[dice] Remove unnecessary trait dice::InputValues
Bug: 267575445
Test: atest diced_utils_test diced_sample_inputs_test \
diced_test diced_vendor_test diced_client_test \
diced_open_dice_cbor_test
Change-Id: I6db68622c3ce1f3de040f9872e69482e3e0b1153
diff --git a/diced/open_dice/src/dice.rs b/diced/open_dice/src/dice.rs
index d5e087f..187075a 100644
--- a/diced/open_dice/src/dice.rs
+++ b/diced/open_dice/src/dice.rs
@@ -81,27 +81,25 @@
impl InputValues {
/// Creates a new `InputValues`.
pub fn new(
- code_hash: &Hash,
- code_descriptor: Option<&[u8]>,
+ code_hash: Hash,
config: Config,
- authority_hash: &Hash,
- authority_descriptor: Option<&[u8]>,
+ authority_hash: Hash,
mode: DiceMode,
- hidden: Option<&Hidden>,
+ hidden: Hidden,
) -> Self {
Self(DiceInputValues {
- code_hash: *code_hash,
- code_descriptor: code_descriptor.map_or(ptr::null(), |d| d.as_ptr()),
- code_descriptor_size: code_descriptor.map_or(0, |d| d.len()),
+ code_hash,
+ code_descriptor: ptr::null(),
+ code_descriptor_size: 0,
config_type: config.dice_config_type(),
config_value: config.inline_config(),
config_descriptor: config.descriptor_ptr(),
config_descriptor_size: config.descriptor_size(),
- authority_hash: *authority_hash,
- authority_descriptor: authority_descriptor.map_or(ptr::null(), |d| d.as_ptr()),
- authority_descriptor_size: authority_descriptor.map_or(0, |d| d.len()),
+ authority_hash,
+ authority_descriptor: ptr::null(),
+ authority_descriptor_size: 0,
mode,
- hidden: hidden.map_or([0; HIDDEN_SIZE], |h| *h),
+ hidden,
})
}
diff --git a/diced/open_dice_cbor/lib.rs b/diced/open_dice_cbor/lib.rs
index c3cce58..d92fecf 100644
--- a/diced/open_dice_cbor/lib.rs
+++ b/diced/open_dice_cbor/lib.rs
@@ -20,29 +20,27 @@
//! let context = dice::dice::OpenDiceCborContext::new()
//! let parent_cdi_attest = [1u8, dice::CDI_SIZE];
//! let parent_cdi_seal = [2u8, dice::CDI_SIZE];
-//! let input_values = dice::InputValuesOwned {
-//! code_hash: [3u8, dice::HASH_SIZE],
-//! config: dice::ConfigOwned::Descriptor("My descriptor".as_bytes().to_vec()),
-//! authority_hash: [0u8, dice::HASH_SIZE],
-//! mode: dice::DiceMode::kDiceModeNormal,
-//! hidden: [0u8, dice::HIDDEN_SIZE],
+//! let input_values = dice::InputValues::new(
+//! [3u8, dice::HASH_SIZE], // code_hash
+//! dice::Config::Descriptor(&"My descriptor".as_bytes().to_vec()),
+//! [0u8, dice::HASH_SIZE], // authority_hash
+//! dice::DiceMode::kDiceModeNormal,
+//! [0u8, dice::HIDDEN_SIZE], // hidden
//! };
//! let (cdi_attest, cdi_seal, cert_chain) = context
//! .main_flow(&parent_cdi_attest, &parent_cdi_seal, &input_values)?;
//! ```
-use diced_open_dice::InlineConfig;
pub use diced_open_dice::{
- check_result, Config, DiceError, Hash, Hidden, Result, HASH_SIZE, HIDDEN_SIZE,
+ check_result, Config, DiceError, Hash, Hidden, InputValues, Result, HASH_SIZE, HIDDEN_SIZE,
};
use keystore2_crypto::ZVec;
use open_dice_bcc_bindgen::BccMainFlow;
pub use open_dice_cbor_bindgen::DiceMode;
use open_dice_cbor_bindgen::{
DiceDeriveCdiCertificateId, DiceDeriveCdiPrivateKeySeed, DiceGenerateCertificate, DiceHash,
- DiceInputValues, DiceKdf, DiceKeypairFromSeed, DiceMainFlow, DiceSign, DiceVerify,
- DICE_CDI_SIZE, DICE_ID_SIZE, DICE_PRIVATE_KEY_SEED_SIZE, DICE_PRIVATE_KEY_SIZE,
- DICE_PUBLIC_KEY_SIZE, DICE_SIGNATURE_SIZE,
+ DiceKdf, DiceKeypairFromSeed, DiceMainFlow, DiceSign, DiceVerify, DICE_CDI_SIZE, DICE_ID_SIZE,
+ DICE_PRIVATE_KEY_SEED_SIZE, DICE_PRIVATE_KEY_SIZE, DICE_PUBLIC_KEY_SIZE, DICE_SIGNATURE_SIZE,
};
use std::ffi::c_void;
@@ -59,107 +57,6 @@
/// The size of a signature.
pub const SIGNATURE_SIZE: usize = DICE_SIGNATURE_SIZE as usize;
-enum ConfigOwned {
- Inline(InlineConfig),
- Descriptor(Vec<u8>),
-}
-
-impl From<Config<'_>> for ConfigOwned {
- fn from(config: Config) -> Self {
- match config {
- Config::Inline(inline) => ConfigOwned::Inline(*inline),
- Config::Descriptor(descriptor) => ConfigOwned::Descriptor(descriptor.to_owned()),
- }
- }
-}
-
-/// This trait allows API users to supply DICE input values without copying.
-pub trait InputValues {
- /// Returns the code hash.
- fn code_hash(&self) -> &Hash;
- /// Returns the config.
- fn config(&self) -> Config;
- /// Returns the authority hash.
- fn authority_hash(&self) -> &Hash;
- /// Returns the authority descriptor.
- fn authority_descriptor(&self) -> Option<&[u8]>;
- /// Returns the mode.
- fn mode(&self) -> DiceMode;
- /// Returns the hidden value.
- fn hidden(&self) -> &Hidden;
-}
-
-/// An owning convenience type implementing `InputValues`.
-pub struct InputValuesOwned {
- code_hash: Hash,
- config: ConfigOwned,
- authority_hash: Hash,
- authority_descriptor: Option<Vec<u8>>,
- mode: DiceMode,
- hidden: Hidden,
-}
-
-impl InputValuesOwned {
- /// Construct a new instance of InputValuesOwned.
- pub fn new(
- code_hash: Hash,
- config: Config,
- authority_hash: Hash,
- authority_descriptor: Option<Vec<u8>>,
- mode: DiceMode,
- hidden: Hidden,
- ) -> Self {
- Self {
- code_hash,
- config: config.into(),
- authority_hash,
- authority_descriptor,
- mode,
- hidden,
- }
- }
-}
-
-impl InputValues for InputValuesOwned {
- fn code_hash(&self) -> &Hash {
- &self.code_hash
- }
- fn config(&self) -> Config {
- match &self.config {
- ConfigOwned::Inline(inline) => Config::Inline(inline),
- ConfigOwned::Descriptor(descriptor) => Config::Descriptor(descriptor.as_slice()),
- }
- }
- fn authority_hash(&self) -> &Hash {
- &self.authority_hash
- }
- fn authority_descriptor(&self) -> Option<&[u8]> {
- self.authority_descriptor.as_deref()
- }
- fn mode(&self) -> DiceMode {
- self.mode
- }
- fn hidden(&self) -> &Hidden {
- &self.hidden
- }
-}
-
-fn call_with_input_values<T: InputValues + ?Sized, F, R>(input_values: &T, f: F) -> Result<R>
-where
- F: FnOnce(*const DiceInputValues) -> Result<R>,
-{
- let input_values = diced_open_dice::InputValues::new(
- input_values.code_hash(),
- None, // code_descriptor
- input_values.config(),
- input_values.authority_hash(),
- input_values.authority_descriptor(),
- input_values.mode(),
- Some(input_values.hidden()),
- );
- f(input_values.as_ptr())
-}
-
/// Multiple of the open dice function required preallocated output buffer
/// which may be too small, this function implements the retry logic to handle
/// too small buffer allocations.
@@ -314,11 +211,11 @@
/// * the next seal CDI, and
/// * the next attestation certificate.
/// `(next_attest_cdi, next_seal_cdi, next_attestation_cert)`
- fn main_flow<T: InputValues + ?Sized>(
+ fn main_flow(
&mut self,
current_cdi_attest: &[u8; CDI_SIZE],
current_cdi_seal: &[u8; CDI_SIZE],
- input_values: &T,
+ input_values: &InputValues,
) -> Result<(CdiAttest, CdiSeal, Cert)> {
let mut next_attest = CdiAttest::new(CDI_SIZE)?;
let mut next_seal = CdiSeal::new(CDI_SIZE)?;
@@ -330,10 +227,7 @@
// This is fulfilled as per the definition of the arguments `current_cdi_attest`
// and `current_cdi_seal.
// * The fourth argument is a pointer to `DiceInputValues`. It, and its indirect
- // references must be valid for the duration of the function call which
- // is guaranteed by `call_with_input_values` which puts `DiceInputValues`
- // on the stack and initializes it from the `input_values` argument which
- // implements the `InputValues` trait.
+ // references must be valid for the duration of the function call.
// * The fifth and sixth argument are the length of and the pointer to the
// allocated certificate buffer respectively. They are used to return
// the generated certificate.
@@ -343,24 +237,22 @@
// CDI_SIZE. This is fulfilled if the allocation above succeeded.
// * No pointers are expected to be valid beyond the scope of the function
// call.
- call_with_input_values(input_values, |input_values| {
- let cert = retry_while_adjusting_output_buffer(|cert, actual_size| {
- check_result(unsafe {
- DiceMainFlow(
- self.get_context(),
- current_cdi_attest.as_ptr(),
- current_cdi_seal.as_ptr(),
- input_values,
- cert.len(),
- cert.as_mut_ptr(),
- actual_size as *mut _,
- next_attest.as_mut_ptr(),
- next_seal.as_mut_ptr(),
- )
- })
- })?;
- Ok((next_attest, next_seal, cert))
- })
+ let cert = retry_while_adjusting_output_buffer(|cert, actual_size| {
+ check_result(unsafe {
+ DiceMainFlow(
+ self.get_context(),
+ current_cdi_attest.as_ptr(),
+ current_cdi_seal.as_ptr(),
+ input_values.as_ptr(),
+ cert.len(),
+ cert.as_mut_ptr(),
+ actual_size as *mut _,
+ next_attest.as_mut_ptr(),
+ next_seal.as_mut_ptr(),
+ )
+ })
+ })?;
+ Ok((next_attest, next_seal, cert))
}
/// Safe wrapper around open-dice DiceHash, see open dice
@@ -501,44 +393,39 @@
/// Safe wrapper around open-dice DiceGenerateCertificate, see open dice
/// documentation for details.
- fn generate_certificate<T: InputValues>(
+ fn generate_certificate(
&mut self,
subject_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
authority_private_key_seed: &[u8; PRIVATE_KEY_SEED_SIZE],
- input_values: &T,
+ input_values: &InputValues,
) -> Result<Vec<u8>> {
- // SAFETY (DiceMainFlow):
+ // SAFETY (DiceGenerateCertificate):
// * The first context argument may be NULL and is unused by the wrapped
// implementation.
// * The second argument and the third argument are const arrays of size
// `PRIVATE_KEY_SEED_SIZE`. This is fulfilled as per the definition of the arguments.
// * The fourth argument is a pointer to `DiceInputValues` it, and its indirect
- // references must be valid for the duration of the function call which
- // is guaranteed by `call_with_input_values` which puts `DiceInputValues`
- // on the stack and initializes it from the `input_values` argument which
- // implements the `InputValues` trait.
+ // references must be valid for the duration of the function call.
// * The fifth argument and the sixth argument are the length of and the pointer to the
// allocated certificate buffer respectively. They are used to return
// the generated certificate.
// * The seventh argument is a pointer to a mutable usize object. It is
// used to return the actual size of the output certificate.
// * All pointers must be valid for the duration of the function call but not beyond.
- call_with_input_values(input_values, |input_values| {
- let cert = retry_while_adjusting_output_buffer(|cert, actual_size| {
- check_result(unsafe {
- DiceGenerateCertificate(
- self.get_context(),
- subject_private_key_seed.as_ptr(),
- authority_private_key_seed.as_ptr(),
- input_values,
- cert.len(),
- cert.as_mut_ptr(),
- actual_size as *mut _,
- )
- })
- })?;
- Ok(cert)
- })
+ let cert = retry_while_adjusting_output_buffer(|cert, actual_size| {
+ check_result(unsafe {
+ DiceGenerateCertificate(
+ self.get_context(),
+ subject_private_key_seed.as_ptr(),
+ authority_private_key_seed.as_ptr(),
+ input_values.as_ptr(),
+ cert.len(),
+ cert.as_mut_ptr(),
+ actual_size as *mut _,
+ )
+ })
+ })?;
+ Ok(cert)
}
/// Safe wrapper around open-dice BccDiceMainFlow, see open dice
@@ -548,12 +435,12 @@
/// * the next seal CDI, and
/// * the next bcc adding the new certificate to the given bcc.
/// `(next_attest_cdi, next_seal_cdi, next_bcc)`
- fn bcc_main_flow<T: InputValues + ?Sized>(
+ fn bcc_main_flow(
&mut self,
current_cdi_attest: &[u8; CDI_SIZE],
current_cdi_seal: &[u8; CDI_SIZE],
bcc: &[u8],
- input_values: &T,
+ input_values: &InputValues,
) -> Result<(CdiAttest, CdiSeal, Bcc)> {
let mut next_attest = CdiAttest::new(CDI_SIZE)?;
let mut next_seal = CdiSeal::new(CDI_SIZE)?;
@@ -567,10 +454,7 @@
// * The fourth argument and the fifth argument are the pointer to and size of the buffer
// holding the current bcc.
// * The sixth argument is a pointer to `DiceInputValues` it, and its indirect
- // references must be valid for the duration of the function call which
- // is guaranteed by `call_with_input_values` which puts `DiceInputValues`
- // on the stack and initializes it from the `input_values` argument which
- // implements the `InputValues` trait.
+ // references must be valid for the duration of the function call.
// * The seventh argument and the eighth argument are the length of and the pointer to the
// allocated certificate buffer respectively. They are used to return the generated
// certificate.
@@ -580,26 +464,24 @@
// size CDI_SIZE. This is fulfilled if the allocation above succeeded.
// * No pointers are expected to be valid beyond the scope of the function
// call.
- call_with_input_values(input_values, |input_values| {
- let next_bcc = retry_while_adjusting_output_buffer(|next_bcc, actual_size| {
- check_result(unsafe {
- BccMainFlow(
- self.get_context(),
- current_cdi_attest.as_ptr(),
- current_cdi_seal.as_ptr(),
- bcc.as_ptr(),
- bcc.len(),
- input_values,
- next_bcc.len(),
- next_bcc.as_mut_ptr(),
- actual_size as *mut _,
- next_attest.as_mut_ptr(),
- next_seal.as_mut_ptr(),
- )
- })
- })?;
- Ok((next_attest, next_seal, next_bcc))
- })
+ let next_bcc = retry_while_adjusting_output_buffer(|next_bcc, actual_size| {
+ check_result(unsafe {
+ BccMainFlow(
+ self.get_context(),
+ current_cdi_attest.as_ptr(),
+ current_cdi_seal.as_ptr(),
+ bcc.as_ptr(),
+ bcc.len(),
+ input_values.as_ptr(),
+ next_bcc.len(),
+ next_bcc.as_mut_ptr(),
+ actual_size as *mut _,
+ next_attest.as_mut_ptr(),
+ next_seal.as_mut_ptr(),
+ )
+ })
+ })?;
+ Ok((next_attest, next_seal, next_bcc))
}
}
diff --git a/diced/src/sample_inputs.rs b/diced/src/sample_inputs.rs
index 84c4781..0553327 100644
--- a/diced/src/sample_inputs.rs
+++ b/diced/src/sample_inputs.rs
@@ -21,8 +21,7 @@
use anyhow::{Context, Result};
use dice::ContextImpl;
use diced_open_dice_cbor as dice;
-use diced_utils::cbor;
-use diced_utils::InputValues;
+use diced_utils::{cbor, to_dice_input_values};
use keystore2_crypto::ZVec;
use std::convert::TryInto;
use std::io::Write;
@@ -82,7 +81,7 @@
let input_values_vector = get_input_values_vector();
let (cdi_attest, cdi_seal, mut cert) = dice_ctx
- .main_flow(UDS, UDS, &InputValues::from(&input_values_vector[0]))
+ .main_flow(UDS, UDS, &to_dice_input_values(&input_values_vector[0]))
.context("In make_sample_bcc_and_cdis: Trying to run first main flow.")?;
let mut bcc: Vec<u8> = vec![];
@@ -103,7 +102,7 @@
"In make_sample_bcc_and_cdis: Failed to convert cdi_seal to array reference. (1)",
)?,
&bcc,
- &InputValues::from(&input_values_vector[1]),
+ &to_dice_input_values(&input_values_vector[1]),
)
.context("In make_sample_bcc_and_cdis: Trying to run first bcc main flow.")?;
dice_ctx
@@ -115,7 +114,7 @@
"In make_sample_bcc_and_cdis: Failed to convert cdi_seal to array reference. (2)",
)?,
&bcc,
- &InputValues::from(&input_values_vector[2]),
+ &to_dice_input_values(&input_values_vector[2]),
)
.context("In make_sample_bcc_and_cdis: Trying to run second bcc main flow.")
}
diff --git a/diced/src/utils.rs b/diced/src/utils.rs
index 05702ad..3d35ae5 100644
--- a/diced/src/utils.rs
+++ b/diced/src/utils.rs
@@ -19,63 +19,32 @@
Mode::Mode as BinderMode,
};
use anyhow::{Context, Result};
-use dice::{ContextImpl, DiceMode, Hash, Hidden};
+use dice::{ContextImpl, DiceMode};
use diced_open_dice_cbor as dice;
use keystore2_crypto::ZVec;
use std::convert::TryInto;
-/// This new type wraps a reference to BinderInputValues and implements the open dice
-/// InputValues trait.
-#[derive(Debug)]
-pub struct InputValues<'a>(&'a BinderInputValues);
-
-impl<'a> From<&'a BinderInputValues> for InputValues<'a> {
- fn from(input_values: &'a BinderInputValues) -> InputValues<'a> {
- Self(input_values)
+/// Converts the `InputValues` from the binder to the `InputValues` type in `diced_open_dice` crate.
+pub fn to_dice_input_values(input: &BinderInputValues) -> dice::InputValues {
+ if input.authorityDescriptor.is_some() {
+ unimplemented!("Authority descriptor is not yet implemented in the current library.");
}
+ dice::InputValues::new(
+ input.codeHash,
+ dice::Config::Descriptor(input.config.desc.as_slice()),
+ input.authorityHash,
+ to_dice_mode(input.mode),
+ input.hidden,
+ )
}
-impl From<&InputValues<'_>> for BinderInputValues {
- fn from(input_values: &InputValues) -> BinderInputValues {
- input_values.0.clone()
- }
-}
-impl From<InputValues<'_>> for BinderInputValues {
- fn from(input_values: InputValues) -> BinderInputValues {
- input_values.0.clone()
- }
-}
-
-impl dice::InputValues for InputValues<'_> {
- fn code_hash(&self) -> &Hash {
- &self.0.codeHash
- }
-
- fn config(&self) -> dice::Config {
- dice::Config::Descriptor(self.0.config.desc.as_slice())
- }
-
- fn authority_hash(&self) -> &Hash {
- &self.0.authorityHash
- }
-
- fn authority_descriptor(&self) -> Option<&[u8]> {
- self.0.authorityDescriptor.as_deref()
- }
-
- fn mode(&self) -> DiceMode {
- match self.0.mode {
- BinderMode::NOT_INITIALIZED => DiceMode::kDiceModeNotInitialized,
- BinderMode::NORMAL => DiceMode::kDiceModeNormal,
- BinderMode::DEBUG => DiceMode::kDiceModeDebug,
- BinderMode::RECOVERY => DiceMode::kDiceModeMaintenance,
- _ => DiceMode::kDiceModeNotInitialized,
- }
- }
-
- fn hidden(&self) -> &Hidden {
- // If `self` was created using try_from the length was checked and this cannot panic.
- &self.0.hidden
+fn to_dice_mode(binder_mode: BinderMode) -> DiceMode {
+ match binder_mode {
+ BinderMode::NOT_INITIALIZED => DiceMode::kDiceModeNotInitialized,
+ BinderMode::NORMAL => DiceMode::kDiceModeNormal,
+ BinderMode::DEBUG => DiceMode::kDiceModeDebug,
+ BinderMode::RECOVERY => DiceMode::kDiceModeMaintenance,
+ _ => DiceMode::kDiceModeNotInitialized,
}
}
@@ -153,7 +122,7 @@
(cdi_attest, cdi_seal, bcc)
}
- fn execute_step(self, input_values: InputValues) -> Result<Self> {
+ fn execute_step(self, input_values: &BinderInputValues) -> Result<Self> {
let ResidentArtifacts { cdi_attest, cdi_seal, bcc } = self;
let (cdi_attest, cdi_seal, bcc) = dice::OpenDiceCborContext::new()
@@ -165,7 +134,7 @@
format!("Trying to convert cdi_seal. (length: {})", cdi_seal.len())
})?,
&bcc,
- &input_values,
+ &to_dice_input_values(input_values),
)
.context("In ResidentArtifacts::execute_step:")?;
Ok(ResidentArtifacts { cdi_attest, cdi_seal, bcc })
@@ -173,14 +142,13 @@
/// Iterate through the iterator of dice input values performing one
/// BCC main flow step on each element.
- pub fn execute_steps<'a, T, I>(self, input_values: I) -> Result<Self>
+ pub fn execute_steps<'a, I>(self, input_values: I) -> Result<Self>
where
- T: Into<InputValues<'a>>,
- I: IntoIterator<Item = T>,
+ I: IntoIterator<Item = &'a BinderInputValues>,
{
input_values
.into_iter()
- .try_fold(self, |acc, input| acc.execute_step(input.into()))
+ .try_fold(self, |acc, input| acc.execute_step(input))
.context("In ResidentArtifacts::execute_step:")
}
}