[dice] Add DiceMainFlow wrapper to libdiced_open_dice
The retry version of the wrapper is used to generate sample bcc
data.
Bug: 267575445
Test: atest diced_utils_test diced_sample_inputs_test \
diced_test diced_vendor_test diced_open_dice_cbor_test
Change-Id: Iebf83b3f31e8e14e96da7b0c522814c28f5767e6
diff --git a/diced/open_dice/src/dice.rs b/diced/open_dice/src/dice.rs
index 9e3c59d..ed7d843 100644
--- a/diced/open_dice/src/dice.rs
+++ b/diced/open_dice/src/dice.rs
@@ -19,8 +19,8 @@
pub use open_dice_cbor_bindgen::DiceMode;
use open_dice_cbor_bindgen::{
DiceConfigType, DiceDeriveCdiCertificateId, DiceDeriveCdiPrivateKeySeed, DiceInputValues,
- DICE_CDI_SIZE, DICE_HASH_SIZE, DICE_HIDDEN_SIZE, DICE_ID_SIZE, DICE_INLINE_CONFIG_SIZE,
- DICE_PRIVATE_KEY_SEED_SIZE,
+ DiceMainFlow, DICE_CDI_SIZE, DICE_HASH_SIZE, DICE_HIDDEN_SIZE, DICE_ID_SIZE,
+ DICE_INLINE_CONFIG_SIZE, DICE_PRIVATE_KEY_SEED_SIZE,
};
use std::ptr;
use zeroize::{Zeroize, ZeroizeOnDrop};
@@ -164,3 +164,35 @@
})?;
Ok(id)
}
+
+/// Executes the main DICE flow.
+///
+/// Given a full set of input values and the current CDI values, computes the
+/// next CDI values and a matching certificate.
+/// Returns the actual size of the next CDI certificate.
+pub fn dice_main_flow(
+ current_cdi_attest: &Cdi,
+ current_cdi_seal: &Cdi,
+ input_values: &InputValues,
+ next_cdi_certificate: &mut [u8],
+ next_cdi_values: &mut CdiValues,
+) -> Result<usize> {
+ let mut next_cdi_certificate_actual_size = 0;
+ // SAFETY: The function only reads the current CDI values and inputs and writes
+ // to `next_cdi_certificate` and next CDI values within its bounds.
+ // The first argument can be null and is not used in the current implementation.
+ check_result(unsafe {
+ DiceMainFlow(
+ ptr::null_mut(), // context
+ current_cdi_attest.as_ptr(),
+ current_cdi_seal.as_ptr(),
+ input_values.as_ptr(),
+ next_cdi_certificate.len(),
+ next_cdi_certificate.as_mut_ptr(),
+ &mut next_cdi_certificate_actual_size,
+ next_cdi_values.cdi_attest.as_mut_ptr(),
+ next_cdi_values.cdi_seal.as_mut_ptr(),
+ )
+ })?;
+ Ok(next_cdi_certificate_actual_size)
+}
diff --git a/diced/open_dice/src/lib.rs b/diced/open_dice/src/lib.rs
index 0efea61..f76494e 100644
--- a/diced/open_dice/src/lib.rs
+++ b/diced/open_dice/src/lib.rs
@@ -29,11 +29,14 @@
pub use bcc::{bcc_format_config_descriptor, bcc_main_flow};
pub use dice::{
- derive_cdi_certificate_id, derive_cdi_private_key_seed, Cdi, CdiValues, Config, DiceMode, Hash,
- Hidden, InlineConfig, InputValues, PrivateKeySeed, CDI_SIZE, HASH_SIZE, HIDDEN_SIZE, ID_SIZE,
- PRIVATE_KEY_SEED_SIZE,
+ derive_cdi_certificate_id, derive_cdi_private_key_seed, dice_main_flow, Cdi, CdiValues, Config,
+ DiceMode, Hash, Hidden, InlineConfig, InputValues, PrivateKeySeed, CDI_SIZE, HASH_SIZE,
+ HIDDEN_SIZE, ID_SIZE, PRIVATE_KEY_SEED_SIZE,
};
pub use error::{check_result, DiceError, Result};
pub use ops::{hash, kdf};
#[cfg(feature = "std")]
-pub use retry::{retry_bcc_format_config_descriptor, retry_bcc_main_flow, OwnedDiceArtifacts};
+pub use retry::{
+ retry_bcc_format_config_descriptor, retry_bcc_main_flow, retry_dice_main_flow,
+ OwnedDiceArtifacts,
+};
diff --git a/diced/open_dice/src/retry.rs b/diced/open_dice/src/retry.rs
index 6af6f00..58648b8 100644
--- a/diced/open_dice/src/retry.rs
+++ b/diced/open_dice/src/retry.rs
@@ -18,7 +18,7 @@
//! std environment.
use crate::bcc::{bcc_format_config_descriptor, bcc_main_flow};
-use crate::dice::{Cdi, CdiValues, InputValues};
+use crate::dice::{dice_main_flow, Cdi, CdiValues, InputValues};
use crate::error::{DiceError, Result};
use std::ffi::CStr;
@@ -98,3 +98,25 @@
})?;
Ok(OwnedDiceArtifacts { cdi_values: next_cdi_values, bcc: next_bcc })
}
+
+/// Executes the main DICE flow.
+///
+/// Given a full set of input values and the current CDI values, computes the
+/// next CDI values and a matching certificate.
+pub fn retry_dice_main_flow(
+ current_cdi_attest: &Cdi,
+ current_cdi_seal: &Cdi,
+ input_values: &InputValues,
+) -> Result<(CdiValues, Vec<u8>)> {
+ let mut next_cdi_values = CdiValues::default();
+ let next_cdi_certificate = retry_with_bigger_buffer(|next_cdi_certificate| {
+ dice_main_flow(
+ current_cdi_attest,
+ current_cdi_seal,
+ input_values,
+ next_cdi_certificate,
+ &mut next_cdi_values,
+ )
+ })?;
+ Ok((next_cdi_values, next_cdi_certificate))
+}