[dice] Add trait DiceArtifacts to access BCC and CDI values
The added DiceArtifacts is implemented for both BccHandover and
OwnedDiceArtifacts. This allows us to access the dice artifacts in
an easy and uniform way.
[u8; CDI_SIZE] is used instead of the alias Cdi to facilitate a
future conversion from Cdi alias to Cdi type so that we can have
more controle over the memory security of CDI. More context in
b/268587826.
Bug: 267575445
Test: atest diced_utils_test diced_sample_inputs_test \
diced_vendor_test diced_open_dice_cbor_test \
libdiced_open_dice_nostd.integration_test \
libdiced_open_dice.integration_test diced_open_dice_cbor_test
Change-Id: Iabb87ad18f2f4a4d46283da045eb21a5776ad4b4
diff --git a/diced/src/diced_client_test.rs b/diced/src/diced_client_test.rs
index 054b2d1..29d7295 100644
--- a/diced/src/diced_client_test.rs
+++ b/diced/src/diced_client_test.rs
@@ -19,6 +19,7 @@
use android_security_dice::aidl::android::security::dice::IDiceMaintenance::IDiceMaintenance;
use android_security_dice::aidl::android::security::dice::IDiceNode::IDiceNode;
use binder::Strong;
+use diced_open_dice::DiceArtifacts;
use diced_open_dice_cbor as dice;
use nix::libc::uid_t;
use std::convert::TryInto;
@@ -54,11 +55,10 @@
.unwrap();
let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
let from_former = diced_utils::make_bcc_handover(
- cdi_attest[..].try_into().unwrap(),
- cdi_seal[..].try_into().unwrap(),
- &bcc,
+ artifacts.cdi_attest(),
+ artifacts.cdi_seal(),
+ artifacts.bcc().expect("bcc is none"),
)
.unwrap();
// TODO when we have a parser/verifier, check equivalence rather
@@ -94,11 +94,10 @@
.unwrap();
let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
let from_former = diced_utils::make_bcc_handover(
- cdi_attest[..].try_into().unwrap(),
- cdi_seal[..].try_into().unwrap(),
- &bcc,
+ artifacts.cdi_attest(),
+ artifacts.cdi_seal(),
+ artifacts.bcc().expect("bcc is none"),
)
.unwrap();
// TODO b/204938506 when we have a parser/verifier, check equivalence rather
@@ -156,11 +155,10 @@
let client = [client];
let artifacts = artifacts.execute_steps(input_values.iter().chain(client.iter())).unwrap();
- let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
let from_former = diced_utils::make_bcc_handover(
- cdi_attest[..].try_into().unwrap(),
- cdi_seal[..].try_into().unwrap(),
- &bcc,
+ artifacts.cdi_attest(),
+ artifacts.cdi_seal(),
+ artifacts.bcc().expect("bcc is none"),
)
.unwrap();
// TODO b/204938506 when we have a parser/verifier, check equivalence rather
diff --git a/diced/src/hal_node.rs b/diced/src/hal_node.rs
index 7a397ec..04602bd 100644
--- a/diced/src/hal_node.rs
+++ b/diced/src/hal_node.rs
@@ -35,6 +35,7 @@
use anyhow::{Context, Result};
use binder::{BinderFeatures, Result as BinderResult, Strong};
use dice::{ContextImpl, OpenDiceCborContext};
+pub use diced_open_dice::DiceArtifacts;
use diced_open_dice_cbor as dice;
use diced_utils as utils;
use nix::sys::wait::{waitpid, WaitStatus};
@@ -47,7 +48,7 @@
use std::os::unix::io::RawFd;
use std::sync::{Arc, RwLock};
use utils::ResidentArtifacts;
-pub use utils::{DiceArtifacts, UpdatableDiceArtifacts};
+pub use utils::UpdatableDiceArtifacts;
/// PipeReader is a simple wrapper around raw pipe file descriptors.
/// It takes ownership of the file descriptor and closes it on drop. It provides `read_all`, which
@@ -331,7 +332,7 @@
BccHandover::BccHandover, Config::Config as BinderConfig,
InputValues::InputValues as BinderInputValues, Mode::Mode as BinderMode,
};
- use anyhow::{Context, Result};
+ use anyhow::{anyhow, Context, Result};
use diced_open_dice_cbor as dice;
use diced_sample_inputs;
use diced_utils as utils;
@@ -346,11 +347,11 @@
impl From<dice::OwnedDiceArtifacts> for InsecureSerializableArtifacts {
fn from(dice_artifacts: dice::OwnedDiceArtifacts) -> Self {
- Self {
- cdi_attest: dice_artifacts.cdi_values.cdi_attest,
- cdi_seal: dice_artifacts.cdi_values.cdi_seal,
- bcc: dice_artifacts.bcc[..].to_vec(),
- }
+ let mut cdi_attest = [0u8; dice::CDI_SIZE];
+ cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());
+ let mut cdi_seal = [0u8; dice::CDI_SIZE];
+ cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());
+ Self { cdi_attest, cdi_seal, bcc: dice_artifacts.bcc().expect("bcc is none").to_vec() }
}
}
@@ -361,8 +362,8 @@
fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
&self.cdi_seal
}
- fn bcc(&self) -> Vec<u8> {
- self.bcc.clone()
+ fn bcc(&self) -> Option<&[u8]> {
+ Some(&self.bcc)
}
}
@@ -377,7 +378,7 @@
Ok(Self {
cdi_attest: *new_artifacts.cdi_attest(),
cdi_seal: *new_artifacts.cdi_seal(),
- bcc: new_artifacts.bcc(),
+ bcc: new_artifacts.bcc().ok_or_else(|| anyhow!("bcc is none"))?.to_vec(),
})
}
}
@@ -430,7 +431,7 @@
let result = utils::make_bcc_handover(
new_artifacts.cdi_attest(),
new_artifacts.cdi_seal(),
- &new_artifacts.bcc(),
+ new_artifacts.bcc().unwrap(),
)?;
assert_eq!(result, make_derive_test_vector());
diff --git a/diced/src/sample_inputs.rs b/diced/src/sample_inputs.rs
index 802a6d3..824ee9e 100644
--- a/diced/src/sample_inputs.rs
+++ b/diced/src/sample_inputs.rs
@@ -18,11 +18,11 @@
use android_hardware_security_dice::aidl::android::hardware::security::dice::{
Config::Config as BinderConfig, InputValues::InputValues as BinderInputValues, Mode::Mode,
};
-use anyhow::{Context, Result};
+use anyhow::{anyhow, Context, Result};
use dice::ContextImpl;
+use diced_open_dice::DiceArtifacts;
use diced_open_dice_cbor as dice;
use diced_utils::{cbor, to_dice_input_values};
-use std::convert::TryInto;
use std::ffi::CStr;
use std::io::Write;
@@ -100,9 +100,9 @@
)
.context("In make_sample_bcc_and_cdis: Trying to run first bcc main flow.")?;
dice::retry_bcc_main_flow(
- &dice_artifacts.cdi_values.cdi_attest,
- &dice_artifacts.cdi_values.cdi_seal,
- &dice_artifacts.bcc,
+ dice_artifacts.cdi_attest(),
+ dice_artifacts.cdi_seal(),
+ dice_artifacts.bcc().ok_or_else(|| anyhow!("bcc is none"))?,
&to_dice_input_values(&input_values_vector[2]),
)
.context("In make_sample_bcc_and_cdis: Trying to run second bcc main flow.")
diff --git a/diced/src/utils.rs b/diced/src/utils.rs
index 2b47dac..2789a60 100644
--- a/diced/src/utils.rs
+++ b/diced/src/utils.rs
@@ -18,8 +18,9 @@
Bcc::Bcc, BccHandover::BccHandover, InputValues::InputValues as BinderInputValues,
Mode::Mode as BinderMode,
};
-use anyhow::{Context, Result};
+use anyhow::{anyhow, Context, Result};
use diced_open_dice as dice;
+use diced_open_dice::DiceArtifacts;
use keystore2_crypto::ZVec;
use std::convert::TryInto;
@@ -61,6 +62,7 @@
/// and the BCC formatted attestation certificate chain. The sensitive secrets are
/// stored in zeroing vectors, and it implements functionality to perform DICE
/// derivation steps using libopen-dice-cbor.
+/// TODO(b/268322533): Remove this struct with the unused HAL service dice
pub struct ResidentArtifacts {
cdi_attest: ZVec,
cdi_seal: ZVec,
@@ -72,9 +74,9 @@
fn try_from(dice_artifacts: dice::OwnedDiceArtifacts) -> Result<Self, Self::Error> {
Ok(ResidentArtifacts {
- cdi_attest: dice_artifacts.cdi_values.cdi_attest[..].try_into()?,
- cdi_seal: dice_artifacts.cdi_values.cdi_seal[..].try_into()?,
- bcc: dice_artifacts.bcc[..].to_vec(),
+ cdi_attest: dice_artifacts.cdi_attest().to_vec().try_into()?,
+ cdi_seal: dice_artifacts.cdi_seal().to_vec().try_into()?,
+ bcc: dice_artifacts.bcc().ok_or_else(|| anyhow!("bcc is none"))?.to_vec(),
})
}
}
@@ -104,9 +106,9 @@
/// because DiceArtifacts returns array references of appropriate size.
pub fn new_from<T: DiceArtifacts + ?Sized>(artifacts: &T) -> Result<Self> {
Ok(ResidentArtifacts {
- cdi_attest: artifacts.cdi_attest()[..].try_into()?,
- cdi_seal: artifacts.cdi_seal()[..].try_into()?,
- bcc: artifacts.bcc(),
+ cdi_attest: artifacts.cdi_attest().to_vec().try_into()?,
+ cdi_seal: artifacts.cdi_seal().to_vec().try_into()?,
+ bcc: artifacts.bcc().ok_or_else(|| anyhow!("bcc is none"))?.to_vec(),
})
}
@@ -163,20 +165,6 @@
}
}
-/// An object that implements this trait provides the typical DICE artifacts.
-/// CDI_ATTEST, CDI_SEAL, and a certificate chain up to the public key that
-/// can be derived from CDI_ATTEST. Implementations should check the length of
-/// the stored CDI_* secrets on creation so that any valid instance returns the
-/// correct secrets in an infallible way.
-pub trait DiceArtifacts {
- /// Returns CDI_ATTEST.
- fn cdi_attest(&self) -> &[u8; dice::CDI_SIZE];
- /// Returns CDI_SEAL.
- fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE];
- /// Returns the attestation certificate chain in BCC format.
- fn bcc(&self) -> Vec<u8>;
-}
-
/// Implement this trait to provide read and write access to a secure artifact
/// storage that can be used by the ResidentHal implementation.
pub trait UpdatableDiceArtifacts {
@@ -199,8 +187,8 @@
fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
self.cdi_seal[..].try_into().unwrap()
}
- fn bcc(&self) -> Vec<u8> {
- self.bcc.clone()
+ fn bcc(&self) -> Option<&[u8]> {
+ Some(&self.bcc)
}
}