commit 88a8674462549cca3b870198f13299233f05a1b0
author Sean Thomas <seanmthomas@google.com> Wed Jan 15 12:22:10 2025 +0000
committer Sean Thomas <seanmthomas@google.com> Wed Jan 15 12:30:07 2025 +0000
tree 3c70c4546b026ea487ce2c92c11e8e86d6197259
parent d7e02b580aedabf912b6358ace695502ec9b5322

Factor out repeated code into function

There was a lot of repeated code and an obstruction to factoring this
out into a function was that the move constructors for hwtrust::Csr and
hwtrust::DiceChain were not functional.

Test: atest libkeymint_remote_prov_support_test
Change-Id: I23fbdf00ab4edfa9d34308201edf2a81451b265e

security/keymint/support/remote_prov_utils.cpp

diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 5afaf31..fbfe80b 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -862,15 +862,15 @@
                      allowAnyMode);
 }
 
-ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& encodedCsr,
-                                        const std::string& instanceName) {
+ErrMsgOr<hwtrust::DiceChain> getDiceChain(const std::vector<uint8_t>& encodedCsr, bool isFactory,
+                                          bool allowAnyMode, std::string_view instanceName) {
     auto diceChainKind = getDiceChainKind();
     if (!diceChainKind) {
         return diceChainKind.message();
     }
 
-    auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
-                                      true /*allowAnyMode*/, deviceSuffix(instanceName));
+    auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, isFactory, allowAnyMode,
+                                      deviceSuffix(instanceName));
     if (!csr.ok()) {
         return csr.error().message();
     }
@@ -880,6 +880,16 @@
         return diceChain.error().message();
     }
 
+    return std::move(*diceChain);
+}
+
+ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& encodedCsr,
+                                        const std::string& instanceName) {
+    auto diceChain =
+            getDiceChain(encodedCsr, /*isFactory=*/false, /*allowAnyMode=*/true, instanceName);
+    if (!diceChain) {
+        return diceChain.message();
+    }
     return diceChain->IsProper();
 }
 
@@ -898,20 +908,10 @@
                                                  std::string_view instanceName1,
                                                  const std::vector<uint8_t>& encodedCsr2,
                                                  std::string_view instanceName2) {
-    auto diceChainKind = getDiceChainKind();
-    if (!diceChainKind) {
-        return diceChainKind.message();
-    }
-
-    auto csr1 = hwtrust::Csr::validate(encodedCsr1, *diceChainKind, false /*isFactory*/,
-                                       true /*allowAnyMode*/, deviceSuffix(instanceName1));
-    if (!csr1.ok()) {
-        return csr1.error().message();
-    }
-
-    auto diceChain1 = csr1->getDiceChain();
-    if (!diceChain1.ok()) {
-        return diceChain1.error().message();
+    auto diceChain1 =
+            getDiceChain(encodedCsr1, /*isFactory=*/false, /*allowAnyMode=*/true, instanceName1);
+    if (!diceChain1) {
+        return diceChain1.message();
     }
 
     auto proper1 = diceChain1->IsProper();
@@ -920,15 +920,10 @@
                hexlify(encodedCsr1);
     }
 
-    auto csr2 = hwtrust::Csr::validate(encodedCsr2, *diceChainKind, false /*isFactory*/,
-                                       true /*allowAnyMode*/, deviceSuffix(instanceName2));
-    if (!csr2.ok()) {
-        return csr2.error().message();
-    }
-
-    auto diceChain2 = csr2->getDiceChain();
-    if (!diceChain2.ok()) {
-        return diceChain2.error().message();
+    auto diceChain2 =
+            getDiceChain(encodedCsr2, /*isFactory=*/false, /*allowAnyMode=*/true, instanceName2);
+    if (!diceChain2) {
+        return diceChain2.message();
     }
 
     auto proper2 = diceChain2->IsProper();
@@ -946,20 +941,10 @@
 }
 
 ErrMsgOr<bool> verifyComponentNameInKeyMintDiceChain(const std::vector<uint8_t>& encodedCsr) {
-    auto diceChainKind = getDiceChainKind();
-    if (!diceChainKind) {
-        return diceChainKind.message();
-    }
-
-    auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
-                                      true /*allowAnyMode*/, deviceSuffix(DEFAULT_INSTANCE_NAME));
-    if (!csr.ok()) {
-        return csr.error().message();
-    }
-
-    auto diceChain = csr->getDiceChain();
-    if (!diceChain.ok()) {
-        return diceChain.error().message();
+    auto diceChain = getDiceChain(encodedCsr, /*isFactory=*/false, /*allowAnyMode=*/true,
+                                  DEFAULT_INSTANCE_NAME);
+    if (!diceChain) {
+        return diceChain.message();
     }
 
     auto satisfied = diceChain->componentNameContains(kKeyMintComponentName);
@@ -972,20 +957,10 @@
 
 ErrMsgOr<bool> hasNonNormalModeInDiceChain(const std::vector<uint8_t>& encodedCsr,
                                            std::string_view instanceName) {
-    auto diceChainKind = getDiceChainKind();
-    if (!diceChainKind) {
-        return diceChainKind.message();
-    }
-
-    auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
-                                      true /*allowAnyMode*/, deviceSuffix(instanceName));
-    if (!csr.ok()) {
-        return csr.error().message();
-    }
-
-    auto diceChain = csr->getDiceChain();
-    if (!diceChain.ok()) {
-        return diceChain.error().message();
+    auto diceChain =
+            getDiceChain(encodedCsr, /*isFactory=*/false, /*allowAnyMode=*/true, instanceName);
+    if (!diceChain) {
+        return diceChain.message();
     }
 
     auto hasNonNormalModeInDiceChain = diceChain->hasNonNormalMode();