[dice] Use libdice_open_dice_nostd for DICE functions in pvmfw

This cl migrate two calls of bcc functions in pvmfw from
libdice_nostd to libdice_open_dice_nostd and removes the library
libdice_nostd.

libdice_open_dice_nostd is compiled from the same Rust code as
libdice_open_dice. The latter is used for DICE derivation inside
Microdroid and both libraries are covered by tests. It's better to
switch to libdice_open_dice_nostd than maintaining another copy of
open-dice wrapper.

As pvmfw already depends on libdice_open_dice_nostd prior to this cl,
this cl shouldn't cause build problems.

Test: m pvmfw_img
Bug: 267575445
Change-Id: I8d5688998754540fcc7b4082bd67cee237f229b4
diff --git a/pvmfw/src/dice.rs b/pvmfw/src/dice.rs
index 9c5f59a..14f522f 100644
--- a/pvmfw/src/dice.rs
+++ b/pvmfw/src/dice.rs
@@ -20,10 +20,9 @@
 use core::mem::size_of;
 use core::slice;
 
-use dice::Config;
-use dice::DiceMode;
-use dice::InputValues;
-use diced_open_dice::{bcc_format_config_descriptor, hash, HIDDEN_SIZE};
+use diced_open_dice::{
+    bcc_format_config_descriptor, hash, Config, DiceMode, Hash, InputValues, HIDDEN_SIZE,
+};
 use pvmfw_avb::{DebugLevel, Digest, VerifiedBootData};
 
 fn to_dice_mode(debug_level: DebugLevel) -> DiceMode {
@@ -33,7 +32,7 @@
     }
 }
 
-fn to_dice_hash(verified_boot_data: &VerifiedBootData) -> dice::Result<dice::Hash> {
+fn to_dice_hash(verified_boot_data: &VerifiedBootData) -> diced_open_dice::Result<Hash> {
     let mut digests = [0u8; size_of::<Digest>() * 2];
     digests[..size_of::<Digest>()].copy_from_slice(&verified_boot_data.kernel_digest);
     if let Some(initrd_digest) = verified_boot_data.initrd_digest {
@@ -43,13 +42,13 @@
 }
 
 pub struct PartialInputs {
-    code_hash: dice::Hash,
-    auth_hash: dice::Hash,
+    code_hash: Hash,
+    auth_hash: Hash,
     mode: DiceMode,
 }
 
 impl PartialInputs {
-    pub fn new(data: &VerifiedBootData) -> dice::Result<Self> {
+    pub fn new(data: &VerifiedBootData) -> diced_open_dice::Result<Self> {
         let code_hash = to_dice_hash(data)?;
         let auth_hash = hash(data.public_key)?;
         let mode = to_dice_mode(data.debug_level);
@@ -57,7 +56,10 @@
         Ok(Self { code_hash, auth_hash, mode })
     }
 
-    pub fn into_input_values(self, salt: &[u8; HIDDEN_SIZE]) -> dice::Result<InputValues> {
+    pub fn into_input_values(
+        self,
+        salt: &[u8; HIDDEN_SIZE],
+    ) -> diced_open_dice::Result<InputValues> {
         let component_name = CStr::from_bytes_with_nul(b"vm_entry\0").unwrap();
         let mut config_descriptor_buffer = [0; 128];
         let config_descriptor_size = bcc_format_config_descriptor(
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index 530449c..ddde50a 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -25,7 +25,6 @@
 use core::arch::asm;
 use core::num::NonZeroUsize;
 use core::slice;
-use dice::bcc::Handover;
 use log::debug;
 use log::error;
 use log::info;
@@ -243,10 +242,6 @@
     })?;
 
     let bcc_slice = appended.get_bcc_mut();
-    let bcc = Handover::new(bcc_slice).map_err(|e| {
-        error!("Invalid BCC Handover: {e:?}");
-        RebootReason::InvalidBcc
-    })?;
 
     debug!("Activating dynamic page table...");
     // SAFETY - page_table duplicates the static mappings for everything that the Rust code is
@@ -258,7 +253,7 @@
     let slices = MemorySlices::new(fdt, payload, payload_size, &mut memory)?;
 
     // This wrapper allows main() to be blissfully ignorant of platform details.
-    crate::main(slices.fdt, slices.kernel, slices.ramdisk, &bcc, &mut memory)?;
+    crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc_slice, &mut memory)?;
 
     helpers::flushed_zeroize(bcc_slice);
     helpers::flush(slices.fdt.as_slice());
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index f7774e4..ba26114 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -46,7 +46,7 @@
     memory::MemoryTracker,
     virtio::pci::{self, find_virtio_devices},
 };
-use ::dice::bcc;
+use diced_open_dice::{bcc_handover_main_flow, bcc_handover_parse, HIDDEN_SIZE};
 use fdtpci::{PciError, PciInfo};
 use libfdt::Fdt;
 use log::{debug, error, info, trace};
@@ -59,7 +59,7 @@
     fdt: &mut Fdt,
     signed_kernel: &[u8],
     ramdisk: Option<&[u8]>,
-    bcc: &bcc::Handover,
+    current_bcc_handover: &[u8],
     memory: &mut MemoryTracker,
 ) -> Result<(), RebootReason> {
     info!("pVM firmware");
@@ -71,7 +71,11 @@
     } else {
         debug!("Ramdisk: None");
     }
-    trace!("BCC: {bcc:x?}");
+    let bcc_handover = bcc_handover_parse(current_bcc_handover).map_err(|e| {
+        error!("Invalid BCC Handover: {e:?}");
+        RebootReason::InvalidBcc
+    })?;
+    trace!("BCC: {bcc_handover:x?}");
 
     // Set up PCI bus for VirtIO devices.
     let pci_info = PciInfo::from_fdt(fdt).map_err(handle_pci_error)?;
@@ -95,12 +99,12 @@
         error!("Failed to compute partial DICE inputs: {e:?}");
         RebootReason::InternalError
     })?;
-    let salt = [0; ::dice::HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
+    let salt = [0; HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
     let dice_inputs = dice_inputs.into_input_values(&salt).map_err(|e| {
         error!("Failed to generate DICE inputs: {e:?}");
         RebootReason::InternalError
     })?;
-    let _ = bcc.main_flow(&dice_inputs, next_bcc).map_err(|e| {
+    let _ = bcc_handover_main_flow(current_bcc_handover, &dice_inputs, next_bcc).map_err(|e| {
         error!("Failed to derive next-stage DICE secrets: {e:?}");
         RebootReason::SecretDerivationError
     })?;