Test the attestation CDI as well as the sealing CDI
Both CDIs should be different for different instances of the same VM so
also check that is true in the test.
Bug: 218935426
Test: atest MicrodroidTests
Change-Id: Ic150a8da6040613c58bfcf433d65a8c69b263146
diff --git a/tests/aidl/com/android/microdroid/testservice/ITestService.aidl b/tests/aidl/com/android/microdroid/testservice/ITestService.aidl
index f15036c..99c07bf 100644
--- a/tests/aidl/com/android/microdroid/testservice/ITestService.aidl
+++ b/tests/aidl/com/android/microdroid/testservice/ITestService.aidl
@@ -25,6 +25,9 @@
/* read a system property. */
String readProperty(String prop);
- /* get the VM's stable secret. */
- byte[] insecurelyExposeSecret();
+ /* get the VM's stable secret, this is _only_ done for testing. */
+ byte[] insecurelyExposeSealingCdi();
+
+ /* get the VM's attestation secret, this is _only_ done for testing. */
+ byte[] insecurelyExposeAttestationCdi();
}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 30f5933..9995b44 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -290,14 +290,19 @@
assertThat(payloadStarted.getNow(false)).isFalse();
}
- private byte[] launchVmAndGetSecret(String instanceName)
+ private class VmCdis {
+ public byte[] cdiAttest;
+ public byte[] cdiSeal;
+ }
+
+ private VmCdis launchVmAndGetCdis(String instanceName)
throws VirtualMachineException, InterruptedException {
VirtualMachineConfig.Builder builder =
new VirtualMachineConfig.Builder(mInner.mContext, "assets/vm_config.json")
.protectedVm(mProtectedVm);
VirtualMachineConfig normalConfig = builder.debugLevel(DebugLevel.NONE).build();
mInner.mVm = mInner.mVmm.getOrCreate(instanceName, normalConfig);
- final CompletableFuture<byte[]> secret = new CompletableFuture<>();
+ final VmCdis vmCdis = new VmCdis();
final CompletableFuture<Exception> exception = new CompletableFuture<>();
VmEventListener listener =
new VmEventListener() {
@@ -306,7 +311,8 @@
try {
ITestService testService = ITestService.Stub.asInterface(
vm.connectToVsockServer(ITestService.SERVICE_PORT).get());
- secret.complete(testService.insecurelyExposeSecret());
+ vmCdis.cdiAttest = testService.insecurelyExposeAttestationCdi();
+ vmCdis.cdiSeal = testService.insecurelyExposeSealingCdi();
forceStop(vm);
} catch (Exception e) {
exception.complete(e);
@@ -315,11 +321,11 @@
};
listener.runToFinish(mInner.mVm);
assertThat(exception.getNow(null)).isNull();
- return secret.getNow(null);
+ return vmCdis;
}
@Test
- public void instancesOfSameVmHaveDifferentSecrets()
+ public void instancesOfSameVmHaveDifferentCdis()
throws VirtualMachineException, InterruptedException {
assume()
.withMessage("Skip on Cuttlefish. b/195765441")
@@ -331,15 +337,19 @@
.that(KERNEL_VERSION)
.isNotEqualTo("5.4");
- byte[] vm_a_secret = launchVmAndGetSecret("test_vm_a");
- byte[] vm_b_secret = launchVmAndGetSecret("test_vm_b");
- assertThat(vm_a_secret).isNotNull();
- assertThat(vm_b_secret).isNotNull();
- assertThat(vm_a_secret).isNotEqualTo(vm_b_secret);
+ VmCdis vm_a_cdis = launchVmAndGetCdis("test_vm_a");
+ VmCdis vm_b_cdis = launchVmAndGetCdis("test_vm_b");
+ assertThat(vm_a_cdis.cdiAttest).isNotNull();
+ assertThat(vm_b_cdis.cdiAttest).isNotNull();
+ assertThat(vm_a_cdis.cdiAttest).isNotEqualTo(vm_b_cdis.cdiAttest);
+ assertThat(vm_a_cdis.cdiSeal).isNotNull();
+ assertThat(vm_b_cdis.cdiSeal).isNotNull();
+ assertThat(vm_a_cdis.cdiSeal).isNotEqualTo(vm_b_cdis.cdiSeal);
+ assertThat(vm_a_cdis.cdiAttest).isNotEqualTo(vm_b_cdis.cdiSeal);
}
@Test
- public void sameInstanceKeepsSameSecrets()
+ public void sameInstanceKeepsSameCdis()
throws VirtualMachineException, InterruptedException {
assume()
.withMessage("Skip on Cuttlefish. b/195765441")
@@ -351,11 +361,12 @@
.that(KERNEL_VERSION)
.isNotEqualTo("5.4");
- byte[] vm_secret_first_boot = launchVmAndGetSecret("test_vm");
- byte[] vm_secret_second_boot = launchVmAndGetSecret("test_vm");
- assertThat(vm_secret_first_boot).isNotNull();
- assertThat(vm_secret_second_boot).isNotNull();
- assertThat(vm_secret_first_boot).isEqualTo(vm_secret_second_boot);
+ VmCdis first_boot_cdis = launchVmAndGetCdis("test_vm");
+ VmCdis second_boot_cdis = launchVmAndGetCdis("test_vm");
+ // The attestation CDI isn't specified to be stable, though it might be
+ assertThat(first_boot_cdis.cdiSeal).isNotNull();
+ assertThat(second_boot_cdis.cdiSeal).isNotNull();
+ assertThat(first_boot_cdis.cdiSeal).isEqualTo(second_boot_cdis.cdiSeal);
}
private static final UUID MICRODROID_PARTITION_UUID =
diff --git a/tests/testapk/src/native/testbinary.cpp b/tests/testapk/src/native/testbinary.cpp
index 417ff4a..76df5be 100644
--- a/tests/testapk/src/native/testbinary.cpp
+++ b/tests/testapk/src/native/testbinary.cpp
@@ -79,7 +79,7 @@
return ndk::ScopedAStatus::ok();
}
- ndk::ScopedAStatus insecurelyExposeSecret(std::vector<uint8_t>* out) override {
+ ndk::ScopedAStatus insecurelyExposeSealingCdi(std::vector<uint8_t>* out) override {
ndk::SpAIBinder binder(AServiceManager_getService("android.security.dice.IDiceNode"));
auto service = IDiceNode::fromBinder(binder);
if (service == nullptr) {
@@ -95,6 +95,23 @@
*out = {handover.cdiSeal.begin(), handover.cdiSeal.end()};
return ndk::ScopedAStatus::ok();
}
+
+ ndk::ScopedAStatus insecurelyExposeAttestationCdi(std::vector<uint8_t>* out) override {
+ ndk::SpAIBinder binder(AServiceManager_getService("android.security.dice.IDiceNode"));
+ auto service = IDiceNode::fromBinder(binder);
+ if (service == nullptr) {
+ return ndk::ScopedAStatus::
+ fromServiceSpecificErrorWithMessage(0, "Failed to find diced");
+ }
+ BccHandover handover;
+ auto deriveStatus = service->derive({}, &handover);
+ if (!deriveStatus.isOk()) {
+ return ndk::ScopedAStatus::fromServiceSpecificErrorWithMessage(0,
+ "Failed call diced");
+ }
+ *out = {handover.cdiAttest.begin(), handover.cdiAttest.end()};
+ return ndk::ScopedAStatus::ok();
+ }
};
auto testService = ndk::SharedRefBase::make<TestService>();