chipsalliance · clundin25 · Jan 27, 2025 · Jan 15, 2025
diff --git a/crypto/src/lib.rs b/crypto/src/lib.rs
@@ -25,6 +25,9 @@ pub use rand::*;
 mod hkdf;
 mod signer;
 
+pub const MAX_EXPORTED_CDI_SIZE: usize = 32;
+pub type ExportedCdiHandle = [u8; MAX_EXPORTED_CDI_SIZE];
+
 #[derive(Debug, Clone, Copy)]
 #[cfg_attr(test, derive(strum_macros::EnumIter))]
 pub enum AlgLen {
@@ -54,6 +57,9 @@ pub enum CryptoError {
     Size = 0x3,
     NotImplemented = 0x4,
     HashError(u32) = 0x5,
+    InvalidExportedCdiHandle = 0x6,
+    ExportedCdiHandleDuplicateCdi = 0x7,
+    ExportedCdiHandleLimitExceeded = 0x8,
 }
 
 impl CryptoError {
@@ -66,11 +72,14 @@ impl CryptoError {
 
     pub fn get_error_detail(&self) -> Option<u32> {
         match self {
-            CryptoError::AbstractionLayer(code) => Some(*code),
-            CryptoError::CryptoLibError(code) => Some(*code),
-            CryptoError::Size => None,
-            CryptoError::NotImplemented => None,
-            CryptoError::HashError(code) => Some(*code),
+            CryptoError::AbstractionLayer(code)
+            | CryptoError::CryptoLibError(code)
+            | CryptoError::HashError(code) => Some(*code),
+            CryptoError::Size
+            | CryptoError::InvalidExportedCdiHandle
+            | CryptoError::ExportedCdiHandleLimitExceeded
+            | CryptoError::ExportedCdiHandleDuplicateCdi
+            | CryptoError::NotImplemented => None,
         }
     }
 }
@@ -182,7 +191,7 @@ pub trait Crypto {
         algs: AlgLen,
         measurement: &Digest,
         info: &[u8],
-    ) -> Result<Self::Cdi, CryptoError>;
+    ) -> Result<ExportedCdiHandle, CryptoError>;
 
     /// CFI wrapper around derive_cdi
     ///
@@ -206,7 +215,7 @@ pub trait Crypto {
         algs: AlgLen,
         measurement: &Digest,
         info: &[u8],
-    ) -> Result<Self::Cdi, CryptoError>;
+    ) -> Result<ExportedCdiHandle, CryptoError>;
 
     /// Derives a key pair using a cryptographically secure KDF
     ///
@@ -230,14 +239,15 @@ pub trait Crypto {
     /// # Arguments
     ///
     /// * `algs` - Which length of algorithms to use.
-    /// * `cdi` - Caller-supplied private key to use in public key derivation
+    /// * `exported_handle` - The handle associated with an existing CDI. Created by
+    /// `derive_cdi_exported`
     /// * `label` - Caller-supplied label to use in asymmetric key derivation
     /// * `info` - Caller-supplied info string to use in asymmetric key derivation
     ///
     fn derive_key_pair_exported(
         &mut self,
         algs: AlgLen,
-        cdi: &Self::Cdi,
+        exported_handle: &ExportedCdiHandle,
         label: &[u8],
         info: &[u8],
     ) -> Result<(Self::PrivKey, EcdsaPub), CryptoError>;
@@ -263,7 +273,7 @@ pub trait Crypto {
     fn __cfi_derive_key_pair_exported(
         &mut self,
         algs: AlgLen,
-        cdi: &Self::Cdi,
+        exported_handle: &ExportedCdiHandle,
         label: &[u8],
         info: &[u8],
     ) -> Result<(Self::PrivKey, EcdsaPub), CryptoError>;

diff --git a/crypto/src/openssl.rs b/crypto/src/openssl.rs
@@ -1,6 +1,9 @@
 // Licensed under the Apache-2.0 license
 
-use crate::{hkdf::*, AlgLen, Crypto, CryptoBuf, CryptoError, Digest, EcdsaPub, Hasher};
+use crate::{
+    hkdf::*, AlgLen, Crypto, CryptoBuf, CryptoError, Digest, EcdsaPub, ExportedCdiHandle, Hasher,
+    MAX_EXPORTED_CDI_SIZE,
+};
 #[cfg(not(feature = "no-cfi"))]
 use caliptra_cfi_derive_git::cfi_impl_fn;
 use openssl::{
@@ -41,23 +44,36 @@ impl Hasher for OpensslHasher {
     }
 }
 
+// Currently only supports one CDI handle but in the future we may want to support multiple.
+const MAX_CDI_HANDLES: usize = 1;
+
 #[cfg(feature = "deterministic_rand")]
-pub struct OpensslCrypto(StdRng);
+pub struct OpensslCrypto {
+    rng: StdRng,
+    export_cdi_slots: Vec<(<OpensslCrypto as Crypto>::Cdi, ExportedCdiHandle)>,
+}
 
 #[cfg(not(feature = "deterministic_rand"))]
-pub struct OpensslCrypto;
+pub struct OpensslCrypto {
+    export_cdi_slots: Vec<(<OpensslCrypto as Crypto>::Cdi, ExportedCdiHandle)>,
+}
 
 impl OpensslCrypto {
     #[cfg(feature = "deterministic_rand")]
     pub fn new() -> Self {
         const SEED: [u8; 32] = [1; 32];
         let seeded_rng = StdRng::from_seed(SEED);
-        OpensslCrypto(seeded_rng)
+        Self {
+            rng: seeded_rng,
+            export_cdi_slots: Vec::new(),
+        }
     }
 
     #[cfg(not(feature = "deterministic_rand"))]
     pub fn new() -> Self {
-        Self {}
+        Self {
+            export_cdi_slots: Vec::new(),
+        }
     }
 
     fn get_digest(algs: AlgLen) -> MessageDigest {
@@ -141,7 +157,7 @@ impl Crypto for OpensslCrypto {
 
     #[cfg(feature = "deterministic_rand")]
     fn rand_bytes(&mut self, dst: &mut [u8]) -> Result<(), CryptoError> {
-        StdRng::fill_bytes(&mut self.0, dst);
+        StdRng::fill_bytes(&mut self.rng, dst);
         Ok(())
     }
 
@@ -172,9 +188,23 @@ impl Crypto for OpensslCrypto {
         algs: AlgLen,
         measurement: &Digest,
         info: &[u8],
-    ) -> Result<Self::Cdi, CryptoError> {
+    ) -> Result<ExportedCdiHandle, CryptoError> {
         let cdi = hkdf_derive_cdi(algs, measurement, info)?;
-        Ok(cdi)
+
+        for (stored_cdi, _) in self.export_cdi_slots.iter() {
+            if *stored_cdi == cdi {
+                return Err(CryptoError::ExportedCdiHandleDuplicateCdi);
+            }
+        }
+
+        if self.export_cdi_slots.len() >= MAX_CDI_HANDLES {
+            return Err(CryptoError::ExportedCdiHandleLimitExceeded);
+        }
+
+        let mut exported_cdi_handle = [0; MAX_EXPORTED_CDI_SIZE];
+        self.rand_bytes(&mut exported_cdi_handle)?;
+        self.export_cdi_slots.push((cdi, exported_cdi_handle));
+        Ok(exported_cdi_handle)
     }
 
     #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
@@ -192,11 +222,20 @@ impl Crypto for OpensslCrypto {
     fn derive_key_pair_exported(
         &mut self,
         algs: AlgLen,
-        cdi: &Self::Cdi,
+        exported_handle: &ExportedCdiHandle,
         label: &[u8],
         info: &[u8],
     ) -> Result<(Self::PrivKey, EcdsaPub), CryptoError> {
-        self.derive_key_pair_inner(algs, cdi, label, info)
+        let cdi = {
+            let mut cdi = None;
+            for (stored_cdi, stored_handle) in self.export_cdi_slots.iter() {
+                if stored_handle == exported_handle {
+                    cdi = Some(stored_cdi.clone());
+                }
+            }
+            cdi.ok_or(CryptoError::InvalidExportedCdiHandle)
+        }?;
+        self.derive_key_pair_inner(algs, &cdi, label, info)
     }
 
     fn ecdsa_sign_with_alias(

diff --git a/crypto/src/rustcrypto.rs b/crypto/src/rustcrypto.rs
@@ -1,6 +1,9 @@
 // Licensed under the Apache-2.0 license
 
-use crate::{hkdf::*, AlgLen, Crypto, CryptoBuf, CryptoError, Digest, EcdsaPub, EcdsaSig, Hasher};
+use crate::{
+    hkdf::*, AlgLen, Crypto, CryptoBuf, CryptoError, Digest, EcdsaPub, EcdsaSig, ExportedCdiHandle,
+    Hasher, MAX_EXPORTED_CDI_SIZE,
+};
 use core::ops::Deref;
 use ecdsa::{signature::hazmat::PrehashSigner, Signature};
 use p256::NistP256;
@@ -54,18 +57,31 @@ impl Hasher for RustCryptoHasher {
     }
 }
 
-pub struct RustCryptoImpl(StdRng);
+// Currently only supports one CDI handle but in the future we may want to support multiple.
+const MAX_CDI_HANDLES: usize = 1;
+
+pub struct RustCryptoImpl {
+    rng: StdRng,
+    export_cdi_slots: Vec<(<RustCryptoImpl as Crypto>::Cdi, ExportedCdiHandle)>,
+}
+
 impl RustCryptoImpl {
     #[cfg(not(feature = "deterministic_rand"))]
     pub fn new() -> Self {
-        RustCryptoImpl(StdRng::from_entropy())
+        Self {
+            rng: StdRng::from_entropy(),
+            export_cdi_slots: Vec::new(),
+        }
     }
 
     #[cfg(feature = "deterministic_rand")]
     pub fn new() -> Self {
         const SEED: [u8; 32] = [1; 32];
         let seeded_rng = StdRng::from_seed(SEED);
-        RustCryptoImpl(seeded_rng)
+        Self {
+            rng: seeded_rng,
+            export_cdi_slots: Vec::new(),
+        }
     }
 
     fn derive_key_pair_inner(
@@ -114,7 +130,7 @@ impl Crypto for RustCryptoImpl {
     }
 
     fn rand_bytes(&mut self, dst: &mut [u8]) -> Result<(), CryptoError> {
-        StdRng::fill_bytes(&mut self.0, dst);
+        StdRng::fill_bytes(&mut self.rng, dst);
         Ok(())
     }
 
@@ -134,9 +150,23 @@ impl Crypto for RustCryptoImpl {
         algs: AlgLen,
         measurement: &Digest,
         info: &[u8],
-    ) -> Result<Self::Cdi, CryptoError> {
+    ) -> Result<ExportedCdiHandle, CryptoError> {
         let cdi = hkdf_derive_cdi(algs, measurement, info)?;
-        Ok(cdi)
+
+        for (stored_cdi, _) in self.export_cdi_slots.iter() {
+            if *stored_cdi == cdi {
+                return Err(CryptoError::ExportedCdiHandleDuplicateCdi);
+            }
+        }
+
+        if self.export_cdi_slots.len() >= MAX_CDI_HANDLES {
+            return Err(CryptoError::ExportedCdiHandleLimitExceeded);
+        }
+
+        let mut exported_cdi_handle = [0; MAX_EXPORTED_CDI_SIZE];
+        self.rand_bytes(&mut exported_cdi_handle)?;
+        self.export_cdi_slots.push((cdi, exported_cdi_handle));
+        Ok(exported_cdi_handle)
     }
 
     #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
@@ -154,11 +184,20 @@ impl Crypto for RustCryptoImpl {
     fn derive_key_pair_exported(
         &mut self,
         algs: AlgLen,
-        cdi: &Self::Cdi,
+        exported_handle: &ExportedCdiHandle,
         label: &[u8],
         info: &[u8],
     ) -> Result<(Self::PrivKey, EcdsaPub), CryptoError> {
-        self.derive_key_pair_inner(algs, cdi, label, info)
+        let cdi = {
+            let mut cdi = None;
+            for (stored_cdi, stored_handle) in self.export_cdi_slots.iter() {
+                if stored_handle == exported_handle {
+                    cdi = Some(stored_cdi.clone());
+                }
+            }
+            cdi.ok_or(CryptoError::InvalidExportedCdiHandle)
+        }?;
+        self.derive_key_pair_inner(algs, &cdi, label, info)
     }
 
     fn ecdsa_sign_with_alias(

diff --git a/dpe/src/commands/certify_key.rs b/dpe/src/commands/certify_key.rs
@@ -97,7 +97,9 @@ impl CommandExecution for CertifyKeyCmd {
         };
         let mut cert = [0; MAX_CERT_SIZE];
 
-        let CreateDpeCertResult { cert_size, pub_key } = match self.format {
+        let CreateDpeCertResult {
+            cert_size, pub_key, ..
+        } = match self.format {
             Self::FORMAT_X509 => {
                 cfg_if! {
                     if #[cfg(not(feature = "disable_x509"))] {

diff --git a/dpe/src/commands/derive_context.rs b/dpe/src/commands/derive_context.rs
@@ -8,15 +8,14 @@ use crate::{
     },
     tci::TciMeasurement,
     x509::{create_exported_dpe_cert, CreateDpeCertArgs, CreateDpeCertResult},
-    DPE_PROFILE, MAX_CERT_SIZE, MAX_EXPORTED_CDI_SIZE,
+    DPE_PROFILE, MAX_CERT_SIZE,
 };
 use bitflags::bitflags;
 #[cfg(not(feature = "no-cfi"))]
 use caliptra_cfi_derive_git::cfi_impl_fn;
 #[cfg(not(feature = "no-cfi"))]
 use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
 use cfg_if::cfg_if;
-use crypto::Crypto;
 
 #[repr(C)]
 #[derive(
@@ -300,19 +299,15 @@ impl CommandExecution for DeriveContextCmd {
         } else if self.creates_certificate() && self.exports_cdi() {
             cfg_if! {
                 if #[cfg(not(feature = "disable_export_cdi"))] {
-                    let mut exported_cdi_handle = [0; MAX_EXPORTED_CDI_SIZE];
-                    env.crypto
-                        .rand_bytes(&mut exported_cdi_handle)
-                        .map_err(DpeErrorCode::Crypto)?;
                     let args = CreateDpeCertArgs {
                         handle: &self.handle,
                         locality,
                         cdi_label: b"Exported CDI",
                         key_label: b"Exported ECC",
-                        context: &exported_cdi_handle,
+                        context: b"Exported ECC",
                     };
                     let mut cert = [0; MAX_CERT_SIZE];
-                    let CreateDpeCertResult { cert_size, .. } = create_exported_dpe_cert(
+                    let CreateDpeCertResult { cert_size, exported_cdi_handle, .. } = create_exported_dpe_cert(
                         &args,
                         dpe,
                         env,
@@ -422,7 +417,7 @@ mod tests {
         context::ContextType,
         dpe_instance::tests::{TestTypes, RANDOM_HANDLE, SIMULATION_HANDLE, TEST_LOCALITIES},
         support::Support,
-        DpeProfile, MAX_HANDLES,
+        DpeProfile, MAX_EXPORTED_CDI_SIZE, MAX_HANDLES,
     };
     use caliptra_cfi_lib_git::CfiCounter;
     use crypto::{Crypto, Hasher, OpensslCrypto};

diff --git a/dpe/src/lib.rs b/dpe/src/lib.rs
@@ -25,7 +25,7 @@ pub mod x509;
 
 use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
 
-const MAX_EXPORTED_CDI_SIZE: usize = 32;
+pub use crypto::{ExportedCdiHandle, MAX_EXPORTED_CDI_SIZE};
 
 // Max cert size returned by CertifyKey
 const MAX_CERT_SIZE: usize = 6144;