[dice] Move bcc_main_flow to the library libdiced_open_dice
This cl splits the existing BccMainFlow wrapper with retries
into a raw version and a retry version. The former is
available in both std and nostd environment. The latter
returns a ZerorizeOnDrop struct containing Attestation CDI
and Sealing CDI. This struct is going to replace the
`DiceContext` in microdroid as it is sets all the CDIs to
zero when the struct goes out of scope, which is more secure.
This is part of the project of merging the two existing dice
wrapper libraries into one library libdiced_open_dice.
Test: atest diced_utils_test diced_sample_inputs_test \
diced_test diced_vendor_test diced_open_dice_cbor_test
Test: m pvmfw_img microdroid_manager && atest \
microdroid_manager_test
Bug: 267575445
Change-Id: I94444619fe2dcddf8541a6c9971c7e565c44dda1
diff --git a/diced/src/sample_inputs.rs b/diced/src/sample_inputs.rs
index 5b61fed..92bdf76 100644
--- a/diced/src/sample_inputs.rs
+++ b/diced/src/sample_inputs.rs
@@ -22,7 +22,6 @@
use dice::ContextImpl;
use diced_open_dice_cbor as dice;
use diced_utils::{cbor, to_dice_input_values};
-use keystore2_crypto::ZVec;
use std::convert::TryInto;
use std::ffi::CStr;
use std::io::Write;
@@ -66,7 +65,7 @@
/// Derives a tuple of (CDI_ATTEST, CDI_SEAL, BCC) derived of the vector of input values returned
/// by `get_input_values_vector`.
-pub fn make_sample_bcc_and_cdis() -> Result<(ZVec, ZVec, Vec<u8>)> {
+pub fn make_sample_bcc_and_cdis() -> Result<dice::OwnedDiceArtifacts> {
let mut dice_ctx = dice::OpenDiceCborContext::new();
let private_key_seed = dice::derive_cdi_private_key_seed(UDS)
.context("In make_sample_bcc_and_cdis: Trying to derive private key seed.")?;
@@ -93,30 +92,24 @@
bcc.append(&mut cert);
- let (cdi_attest, cdi_seal, bcc) = dice_ctx
- .bcc_main_flow(
- &cdi_attest[..].try_into().context(
- "In make_sample_bcc_and_cdis: Failed to convert cdi_attest to array reference. (1)",
- )?,
- &cdi_seal[..].try_into().context(
- "In make_sample_bcc_and_cdis: Failed to convert cdi_seal to array reference. (1)",
- )?,
- &bcc,
- &to_dice_input_values(&input_values_vector[1]),
- )
- .context("In make_sample_bcc_and_cdis: Trying to run first bcc main flow.")?;
- dice_ctx
- .bcc_main_flow(
- &cdi_attest[..].try_into().context(
- "In make_sample_bcc_and_cdis: Failed to convert cdi_attest to array reference. (2)",
- )?,
- &cdi_seal[..].try_into().context(
- "In make_sample_bcc_and_cdis: Failed to convert cdi_seal to array reference. (2)",
- )?,
- &bcc,
- &to_dice_input_values(&input_values_vector[2]),
- )
- .context("In make_sample_bcc_and_cdis: Trying to run second bcc main flow.")
+ let dice_artifacts = dice::retry_bcc_main_flow(
+ &cdi_attest[..].try_into().context(
+ "In make_sample_bcc_and_cdis: Failed to convert cdi_attest to array reference. (1)",
+ )?,
+ &cdi_seal[..].try_into().context(
+ "In make_sample_bcc_and_cdis: Failed to convert cdi_seal to array reference. (1)",
+ )?,
+ &bcc,
+ &to_dice_input_values(&input_values_vector[1]),
+ )
+ .context("In make_sample_bcc_and_cdis: Trying to run first bcc main flow.")?;
+ dice::retry_bcc_main_flow(
+ &dice_artifacts.cdi_values.cdi_attest,
+ &dice_artifacts.cdi_values.cdi_seal,
+ &dice_artifacts.bcc,
+ &to_dice_input_values(&input_values_vector[2]),
+ )
+ .context("In make_sample_bcc_and_cdis: Trying to run second bcc main flow.")
}
fn make_input_values(