Merge "[dice] Adapt dice service and tests to the new DiceArtifacts trait" am: 249640be0a
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2438095
Change-Id: I7e66223b85bca01bbd794da5f3272c01d720c7c8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/security/dice/aidl/default/Android.bp b/security/dice/aidl/default/Android.bp
index b67a44a..5ff4847 100644
--- a/security/dice/aidl/default/Android.bp
+++ b/security/dice/aidl/default/Android.bp
@@ -14,7 +14,6 @@
vendor: true,
rustlibs: [
"android.hardware.security.dice-V1-rust",
- "libdiced_open_dice_cbor",
"libdiced_sample_inputs",
"libdiced_vendor",
"libandroid_logger",
diff --git a/security/dice/aidl/default/service.rs b/security/dice/aidl/default/service.rs
index 0197f2c..4363e91 100644
--- a/security/dice/aidl/default/service.rs
+++ b/security/dice/aidl/default/service.rs
@@ -14,7 +14,7 @@
//! Main entry point for the android.hardware.security.dice service.
-use anyhow::Result;
+use anyhow::{anyhow, Result};
use diced::{
dice,
hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts},
@@ -40,8 +40,8 @@
fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
&self.cdi_seal
}
- fn bcc(&self) -> Vec<u8> {
- self.bcc.clone()
+ fn bcc(&self) -> Option<&[u8]> {
+ Some(&self.bcc)
}
}
@@ -56,7 +56,10 @@
Ok(Self {
cdi_attest: *new_artifacts.cdi_attest(),
cdi_seal: *new_artifacts.cdi_seal(),
- bcc: new_artifacts.bcc(),
+ bcc: new_artifacts
+ .bcc()
+ .ok_or_else(|| anyhow!("bcc is none"))?
+ .to_vec(),
})
}
}
@@ -77,16 +80,19 @@
let dice_artifacts =
make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain.");
-
+ let mut cdi_attest = [0u8; dice::CDI_SIZE];
+ cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());
+ let mut cdi_seal = [0u8; dice::CDI_SIZE];
+ cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());
let hal_impl = Arc::new(
unsafe {
// Safety: ResidentHal cannot be used in multi threaded processes.
// This service does not start a thread pool. The main thread is the only thread
// joining the thread pool, thereby keeping the process single threaded.
ResidentHal::new(InsecureSerializableArtifacts {
- cdi_attest: dice_artifacts.cdi_values.cdi_attest,
- cdi_seal: dice_artifacts.cdi_values.cdi_seal,
- bcc: dice_artifacts.bcc[..].to_vec(),
+ cdi_attest,
+ cdi_seal,
+ bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(),
})
}
.expect("Failed to create ResidentHal implementation."),
diff --git a/security/dice/aidl/vts/functional/Android.bp b/security/dice/aidl/vts/functional/Android.bp
index f5bc949..2a85a19 100644
--- a/security/dice/aidl/vts/functional/Android.bp
+++ b/security/dice/aidl/vts/functional/Android.bp
@@ -23,7 +23,7 @@
"android.hardware.security.dice-V1-rust",
"libanyhow",
"libbinder_rs",
- "libdiced_open_dice_cbor",
+ "libdiced_open_dice",
"libdiced_sample_inputs",
"libdiced_utils",
"libkeystore2_vintf_rust",
@@ -46,7 +46,7 @@
"android.hardware.security.dice-V1-rust",
"libanyhow",
"libbinder_rs",
- "libdiced_open_dice_cbor",
+ "libdiced_open_dice",
"libdiced_sample_inputs",
"libdiced_utils",
"libkeystore2_vintf_rust",
diff --git a/security/dice/aidl/vts/functional/dice_demote_test.rs b/security/dice/aidl/vts/functional/dice_demote_test.rs
index 1a17ec7..49aea67 100644
--- a/security/dice/aidl/vts/functional/dice_demote_test.rs
+++ b/security/dice/aidl/vts/functional/dice_demote_test.rs
@@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+use diced_open_dice::DiceArtifacts;
use diced_sample_inputs;
use diced_utils;
use std::convert::TryInto;
@@ -44,11 +45,10 @@
.unwrap();
let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
let from_former = diced_utils::make_bcc_handover(
- cdi_attest[..].try_into().unwrap(),
- cdi_seal[..].try_into().unwrap(),
- &bcc,
+ artifacts.cdi_attest(),
+ artifacts.cdi_seal(),
+ artifacts.bcc().expect("bcc is none"),
)
.unwrap();
// TODO b/204938506 when we have a parser/verifier, check equivalence rather
diff --git a/security/dice/aidl/vts/functional/dice_test.rs b/security/dice/aidl/vts/functional/dice_test.rs
index 190f187..fbbdd81 100644
--- a/security/dice/aidl/vts/functional/dice_test.rs
+++ b/security/dice/aidl/vts/functional/dice_test.rs
@@ -12,9 +12,9 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+use diced_open_dice::DiceArtifacts;
use diced_sample_inputs;
use diced_utils;
-use std::convert::TryInto;
mod utils;
use utils::with_connection;
@@ -44,11 +44,10 @@
.unwrap();
let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
let from_former = diced_utils::make_bcc_handover(
- cdi_attest[..].try_into().unwrap(),
- cdi_seal[..].try_into().unwrap(),
- &bcc,
+ artifacts.cdi_attest(),
+ artifacts.cdi_seal(),
+ artifacts.bcc().expect("bcc is none"),
)
.unwrap();
// TODO b/204938506 when we have a parser/verifier, check equivalence rather