-
Notifications
You must be signed in to change notification settings - Fork 6
feat(tbor): implement KeyReport command (attest a masked key) #537
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
vsonims
wants to merge
6
commits into
main
Choose a base branch
from
sd/key-report
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
7489029
feat(tbor): implement SdSealingKeyGen (masked sealing key)
vsonims 45bf781
feat(tbor): implement KeyReport command (attest a masked key)
vsonims 4cc00d2
Merge remote-tracking branch 'origin/main' into sd/key-report
Copilot 89144a9
refactor(tbor): share ecc_curve via from_pal helper; borrow report_data
vsonims 9d4c28f
fix(tbor): KeyReport response must not claim FIPS approval
vsonims c3ccfcf
test(tbor): KeyReport schema round-trip uses fips_approved=false
vsonims File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| // Copyright (c) Microsoft Corporation. | ||
| // Licensed under the MIT License. | ||
|
|
||
| //! Host-side wrapper for the TBOR `KeyReport` command. | ||
| //! | ||
| //! `KeyReport` is an **in-session** command that takes a **masked key** | ||
| //! (e.g. the `masked_key` returned by `SdSealingKeyGen`), unmasks it, | ||
| //! derives the attested key's public component on-device, and returns a | ||
| //! signed COSE_Sign1 key-attestation report over it. The report is signed | ||
| //! by the partition-identity (PID) key. | ||
| //! | ||
| //! The request carries the masked-key envelope to attest plus a | ||
| //! caller-supplied 128-byte `report_data` bound into the report payload. | ||
|
|
||
| use alloc::vec::Vec; | ||
|
|
||
| use crate::tbor; | ||
|
|
||
| /// TBOR opcode for `KeyReport`. | ||
| /// | ||
| /// `0x0A..=0x0F` are reserved by the Security-Domain backup schema family | ||
| /// (`SdCreateRemoteBackup` .. `SdRestorePeerBackup`), so `KeyReport` | ||
| /// takes the next free opcode, `0x10`. | ||
| pub const TBOR_OP_KEY_REPORT: u8 = 0x10; | ||
|
|
||
| /// Maximum wire length of the `masked_key` request buffer (a masked-key | ||
| /// AEAD envelope; the plaintext size depends on the key kind). | ||
| pub const KEY_REPORT_MASKED_KEY_MAX_LEN: usize = 512; | ||
|
|
||
| /// Length of the caller-supplied `report_data` bound into the report. | ||
| pub const KEY_REPORT_DATA_LEN: usize = 128; | ||
|
|
||
| /// Maximum wire length of the returned COSE_Sign1 `report`. | ||
| pub const KEY_REPORT_MAX_LEN: usize = 1024; | ||
|
|
||
| /// Host-facing TBOR `KeyReport` request. | ||
| #[tbor(opcode = TBOR_OP_KEY_REPORT, session_ctrl = in_session)] | ||
| #[derive(Debug, Clone, PartialEq, Eq)] | ||
| pub struct TborKeyReportReq { | ||
| /// Session id this request is bound to. Cross-checked against the | ||
| /// SQE-carried session id by the dispatcher. | ||
| #[tbor(session_id)] | ||
| pub session_id: u16, | ||
|
|
||
| /// The masked-key envelope to attest. Variable length up to | ||
| /// [`KEY_REPORT_MASKED_KEY_MAX_LEN`]. | ||
| #[tbor(max_len = 512)] | ||
| pub masked_key: Vec<u8>, | ||
|
|
||
| /// Caller-supplied [`KEY_REPORT_DATA_LEN`] (128 B) report data. | ||
| pub report_data: [u8; KEY_REPORT_DATA_LEN], | ||
| } | ||
|
|
||
| /// Host-facing TBOR `KeyReport` response. | ||
| #[tbor(response)] | ||
| #[derive(Debug, Clone, PartialEq, Eq)] | ||
| pub struct TborKeyReportResp { | ||
| /// The tagged COSE_Sign1 key-attestation report, signed by the PID | ||
| /// key. Variable length up to [`KEY_REPORT_MAX_LEN`]. | ||
| #[tbor(max_len = 1024)] | ||
| pub report: Vec<u8>, | ||
| } | ||
|
|
||
| #[cfg(test)] | ||
| mod tests { | ||
| use azihsm_ddi_tbor_types::TborOpReq; | ||
|
|
||
| use super::*; | ||
|
|
||
| #[test] | ||
| fn request_encodes_session_and_masked_key() { | ||
| let req = TborKeyReportReq { | ||
| session_id: 9, | ||
| masked_key: alloc::vec![0xCD; 180], | ||
| report_data: [0xAB; KEY_REPORT_DATA_LEN], | ||
| }; | ||
|
|
||
| let mut buf = [0u8; 1024]; | ||
| let frame = req.encode_request(&mut buf).expect("encode"); | ||
|
|
||
| // The masked-key bytes must appear in the encoded frame. | ||
| assert!( | ||
| frame.windows(4).any(|w| w == [0xCD; 4]), | ||
| "encoded frame must carry the masked key", | ||
| ); | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.