Diced: Switch to fixed length array AIDL types.
Test: diced_test diced_client_test diced_vendor_test for regression.
Change-Id: I50a3b1661c403c140fa5e2aa3ee5b16553d87fb9
diff --git a/diced/src/diced_client_test.rs b/diced/src/diced_client_test.rs
index 3f5b68f..3915508 100644
--- a/diced/src/diced_client_test.rs
+++ b/diced/src/diced_client_test.rs
@@ -18,7 +18,6 @@
};
use android_security_dice::aidl::android::security::dice::IDiceMaintenance::IDiceMaintenance;
use android_security_dice::aidl::android::security::dice::IDiceNode::IDiceNode;
-use anyhow::Result;
use binder::Strong;
use diced_open_dice_cbor as dice;
use nix::libc::uid_t;
@@ -49,15 +48,12 @@
let input_values = diced_sample_inputs::get_input_values_vector();
let former = node.derive(&[]).expect("Trying to call derive.");
let latter = node.derive(&input_values).expect("Trying to call derive with input values.");
- let artifacts = diced_utils::ResidentArtifacts::new(
- former.cdiAttest[..].try_into().unwrap(),
- former.cdiSeal[..].try_into().unwrap(),
- &former.bcc.data,
- )
- .unwrap();
+ let artifacts =
+ diced_utils::ResidentArtifacts::new(&former.cdiAttest, &former.cdiSeal, &former.bcc.data)
+ .unwrap();
let input_values: Vec<diced_utils::InputValues> =
- input_values.iter().map(|v| v.try_into()).collect::<Result<_>>().unwrap();
+ input_values.iter().map(|v| v.into()).collect();
let artifacts =
artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
@@ -101,7 +97,7 @@
.unwrap();
let input_values: Vec<diced_utils::InputValues> =
- input_values.iter().map(|v| v.try_into()).collect::<Result<_>>().unwrap();
+ input_values.iter().map(|v| v.into()).collect();
let artifacts =
artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
@@ -119,15 +115,15 @@
fn client_input_values(uid: uid_t) -> BinderInputValues {
BinderInputValues {
- codeHash: vec![0; dice::HASH_SIZE],
+ codeHash: [0; dice::HASH_SIZE],
config: BinderConfig {
desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, true)
.unwrap(),
},
- authorityHash: vec![0; dice::HASH_SIZE],
+ authorityHash: [0; dice::HASH_SIZE],
authorityDescriptor: None,
mode: BinderMode::NORMAL,
- hidden: vec![0; dice::HIDDEN_SIZE],
+ hidden: [0; dice::HIDDEN_SIZE],
}
}
@@ -164,12 +160,8 @@
.unwrap();
let client = [client];
- let input_values: Vec<diced_utils::InputValues> = input_values
- .iter()
- .chain(client.iter())
- .map(|v| v.try_into())
- .collect::<Result<_>>()
- .unwrap();
+ let input_values: Vec<diced_utils::InputValues> =
+ input_values.iter().chain(client.iter()).map(|v| v.into()).collect();
let artifacts =
artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
diff --git a/diced/src/hal_node.rs b/diced/src/hal_node.rs
index fd5384f..bac60b5 100644
--- a/diced/src/hal_node.rs
+++ b/diced/src/hal_node.rs
@@ -188,7 +188,7 @@
run_forked(move || {
let artifacts = artifacts.with_artifacts(|a| ResidentArtifacts::new_from(a))?;
let input_values: Vec<utils::InputValues> =
- input_values.iter().map(|v| v.try_into()).collect::<Result<_>>()?;
+ input_values.iter().map(|v| v.into()).collect();
let artifacts = artifacts
.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues))
.context("In ResidentHal::get_effective_artifacts:")?;
@@ -280,7 +280,7 @@
let new_artifacts =
artifacts_clone.with_artifacts(|a| ResidentArtifacts::new_from(a))?;
let input_values: Vec<utils::InputValues> =
- input_values.iter().map(|v| v.try_into()).collect::<Result<_>>()?;
+ input_values.iter().map(|v| v.into()).collect();
let new_artifacts = new_artifacts
.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues))
@@ -383,17 +383,21 @@
Ok(BinderInputValues {
codeHash: dice_ctx
.hash(code.as_bytes())
- .context("In make_input_values: code hash failed.")?,
+ .context("In make_input_values: code hash failed.")?
+ .as_slice()
+ .try_into()?,
config: BinderConfig {
desc: dice::bcc::format_config_descriptor(Some(config_name), None, true)
.context("In make_input_values: Failed to format config descriptor.")?,
},
authorityHash: dice_ctx
.hash(authority.as_bytes())
- .context("In make_input_values: authority hash failed.")?,
+ .context("In make_input_values: authority hash failed.")?
+ .as_slice()
+ .try_into()?,
authorityDescriptor: None,
mode: BinderMode::NORMAL,
- hidden: vec![0; dice::HIDDEN_SIZE],
+ hidden: [0; dice::HIDDEN_SIZE],
})
}
@@ -411,8 +415,7 @@
make_input_values("component 3 code", "component 3", "component 3 authority")?,
];
- let input_values: Vec<utils::InputValues> =
- input_values.iter().map(|v| v.try_into()).collect::<Result<_>>()?;
+ let input_values: Vec<utils::InputValues> = input_values.iter().map(|v| v.into()).collect();
let new_artifacts =
artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues))?;
diff --git a/diced/src/lib.rs b/diced/src/lib.rs
index 8562406..a663144 100644
--- a/diced/src/lib.rs
+++ b/diced/src/lib.rs
@@ -98,14 +98,14 @@
fn client_input_values(uid: uid_t) -> Result<BinderInputValues> {
Ok(BinderInputValues {
- codeHash: vec![0; dice::HASH_SIZE],
+ codeHash: [0; dice::HASH_SIZE],
config: BinderConfig {
desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, true)
.context("In client_input_values: failed to format config descriptor")?,
},
- authorityHash: vec![0; dice::HASH_SIZE],
+ authorityHash: [0; dice::HASH_SIZE],
authorityDescriptor: None,
- hidden: vec![0; dice::HIDDEN_SIZE],
+ hidden: [0; dice::HIDDEN_SIZE],
mode: Mode::NORMAL,
})
}
diff --git a/diced/src/resident_node.rs b/diced/src/resident_node.rs
index 5fe4dc9..99a6dc9 100644
--- a/diced/src/resident_node.rs
+++ b/diced/src/resident_node.rs
@@ -66,8 +66,8 @@
.map(|v| v.iter())
.unwrap_or_else(|| client_arr.iter())
.chain(input_values.iter())
- .map(|v| v.try_into())
- .collect::<Result<_>>()?;
+ .map(|v| v.into())
+ .collect();
artifacts
.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues))
diff --git a/diced/src/sample_inputs.rs b/diced/src/sample_inputs.rs
index f76ebc9..93897a6 100644
--- a/diced/src/sample_inputs.rs
+++ b/diced/src/sample_inputs.rs
@@ -134,7 +134,7 @@
hidden: &[u8; dice::HIDDEN_SIZE],
) -> Result<BinderInputValues> {
Ok(BinderInputValues {
- codeHash: code_hash.to_vec(),
+ codeHash: *code_hash,
config: BinderConfig {
desc: dice::bcc::format_config_descriptor(
Some(config_name),
@@ -143,9 +143,9 @@
)
.context("In make_input_values: Failed to format config descriptor.")?,
},
- authorityHash: authority_hash.to_vec(),
+ authorityHash: *authority_hash,
authorityDescriptor: None,
- hidden: hidden.to_vec(),
+ hidden: *hidden,
mode,
})
}
diff --git a/diced/src/utils.rs b/diced/src/utils.rs
index 3d3db55..03e8969 100644
--- a/diced/src/utils.rs
+++ b/diced/src/utils.rs
@@ -18,41 +18,20 @@
Bcc::Bcc, BccHandover::BccHandover, InputValues::InputValues as BinderInputValues,
Mode::Mode as BinderMode,
};
-use anyhow::{anyhow, Context, Result};
+use anyhow::{Context, Result};
use dice::ContextImpl;
use diced_open_dice_cbor as dice;
use keystore2_crypto::ZVec;
-use std::convert::{TryFrom, TryInto};
+use std::convert::TryInto;
/// This new type wraps a reference to BinderInputValues and implements the open dice
/// InputValues trait.
#[derive(Debug)]
pub struct InputValues<'a>(&'a BinderInputValues);
-impl<'a> TryFrom<&'a BinderInputValues> for InputValues<'a> {
- type Error = anyhow::Error;
-
- fn try_from(input_values: &'a BinderInputValues) -> Result<InputValues<'a>> {
- if input_values.codeHash.len() != dice::HASH_SIZE {
- return Err(anyhow!(format!(
- "In try_from: Code hash has invalid size: {}",
- input_values.codeHash.len()
- )));
- }
- if input_values.authorityHash.len() != dice::HASH_SIZE {
- return Err(anyhow!(format!(
- "In try_from: Authority hash has invalid size: {}",
- input_values.authorityHash.len()
- )));
- }
- if input_values.hidden.len() != dice::HIDDEN_SIZE {
- return Err(anyhow!(format!(
- "In try_from: Hidden has invalid size: {}",
- input_values.hidden.len()
- )));
- }
-
- Ok(Self(input_values))
+impl<'a> From<&'a BinderInputValues> for InputValues<'a> {
+ fn from(input_values: &'a BinderInputValues) -> InputValues<'a> {
+ Self(input_values)
}
}
@@ -69,8 +48,7 @@
impl dice::InputValues for InputValues<'_> {
fn code_hash(&self) -> &[u8; dice::HASH_SIZE] {
- // If `self` was created using try_from the length was checked and this cannot panic.
- self.0.codeHash.as_slice().try_into().unwrap()
+ &self.0.codeHash
}
fn config(&self) -> dice::Config {
@@ -78,8 +56,7 @@
}
fn authority_hash(&self) -> &[u8; dice::HASH_SIZE] {
- // If `self` was created using try_from the length was checked and this cannot panic.
- self.0.authorityHash.as_slice().try_into().unwrap()
+ &self.0.authorityHash
}
fn authority_descriptor(&self) -> Option<&[u8]> {
@@ -98,7 +75,7 @@
fn hidden(&self) -> &[u8; dice::HIDDEN_SIZE] {
// If `self` was created using try_from the length was checked and this cannot panic.
- self.0.hidden.as_slice().try_into().unwrap()
+ &self.0.hidden
}
}
@@ -109,11 +86,7 @@
cdi_seal: &[u8; dice::CDI_SIZE],
bcc: &[u8],
) -> Result<BccHandover> {
- Ok(BccHandover {
- cdiAttest: cdi_attest.to_vec(),
- cdiSeal: cdi_seal.to_vec(),
- bcc: Bcc { data: bcc.to_vec() },
- })
+ Ok(BccHandover { cdiAttest: *cdi_attest, cdiSeal: *cdi_seal, bcc: Bcc { data: bcc.to_vec() } })
}
/// ResidentArtifacts stores a set of dice artifacts comprising CDI_ATTEST, CDI_SEAL,
@@ -406,92 +379,3 @@
}
}
}
-
-#[cfg(test)]
-mod test {
- use super::*;
- use android_hardware_security_dice::aidl::android::hardware::security::dice::{
- Config::Config as BinderConfig, InputValues::InputValues as BinderInputValues,
- };
- use dice::InputValues as DiceInputValues;
- use diced_open_dice_cbor as dice;
-
- static CODE_HASH_TEST_VECTOR: [u8; dice::HASH_SIZE] = [1u8; dice::HASH_SIZE];
- static CONFIG_DESCRIPTOR_TEST_VECTOR: &[u8] = &[3, 2, 1];
- static AUTHORITY_HASH_TEST_VECTOR: [u8; dice::HASH_SIZE] = [3u8; dice::HASH_SIZE];
- static AUTHORITY_DESCRIPTOR_TEST_VECTOR: &[u8] = &[1, 2, 3];
- static HIDDEN_TEST_VECTOR: [u8; dice::HIDDEN_SIZE] = [4u8; dice::HIDDEN_SIZE];
-
- #[test]
- fn try_from_input_values_binder() {
- let input_values_good = BinderInputValues {
- codeHash: CODE_HASH_TEST_VECTOR.to_vec(),
- config: BinderConfig { desc: CONFIG_DESCRIPTOR_TEST_VECTOR.to_vec() },
- authorityHash: AUTHORITY_HASH_TEST_VECTOR.to_vec(),
- authorityDescriptor: Some(AUTHORITY_DESCRIPTOR_TEST_VECTOR.to_vec()),
- mode: BinderMode::NORMAL,
- hidden: HIDDEN_TEST_VECTOR.to_vec(),
- };
-
- let converted_input_values: InputValues =
- (&input_values_good).try_into().expect("This should succeed.");
- assert_eq!(*converted_input_values.code_hash(), CODE_HASH_TEST_VECTOR);
- assert_eq!(
- converted_input_values.config(),
- dice::Config::Descriptor(CONFIG_DESCRIPTOR_TEST_VECTOR)
- );
- assert_eq!(*converted_input_values.authority_hash(), AUTHORITY_HASH_TEST_VECTOR);
- assert_eq!(
- converted_input_values.authority_descriptor(),
- Some(AUTHORITY_DESCRIPTOR_TEST_VECTOR)
- );
- assert_eq!(converted_input_values.mode(), dice::Mode::Normal);
- assert_eq!(*converted_input_values.hidden(), HIDDEN_TEST_VECTOR);
-
- // One more time without authority descriptor.
- let input_values_still_good_without_authority_descriptor =
- BinderInputValues { authorityDescriptor: None, ..input_values_good.clone() };
-
- let converted_input_values: InputValues =
- (&input_values_still_good_without_authority_descriptor)
- .try_into()
- .expect("This should succeed.");
- assert_eq!(*converted_input_values.code_hash(), CODE_HASH_TEST_VECTOR);
- assert_eq!(
- converted_input_values.config(),
- dice::Config::Descriptor(CONFIG_DESCRIPTOR_TEST_VECTOR)
- );
- assert_eq!(*converted_input_values.authority_hash(), AUTHORITY_HASH_TEST_VECTOR);
- assert_eq!(converted_input_values.authority_descriptor(), None);
- assert_eq!(converted_input_values.mode(), dice::Mode::Normal);
- assert_eq!(*converted_input_values.hidden(), HIDDEN_TEST_VECTOR);
-
- // Now check the failure cases.
- // Wrong sized codeHash.
- let input_values_bad_code_hash = BinderInputValues {
- codeHash: vec![1u8; dice::HASH_SIZE + 1],
- ..input_values_good.clone()
- };
-
- InputValues::try_from(&input_values_bad_code_hash)
- .expect_err("Conversion of input values with wrong sized code hash succeeded.");
-
- // Wrong sized authority hash.
- let input_values_bad_authority_hash = BinderInputValues {
- authorityHash: vec![1u8; dice::HASH_SIZE + 1],
- ..input_values_good.clone()
- };
-
- InputValues::try_from(&input_values_bad_authority_hash)
- .expect_err("Conversion of input values with wrong sized authority hash succeeded.");
-
- // Wrong sized hidden.
- let input_values_bad_hidden = BinderInputValues {
- authorityHash: vec![1u8; dice::HASH_SIZE + 1],
- ..input_values_good.clone()
- };
-
- InputValues::try_from(&input_values_bad_hidden)
- .expect_err("Conversion of input values with wrong sized hidden succeeded.");
- }
-}