Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f59662dcf08ebdebcd68b07cffc3c29db9bae046^! / . / diced / src / sample_inputs.rs
commitf59662dcf08ebdebcd68b07cffc3c29db9bae046[log] [tgz]
authorAlice Wang <aliceywang@google.com>Fri Feb 10 16:07:56 2023 +0000
committerAlice Wang <aliceywang@google.com>Fri Feb 17 14:41:03 2023 +0000
treeefd6bb78c283d139089d53cc6869071071acc2be
parent4d3059a1a70ec5fd9115279d9b06ce383d75855c [diff] [blame]
[dice] Move DiceKeypairFromSeed wrapper to diced_open_dice

This cl moves DiceKeypairFromSeed wrapper to diced_open_dice
and removes the crate diced_open_dice_cbor as it doesn't have
any code after moving out the function.

This cl also sets the type of PrivateKey and PrivateKeySeed to
struct so that their memory will be zeroed out when the struct
variable is dropped for security consideration. This is not
a complete solution for securing the sensitive data access: we
will clean up the memory cache of the sensitive data in a
follow-up cl.

Bug: 267575445
Test: atest diced_utils_test diced_sample_inputs_test \
diced_vendor_test diced_open_dice_cbor_test \
libdiced_open_dice_nostd.integration_test \
libdiced_open_dice.integration_test diced_open_dice_cbor_test

Change-Id: I6c9b1190bfc4238adc59b88b6f3ee8fdd5cbd8f0

diff --git a/diced/src/sample_inputs.rs b/diced/src/sample_inputs.rs
index 824ee9e..6ad8ca9 100644
--- a/diced/src/sample_inputs.rs
+++ b/diced/src/sample_inputs.rs

@@ -19,9 +19,8 @@
     Config::Config as BinderConfig, InputValues::InputValues as BinderInputValues, Mode::Mode,
 };
 use anyhow::{anyhow, Context, Result};
-use dice::ContextImpl;
+use diced_open_dice as dice;
 use diced_open_dice::DiceArtifacts;
-use diced_open_dice_cbor as dice;
 use diced_utils::{cbor, to_dice_input_values};
 use std::ffi::CStr;
 use std::io::Write;
@@ -66,16 +65,11 @@
 /// Derives a tuple of (CDI_ATTEST, CDI_SEAL, BCC) derived of the vector of input values returned
 /// by `get_input_values_vector`.
 pub fn make_sample_bcc_and_cdis() -> Result<dice::OwnedDiceArtifacts> {
-    let mut dice_ctx = dice::OpenDiceCborContext::new();
     let private_key_seed = dice::derive_cdi_private_key_seed(UDS)
         .context("In make_sample_bcc_and_cdis: Trying to derive private key seed.")?;
 
-    let (public_key, _) =
-        dice_ctx
-            .keypair_from_seed(&private_key_seed[..].try_into().context(
-                "In make_sample_bcc_and_cids: Failed to convert seed to array reference.",
-            )?)
-            .context("In make_sample_bcc_and_cids: Failed to generate key pair.")?;
+    let (public_key, _) = dice::keypair_from_seed(private_key_seed.as_array())
+        .context("In make_sample_bcc_and_cids: Failed to generate key pair.")?;
 
     let input_values_vector = get_input_values_vector();