[dice] Adapt dice service and tests to the new DiceArtifacts trait
The code needed to be adpated because the public fields the code
accessed previously now become private. We need to access them
via the trait now.
This cl also deletes unused dependence libdiced_open_dice_cbor in
the dice service and tests targets.
Bug: 267575445
Test: m android.hardware.security.dice-service.non-secure-software
Test: atest VtsAidlDiceTargetTest VtsAidlDiceDemoteTargetTest
Change-Id: I16e18226c0bce8a90ed764ba598e90e7c1c854ab
diff --git a/security/dice/aidl/default/Android.bp b/security/dice/aidl/default/Android.bp
index b67a44a..5ff4847 100644
--- a/security/dice/aidl/default/Android.bp
+++ b/security/dice/aidl/default/Android.bp
@@ -14,7 +14,6 @@
vendor: true,
rustlibs: [
"android.hardware.security.dice-V1-rust",
- "libdiced_open_dice_cbor",
"libdiced_sample_inputs",
"libdiced_vendor",
"libandroid_logger",
diff --git a/security/dice/aidl/default/service.rs b/security/dice/aidl/default/service.rs
index 0197f2c..4363e91 100644
--- a/security/dice/aidl/default/service.rs
+++ b/security/dice/aidl/default/service.rs
@@ -14,7 +14,7 @@
//! Main entry point for the android.hardware.security.dice service.
-use anyhow::Result;
+use anyhow::{anyhow, Result};
use diced::{
dice,
hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts},
@@ -40,8 +40,8 @@
fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
&self.cdi_seal
}
- fn bcc(&self) -> Vec<u8> {
- self.bcc.clone()
+ fn bcc(&self) -> Option<&[u8]> {
+ Some(&self.bcc)
}
}
@@ -56,7 +56,10 @@
Ok(Self {
cdi_attest: *new_artifacts.cdi_attest(),
cdi_seal: *new_artifacts.cdi_seal(),
- bcc: new_artifacts.bcc(),
+ bcc: new_artifacts
+ .bcc()
+ .ok_or_else(|| anyhow!("bcc is none"))?
+ .to_vec(),
})
}
}
@@ -77,16 +80,19 @@
let dice_artifacts =
make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain.");
-
+ let mut cdi_attest = [0u8; dice::CDI_SIZE];
+ cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());
+ let mut cdi_seal = [0u8; dice::CDI_SIZE];
+ cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());
let hal_impl = Arc::new(
unsafe {
// Safety: ResidentHal cannot be used in multi threaded processes.
// This service does not start a thread pool. The main thread is the only thread
// joining the thread pool, thereby keeping the process single threaded.
ResidentHal::new(InsecureSerializableArtifacts {
- cdi_attest: dice_artifacts.cdi_values.cdi_attest,
- cdi_seal: dice_artifacts.cdi_values.cdi_seal,
- bcc: dice_artifacts.bcc[..].to_vec(),
+ cdi_attest,
+ cdi_seal,
+ bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(),
})
}
.expect("Failed to create ResidentHal implementation."),
diff --git a/security/dice/aidl/vts/functional/Android.bp b/security/dice/aidl/vts/functional/Android.bp
index f5bc949..2a85a19 100644
--- a/security/dice/aidl/vts/functional/Android.bp
+++ b/security/dice/aidl/vts/functional/Android.bp
@@ -23,7 +23,7 @@
"android.hardware.security.dice-V1-rust",
"libanyhow",
"libbinder_rs",
- "libdiced_open_dice_cbor",
+ "libdiced_open_dice",
"libdiced_sample_inputs",
"libdiced_utils",
"libkeystore2_vintf_rust",
@@ -46,7 +46,7 @@
"android.hardware.security.dice-V1-rust",
"libanyhow",
"libbinder_rs",
- "libdiced_open_dice_cbor",
+ "libdiced_open_dice",
"libdiced_sample_inputs",
"libdiced_utils",
"libkeystore2_vintf_rust",
diff --git a/security/dice/aidl/vts/functional/dice_demote_test.rs b/security/dice/aidl/vts/functional/dice_demote_test.rs
index 1a17ec7..49aea67 100644
--- a/security/dice/aidl/vts/functional/dice_demote_test.rs
+++ b/security/dice/aidl/vts/functional/dice_demote_test.rs
@@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+use diced_open_dice::DiceArtifacts;
use diced_sample_inputs;
use diced_utils;
use std::convert::TryInto;
@@ -44,11 +45,10 @@
.unwrap();
let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
let from_former = diced_utils::make_bcc_handover(
- cdi_attest[..].try_into().unwrap(),
- cdi_seal[..].try_into().unwrap(),
- &bcc,
+ artifacts.cdi_attest(),
+ artifacts.cdi_seal(),
+ artifacts.bcc().expect("bcc is none"),
)
.unwrap();
// TODO b/204938506 when we have a parser/verifier, check equivalence rather
diff --git a/security/dice/aidl/vts/functional/dice_test.rs b/security/dice/aidl/vts/functional/dice_test.rs
index 190f187..fbbdd81 100644
--- a/security/dice/aidl/vts/functional/dice_test.rs
+++ b/security/dice/aidl/vts/functional/dice_test.rs
@@ -12,9 +12,9 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+use diced_open_dice::DiceArtifacts;
use diced_sample_inputs;
use diced_utils;
-use std::convert::TryInto;
mod utils;
use utils::with_connection;
@@ -44,11 +44,10 @@
.unwrap();
let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
let from_former = diced_utils::make_bcc_handover(
- cdi_attest[..].try_into().unwrap(),
- cdi_seal[..].try_into().unwrap(),
- &bcc,
+ artifacts.cdi_attest(),
+ artifacts.cdi_seal(),
+ artifacts.bcc().expect("bcc is none"),
)
.unwrap();
// TODO b/204938506 when we have a parser/verifier, check equivalence rather