[dice] Move error type to upstream library libdiced_open_dice
This is part of the project of merging the two existing dice
wrapper libraries into one library. The upstream library
libdiced_open_dice will be the merged library.
Test: atest diced_utils_test diced_sample_inputs_test \
diced_test diced_vendor_test
Test: m pvmfw_img microdroid_manager && atest \
microdroid_manager_test
Bug: 267575445
Change-Id: I584dd2f91996d376dff354564b43321ef6535303
diff --git a/diced/open_dice/Android.bp b/diced/open_dice/Android.bp
index be8388f..f4c2155 100644
--- a/diced/open_dice/Android.bp
+++ b/diced/open_dice/Android.bp
@@ -24,11 +24,13 @@
],
}
-rust_library_rlib {
+rust_library {
name: "libdiced_open_dice",
defaults: ["libdiced_open_dice_defaults"],
rustlibs: [
"libopen_dice_cbor_bindgen",
+ // For ZVec
+ "libkeystore2_crypto_rust",
],
features: [
"std",
diff --git a/diced/open_dice/src/dice.rs b/diced/open_dice/src/dice.rs
index c08cc40..d5e087f 100644
--- a/diced/open_dice/src/dice.rs
+++ b/diced/open_dice/src/dice.rs
@@ -15,11 +15,11 @@
//! Structs and functions about the types used in DICE.
//! This module mirrors the content in open-dice/include/dice/dice.h
-use core::ptr;
use open_dice_cbor_bindgen::{
DiceConfigType, DiceInputValues, DiceMode, DICE_HASH_SIZE, DICE_HIDDEN_SIZE,
DICE_INLINE_CONFIG_SIZE,
};
+use std::ptr;
/// The size of a DICE hash.
pub const HASH_SIZE: usize = DICE_HASH_SIZE as usize;
diff --git a/diced/open_dice/src/error.rs b/diced/open_dice/src/error.rs
new file mode 100644
index 0000000..9cf2ae8
--- /dev/null
+++ b/diced/open_dice/src/error.rs
@@ -0,0 +1,78 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Errors and relating functions thrown in this library.
+
+use open_dice_cbor_bindgen::DiceResult;
+use std::{fmt, result};
+
+#[cfg(feature = "std")]
+use std::error::Error;
+
+/// Error type used by DICE.
+#[derive(Debug)]
+pub enum DiceError {
+ /// Provided input was invalid.
+ InvalidInput,
+ /// Provided buffer was too small.
+ BufferTooSmall,
+ /// Platform error.
+ PlatformError,
+ /// Input string has an interior nul byte.
+ /// TODO(b/267575445): Remove this error once we change the param of
+ /// `format_config_descriptor to take &CStr.
+ #[cfg(feature = "std")]
+ CStrNulError,
+ /// The allocation of a ZVec failed.
+ #[cfg(feature = "std")]
+ ZVecError(keystore2_crypto::zvec::Error),
+}
+
+#[cfg(feature = "std")]
+impl From<keystore2_crypto::zvec::Error> for DiceError {
+ fn from(e: keystore2_crypto::zvec::Error) -> Self {
+ Self::ZVecError(e)
+ }
+}
+
+/// This makes `DiceError` accepted by anyhow.
+#[cfg(feature = "std")]
+impl Error for DiceError {}
+
+impl fmt::Display for DiceError {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ match self {
+ Self::InvalidInput => write!(f, "invalid input"),
+ Self::BufferTooSmall => write!(f, "buffer too small"),
+ Self::PlatformError => write!(f, "platform error"),
+ #[cfg(feature = "std")]
+ Self::CStrNulError => write!(f, "input string has an interior nul byte"),
+ #[cfg(feature = "std")]
+ Self::ZVecError(e) => write!(f, "ZVec allocation failed {e}"),
+ }
+ }
+}
+
+/// DICE result type.
+pub type Result<T> = result::Result<T, DiceError>;
+
+/// Checks the given `DiceResult`. Returns an error if it's not OK.
+pub fn check_result(result: DiceResult) -> Result<()> {
+ match result {
+ DiceResult::kDiceResultOk => Ok(()),
+ DiceResult::kDiceResultInvalidInput => Err(DiceError::InvalidInput),
+ DiceResult::kDiceResultBufferTooSmall => Err(DiceError::BufferTooSmall),
+ DiceResult::kDiceResultPlatformError => Err(DiceError::PlatformError),
+ }
+}
diff --git a/diced/open_dice/src/lib.rs b/diced/open_dice/src/lib.rs
index 96e2569..f6f1781 100644
--- a/diced/open_dice/src/lib.rs
+++ b/diced/open_dice/src/lib.rs
@@ -17,6 +17,11 @@
#![cfg_attr(not(feature = "std"), no_std)]
+#[cfg(not(feature = "std"))]
+extern crate core as std;
+
mod dice;
+mod error;
pub use dice::{Config, Hash, Hidden, InlineConfig, InputValues, HASH_SIZE, HIDDEN_SIZE};
+pub use error::{check_result, DiceError, Result};
diff --git a/diced/open_dice_cbor/Android.bp b/diced/open_dice_cbor/Android.bp
index 3a7f04c..61d4d50 100644
--- a/diced/open_dice_cbor/Android.bp
+++ b/diced/open_dice_cbor/Android.bp
@@ -27,7 +27,6 @@
"libkeystore2_crypto_rust",
"libopen_dice_bcc_bindgen",
"libopen_dice_cbor_bindgen",
- "libthiserror",
],
static_libs: [
"libopen_dice_bcc",
diff --git a/diced/open_dice_cbor/lib.rs b/diced/open_dice_cbor/lib.rs
index e5bda89..c3cce58 100644
--- a/diced/open_dice_cbor/lib.rs
+++ b/diced/open_dice_cbor/lib.rs
@@ -32,23 +32,19 @@
//! ```
use diced_open_dice::InlineConfig;
-pub use diced_open_dice::{Config, Hash, Hidden, HASH_SIZE, HIDDEN_SIZE};
-use keystore2_crypto::{zvec, ZVec};
+pub use diced_open_dice::{
+ check_result, Config, DiceError, Hash, Hidden, Result, HASH_SIZE, HIDDEN_SIZE,
+};
+use keystore2_crypto::ZVec;
use open_dice_bcc_bindgen::BccMainFlow;
pub use open_dice_cbor_bindgen::DiceMode;
use open_dice_cbor_bindgen::{
DiceDeriveCdiCertificateId, DiceDeriveCdiPrivateKeySeed, DiceGenerateCertificate, DiceHash,
- DiceInputValues, DiceKdf, DiceKeypairFromSeed, DiceMainFlow, DiceResult, DiceSign, DiceVerify,
+ DiceInputValues, DiceKdf, DiceKeypairFromSeed, DiceMainFlow, DiceSign, DiceVerify,
DICE_CDI_SIZE, DICE_ID_SIZE, DICE_PRIVATE_KEY_SEED_SIZE, DICE_PRIVATE_KEY_SIZE,
DICE_PUBLIC_KEY_SIZE, DICE_SIGNATURE_SIZE,
};
-use open_dice_cbor_bindgen::{
- DiceResult_kDiceResultBufferTooSmall as DICE_RESULT_BUFFER_TOO_SMALL,
- DiceResult_kDiceResultInvalidInput as DICE_RESULT_INVALID_INPUT,
- DiceResult_kDiceResultOk as DICE_RESULT_OK,
- DiceResult_kDiceResultPlatformError as DICE_RESULT_PLATFORM_ERROR,
-};
-use std::ffi::{c_void, NulError};
+use std::ffi::c_void;
/// The size of a private key seed.
pub const PRIVATE_KEY_SEED_SIZE: usize = DICE_PRIVATE_KEY_SEED_SIZE as usize;
@@ -63,55 +59,6 @@
/// The size of a signature.
pub const SIGNATURE_SIZE: usize = DICE_SIGNATURE_SIZE as usize;
-/// Open dice wrapper error type.
-#[derive(Debug, thiserror::Error, PartialEq, Eq)]
-pub enum Error {
- /// The libopen-dice backend reported InvalidInput.
- #[error("Open dice backend: Invalid input")]
- InvalidInput,
- /// The libopen-dice backend reported BufferTooSmall.
- #[error("Open dice backend: Buffer too small")]
- BufferTooSmall,
- /// The libopen-dice backend reported PlatformError.
- #[error("Open dice backend: Platform error")]
- PlatformError,
- /// The libopen-dice backend reported an error that is outside of the defined range of errors.
- /// The returned error code is embedded in this value.
- #[error("Open dice backend returned an unexpected error code: {0:?}")]
- Unexpected(u32),
-
- /// The allocation of a ZVec failed. Most likely due to a failure during the call to mlock.
- #[error("ZVec allocation failed")]
- ZVec(#[from] zvec::Error),
-
- /// Functions that have to convert str to CString may fail if the string has an interior
- /// nul byte.
- #[error("Input string has an interior nul byte.")]
- CStrNulError(#[from] NulError),
-}
-
-/// Open dice result type.
-pub type Result<T> = std::result::Result<T, Error>;
-
-impl From<DiceResult> for Error {
- fn from(result: DiceResult) -> Self {
- match result {
- DICE_RESULT_INVALID_INPUT => Error::InvalidInput,
- DICE_RESULT_BUFFER_TOO_SMALL => Error::BufferTooSmall,
- DICE_RESULT_PLATFORM_ERROR => Error::PlatformError,
- r => Error::Unexpected(r),
- }
- }
-}
-
-fn check_result(result: DiceResult) -> Result<()> {
- if result == DICE_RESULT_OK {
- Ok(())
- } else {
- Err(result.into())
- }
-}
-
enum ConfigOwned {
Inline(InlineConfig),
Descriptor(Vec<u8>),
@@ -236,7 +183,7 @@
// If Error::BufferTooSmall was returned, the allocated certificate
// buffer was to small for the output. So the buffer is resized to the actual
// size, and a second attempt is made with the new buffer.
- Err(Error::BufferTooSmall) => {
+ Err(DiceError::BufferTooSmall) => {
let new_size = if actual_size == 0 {
// Due to an off spec implementation of open dice cbor, actual size
// does not return the required size if the buffer was too small. So
@@ -660,7 +607,7 @@
/// specification.
/// See https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
pub mod bcc {
- use super::{check_result, retry_while_adjusting_output_buffer, Result};
+ use super::{check_result, retry_while_adjusting_output_buffer, DiceError, Result};
use open_dice_bcc_bindgen::{
BccConfigValues, BccFormatConfigDescriptor, BCC_INPUT_COMPONENT_NAME,
BCC_INPUT_COMPONENT_VERSION, BCC_INPUT_RESETTABLE,
@@ -668,13 +615,14 @@
use std::ffi::CString;
/// Safe wrapper around BccFormatConfigDescriptor, see open dice documentation for details.
+ /// TODO(b/267575445): Make `component_name` take &CStr here.
pub fn format_config_descriptor(
component_name: Option<&str>,
component_version: Option<u64>,
resettable: bool,
) -> Result<Vec<u8>> {
let component_name = match component_name {
- Some(n) => Some(CString::new(n)?),
+ Some(n) => Some(CString::new(n).map_err(|_| DiceError::CStrNulError)?),
None => None,
};
let input = BccConfigValues {