Make the vm_payload API look more NDK-like
- Give functions a `AVmPayload_` prefix followed by lower camel case
name (hopefully better branding comes later, but this makes it easy
to grep).
- Let callers find out how big the attestation chain is.
Bug: 243514248
Test: atest MicrodroidTests ComposHostTestCases MicrodroidBenchmarks
Change-Id: I93c37787eae296d97a44cc369e8ea0c3c670c6cb
diff --git a/microdroid/vm_payload/include/vm_payload.h b/microdroid/vm_payload/include/vm_payload.h
index 0744146..05abdce 100644
--- a/microdroid/vm_payload/include/vm_payload.h
+++ b/microdroid/vm_payload/include/vm_payload.h
@@ -18,7 +18,6 @@
#include <stdbool.h>
#include <stddef.h>
-#include <stdint.h>
#ifdef __cplusplus
extern "C" {
@@ -26,9 +25,10 @@
/**
* Notifies the host that the payload is ready.
- * Returns true if the notification succeeds else false.
+ *
+ * \return true if the notification succeeds else false.
*/
-bool notify_payload_ready(void);
+bool AVmPayload_notifyPayloadReady(void);
/**
* Get a secret that is uniquely bound to this VM instance. The secrets are 32-byte values and the
@@ -41,23 +41,35 @@
*
* \return true on success and false on failure.
*/
-bool get_vm_instance_secret(const void *identifier, size_t identifier_size, void *secret,
- size_t size);
+bool AVmPayload_getVmInstanceSecret(const void *identifier, size_t identifier_size, void *secret,
+ size_t size);
/**
- * Get the VM's attestation chain.
- * Returns the size of data or 0 on failure.
+ * Get the VM's DICE attestation chain.
+ *
* TODO: don't expose the contained privacy breaking identifiers to the payload
* TODO: keep the DICE chain as an internal detail for as long as possible
+ *
+ * \param data pointer to size bytes where the chain is written.
+ * \param size number of bytes that can be written to data.
+ * \param total outputs the total size of the chain if the function succeeds
+ *
+ * \return true on success and false on failure.
*/
-size_t get_dice_attestation_chain(void *data, size_t size);
+bool AVmPayload_getDiceAttestationChain(void *data, size_t size, size_t *total);
/**
- * Get the VM's attestation CDI.
- * Returns the size of data or 0 on failure.
+ * Get the VM's DICE attestation CDI.
+ *
* TODO: don't expose the raw CDI, only derived values
+ *
+ * \param data pointer to size bytes where the CDI is written.
+ * \param size number of bytes that can be written to data.
+ * \param total outputs the total size of the CDI if the function succeeds
+ *
+ * \return true on success and false on failure.
*/
-size_t get_dice_attestation_cdi(void *data, size_t size);
+bool AVmPayload_getDiceAttestationCdi(void *data, size_t size, size_t *total);
#ifdef __cplusplus
} // extern "C"
diff --git a/microdroid/vm_payload/src/lib.rs b/microdroid/vm_payload/src/lib.rs
index 74dd8f4..ca0c17b 100644
--- a/microdroid/vm_payload/src/lib.rs
+++ b/microdroid/vm_payload/src/lib.rs
@@ -17,6 +17,6 @@
mod vm_service;
pub use vm_service::{
- get_dice_attestation_cdi, get_dice_attestation_chain, get_vm_instance_secret,
- notify_payload_ready,
+ AVmPayload_getDiceAttestationCdi, AVmPayload_getDiceAttestationChain,
+ AVmPayload_getVmInstanceSecret, AVmPayload_notifyPayloadReady,
};
diff --git a/microdroid/vm_payload/src/vm_service.rs b/microdroid/vm_payload/src/vm_service.rs
index cfc3884..44013c9 100644
--- a/microdroid/vm_payload/src/vm_service.rs
+++ b/microdroid/vm_payload/src/vm_service.rs
@@ -23,7 +23,7 @@
/// Notifies the host that the payload is ready.
/// Returns true if the notification succeeds else false.
#[no_mangle]
-pub extern "C" fn notify_payload_ready() -> bool {
+pub extern "C" fn AVmPayload_notifyPayloadReady() -> bool {
android_logger::init_once(
android_logger::Config::default().with_tag("vm_payload").with_min_level(Level::Debug),
);
@@ -46,9 +46,14 @@
///
/// # Safety
///
-/// The identifier must be identifier_size bytes and secret must be size bytes.
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `identifier` must be [valid] for reads of `identifier_size` bytes.
+/// * `secret` must be [valid] for writes of `size` bytes.
+///
+/// [valid]: std::ptr#safety
#[no_mangle]
-pub unsafe extern "C" fn get_vm_instance_secret(
+pub unsafe extern "C" fn AVmPayload_getVmInstanceSecret(
identifier: *const u8,
identifier_size: usize,
secret: *mut u8,
@@ -77,25 +82,31 @@
}
/// Get the VM's attestation chain.
-/// Returns the size of data or 0 on failure.
+/// Returns true on success, else false.
///
/// # Safety
///
-/// The data must be size bytes big.
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes.
+/// * `total` must be [valid] for writes.
+///
+/// [valid]: std::ptr#safety
#[no_mangle]
-pub unsafe extern "C" fn get_dice_attestation_chain(data: *mut u8, size: usize) -> usize {
+pub unsafe extern "C" fn AVmPayload_getDiceAttestationChain(
+ data: *mut u8,
+ size: usize,
+ total: *mut usize,
+) -> bool {
match try_get_dice_attestation_chain() {
Err(e) => {
error!("{:?}", e);
- 0
+ false
}
Ok(chain) => {
- if size < chain.len() {
- 0
- } else {
- std::ptr::copy_nonoverlapping(chain.as_ptr(), data, chain.len());
- chain.len()
- }
+ total.write(chain.len());
+ std::ptr::copy_nonoverlapping(chain.as_ptr(), data, std::cmp::min(chain.len(), size));
+ true
}
}
}
@@ -105,25 +116,31 @@
}
/// Get the VM's attestation CDI.
-/// Returns the size of data or 0 on failure.
+/// Returns true on success, else false.
///
/// # Safety
///
-/// The data must be size bytes big.
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes.
+/// * `total` must be [valid] for writes.
+///
+/// [valid]: std::ptr#safety
#[no_mangle]
-pub unsafe extern "C" fn get_dice_attestation_cdi(data: *mut u8, size: usize) -> usize {
+pub unsafe extern "C" fn AVmPayload_getDiceAttestationCdi(
+ data: *mut u8,
+ size: usize,
+ total: *mut usize,
+) -> bool {
match try_get_dice_attestation_cdi() {
Err(e) => {
error!("{:?}", e);
- 0
+ false
}
Ok(cdi) => {
- if size < cdi.len() {
- 0
- } else {
- std::ptr::copy_nonoverlapping(cdi.as_ptr(), data, cdi.len());
- cdi.len()
- }
+ total.write(cdi.len());
+ std::ptr::copy_nonoverlapping(cdi.as_ptr(), data, std::cmp::min(cdi.len(), size));
+ true
}
}
}