From cf0bbde01f5e736daaa5e834e7b1786404eb2f70 Mon Sep 17 00:00:00 2001 From: Vishal Mhatre Date: Sun, 17 Nov 2024 12:21:29 -0800 Subject: [PATCH] [feat] ROM ALIAS FMC DICE changes for MLDSA support --- rom/dev/src/flow/cold_reset/fmc_alias.rs | 56 ++++++++++++++++-------- test/src/derive.rs | 16 +++---- 2 files changed, 45 insertions(+), 27 deletions(-) diff --git a/rom/dev/src/flow/cold_reset/fmc_alias.rs b/rom/dev/src/flow/cold_reset/fmc_alias.rs index e6a02bdeb7..5b1105e2b5 100644 --- a/rom/dev/src/flow/cold_reset/fmc_alias.rs +++ b/rom/dev/src/flow/cold_reset/fmc_alias.rs @@ -48,10 +48,15 @@ impl FmcAliasLayer { ) -> CaliptraResult<()> { cprintln!("[afmc] ++"); cprintln!("[afmc] CDI.KEYID = {}", KEY_ID_ROM_FMC_CDI as u8); - cprintln!("[afmc] SUBJECT.KEYID = {}", KEY_ID_FMC_ECDSA_PRIV_KEY as u8); cprintln!( - "[afmc] ECC AUTHORITY.KEYID = {}", - input.ecc_auth_key_pair.priv_key as u8 + "[afmc] ECC SUBJECT.KEYID = {}, MLDSA SUBJECT.KEYID = {}", + KEY_ID_FMC_ECDSA_PRIV_KEY as u8, + KEY_ID_FMC_MLDSA_KEYPAIR_SEED as u8 + ); + cprintln!( + "[afmc] ECC AUTHORITY.KEYID = {}, MLDSA AUTHORITY.KEYID = {}", + input.ecc_auth_key_pair.priv_key as u8, + input.mldsa_auth_key_pair.key_pair_seed as u8 ); // We use the value of PCR0 as the measurement for deriving the CDI. @@ -62,18 +67,24 @@ impl FmcAliasLayer { measurement.0.zeroize(); result?; - // Derive DICE Key Pair from CDI - let ecc_key_pair = - Self::derive_key_pair(env, KEY_ID_ROM_FMC_CDI, KEY_ID_FMC_ECDSA_PRIV_KEY)?; + // Derive DICE ECC and MLDSA Key Pairs from CDI + let (ecc_key_pair, mldsa_key_pair) = Self::derive_key_pair( + env, + KEY_ID_ROM_FMC_CDI, + KEY_ID_FMC_ECDSA_PRIV_KEY, + KEY_ID_FMC_MLDSA_KEYPAIR_SEED, + )?; // Generate the Subject Serial Number and Subject Key Identifier. // // This information will be used by next DICE Layer while generating // certificates let ecc_subj_sn = X509::subj_sn(env, &PubKey::Ecc(&ecc_key_pair.pub_key))?; + let mldsa_subj_sn = X509::subj_sn(env, &PubKey::Mldsa(&mldsa_key_pair.pub_key))?; report_boot_status(FmcAliasSubjIdSnGenerationComplete.into()); let ecc_subj_key_id = X509::subj_key_id(env, &PubKey::Ecc(&ecc_key_pair.pub_key))?; + let mldsa_subj_key_id = X509::subj_key_id(env, &PubKey::Mldsa(&mldsa_key_pair.pub_key))?; report_boot_status(FmcAliasSubjKeyIdGenerationComplete.into()); // Generate the output for next layer @@ -81,12 +92,9 @@ impl FmcAliasLayer { ecc_subj_key_pair: ecc_key_pair, ecc_subj_sn, ecc_subj_key_id, - mldsa_subj_key_id: [0; 20], - mldsa_subj_key_pair: MlDsaKeyPair { - key_pair_seed: KEY_ID_FMC_MLDSA_KEYPAIR_SEED, - pub_key: Default::default(), - }, - mldsa_subj_sn: [0; 64], + mldsa_subj_key_pair: mldsa_key_pair, + mldsa_subj_sn, + mldsa_subj_key_id, }; // Generate FMC Alias Certificate @@ -111,7 +119,7 @@ impl FmcAliasLayer { fn derive_cdi(env: &mut RomEnv, measurements: &Array4x12, cdi: KeyId) -> CaliptraResult<()> { let mut measurements: [u8; 48] = measurements.into(); - let result = Crypto::hmac384_kdf(env, cdi, b"fmc_alias_cdi", Some(&measurements), cdi); + let result = Crypto::hmac384_kdf(env, cdi, b"alias_fmc_cdi", Some(&measurements), cdi); measurements.zeroize(); result?; report_boot_status(FmcAliasDeriveCdiComplete.into()); @@ -124,7 +132,8 @@ impl FmcAliasLayer { /// /// * `env` - ROM Environment /// * `cdi` - Composite Device Identity - /// * `priv_key` - Key slot to store the private key into + /// * `ecc_priv_key` - Key slot to store the ECC private key into + /// * `mldsa_keypair_seed` - Key slot to store the MLDSA key pair seed /// /// # Returns /// @@ -133,16 +142,23 @@ impl FmcAliasLayer { fn derive_key_pair( env: &mut RomEnv, cdi: KeyId, - priv_key: KeyId, - ) -> CaliptraResult { - let result = Crypto::ecc384_key_gen(env, cdi, b"fmc_alias_keygen", priv_key); + ecc_priv_key: KeyId, + mldsa_keypair_seed: KeyId, + ) -> CaliptraResult<(Ecc384KeyPair, MlDsaKeyPair)> { + let result = Crypto::ecc384_key_gen(env, cdi, b"alias_fmc_ecc_key", ecc_priv_key); if cfi_launder(result.is_ok()) { cfi_assert!(result.is_ok()); - report_boot_status(FmcAliasKeyPairDerivationComplete.into()); } else { cfi_assert!(result.is_err()); } - result + let ecc_keypair = result?; + + // Derive the MLDSA Key Pair. + let mldsa_key_pair = + Crypto::mldsa_key_gen(env, cdi, b"alias_fmc_mldsa_key", mldsa_keypair_seed)?; + + report_boot_status(FmcAliasKeyPairDerivationComplete.into()); + Ok((ecc_keypair, mldsa_key_pair)) } /// Generate Local Device ID Certificate Signature @@ -240,6 +256,8 @@ impl FmcAliasLayer { // Copy TBS to DCCM. copy_tbs(tbs.tbs(), TbsType::FmcaliasTbs, env)?; + // [CAP2][TODO] Generate MLDSA certificate signature, TBS. + report_boot_status(FmcAliasCertSigGenerationComplete.into()); Ok(()) } diff --git a/test/src/derive.rs b/test/src/derive.rs index 946007db33..964375b3b3 100644 --- a/test/src/derive.rs +++ b/test/src/derive.rs @@ -420,14 +420,14 @@ impl FmcAliasKey { pub fn derive(pcr0: &Pcr0, ldevid: &LDevId) -> Self { let mut cdi: [u32; 12] = transmute!(hmac384_kdf( swap_word_bytes(&ldevid.cdi).as_bytes(), - b"fmc_alias_cdi", + b"alias_fmc_cdi", Some(swap_word_bytes(&pcr0.0).as_bytes()), )); swap_word_bytes_inplace(&mut cdi); let mut priv_key_seed: [u32; 12] = transmute!(hmac384_kdf( swap_word_bytes(&cdi).as_bytes(), - b"fmc_alias_keygen", + b"alias_fmc_ecc_key", None )); swap_word_bytes_inplace(&mut priv_key_seed); @@ -519,13 +519,13 @@ fn test_derive_fmc_alias_key() { assert_eq!( fmc_alias_key, FmcAliasKey { - cdi: [ - 0xf4fb8b09, 0xc9233adb, 0x3dfade39, 0xb656f0ef, 0x151404dc, 0xf4fe787a, 0x0664baea, - 0xe9d2de59, 0x22401c7c, 0x59087111, 0xd3aeb5b1, 0x368742da - ], priv_key: [ - 0x81a4f53c, 0xeb0749ca, 0x77b0fe32, 0x33fd9798, 0x7412f652, 0xded8f8a5, 0x39a9ebbd, - 0x75ce2870, 0xb5f62bb3, 0x25376504, 0xa34f286c, 0x849ea86c, + 0xB0490161, 0xA1D2393A, 0x752E2F60, 0x4BB9A01E, 0x293B9E47, 0x61698007, 0x2CED9BAF, + 0x1F828679, 0xCB5054CD, 0xFD0EB072, 0x8D6BE59F, 0x75C55332 + ], + cdi: [ + 0xCEAA7956, 0x4E5A8809, 0x7F1BF1B8, 0xA3A9C903, 0x37B4335F, 0xEA8A93D2, 0x5D02F1BF, + 0x16B1A537, 0xFE5DB006, 0xD8427583, 0x72C836F1, 0x9BE74AF5, ], } );