Diced: Add Client test.
Test: atest diced_client_test
Bug: 198197213
Change-Id: Idbeee2ccd526474933299b1ff74e505b5b825361
diff --git a/diced/Android.bp b/diced/Android.bp
index c3ff4a8..be6273c 100644
--- a/diced/Android.bp
+++ b/diced/Android.bp
@@ -133,3 +133,26 @@
"libthiserror",
],
}
+
+rust_test {
+ name: "diced_client_test",
+ srcs: [
+ "src/diced_client_test.rs",
+ ],
+ require_root: true,
+ auto_gen_config: true,
+ test_suites: [
+ "general-tests",
+ ],
+
+ rustlibs: [
+ "android.hardware.security.dice-V1-rust",
+ "android.security.dice-rust",
+ "libanyhow",
+ "libbinder_rs",
+ "libdiced_open_dice_cbor",
+ "libdiced_sample_inputs",
+ "libdiced_utils",
+ "libnix",
+ ],
+}
diff --git a/diced/src/diced_client_test.rs b/diced/src/diced_client_test.rs
new file mode 100644
index 0000000..3f5b68f
--- /dev/null
+++ b/diced/src/diced_client_test.rs
@@ -0,0 +1,196 @@
+// Copyright 2021, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use android_hardware_security_dice::aidl::android::hardware::security::dice::{
+ Config::Config as BinderConfig, InputValues::InputValues as BinderInputValues,
+ Mode::Mode as BinderMode,
+};
+use android_security_dice::aidl::android::security::dice::IDiceMaintenance::IDiceMaintenance;
+use android_security_dice::aidl::android::security::dice::IDiceNode::IDiceNode;
+use anyhow::Result;
+use binder::Strong;
+use diced_open_dice_cbor as dice;
+use nix::libc::uid_t;
+use std::convert::TryInto;
+
+static DICE_NODE_SERVICE_NAME: &str = "android.security.dice.IDiceNode";
+static DICE_MAINTENANCE_SERVICE_NAME: &str = "android.security.dice.IDiceMaintenance";
+
+fn get_dice_node() -> Strong<dyn IDiceNode> {
+ binder::get_interface(DICE_NODE_SERVICE_NAME).unwrap()
+}
+
+fn get_dice_maintenance() -> Strong<dyn IDiceMaintenance> {
+ binder::get_interface(DICE_MAINTENANCE_SERVICE_NAME).unwrap()
+}
+
+static TEST_MESSAGE: &[u8] = &[
+ // "My test message!"
+ 0x4d, 0x79, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x21,
+ 0x0a,
+];
+
+// This test calls derive with an empty argument vector and with a set of three input values.
+// It then performs the same three derivation steps on the result of the former and compares
+// the result to the result of the latter.
+fn equivalence_test() {
+ let node = get_dice_node();
+ let input_values = diced_sample_inputs::get_input_values_vector();
+ let former = node.derive(&[]).expect("Trying to call derive.");
+ let latter = node.derive(&input_values).expect("Trying to call derive with input values.");
+ let artifacts = diced_utils::ResidentArtifacts::new(
+ former.cdiAttest[..].try_into().unwrap(),
+ former.cdiSeal[..].try_into().unwrap(),
+ &former.bcc.data,
+ )
+ .unwrap();
+
+ let input_values: Vec<diced_utils::InputValues> =
+ input_values.iter().map(|v| v.try_into()).collect::<Result<_>>().unwrap();
+
+ let artifacts =
+ artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
+ let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
+ let from_former = diced_utils::make_bcc_handover(
+ cdi_attest[..].try_into().unwrap(),
+ cdi_seal[..].try_into().unwrap(),
+ &bcc,
+ )
+ .unwrap();
+ // TODO when we have a parser/verifier, check equivalence rather
+ // than bit by bit equality.
+ assert_eq!(latter, from_former);
+}
+
+fn sign_and_verify() {
+ let node = get_dice_node();
+ let _signature = node.sign(&[], TEST_MESSAGE).expect("Trying to call sign.");
+
+ let _bcc = node.getAttestationChain(&[]).expect("Trying to call getAttestationChain.");
+ // TODO b/204938506 check the signature with the bcc when the verifier is available.
+}
+
+// This test calls derive with an empty argument vector, then demotes the itself using
+// a set of three input values, and then calls derive with empty argument vector again.
+// It then performs the same three derivation steps on the result of the former and compares
+// the result to the result of the latter.
+fn demote_test() {
+ let node = get_dice_node();
+ let input_values = diced_sample_inputs::get_input_values_vector();
+ let former = node.derive(&[]).expect("Trying to call derive.");
+ node.demote(&input_values).expect("Trying to call demote with input values.");
+
+ let latter = node.derive(&[]).expect("Trying to call derive after demote.");
+
+ let artifacts = diced_utils::ResidentArtifacts::new(
+ former.cdiAttest[..].try_into().unwrap(),
+ former.cdiSeal[..].try_into().unwrap(),
+ &former.bcc.data,
+ )
+ .unwrap();
+
+ let input_values: Vec<diced_utils::InputValues> =
+ input_values.iter().map(|v| v.try_into()).collect::<Result<_>>().unwrap();
+
+ let artifacts =
+ artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
+ let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
+ let from_former = diced_utils::make_bcc_handover(
+ cdi_attest[..].try_into().unwrap(),
+ cdi_seal[..].try_into().unwrap(),
+ &bcc,
+ )
+ .unwrap();
+ // TODO b/204938506 when we have a parser/verifier, check equivalence rather
+ // than bit by bit equality.
+ assert_eq!(latter, from_former);
+}
+
+fn client_input_values(uid: uid_t) -> BinderInputValues {
+ BinderInputValues {
+ codeHash: vec![0; dice::HASH_SIZE],
+ config: BinderConfig {
+ desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, true)
+ .unwrap(),
+ },
+ authorityHash: vec![0; dice::HASH_SIZE],
+ authorityDescriptor: None,
+ mode: BinderMode::NORMAL,
+ hidden: vec![0; dice::HIDDEN_SIZE],
+ }
+}
+
+// This test calls derive with an empty argument vector `former` which look like this:
+// <common root> | <caller>
+// It then demotes diced using a set of three input values prefixed with the uid based input
+// values that diced would add to any call. It then calls derive with empty argument vector
+// again which will add another step using the identity of the caller. If diced was demoted
+// correctly the chain of `latter` will
+// look as follows:
+// <common root> | <caller> | <the three sample inputs> | <caller>
+//
+// It then performs the same three derivation steps followed by a set of caller input values
+// on `former` and compares it to `latter`.
+fn demote_self_test() {
+ let maintenance = get_dice_maintenance();
+ let node = get_dice_node();
+ let input_values = diced_sample_inputs::get_input_values_vector();
+ let former = node.derive(&[]).expect("Trying to call derive.");
+
+ let client = client_input_values(nix::unistd::getuid().into());
+
+ let mut demote_vector = vec![client.clone()];
+ demote_vector.append(&mut input_values.clone());
+ maintenance.demoteSelf(&demote_vector).expect("Trying to call demote_self with input values.");
+
+ let latter = node.derive(&[]).expect("Trying to call derive after demote.");
+
+ let artifacts = diced_utils::ResidentArtifacts::new(
+ former.cdiAttest[..].try_into().unwrap(),
+ former.cdiSeal[..].try_into().unwrap(),
+ &former.bcc.data,
+ )
+ .unwrap();
+
+ let client = [client];
+ let input_values: Vec<diced_utils::InputValues> = input_values
+ .iter()
+ .chain(client.iter())
+ .map(|v| v.try_into())
+ .collect::<Result<_>>()
+ .unwrap();
+
+ let artifacts =
+ artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
+ let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
+ let from_former = diced_utils::make_bcc_handover(
+ cdi_attest[..].try_into().unwrap(),
+ cdi_seal[..].try_into().unwrap(),
+ &bcc,
+ )
+ .unwrap();
+ // TODO b/204938506 when we have a parser/verifier, check equivalence rather
+ // than bit by bit equality.
+ assert_eq!(latter, from_former);
+}
+
+#[test]
+fn run_serialized_test() {
+ equivalence_test();
+ sign_and_verify();
+ // The demote self test must run before the demote test or the test fails.
+ // And since demotion is not reversible the test can only pass once per boot.
+ demote_self_test();
+ demote_test();
+}