 0x7f, 0x0e, 0x95, 0xd6, 0xcd, 0x8c, 0xac, 0xfb, 0x92, 0x3f, 0xa6, 0xa0, 0x56, 0x30, 0x54, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0e, 0x31, 0x47, 0x30, 0x45, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x05, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x1f, 0x06, 0x06, 0x67, 0x81, 0x05, 0x05, 0x04, 0x04, 0x04, 0x15, 0x30, 0x13, 0x04, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0xed, 0x8e, 0x44, 0x4e, 0x3c, 0x7f, 0x6f, 0x96, 0x4a, 0x5d, 0xcb, 0xe1, 0xea, 0x08, 0xa0, 0x57, 0xf5, 0xd7, 0xb5, 0x6d, 0xce, 0x72, 0x9e, 0xb8, 0x8c, 0x88, 0x38, 0xf6, 0x50, 0x35, 0x90, 0xbd, 0x6b, 0x59, 0xdb, 0x29, 0x52, 0x13, 0x2e, 0xfc, 0xa8, 0xb6, 0x8d, 0x8a, 0x33, 0xd3, 0x2a, 0xcf, 0x02, 0x30, 0x6d, 0x40, 0x6a, 0x1f, 0x7c, 0x9e, 0x74, 0x8f, 0x28, 0xdc, 0x14, 0x73, 0xe0, 0x96, 0x92, 0xd8, 0x74, 0xfa, 0x30, 0x58, 0x04, 0x54, 0x84, 0x77, 0xe9, 0x52, 0x3a, 0x0d, 0x63, 0xfa, 0xf3, 0x1a, 0x68, 0xc3, 0x88, 0x07, 0x50, 0xa7, 0x5d, 0x6f, 0xf7, 0xa9, 0xda, 0x98, 0xf7, 0x8c, 0x48, 0x2a, }; diff --git a/rom/dev/build.rs b/rom/dev/build.rs index 3c51a3601e..30bc1d097b 100644 --- a/rom/dev/build.rs +++ b/rom/dev/build.rs @@ -86,10 +86,13 @@ fn main() { use x509_parser::signature_value::EcdsaSigValue; let ws_dir = workspace_dir(); - let ldev_file = std::fs::read( - ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der"), - ) - .unwrap(); + let ldev_file_path = + ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der"); + println!( + "cargo:rerun-if-changed={}", + ldev_file_path.to_str().unwrap() + ); + let ldev_file = std::fs::read(ldev_file_path).unwrap(); let mut parser = X509CertificateParser::new(); let (_, cert) = parser.parse(&ldev_file).unwrap(); diff --git a/rom/dev/src/flow/cold_reset/fmc_alias.rs b/rom/dev/src/flow/cold_reset/fmc_alias.rs index 6f0c59604d..f6e8d50ccf 100644 --- a/rom/dev/src/flow/cold_reset/fmc_alias.rs +++ b/rom/dev/src/flow/cold_reset/fmc_alias.rs @@ -252,6 +252,6 @@ impl FmcAliasLayer { flags |= dice::FLAG_BIT_DEBUG; } - flags.to_be_bytes() + flags.reverse_bits().to_be_bytes() } } diff --git a/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs b/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs index e2cd0f096a..1e5c19df69 100644 --- a/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs +++ b/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs @@ -743,7 +743,7 @@ fn test_fht_info() { let data = hw.mailbox_execute(0x1000_0003, &[]).unwrap().unwrap(); let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap(); assert_eq!(fht.ldevid_tbs_size, 552); - assert_eq!(fht.fmcalias_tbs_size, 786); + assert_eq!(fht.fmcalias_tbs_size, 771); assert_eq!(fht.ldevid_tbs_addr, LDEVID_TBS_ORG); assert_eq!(fht.fmcalias_tbs_addr, FMCALIAS_TBS_ORG); assert_eq!(fht.pcr_log_addr, PCR_LOG_ORG); diff --git a/rom/dev/tools/test-fmc/src/main.rs b/rom/dev/tools/test-fmc/src/main.rs index a75f87ee9b..55f1aca3ad 100644 --- a/rom/dev/tools/test-fmc/src/main.rs +++ b/rom/dev/tools/test-fmc/src/main.rs @@ -43,11 +43,11 @@ pub fn main() {} // Dummy RO data to max out FMC image size to 16K. // Note: Adjust this value to account for new changes in this FMC image. #[cfg(all(feature = "interactive_test_fmc", not(feature = "fake-fmc")))] -const PAD_LEN: usize = 4988; // TEST_FMC_INTERACTIVE +const PAD_LEN: usize = 4996; // TEST_FMC_INTERACTIVE #[cfg(all(feature = "fake-fmc", not(feature = "interactive_test_fmc")))] const PAD_LEN: usize = 5224; // FAKE_TEST_FMC_WITH_UART #[cfg(all(feature = "interactive_test_fmc", feature = "fake-fmc"))] -const PAD_LEN: usize = 5452; // FAKE_TEST_FMC_INTERACTIVE +const PAD_LEN: usize = 5460; // FAKE_TEST_FMC_INTERACTIVE #[cfg(not(any(feature = "interactive_test_fmc", feature = "fake-fmc")))] const PAD_LEN: usize = 0; diff --git a/runtime/src/dpe_platform.rs b/runtime/src/dpe_platform.rs index ab53d6122f..daeee3ad2d 100644 --- a/runtime/src/dpe_platform.rs +++ b/runtime/src/dpe_platform.rs @@ -108,7 +108,7 @@ impl Platform for DpePlatform<'_> { &mut self, out: &mut [u8; MAX_ISSUER_NAME_SIZE], ) -> Result { - const CALIPTRA_CN: &[u8] = b"Caliptra 1.0 Rt Alias"; + const CALIPTRA_CN: &[u8] = b"Caliptra 1.x Rt Alias"; let mut issuer_writer = CertWriter::new(out, true); // Caliptra RDN SerialNumber field is always a Sha256 hash diff --git a/test/src/x509.rs b/test/src/x509.rs index 6c5954223c..09ac3374f1 100644 --- a/test/src/x509.rs +++ b/test/src/x509.rs @@ -68,7 +68,10 @@ impl DiceTcbInfo { }) .transpose()? .unwrap_or_default(), - flags: d.read_optional_implicit_element(7)?, + flags: d + .read_optional_implicit_element::(7)? + .and_then(|b| b.as_bytes().try_into().ok()) + .map(u32::from_be_bytes), vendor_info: d .read_optional_implicit_element::<&[u8]>(8)? .map(|s| s.to_vec()), diff --git a/test/tests/caliptra_integration_tests/smoke_test.rs b/test/tests/caliptra_integration_tests/smoke_test.rs index 0376c1dcd5..6f23a71359 100644 --- a/test/tests/caliptra_integration_tests/smoke_test.rs +++ b/test/tests/caliptra_integration_tests/smoke_test.rs @@ -67,8 +67,8 @@ fn retrieve_csr_test() { let csr_txt = String::from_utf8(csr.to_text().unwrap()).unwrap(); // To update the CSR testdata: - // std::fs::write("tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap(); - // std::fs::write("tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap(); println!("csr: {}", csr_txt); @@ -215,8 +215,8 @@ fn smoke_test() { let ldev_cert_txt = String::from_utf8(ldev_cert.to_text().unwrap()).unwrap(); // To update the ldev cert testdata: - // std::fs::write("tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap(); - // std::fs::write("tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap(); assert_eq!( ldev_cert_txt.as_str(), @@ -287,13 +287,13 @@ fn smoke_test() { digest: device_info_hash.to_vec(), },], - flags: Some(0x80000000), + flags: Some(0x00000001), ty: Some(b"DEVICE_INFO".to_vec()), ..Default::default() }, DiceTcbInfo { - vendor: Some("Caliptra".into()), - model: Some("FMC".into()), + vendor: None, + model: None, // This is from the SVN in the image (9) svn: Some(0x109), fwids: vec![DiceFwid { @@ -459,8 +459,8 @@ fn smoke_test() { assert_eq!( rt_dice_tcb_info, Some(DiceTcbInfo { - vendor: Some("Caliptra".into()), - model: Some("RT".into()), + vendor: None, + model: None, svn: Some(0x100), fwids: vec![DiceFwid { // RT @@ -609,8 +609,8 @@ fn smoke_test() { assert_eq!( rt_dice_tcb_info2, Some(DiceTcbInfo { - vendor: Some("Caliptra".into()), - model: Some("RT".into()), + vendor: None, + model: None, svn: Some(0x100), fwids: vec![DiceFwid { // FMC diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der index 84e7805d2c..232076c23d 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der and b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt index ef18969566..1cc851f9c6 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt @@ -4,11 +4,11 @@ Certificate: Serial Number: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 + Issuer: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT - Subject: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Subject: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -30,7 +30,7 @@ Certificate: 2.23.133.5.4.4: 0.................... 2.23.133.5.4.5: - DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD X509v3 Subject Key Identifier: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 X509v3 Authority Key Identifier: diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der index 78cb24f88e..f5af843189 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der and b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt index 340d92ab9f..7831436342 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt @@ -1,7 +1,7 @@ Certificate Request: Data: Version: 1 (0x0) - Subject: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 + Subject: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -25,9 +25,9 @@ Certificate Request: 0.................... Signature Algorithm: ecdsa-with-SHA384 Signature Value: - 30:64:02:30:7c:74:fd:28:ce:0f:f9:e9:da:ef:90:84:a5:af: - c0:42:d1:e2:08:84:67:d6:6a:e8:dc:46:cc:02:1d:80:da:37: - 50:91:ee:75:09:ed:15:55:0f:31:15:23:c9:bb:e6:e1:02:30: - 24:fd:1b:5b:47:cc:14:4a:66:a5:bb:e7:04:74:f0:21:36:37: - f4:9e:5d:cd:a1:42:bf:f6:82:5c:a1:f4:51:43:e2:97:fc:95: - ce:56:b1:67:e1:bf:e1:26:3a:ce:a1:f3 + 30:65:02:31:00:ed:8e:44:4e:3c:7f:6f:96:4a:5d:cb:e1:ea: + 08:a0:57:f5:d7:b5:6d:ce:72:9e:b8:8c:88:38:f6:50:35:90: + bd:6b:59:db:29:52:13:2e:fc:a8:b6:8d:8a:33:d3:2a:cf:02: + 30:6d:40:6a:1f:7c:9e:74:8f:28:dc:14:73:e0:96:92:d8:74: + fa:30:58:04:54:84:77:e9:52:3a:0d:63:fa:f3:1a:68:c3:88: + 07:50:a7:5d:6f:f7:a9:da:98:f7:8c:48:2a diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der index d7bee137f1..cafa027823 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der and b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt index 1c301b51c3..30930111d4 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt @@ -4,11 +4,11 @@ Certificate: Serial Number: 25:ee:ef:9a:4c:61:d4:b9:e3:d9:4b:ea:46:f9:a1:2a:c6:88:7c:e2 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 + Issuer: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT - Subject: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 + Subject: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -35,9 +35,9 @@ Certificate: 42:4F:3A:C7:45:DD:BD:50:15:05:7F:5B:F8:3E:9C:D6:48:10:B0:41 Signature Algorithm: ecdsa-with-SHA384 Signature Value: - 30:66:02:31:00:9b:0e:19:91:81:f6:90:a7:43:34:60:d8:1d: - 69:c4:a5:63:52:a3:c8:93:cf:4c:11:be:e1:a1:8d:47:a6:b5: - 63:78:42:3f:8a:85:f2:34:b4:ab:5a:18:01:f6:e7:ff:92:02: - 31:00:e1:21:cf:21:fe:44:09:81:95:01:fd:29:ad:f5:29:a9: - 01:6a:2e:a3:15:bf:65:ab:2a:e5:82:7c:ef:f1:b8:59:bd:7e: - 60:cf:15:c7:2a:64:ea:cf:2b:7b:9b:ff:42:d3 + 30:65:02:30:27:24:23:0f:77:0a:b4:a9:95:dc:a1:96:e0:cd: + 5d:f9:29:08:eb:80:7d:74:55:05:7a:22:b9:62:08:96:a2:7a: + 08:21:3d:8a:c6:1f:3c:71:e0:8d:48:83:ab:9c:64:1a:02:31: + 00:ad:8a:98:ea:e7:33:13:bb:02:b6:12:fa:24:ef:ae:f4:5b: + 73:57:97:37:82:56:a8:e9:c8:b6:87:d9:2d:7d:43:bc:be:cd: + 82:d3:0f:85:5a:15:56:8e:a2:08:f9:ec:ce diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der index b9a2e8f33c..9e6aeef81d 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der and b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt index fabcc6718f..52d55db979 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt @@ -4,11 +4,11 @@ Certificate: Serial Number: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Issuer: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT - Subject: CN=Caliptra 1.0 Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Subject: CN=Caliptra 1.x Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -30,7 +30,7 @@ Certificate: 2.23.133.5.4.4: 0.................... 2.23.133.5.4.1: - DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD X509v3 Subject Key Identifier: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 X509v3 Authority Key Identifier: diff --git a/x509/build/build.rs b/x509/build/build.rs index aa728c6eaa..dc116c3505 100644 --- a/x509/build/build.rs +++ b/x509/build/build.rs @@ -54,7 +54,7 @@ fn gen_init_devid_csr(out_dir: &str) { .add_basic_constraints_ext(true, 5) .add_key_usage_ext(usage) .add_ueid_ext(&[0xFF; 17]); - let template = bldr.tbs_template("Caliptra 1.0 IDevID"); + let template = bldr.tbs_template("Caliptra 1.x IDevID"); CodeGen::gen_code("InitDevIdCsrTbs", template, out_dir); } @@ -67,7 +67,7 @@ fn gen_local_devid_cert(out_dir: &str) { .add_basic_constraints_ext(true, 4) .add_key_usage_ext(usage) .add_ueid_ext(&[0xFF; 17]); - let template = bldr.tbs_template("Caliptra 1.0 LDevID", "Caliptra 1.0 IDevID"); + let template = bldr.tbs_template("Caliptra 1.x LDevID", "Caliptra 1.x IDevID"); CodeGen::gen_code("LocalDevIdCertTbs", template, out_dir); } @@ -98,7 +98,7 @@ fn gen_fmc_alias_cert(out_dir: &str) { }, }], ); - let template = bldr.tbs_template("Caliptra 1.0 FMC Alias", "Caliptra 1.0 LDevID"); + let template = bldr.tbs_template("Caliptra 1.x FMC Alias", "Caliptra 1.x LDevID"); CodeGen::gen_code("FmcAliasCertTbs", template, out_dir); } @@ -122,6 +122,6 @@ fn gen_rt_alias_cert(out_dir: &str) { digest: &[0xCD; 48], }, }]); - let template = bldr.tbs_template("Caliptra 1.0 Rt Alias", "Caliptra 1.0 FMC Alias"); + let template = bldr.tbs_template("Caliptra 1.x Rt Alias", "Caliptra 1.x FMC Alias"); CodeGen::gen_code("RtAliasCertTbs", template, out_dir); } diff --git a/x509/build/cert.rs b/x509/build/cert.rs index 966a6412bd..3ad2afd090 100644 --- a/x509/build/cert.rs +++ b/x509/build/cert.rs @@ -90,9 +90,11 @@ impl CertTemplateBuilder { device_fwids: &[FwidParam], fmc_fwids: &[FwidParam], ) -> Self { + // This method of finding the offsets is fragile. Especially for the 1 byte values. + // These may need to be updated to stay unique when the cert template is updated. let flags: u32 = 0xC0C1C2C3; let svn: u8 = 0xC4; - let svn_fuses: u8 = 0xC5; + let svn_fuses: u8 = 0xC6; self.exts .push(x509::make_fmc_dice_tcb_info_ext( diff --git a/x509/build/fmc_alias_cert_tbs.rs b/x509/build/fmc_alias_cert_tbs.rs index dfda357ba1..29a0d1e645 100644 --- a/x509/build/fmc_alias_cert_tbs.rs +++ b/x509/build/fmc_alias_cert_tbs.rs @@ -47,15 +47,15 @@ impl FmcAliasCertTbs { const SUBJECT_SN_OFFSET: usize = 232usize; const ISSUER_SN_OFFSET: usize = 86usize; const TCB_INFO_DEVICE_INFO_HASH_OFFSET: usize = 551usize; - const TCB_INFO_FMC_TCI_OFFSET: usize = 664usize; + const TCB_INFO_FMC_TCI_OFFSET: usize = 649usize; const SERIAL_NUMBER_OFFSET: usize = 11usize; - const SUBJECT_KEY_ID_OFFSET: usize = 733usize; - const AUTHORITY_KEY_ID_OFFSET: usize = 766usize; + const SUBJECT_KEY_ID_OFFSET: usize = 718usize; + const AUTHORITY_KEY_ID_OFFSET: usize = 751usize; const UEID_OFFSET: usize = 476usize; const NOT_BEFORE_OFFSET: usize = 154usize; const NOT_AFTER_OFFSET: usize = 171usize; const TCB_INFO_FLAGS_OFFSET: usize = 602usize; - const TCB_INFO_FMC_SVN_OFFSET: usize = 646usize; + const TCB_INFO_FMC_SVN_OFFSET: usize = 631usize; const TCB_INFO_FMC_SVN_FUSES_OFFSET: usize = 533usize; const PUBLIC_KEY_LEN: usize = 97usize; const SUBJECT_SN_LEN: usize = 64usize; @@ -71,42 +71,42 @@ impl FmcAliasCertTbs { const TCB_INFO_FLAGS_LEN: usize = 4usize; const TCB_INFO_FMC_SVN_LEN: usize = 1usize; const TCB_INFO_FMC_SVN_FUSES_LEN: usize = 1usize; - pub const TBS_TEMPLATE_LEN: usize = 786usize; + pub const TBS_TEMPLATE_LEN: usize = 771usize; const TBS_TEMPLATE: [u8; Self::TBS_TEMPLATE_LEN] = [ - 48u8, 130u8, 3u8, 14u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 48u8, 130u8, 2u8, 255u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 105u8, 49u8, - 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, - 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, 68u8, - 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 105u8, + 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, + 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, + 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, - 34u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 108u8, 49u8, 31u8, 48u8, 29u8, 6u8, 3u8, 85u8, 4u8, - 3u8, 12u8, 22u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, - 48u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, 48u8, - 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 48u8, 34u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 108u8, 49u8, 31u8, 48u8, 29u8, 6u8, 3u8, 85u8, + 4u8, 3u8, 12u8, 22u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, + 46u8, 120u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, + 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 118u8, 48u8, 16u8, - 6u8, 7u8, 42u8, 134u8, 72u8, 206u8, 61u8, 2u8, 1u8, 6u8, 5u8, 43u8, 129u8, 4u8, 0u8, 34u8, - 3u8, 98u8, 0u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 118u8, 48u8, + 16u8, 6u8, 7u8, 42u8, 134u8, 72u8, 206u8, 61u8, 2u8, 1u8, 6u8, 5u8, 43u8, 129u8, 4u8, 0u8, + 34u8, 3u8, 98u8, 0u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 163u8, 130u8, 1u8, 110u8, 48u8, - 130u8, 1u8, 106u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, 4u8, 8u8, 48u8, - 6u8, 1u8, 1u8, 255u8, 2u8, 1u8, 3u8, 48u8, 14u8, 6u8, 3u8, 85u8, 29u8, 15u8, 1u8, 1u8, - 255u8, 4u8, 4u8, 3u8, 2u8, 2u8, 4u8, 48u8, 31u8, 6u8, 6u8, 103u8, 129u8, 5u8, 5u8, 4u8, - 4u8, 4u8, 21u8, 48u8, 19u8, 4u8, 17u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 129u8, 226u8, 6u8, 6u8, 103u8, - 129u8, 5u8, 5u8, 4u8, 5u8, 4u8, 129u8, 215u8, 48u8, 129u8, 212u8, 48u8, 114u8, 128u8, 8u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 163u8, 130u8, 1u8, 95u8, + 48u8, 130u8, 1u8, 91u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, 4u8, 8u8, + 48u8, 6u8, 1u8, 1u8, 255u8, 2u8, 1u8, 3u8, 48u8, 14u8, 6u8, 3u8, 85u8, 29u8, 15u8, 1u8, + 1u8, 255u8, 4u8, 4u8, 3u8, 2u8, 2u8, 4u8, 48u8, 31u8, 6u8, 6u8, 103u8, 129u8, 5u8, 5u8, + 4u8, 4u8, 4u8, 21u8, 48u8, 19u8, 4u8, 17u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 129u8, 211u8, 6u8, 6u8, 103u8, + 129u8, 5u8, 5u8, 4u8, 5u8, 4u8, 129u8, 200u8, 48u8, 129u8, 197u8, 48u8, 114u8, 128u8, 8u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 129u8, 6u8, 68u8, 101u8, 118u8, 105u8, 99u8, 101u8, 131u8, 2u8, 1u8, 95u8, 166u8, 63u8, 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -114,14 +114,13 @@ impl FmcAliasCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 135u8, 5u8, 0u8, 95u8, 95u8, 95u8, 95u8, 137u8, 11u8, 68u8, 69u8, 86u8, 73u8, 67u8, 69u8, 95u8, 73u8, 78u8, 70u8, 79u8, - 138u8, 5u8, 0u8, 128u8, 0u8, 0u8, 11u8, 48u8, 94u8, 128u8, 8u8, 67u8, 97u8, 108u8, 105u8, - 112u8, 116u8, 114u8, 97u8, 129u8, 3u8, 70u8, 77u8, 67u8, 131u8, 2u8, 1u8, 95u8, 166u8, - 63u8, 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, + 138u8, 5u8, 0u8, 208u8, 0u8, 0u8, 1u8, 48u8, 79u8, 131u8, 2u8, 1u8, 95u8, 166u8, 63u8, + 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 137u8, 8u8, 70u8, 77u8, 67u8, 95u8, 73u8, 78u8, 70u8, 79u8, 48u8, 29u8, - 6u8, 3u8, 85u8, 29u8, 14u8, 4u8, 22u8, 4u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 137u8, 8u8, 70u8, 77u8, 67u8, 95u8, 73u8, 78u8, 70u8, 79u8, 48u8, 29u8, 6u8, + 3u8, 85u8, 29u8, 14u8, 4u8, 22u8, 4u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 31u8, 6u8, 3u8, 85u8, 29u8, 35u8, 4u8, 24u8, 48u8, 22u8, 128u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -146,7 +145,7 @@ impl FmcAliasCertTbs { fn apply(&mut self, params: &FmcAliasCertTbsParams) { #[inline(always)] fn apply_slice( - buf: &mut [u8; 786usize], + buf: &mut [u8; 771usize], val: &[u8; LEN], ) { buf[OFFSET..OFFSET + LEN].copy_from_slice(val); diff --git a/x509/build/init_dev_id_csr_tbs.rs b/x509/build/init_dev_id_csr_tbs.rs index c989be7267..e4139c01ad 100644 --- a/x509/build/init_dev_id_csr_tbs.rs +++ b/x509/build/init_dev_id_csr_tbs.rs @@ -31,7 +31,7 @@ impl InitDevIdCsrTbs { const TBS_TEMPLATE: [u8; Self::TBS_TEMPLATE_LEN] = [ 48u8, 130u8, 1u8, 62u8, 2u8, 1u8, 0u8, 48u8, 105u8, 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, - 46u8, 48u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, + 46u8, 120u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, diff --git a/x509/build/local_dev_id_cert_tbs.rs b/x509/build/local_dev_id_cert_tbs.rs index adb180a84c..b9b0fcdf77 100644 --- a/x509/build/local_dev_id_cert_tbs.rs +++ b/x509/build/local_dev_id_cert_tbs.rs @@ -57,7 +57,7 @@ impl LocalDevIdCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 105u8, 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, - 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, + 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -67,7 +67,7 @@ impl LocalDevIdCertTbs { 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 105u8, 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, - 48u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, + 120u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, diff --git a/x509/build/rt_alias_cert_tbs.rs b/x509/build/rt_alias_cert_tbs.rs index 6d07b86bbc..0e2b75eb2d 100644 --- a/x509/build/rt_alias_cert_tbs.rs +++ b/x509/build/rt_alias_cert_tbs.rs @@ -40,14 +40,14 @@ impl RtAliasCertTbs { const PUBLIC_KEY_OFFSET: usize = 321usize; const SUBJECT_SN_OFFSET: usize = 234usize; const ISSUER_SN_OFFSET: usize = 89usize; - const TCB_INFO_RT_TCI_OFFSET: usize = 542usize; + const TCB_INFO_RT_TCI_OFFSET: usize = 528usize; const SERIAL_NUMBER_OFFSET: usize = 11usize; - const SUBJECT_KEY_ID_OFFSET: usize = 610usize; - const AUTHORITY_KEY_ID_OFFSET: usize = 643usize; + const SUBJECT_KEY_ID_OFFSET: usize = 596usize; + const AUTHORITY_KEY_ID_OFFSET: usize = 629usize; const UEID_OFFSET: usize = 476usize; const NOT_BEFORE_OFFSET: usize = 157usize; const NOT_AFTER_OFFSET: usize = 174usize; - const TCB_INFO_RT_SVN_OFFSET: usize = 524usize; + const TCB_INFO_RT_SVN_OFFSET: usize = 510usize; const PUBLIC_KEY_LEN: usize = 97usize; const SUBJECT_SN_LEN: usize = 64usize; const ISSUER_SN_LEN: usize = 64usize; @@ -59,13 +59,13 @@ impl RtAliasCertTbs { const NOT_BEFORE_LEN: usize = 15usize; const NOT_AFTER_LEN: usize = 15usize; const TCB_INFO_RT_SVN_LEN: usize = 1usize; - pub const TBS_TEMPLATE_LEN: usize = 663usize; + pub const TBS_TEMPLATE_LEN: usize = 649usize; const TBS_TEMPLATE: [u8; Self::TBS_TEMPLATE_LEN] = [ - 48u8, 130u8, 2u8, 147u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, + 48u8, 130u8, 2u8, 133u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 108u8, 49u8, 31u8, 48u8, 29u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 22u8, 67u8, 97u8, 108u8, 105u8, - 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, + 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -75,7 +75,7 @@ impl RtAliasCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 107u8, 49u8, 30u8, 48u8, 28u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 21u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, - 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 82u8, 116u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, + 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 82u8, 116u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -89,13 +89,12 @@ impl RtAliasCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 163u8, - 129u8, 242u8, 48u8, 129u8, 239u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, + 129u8, 228u8, 48u8, 129u8, 225u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, 4u8, 8u8, 48u8, 6u8, 1u8, 1u8, 255u8, 2u8, 1u8, 2u8, 48u8, 14u8, 6u8, 3u8, 85u8, 29u8, 15u8, 1u8, 1u8, 255u8, 4u8, 4u8, 3u8, 2u8, 2u8, 132u8, 48u8, 31u8, 6u8, 6u8, 103u8, 129u8, 5u8, 5u8, 4u8, 4u8, 4u8, 21u8, 48u8, 19u8, 4u8, 17u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 104u8, 6u8, 6u8, - 103u8, 129u8, 5u8, 5u8, 4u8, 1u8, 4u8, 94u8, 48u8, 92u8, 128u8, 8u8, 67u8, 97u8, 108u8, - 105u8, 112u8, 116u8, 114u8, 97u8, 129u8, 2u8, 82u8, 84u8, 131u8, 2u8, 1u8, 95u8, 166u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 90u8, 6u8, 6u8, + 103u8, 129u8, 5u8, 5u8, 4u8, 1u8, 4u8, 80u8, 48u8, 78u8, 131u8, 2u8, 1u8, 95u8, 166u8, 63u8, 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -126,7 +125,7 @@ impl RtAliasCertTbs { fn apply(&mut self, params: &RtAliasCertTbsParams) { #[inline(always)] fn apply_slice( - buf: &mut [u8; 663usize], + buf: &mut [u8; 649usize], val: &[u8; LEN], ) { buf[OFFSET..OFFSET + LEN].copy_from_slice(val); diff --git a/x509/build/x509.rs b/x509/build/x509.rs index ba71ebdac1..9c2bbdea46 100644 --- a/x509/build/x509.rs +++ b/x509/build/x509.rs @@ -316,7 +316,7 @@ pub fn make_fmc_dice_tcb_info_ext( let wide_svn_fuses = fixed_width_svn(svn_fuses); let be_flags = flags.to_be_bytes(); - let be_flags_mask = FLAG_MASK.to_be_bytes(); + let be_flags_mask = FLAG_MASK.reverse_bits().to_be_bytes(); let device_asn1_fwids: Vec<&Fwid> = device_fwids.iter().map(|f| &f.fwid).collect(); let device_info = TcbInfo { @@ -335,8 +335,8 @@ pub fn make_fmc_dice_tcb_info_ext( let fmc_asn1_fwids: Vec<&Fwid> = fmc_fwids.iter().map(|f| &f.fwid).collect(); let fmc_info = TcbInfo { - vendor: Some(asn1::Utf8String::new("Caliptra")), - model: Some(asn1::Utf8String::new("FMC")), + vendor: None, + model: None, version: None, svn: Some(wide_svn.into()), layer: None, @@ -362,8 +362,8 @@ pub fn make_rt_dice_tcb_info_ext(svn: u8, fwids: &[FwidParam]) -> X509Extension let asn1_fwids: Vec<&Fwid> = fwids.iter().map(|f| &f.fwid).collect(); let rt_info = TcbInfo { - vendor: Some(asn1::Utf8String::new("Caliptra")), - model: Some(asn1::Utf8String::new("RT")), + vendor: None, + model: None, version: None, svn: Some(wide_svn.into()), layer: None, @@ -421,6 +421,16 @@ pub fn get_tbs(der: Vec) -> Vec { pub fn init_param(needle: &[u8], haystack: &[u8], param: TbsParam) -> TbsParam { assert_eq!(needle.len(), param.len); eprintln!("{}", param.name); + // Throw an error if there are multiple instances of our "needle" + // This could lead to incorrect offsets in the cert template + if haystack.windows(param.len).filter(|w| *w == needle).count() > 1 { + panic!( + "Multiple instances of needle '{}' with value\n\n{}\n\nin haystack\n\n{}", + param.name, + needle.encode_hex::(), + haystack.encode_hex::() + ); + } let pos = haystack.windows(param.len).position(|w| w == needle); match pos {