Merge branch 'main' into derivechild_support

Cargo.toml

@@ -0,0 +1,11 @@
+# Licensed under the Apache-2.0 license
+
+[workspace]
+
+members = [
+    "dpe",
+    "crypto",
+    "platform",
+    "simulator",
+    "tools",
+]

crypto/src/openssl.rs

@@ -20,7 +20,7 @@ impl From<ErrorStack> for CryptoError {
     fn from(e: ErrorStack) -> Self {
         // Just return the top error on the stack
         let s = e.errors();
-        let e_code = if s.len() > 0 {
+        let e_code = if !s.is_empty() {
             s[0].code().try_into().unwrap_or(0u32)
         } else {
             0u32
@@ -99,6 +99,12 @@ impl OpensslCrypto {
     }
 }
 
+impl Default for OpensslCrypto {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
 type OpensslCdi = Vec<u8>;
 
 type OpensslPrivKey = CryptoBuf;

dpe/fuzz/src/fuzz_target_1.rs

@@ -82,8 +82,6 @@ fn harness(data: &[u8]) {
         Response::Sign(ref res) => res.resp_hdr.status,
         Response::DestroyCtx(ref resp_hdr) => resp_hdr.status,
         Response::ExtendTci(ref res) => res.resp_hdr.status,
-        Response::TagTci(ref res) => res.resp_hdr.status,
-        Response::GetTaggedTci(ref res) => res.resp_hdr.status,
         Response::GetCertificateChain(ref res) => res.resp_hdr.status,
         Response::Error(ref resp_hdr) => resp_hdr.status,
     };

dpe/src/commands/destroy_context.rs

@@ -7,8 +7,7 @@ use crate::{
 };
 
 #[repr(C)]
-#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes)]
-#[cfg_attr(test, derive(zerocopy::AsBytes))]
+#[derive(Debug, PartialEq, Eq, zerocopy::FromBytes, zerocopy::AsBytes)]
 pub struct DestroyCtxCmd {
     pub handle: ContextHandle,
 }

dpe/src/commands/mod.rs

@@ -5,17 +5,15 @@ Abstract:
     DPE Commands and deserialization.
 --*/
 pub use self::derive_child::{DeriveChildCmd, DeriveChildFlags};
-pub(crate) use self::destroy_context::DestroyCtxCmd;
+pub use self::destroy_context::DestroyCtxCmd;
 pub use self::get_certificate_chain::GetCertificateChainCmd;
 pub use self::initialize_context::InitCtxCmd;
 
 pub use self::certify_key::{CertifyKeyCmd, CertifyKeyFlags};
 
 use self::extend_tci::ExtendTciCmd;
-use self::get_tagged_tci::GetTaggedTciCmd;
 pub use self::rotate_context::{RotateCtxCmd, RotateCtxFlags};
 pub use self::sign::{SignCmd, SignFlags};
-use self::tag_tci::TagTciCmd;
 
 use crate::{
     dpe_instance::{DpeEnv, DpeInstance, DpeTypes},
@@ -30,11 +28,9 @@ mod derive_child;
 mod destroy_context;
 mod extend_tci;
 mod get_certificate_chain;
-mod get_tagged_tci;
 mod initialize_context;
 mod rotate_context;
 mod sign;
-mod tag_tci;
 
 #[derive(Debug, PartialEq, Eq)]
 pub enum Command {
@@ -46,8 +42,6 @@ pub enum Command {
     RotateCtx(RotateCtxCmd),
     DestroyCtx(DestroyCtxCmd),
     ExtendTci(ExtendTciCmd),
-    TagTci(TagTciCmd),
-    GetTaggedTci(GetTaggedTciCmd),
     GetCertificateChain(GetCertificateChainCmd),
 }
 
@@ -61,8 +55,6 @@ impl Command {
     pub const DESTROY_CONTEXT: u32 = 0x0f;
     pub const GET_CERTIFICATE_CHAIN: u32 = 0x80;
     pub const EXTEND_TCI: u32 = 0x81;
-    pub const TAG_TCI: u32 = 0x82;
-    pub const GET_TAGGED_TCI: u32 = 0x83;
 
     /// Returns the command with its parameters given a slice of bytes.
     ///
@@ -85,8 +77,6 @@ impl Command {
                 Self::parse_command(Command::GetCertificateChain, bytes)
             }
             Command::EXTEND_TCI => Self::parse_command(Command::ExtendTci, bytes),
-            Command::TAG_TCI => Self::parse_command(Command::TagTci, bytes),
-            Command::GET_TAGGED_TCI => Self::parse_command(Command::GetTaggedTci, bytes),
             _ => Err(DpeErrorCode::InvalidCommand),
         }
     }
@@ -112,8 +102,6 @@ impl From<Command> for u32 {
             Command::RotateCtx(_) => Command::ROTATE_CONTEXT_HANDLE,
             Command::DestroyCtx(_) => Command::DESTROY_CONTEXT,
             Command::ExtendTci(_) => Command::EXTEND_TCI,
-            Command::TagTci(_) => Command::TAG_TCI,
-            Command::GetTaggedTci(_) => Command::GET_TAGGED_TCI,
             Command::GetCertificateChain(_) => Command::GET_CERTIFICATE_CHAIN,
         }
     }

dpe/src/commands/sign.rs

@@ -15,7 +15,7 @@ pub struct SignFlags(u32);
 
 bitflags! {
     impl SignFlags: u32 {
-        const IS_SYMMETRIC = 1u32 << 31;
+        const IS_SYMMETRIC = 1u32 << 30;
     }
 }
 
@@ -83,7 +83,7 @@ impl CommandExecution for SignCmd {
     ) -> Result<Response, DpeErrorCode> {
         // Make sure the operation is supported.
         if !dpe.support.is_symmetric() && self.uses_symmetric() {
-            return Err(DpeErrorCode::InvalidArgument);
+            return Err(DpeErrorCode::ArgumentNotSupported);
         }
 
         let idx = dpe.get_active_context_pos(&self.handle, locality)?;
@@ -190,7 +190,7 @@ mod tests {
 
         // Bad argument
         assert_eq!(
-            Err(DpeErrorCode::InvalidArgument),
+            Err(DpeErrorCode::ArgumentNotSupported),
             SignCmd {
                 handle: ContextHandle([0xff; ContextHandle::SIZE]),
                 label: TEST_LABEL,