[rkp-hal] Add DICE chain to the CSR in service VM Bug: 301574013 Test: atest rialto_test Change-Id: Idc6ccd8be08aed25a68fa69b7626564a5f734de5

commit: a2738b7ebde22f7ae14125f4bb84e5fe0574104b [log] [tgz]
author: Alice Wang <aliceywang@google.com> Fri Sep 22 15:31:28 2023 +0000
committer: Alice Wang <aliceywang@google.com> Tue Sep 26 07:16:11 2023 +0000
tree: 5a775da74c26098afa2d8f53eedea11f44d294b8
parent: 6bc2a708ed9336365a1035aaf53cf3f7b6db5612 [diff]
diff --git a/rialto/src/requests/rkp.rs b/rialto/src/requests/rkp.rs
index d449d05..52d4d2c 100644
--- a/rialto/src/requests/rkp.rs
+++ b/rialto/src/requests/rkp.rs

@@ -79,9 +79,13 @@
     let signed_data = build_signed_data(&signed_data_payload, dice_artifacts)?.to_cbor_value()?;
 
     // Builds `AuthenticatedRequest<CsrPayload>`.
-    // TODO(b/287233786): Add UdsCerts and DiceCertChain here.
+    // Currently `UdsCerts` is left empty because it is only needed for Samsung devices.
+    // Check http://b/301574013#comment3 for more information.
     let uds_certs = Value::Map(Vec::new());
-    let dice_cert_chain = Value::Array(Vec::new());
+    let dice_cert_chain = dice_artifacts
+        .bcc()
+        .map(read_to_value)
+        .ok_or(RequestProcessingError::MissingDiceChain)??;
     let auth_req = cbor!([
         Value::Integer(AUTH_REQ_SCHEMA_V1.into()),
         uds_certs,
@@ -126,3 +130,18 @@
     ciborium::into_writer(v, &mut data).map_err(coset::CoseError::from)?;
     Ok(data)
 }
+
+/// Read a CBOR `Value` from a byte slice, failing if any extra data remains
+/// after the `Value` has been read.
+fn read_to_value(mut data: &[u8]) -> Result<Value> {
+    let value = ciborium::from_reader(&mut data).map_err(|e| {
+        error!("Failed to deserialize the data into CBOR value: {e}");
+        RequestProcessingError::CborValueError
+    })?;
+    if data.is_empty() {
+        Ok(value)
+    } else {
+        error!("CBOR input has extra data.");
+        Err(RequestProcessingError::CborValueError)
+    }
+}

diff --git a/service_vm/comm/src/message.rs b/service_vm/comm/src/message.rs
index 2671f7d..d3ef669 100644
--- a/service_vm/comm/src/message.rs
+++ b/service_vm/comm/src/message.rs

@@ -110,6 +110,9 @@
 
     /// An error happened when serializing to/from a `Value`.
     CborValueError,
+
+    /// The DICE chain of the service VM is missing.
+    MissingDiceChain,
 }
 
 impl fmt::Display for RequestProcessingError {
@@ -125,6 +128,7 @@
             Self::CborValueError => {
                 write!(f, "An error happened when serializing to/from a CBOR Value.")
             }
+            Self::MissingDiceChain => write!(f, "The DICE chain of the service VM is missing"),
         }
     }
 }
commit	a2738b7ebde22f7ae14125f4bb84e5fe0574104b	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Fri Sep 22 15:31:28 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Tue Sep 26 07:16:11 2023 +0000
tree	5a775da74c26098afa2d8f53eedea11f44d294b8
parent	6bc2a708ed9336365a1035aaf53cf3f7b6db5612 [diff]