Use the vm_payload library to access DICE values
Migrate from direct use of IDiceNode over binder to calling the payload
support library. The functions exposed by the library are expected to
change so this is just the initial migration.
Bug: 243514248
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Change-Id: Ifadfab090b61ab3240331d381641f6dc33ad8ee9
diff --git a/tests/testapk/src/native/testbinary.cpp b/tests/testapk/src/native/testbinary.cpp
index fd8e776..d1cfc56 100644
--- a/tests/testapk/src/native/testbinary.cpp
+++ b/tests/testapk/src/native/testbinary.cpp
@@ -13,7 +13,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include <aidl/android/security/dice/IDiceNode.h>
#include <aidl/com/android/microdroid/testservice/BnTestService.h>
#include <android-base/file.h>
#include <android-base/properties.h>
@@ -28,15 +27,11 @@
#include <sys/ioctl.h>
#include <sys/system_properties.h>
#include <unistd.h>
+#include <vm_payload.h>
#include <binder_rpc_unstable.hpp>
#include <string>
-#include "vm_payload.h"
-
-using aidl::android::hardware::security::dice::BccHandover;
-using aidl::android::security::dice::IDiceNode;
-
using android::base::ErrnoError;
using android::base::Error;
using android::base::Result;
@@ -79,53 +74,35 @@
}
ndk::ScopedAStatus insecurelyExposeSealingCdi(std::vector<uint8_t>* out) override {
- ndk::SpAIBinder binder(AServiceManager_getService("android.security.dice.IDiceNode"));
- auto service = IDiceNode::fromBinder(binder);
- if (service == nullptr) {
+ uint8_t cdi[64];
+ size_t cdi_size = get_dice_sealing_cdi(cdi, sizeof(cdi));
+ if (cdi_size == 0) {
return ndk::ScopedAStatus::
- fromServiceSpecificErrorWithMessage(0, "Failed to find diced");
+ fromServiceSpecificErrorWithMessage(0, "Failed to get sealing cdi");
}
- BccHandover handover;
- auto deriveStatus = service->derive({}, &handover);
- if (!deriveStatus.isOk()) {
- return ndk::ScopedAStatus::fromServiceSpecificErrorWithMessage(0,
- "Failed call diced");
- }
- *out = {handover.cdiSeal.begin(), handover.cdiSeal.end()};
+ *out = {cdi, cdi + cdi_size};
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus insecurelyExposeAttestationCdi(std::vector<uint8_t>* out) override {
- ndk::SpAIBinder binder(AServiceManager_getService("android.security.dice.IDiceNode"));
- auto service = IDiceNode::fromBinder(binder);
- if (service == nullptr) {
+ uint8_t cdi[64];
+ size_t cdi_size = get_dice_attestation_cdi(cdi, sizeof(cdi));
+ if (cdi_size == 0) {
return ndk::ScopedAStatus::
- fromServiceSpecificErrorWithMessage(0, "Failed to find diced");
+ fromServiceSpecificErrorWithMessage(0, "Failed to get attestation cdi");
}
- BccHandover handover;
- auto deriveStatus = service->derive({}, &handover);
- if (!deriveStatus.isOk()) {
- return ndk::ScopedAStatus::fromServiceSpecificErrorWithMessage(0,
- "Failed call diced");
- }
- *out = {handover.cdiAttest.begin(), handover.cdiAttest.end()};
+ *out = {cdi, cdi + cdi_size};
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus getBcc(std::vector<uint8_t>* out) override {
- ndk::SpAIBinder binder(AServiceManager_getService("android.security.dice.IDiceNode"));
- auto service = IDiceNode::fromBinder(binder);
- if (service == nullptr) {
+ uint8_t bcc[2048];
+ size_t bcc_size = get_dice_attestation_chain(bcc, sizeof(bcc));
+ if (bcc_size == 0) {
return ndk::ScopedAStatus::
- fromServiceSpecificErrorWithMessage(0, "Failed to find diced");
+ fromServiceSpecificErrorWithMessage(0, "Failed to get attestation chain");
}
- BccHandover handover;
- auto deriveStatus = service->derive({}, &handover);
- if (!deriveStatus.isOk()) {
- return ndk::ScopedAStatus::fromServiceSpecificErrorWithMessage(0,
- "Failed call diced");
- }
- *out = {handover.bcc.data.begin(), handover.bcc.data.end()};
+ *out = {bcc, bcc + bcc_size};
return ndk::ScopedAStatus::ok();
}
};