attest: Add function to record a measurement observed by the platform.

This function is *not* idempotent: if the 'record' function is called
with the same parameters repeatedly the measurement log will eventually
fill up resulting in an error. The measurement log is just an array of
measurements (aka [u8; 32]) that is managed in an ArrayVec. The 'record'
function takes an enum parameter identifying the hash algorithm and a
lease holding the digest. We pass the digest as a lease partially because
humility / hiffy can't pass arbitrary arrays as parameters, but also
because it's possible that in the future we'll need to support digests
with varying lengths.

Cargo.toml

@@ -30,6 +30,7 @@ path = "sys/abi"
 
 [workspace.dependencies]
 anyhow = { version = "1.0.31", default-features = false, features = ["std"] }
+arrayvec = { version = "0.7.4", default-features = false }
 atty = { version = "0.2", default-features = false }
 bitfield = { version = "0.13", default-features = false }
 bitflags = { version = "1.2.1", default-features = false }
@@ -46,6 +47,7 @@ cortex-m = { version = "0.7", default-features = false, features = ["inline-asm"
 cortex-m-rt = { version = "0.6.12", default-features = false }
 cortex-m-semihosting = { version = "0.5.0", default-features = false }
 crc = { version = "3.0.0", default-features = false }
+crypto-common = { version = "0.1.6", default-features = false }
 ctrlc = { version = "3.1.5", default-features = false }
 derive_more = { version = "0.99", default-features = false, features = ["from", "into"] }
 digest = { version = "0.10", default-features = false }

app/lpc55xpresso/app-sprot.toml

@@ -211,8 +211,8 @@ pins = [
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 12512, ram = 16384}
-stacksize = 9000
+max-sizes = {flash = 13600, ram = 16384}
+stacksize = 9304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/lpc55xpresso/app.toml

@@ -141,8 +141,8 @@ extern-regions = ["sram2"]
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 12256, ram = 16384}
-stacksize = 9000
+max-sizes = {flash = 13600, ram = 16384}
+stacksize = 9304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/oxide-rot-1/app-dev.toml

@@ -158,8 +158,8 @@ binary_path = "../../target/gimlet-c/dist/default/final.bin"
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 12512, ram = 16384}
-stacksize = 9000
+max-sizes = {flash = 13600, ram = 16384}
+stacksize = 9304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/oxide-rot-1/app.toml

@@ -137,8 +137,8 @@ task-slots = ["swd"]
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 12256, ram = 16384}
-stacksize = 9000
+max-sizes = {flash = 13600, ram = 16384}
+stacksize = 9304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/rot-carrier/app.toml

@@ -204,8 +204,8 @@ binary_path = "../../target/gemini-bu/dist/final.bin"
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 12256, ram = 16384}
-stacksize = 9000
+max-sizes = {flash = 13600, ram = 16384}
+stacksize = 9304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

idl/attest.idol

@@ -40,6 +40,20 @@ Interface(
             ),
             encoding: Hubpack,
             idempotent: true,
-        )
+        ),
+        "record": (
+            doc: "Record a measurment",
+            args: {
+                "algorithm": "HashAlgorithm",
+            },
+            leases: {
+                "data": (type: "[u8]", read: true),
+            },
+            reply: Result(
+                ok: "()",
+                err: Complex("AttestError"),
+            ),
+            encoding: Hubpack,
+        ),
     }
 )

task/attest-api/src/lib.rs

@@ -18,6 +18,23 @@ pub enum AttestError {
     InvalidCertIndex,
     NoCerts,
     OutOfRange,
+    MeasurementLogFull,
+    TaskRestarted,
+    BadLease,
+    UnsupportedAlgorithm,
+}
+
+impl From<idol_runtime::ServerDeath> for AttestError {
+    fn from(_: idol_runtime::ServerDeath) -> Self {
+        AttestError::TaskRestarted
+    }
+}
+
+#[derive(
+    Copy, Clone, Debug, Deserialize, Eq, PartialEq, Serialize, SerializedSize,
+)]
+pub enum HashAlgorithm {
+    Sha3_256,
 }
 
 include!(concat!(env!("OUT_DIR"), "/client_stub.rs"));

task/attest/Cargo.toml

@@ -4,6 +4,8 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+arrayvec.workspace = true
+crypto-common = { workspace = true }
 lib-dice = { path = "../../lib/dice" }
 hubpack = { workspace = true }
 idol-runtime = { workspace = true }
@@ -12,6 +14,7 @@ ringbuf = { path = "../../lib/ringbuf" }
 serde = { workspace = true }
 stage0-handoff = { path = "../../lib/stage0-handoff" }
 attest-api = { path = "../attest-api" }
+sha3 = { workspace = true }
 unwrap-lite = { path = "../../lib/unwrap-lite" }
 userlib = { path = "../../sys/userlib", features = ["panic-messages"] }
 zerocopy = { workspace = true }

task/attest/src/main.rs

@@ -11,14 +11,17 @@
 
 mod config;
 
-use attest_api::AttestError;
+use arrayvec::ArrayVec;
+use attest_api::{AttestError, HashAlgorithm};
 use config::DataRegion;
 use core::slice;
+use crypto_common::{typenum::Unsigned, OutputSizeUser};
 use hubpack::SerializedSize;
 use idol_runtime::{ClientError, Leased, RequestError, W};
 use lib_dice::{AliasData, CertData};
 use ringbuf::{ringbuf, ringbuf_entry};
 use serde::Deserialize;
+use sha3::Sha3_256Core;
 use stage0_handoff::{HandoffData, HandoffDataLoadError};
 use zerocopy::AsBytes;
 
@@ -42,6 +45,8 @@ enum Trace {
     Index(u32),
     Offset(u32),
     Startup,
+    Record(HashAlgorithm),
+    BadLease(usize),
     None,
 }
 
@@ -70,16 +75,57 @@ fn load_data_from_region<
     }
 }
 
+// the size of the measurements we record
+// NOTE: the rust crypto digest traits don't expose consts for the lengths
+// of various hash functions
+const SHA3_256_DIGEST_SIZE: usize =
+    <Sha3_256Core as OutputSizeUser>::OutputSize::USIZE;
+
+// the number of Measurements we can record
+const CAPACITY: usize = 16;
+
+#[derive(Clone, Copy, Debug, PartialEq)]
+struct Digest<const N: usize>([u8; N]);
+
+#[derive(Clone, Copy, Debug, PartialEq)]
+enum Measurement {
+    Sha3_256(Digest<SHA3_256_DIGEST_SIZE>),
+}
+
+impl Measurement {
+    fn new(
+        algorithm: HashAlgorithm,
+        data: idol_runtime::Leased<idol_runtime::R, [u8]>,
+    ) -> Result<Self, RequestError<AttestError>> {
+        Ok(match algorithm {
+            HashAlgorithm::Sha3_256 => {
+                if data.len() != SHA3_256_DIGEST_SIZE {
+                    ringbuf_entry!(Trace::BadLease(data.len()));
+                    return Err(AttestError::BadLease.into());
+                }
+
+                let mut digest = Digest([0u8; SHA3_256_DIGEST_SIZE]);
+                data.read_range(0..digest.0.len(), &mut digest.0)
+                    .map_err(|_| RequestError::went_away())?;
+
+                Measurement::Sha3_256(digest)
+            }
+        })
+    }
+}
+
 struct AttestServer {
     alias_data: Option<AliasData>,
     cert_data: Option<CertData>,
+    measurements: ArrayVec<Measurement, CAPACITY>,
 }
 
 impl Default for AttestServer {
     fn default() -> Self {
         Self {
             alias_data: load_data_from_region(&ALIAS_DATA),
             cert_data: load_data_from_region(&CERT_DATA),
+            measurements: ArrayVec::<Measurement, CAPACITY>::new(),
         }
     }
 }
@@ -190,6 +236,23 @@ impl idl::InOrderAttestImpl for AttestServer {
 
         Ok(())
     }
+
+    fn record(
+        &mut self,
+        _: &userlib::RecvMessage,
+        algorithm: HashAlgorithm,
+        data: idol_runtime::Leased<idol_runtime::R, [u8]>,
+    ) -> Result<(), RequestError<AttestError>> {
+        ringbuf_entry!(Trace::Record(algorithm));
+
+        if self.measurements.is_full() {
+            return Err(AttestError::MeasurementLogFull.into());
+        }
+
+        self.measurements.push(Measurement::new(algorithm, data)?);
+
+        Ok(())
+    }
 }
 
 #[export_name = "main"]
@@ -204,7 +267,7 @@ fn main() -> ! {
 }
 
 mod idl {
-    use super::AttestError;
+    use super::{AttestError, HashAlgorithm};
 
     include!(concat!(env!("OUT_DIR"), "/server_stub.rs"));
 }