Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f4bd1c6091915b9cc41aee990efc488d753168b0^! / . / diced / open_dice / src / bcc.rs
commitf4bd1c6091915b9cc41aee990efc488d753168b0[log] [tgz]
authorAlice Wang <aliceywang@google.com>Wed Feb 08 08:38:44 2023 +0000
committerAlice Wang <aliceywang@google.com>Wed Feb 08 21:07:37 2023 +0000
tree9b11bb21966e5e850478f24bef056c1c1d3ede63
parent9fe9eed821a69c05814567c7040ec0313890c309 [diff] [blame]
[dice] Move bcc_main_flow to the library libdiced_open_dice

This cl splits the existing BccMainFlow wrapper with retries
into a raw version and a retry version. The former is
available in both std and nostd environment. The latter
returns a ZerorizeOnDrop struct containing Attestation CDI
and Sealing CDI. This struct is going to replace the
`DiceContext` in microdroid as it is sets all the CDIs to
zero when the struct goes out of scope, which is more secure.

This is part of the project of merging the two existing dice
wrapper libraries into one library libdiced_open_dice.

Test: atest diced_utils_test diced_sample_inputs_test \
diced_test diced_vendor_test diced_open_dice_cbor_test
Test: m pvmfw_img microdroid_manager && atest \
microdroid_manager_test
Bug: 267575445

Change-Id: I94444619fe2dcddf8541a6c9971c7e565c44dda1

diff --git a/diced/open_dice/src/bcc.rs b/diced/open_dice/src/bcc.rs
index 8bda225..e3a96fe 100644
--- a/diced/open_dice/src/bcc.rs
+++ b/diced/open_dice/src/bcc.rs

@@ -14,9 +14,10 @@
 
 //! This module mirrors the content in open-dice/include/dice/android/bcc.h
 
+use crate::dice::{Cdi, CdiValues, InputValues};
 use crate::error::{check_result, Result};
 use open_dice_bcc_bindgen::{
-    BccConfigValues, BccFormatConfigDescriptor, BCC_INPUT_COMPONENT_NAME,
+    BccConfigValues, BccFormatConfigDescriptor, BccMainFlow, BCC_INPUT_COMPONENT_NAME,
     BCC_INPUT_COMPONENT_VERSION, BCC_INPUT_RESETTABLE,
 };
 use std::{ffi::CStr, ptr};
@@ -54,3 +55,38 @@
     })?;
     Ok(buffer_size)
 }
+
+/// Executes the main BCC flow.
+///
+/// Given a full set of input values along with the current BCC and CDI values,
+/// computes the next CDI values and matching updated BCC.
+pub fn bcc_main_flow(
+    current_cdi_attest: &Cdi,
+    current_cdi_seal: &Cdi,
+    current_bcc: &[u8],
+    input_values: &InputValues,
+    next_cdi_values: &mut CdiValues,
+    next_bcc: &mut [u8],
+) -> Result<usize> {
+    let mut next_bcc_size = 0;
+    // SAFETY: `BccMainFlow` only reads the current `bcc` and CDI values and writes
+    // to `next_bcc` and next CDI values within its bounds. It also reads
+    // `input_values` as a constant input and doesn't store any pointer.
+    // The first argument can be null and is not used in the current implementation.
+    check_result(unsafe {
+        BccMainFlow(
+            ptr::null_mut(), // context
+            current_cdi_attest.as_ptr(),
+            current_cdi_seal.as_ptr(),
+            current_bcc.as_ptr(),
+            current_bcc.len(),
+            input_values.as_ptr(),
+            next_bcc.len(),
+            next_bcc.as_mut_ptr(),
+            &mut next_bcc_size,
+            next_cdi_values.cdi_attest.as_mut_ptr(),
+            next_cdi_values.cdi_seal.as_mut_ptr(),
+        )
+    })?;
+    Ok(next_bcc_size)
+}