# Open Profile for DICE

This repository contains the specification for the
[Open Profile for DICE](docs/specification.md) along with production-quality
code. This profile is a specialization of the
[Hardware Requirements for a Device Identifier Composition Engine](https://trustedcomputinggroup.org/resource/hardware-requirements-for-a-device-identifier-composition-engine/)
and
[DICE Layering Architecture](https://trustedcomputinggroup.org/resource/dice-layering-architecture/)
specifications published by the Trusted Computing Group (TCG). For readers
already familiar with those specs, notable distinctives of this profile include:

*   Separate CDIs for attestation and sealing use cases
*   Categorized inputs, including values related to verified boot
*   Certified UDS values
*   X.509 or CBOR certificates

## Mailing List

You can find us (and join us!) at
https://groups.google.com/g/open-profile-for-dice. We're happy to answer
questions and discuss proposed changes or features.

## Specification

The specification can be found [here](docs/specification.md). It is versioned
using a major.minor scheme. Compatibility is maintained across minor versions
but not necessarily across major versions.

## Code

Production quality, portable C code is included. The main code is in
[dice.h](include/dice/dice.h) and [dice.c](src/dice.c). Cryptographic and
certificate generation operations are injected via a set of callbacks. Multiple
implementations of these operations are provided, all equally acceptable.
Integrators should choose just one of these, or write their own.

Tests are included for all code and the build files in this repository can be
used to build and run these tests.

Disclaimer: This is not an officially supported Google product.

### Thirdparty Dependencies

Different implementations use different third party libraries. The third\_party
directory contains build files and git submodules for each of these. The
submodules must be initialized once after cloning the repo, using `git submodule
update --init`, and updated after pulling commits that roll the submodules using
`git submodule update`.

### Building and Running Tests

#### Quick setup

To setup the build environment the first time:

```bash
$ git submodule update --init
$ source bootstrap.sh
$ gn gen out
```

To build and run tests:

```bash
$ ninja -C out
```

#### More details

The easiest way, and currently the only supported way, to build and run tests is
from a [Pigweed](https://pigweed.googlesource.com/pigweed/pigweed/) environment
on Linux. Pigweed does support other host platforms so it shouldn't be too hard
to get this running on Windows for example, but we use Linux.

There are two scripts to help set this up:

*   [bootstrap.sh](bootstrap.sh) will initialize submodules, bootstrap a Pigweed
    environment, and generate build files. This can take some time and may
    download on the order of 1GB of dependencies so the normal workflow is to
    just do this once.

*   [activate.sh](activate.sh) quickly reactivates an environment that has been
    previously bootstrapped.

These scripts must be sourced into the current session: `source activate.sh`.

In the environment, from the base directory of the dice-profile checkout, run
`ninja -C out` to build everything and run all tests. You can also run `pw
watch` which will build, run tests, and continue to watch for changes.

This will build and run tests on the host using the clang toolchain. Pigweed
makes it easy to configure other targets and toolchains. See
[toolchains/BUILD.gn](toolchains/BUILD.gn) and the Pigweed documentation.

### Porting

The code is designed to be portable and should work with a variety of modern
toolchains and in a variety of environments. The main code in dice.h and dice.c
is C99; it uses uint8\_t, size\_t, and memcpy from the C standard library. The
various ops implementations are as portable as their dependencies (often not C99
but still very portable). Notably, this code uses designated initializers for
readability. This is a feature available in C since C99 but missing from C++
until C++20 where it appears in a stricter form.

### Style

The [Google C++ Style Guide](https://google.github.io/styleguide/cppguide.html)
is used. A `.clang-format` file is provided for convenience.

### Incorporating

To incorporate the code into another project, there are a few options:

*   Copy only the necessary code. For example:

    1.  Take the main code as is: [include/dice/dice.h](include/dice/dice.h),
        [src/dice.c](src/dice.c)

    1.  Choose an implementation for crypto and certificate generation or choose
        to write your own. If you choose the boringssl implementation, for
        example, take [include/dice/utils.h](include/dice/utils.h),
        [include/dice/boringssl_ops.h](include/dice/boringssl_ops.h),
        [src/utils.c](src/utils.c), and
        [src/boringssl_ops.c](src/boringssl_ops.c). Taking a look at the library
        targets in BUILD.gn may be helpful.

*   Add this repository as a git submodule and integrate into the project build,
    optionally using the gn library targets provided.

*   Integrate into a project already using Pigweed using the gn build files
    provided.

### Size Reports

The build reports code size using
[Bloaty McBloatface](https://github.com/google/bloaty) via the pw\_bloat Pigweed
module. There are two reports generated:

*   Library sizes - This report includes just the library code in this
    repository. It shows the baseline DICE code with no ops selected, and it
    shows the delta introduced by choosing various ops implementations. This
    report **does not** include the size of the third party dependencies.

*   Executable sizes - This report includes sizes for the library code in this
    repository plus all dependencies linked into a simple main function which
    makes a single DICE call with all-zero input. It shows the baseline DICE
    code with no ops (and therefore no dependencies other than libc), and it
    shows the delta introduced by choosing various ops implementations. This
    report **does** include the size of the third party dependencies. Note that
    rows specialized from 'Boringssl Ops' use that as a baseline for sizing.

The reports will be in the build output, but you can also find the reports in
`.txt` files in the build output. For example, `cat out/host_optimized/gen/*.txt
| less` will display all reports.

### Thread Safety

This code does not itself use mutable global variables, or any other type of
shared data structure so there is no thread-safety concerns. However, additional
care is needed to ensure dependencies are configured to be thread-safe. For
example, the current boringssl configuration defines
OPENSSL\_NO\_THREADS\_CORRUPT\_MEMORY\_AND\_LEAK\_SECRETS\_IF\_THREADED, and
that would need to be changed before running in a threaded environment.

### Clearing Sensitive Data

This code makes a reasonable effort to clear memory holding sensitive data. This
may help with a broader strategy to clear sensitive data but it is not
sufficient on its own. Here are a few things to consider.

*   The caller of this code is responsible for buffers they own (of course).
*   The ops implementations need to clear any copies they make of sensitive
    data. Both boringssl and mbedtls attempt to zeroize but this may need
    additional care to integrate correctly. For example, boringssl skips
    optimization prevention when OPENSSL\_NO\_ASM is defined (and it is
    currently defined).
*   Sensitive data may remain in cache.
*   Sensitive data may have been swapped out.
*   Sensitive data may be included in a crash dump.