openhcl_attestation_protocol/
vmgs.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

//! Include modules that define the data structures of VMGS entries.

use zerocopy::FromBytes;
use zerocopy::Immutable;
use zerocopy::IntoBytes;
use zerocopy::KnownLayout;

/// Number of the key protector entries.
/// One for ingress, and one for egress
pub const NUMBER_KP: usize = 2;

/// DEK buffer size
pub const DEK_BUFFER_SIZE: usize = 512;

/// GSP buffer size
pub const GSP_BUFFER_SIZE: usize = 512;

/// Size of the `FileId::KEY_PROTECTOR` VMGS file entry.
pub const KEY_PROTECTOR_SIZE: usize = size_of::<KeyProtector>();

/// DEK key protector entry.
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct DekKp {
    /// DEK buffer
    pub dek_buffer: [u8; DEK_BUFFER_SIZE],
}

/// GSP key protector entry.
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct GspKp {
    /// GSP data size
    pub gsp_length: u32,
    /// GSP buffer
    pub gsp_buffer: [u8; GSP_BUFFER_SIZE],
}

/// The data format of the `FileId::KEY_PROTECTOR` entry in the VMGS file.
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct KeyProtector {
    /// Array of DEK entries
    pub dek: [DekKp; NUMBER_KP],
    /// Array of GSP entries
    pub gsp: [GspKp; NUMBER_KP],
    /// Index of the activate entry
    pub active_kp: u32,
}

/// The data format of the host/fabric-provided key protector.
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct KeyProtectorById {
    /// Id
    pub id_guid: guid::Guid,
    /// Ported (boolean)
    pub ported: u8,
    /// Padding
    pub pad: [u8; 3],
}

/// Maximum size of the `agent_data`.
pub const AGENT_DATA_MAX_SIZE: usize = 2048;

/// The data format of the `FileId::ATTEST` entry in the VMGS file.
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct SecurityProfile {
    /// the agent data used during attestation requests
    pub agent_data: [u8; AGENT_DATA_MAX_SIZE],
}

/// The header, IV, and last 256 bits of HMAC are fixed for this version.
/// The ciphertext is allowed to grow, though secrets should stay
/// in the same position to allow downlevel versions to continue to understand
/// that portion of the data.
pub const HW_KEY_VERSION: u32 = 1; // using AES-CBC-HMAC-SHA256

/// The size of the `FileId::HW_KEY_PROTECTOR` entry in the VMGS file.
pub const HW_KEY_PROTECTOR_SIZE: usize = size_of::<HardwareKeyProtector>();

/// AES-GCM key size
pub const AES_GCM_KEY_LENGTH: usize = 32;

/// AES-CBC key size
pub const AES_CBC_KEY_LENGTH: usize = AES_GCM_KEY_LENGTH;

/// AES-CVC IV size
pub const AES_CBC_IV_LENGTH: usize = 16;

/// HACK-SHA-256 key size
pub const HMAC_SHA_256_KEY_LENGTH: usize = 32;

/// The header of [`HardwareKeyProtector`].
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct HardwareKeyProtectorHeader {
    /// Version of the format
    pub version: u32,
    /// Size of the [`HardwareKeyProtector`] data blob
    pub length: u32,
    /// TCB version obtained from the hardware
    pub tcb_version: u64,
    /// Reserved
    pub _reserved: [u8; 8],
}

impl HardwareKeyProtectorHeader {
    /// Create a `HardwareKeyProtectorHeader` instance.
    pub fn new(version: u32, length: u32, tcb_version: u64) -> Self {
        Self {
            version,
            length,
            tcb_version,
            _reserved: [0u8; 8],
        }
    }
}

/// The data format of the `FileId::HW_KEY_PROTECTOR` entry in the VMGS file.
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct HardwareKeyProtector {
    /// Header
    pub header: HardwareKeyProtectorHeader,
    /// Random IV for AES-CBC
    pub iv: [u8; AES_CBC_IV_LENGTH],
    /// Encrypted key
    pub ciphertext: [u8; AES_GCM_KEY_LENGTH],
    /// HMAC-SHA-256 of [`header`, `iv`, `ciphertext`]
    pub hmac: [u8; HMAC_SHA_256_KEY_LENGTH],
}

/// Maximum size of the `guest_secret_key`.
pub const GUEST_SECRET_KEY_MAX_SIZE: usize = 2048;

/// The data format of the `FileId::GUEST_SECRET_KEY` entry in the VMGS file.
#[repr(C)]
#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
pub struct GuestSecretKey {
    /// the guest secret key to be provisioned to vTPM
    pub guest_secret_key: [u8; GUEST_SECRET_KEY_MAX_SIZE],
}