Add libopen_dice nostd wrapper and test it in vmbase_example
This integrates libopen_dice into vmbase_example and performs basic
integration tests.
Bug: 237372981
Test: atest vmbase_example.integration_test
Change-Id: I67f11094cac04c7d72d19497b8b705386d1f0fe1
diff --git a/libs/dice/Android.bp b/libs/dice/Android.bp
new file mode 100644
index 0000000..7cb68a5
--- /dev/null
+++ b/libs/dice/Android.bp
@@ -0,0 +1,23 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_library_rlib {
+ name: "libdice_nostd",
+ crate_name: "dice",
+ srcs: ["src/lib.rs"],
+ edition: "2021",
+ no_stdlibs: true,
+ prefer_rlib: true,
+ stdlibs: ["libcore.rust_sysroot"],
+ rustlibs: [
+ "libopen_dice_cbor_bindgen",
+ "libopen_dice_bcc_bindgen",
+ ],
+ whole_static_libs: [
+ "libopen_dice_bcc",
+ "libopen_dice_cbor",
+ "libcrypto_baremetal",
+ ],
+ apex_available: ["com.android.virt"],
+}
diff --git a/libs/dice/src/lib.rs b/libs/dice/src/lib.rs
new file mode 100644
index 0000000..9e39436
--- /dev/null
+++ b/libs/dice/src/lib.rs
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Bare metal wrapper around libopen_dice.
+
+#![no_std]
+
+use core::fmt::{self, Debug};
+use open_dice_cbor_bindgen::{
+ DiceHash, DiceResult, DiceResult_kDiceResultBufferTooSmall as DICE_RESULT_BUFFER_TOO_SMALL,
+ DiceResult_kDiceResultInvalidInput as DICE_RESULT_INVALID_INPUT,
+ DiceResult_kDiceResultOk as DICE_RESULT_OK,
+ DiceResult_kDiceResultPlatformError as DICE_RESULT_PLATFORM_ERROR,
+};
+
+const HASH_SIZE: usize = open_dice_cbor_bindgen::DICE_HASH_SIZE as usize;
+
+/// Array type of hashes used by DICE.
+pub type Hash = [u8; HASH_SIZE];
+
+/// Error type used by DICE.
+pub enum Error {
+ /// Provided input was invalid.
+ InvalidInput,
+ /// Provided buffer was too small.
+ BufferTooSmall,
+ /// Unexpected platform error.
+ PlatformError,
+ /// Unexpected return value.
+ Unknown(DiceResult),
+}
+
+impl Debug for Error {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ match self {
+ Error::InvalidInput => write!(f, "invalid input"),
+ Error::BufferTooSmall => write!(f, "buffer too small"),
+ Error::PlatformError => write!(f, "platform error"),
+ Error::Unknown(n) => write!(f, "unknown error: {}", n),
+ }
+ }
+}
+
+fn check_call(ret: DiceResult) -> Result<(), Error> {
+ match ret {
+ DICE_RESULT_OK => Ok(()),
+ DICE_RESULT_INVALID_INPUT => Err(Error::InvalidInput),
+ DICE_RESULT_BUFFER_TOO_SMALL => Err(Error::BufferTooSmall),
+ DICE_RESULT_PLATFORM_ERROR => Err(Error::PlatformError),
+ n => Err(Error::Unknown(n)),
+ }
+}
+
+fn ctx() -> *mut core::ffi::c_void {
+ core::ptr::null_mut()
+}
+
+/// Hash the provided input using DICE's default hash function.
+pub fn hash(bytes: &[u8]) -> Result<Hash, Error> {
+ let mut output: Hash = [0; HASH_SIZE];
+ // SAFETY - DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
+ check_call(unsafe { DiceHash(ctx(), bytes.as_ptr(), bytes.len(), output.as_mut_ptr()) })?;
+ Ok(output)
+}
diff --git a/vmbase/example/Android.bp b/vmbase/example/Android.bp
index 4e62090..e9a3f98 100644
--- a/vmbase/example/Android.bp
+++ b/vmbase/example/Android.bp
@@ -11,6 +11,7 @@
rustlibs: [
"libaarch64_paging",
"libbuddy_system_allocator",
+ "libdice_nostd",
"liblog_rust_nostd",
"libvmbase",
],
diff --git a/vmbase/example/src/main.rs b/vmbase/example/src/main.rs
index 9b362b2..d6a966c 100644
--- a/vmbase/example/src/main.rs
+++ b/vmbase/example/src/main.rs
@@ -94,6 +94,7 @@
info!("Activated.");
check_data();
+ check_dice();
}
fn check_stack_guard() {
@@ -148,3 +149,18 @@
assert_eq!(vector[2], 42);
info!("Vec seems to work.");
}
+
+fn check_dice() {
+ info!("Testing DICE integration...");
+ let hash = dice::hash("hello world".as_bytes()).expect("DiceHash failed");
+ assert_eq!(
+ hash,
+ [
+ 0x30, 0x9e, 0xcc, 0x48, 0x9c, 0x12, 0xd6, 0xeb, 0x4c, 0xc4, 0x0f, 0x50, 0xc9, 0x02,
+ 0xf2, 0xb4, 0xd0, 0xed, 0x77, 0xee, 0x51, 0x1a, 0x7c, 0x7a, 0x9b, 0xcd, 0x3c, 0xa8,
+ 0x6d, 0x4c, 0xd8, 0x6f, 0x98, 0x9d, 0xd3, 0x5b, 0xc5, 0xff, 0x49, 0x96, 0x70, 0xda,
+ 0x34, 0x25, 0x5b, 0x45, 0xb0, 0xcf, 0xd8, 0x30, 0xe8, 0x1f, 0x60, 0x5d, 0xcf, 0x7d,
+ 0xc5, 0x54, 0x2e, 0x93, 0xae, 0x9c, 0xd7, 0x6f
+ ]
+ );
+}