Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f59662dcf08ebdebcd68b07cffc3c29db9bae046 / . / diced / src / hal_node.rs
blob: 33aeb2bcbae066f24ec8e530ad3f3a09b6c24aa5 [file] [log] [blame]
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]1// Copyright 2021, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! This module provides `ResidentHal`, an implementation of a IDiceDevice HAL Interface.
16//! While the name implies that the DICE secrets are memory resident, the residency
17//! is augmented by the implementation of the traits `DiceArtifacts` and
18//! `UpdatableDiceArtifacts`. The implementation outsources all operations that
19//! involve the DICE secrets to a short lived child process. By implementing
20//! `UpdatableDiceArtifacts` accordingly, integrators can limit the exposure of
21//! the resident DICE secrets to user space memory. E.g., an implementation might only
22//! hold a path to a securefs file allowing the child to read and update the kernel state
23//! through this path directly.
24//!
25//! ## Important Safety Note.
26//! The module is not safe to use in multi threaded processes. It uses fork and runs
27//! code that is not async signal safe in the child. Implementing a HAL service without
28//! starting a thread pool is safe, but no secondary thread must be created.
29
30use crate::error_vendor::map_or_log_err;
31use android_hardware_security_dice::aidl::android::hardware::security::dice::{
32 Bcc::Bcc, BccHandover::BccHandover, IDiceDevice::BnDiceDevice, IDiceDevice::IDiceDevice,
33 InputValues::InputValues as BinderInputValues, Signature::Signature,
34};
35use anyhow::{Context, Result};
Stephen Crane23cf7242022-01-19 17:49:46 +0000[diff] [blame]36use binder::{BinderFeatures, Result as BinderResult, Strong};
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame^]37use diced_open_dice as dice;
Alice Wang4d3059a2023-02-15 10:24:33 +0000[diff] [blame]38pub use diced_open_dice::DiceArtifacts;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]39use diced_utils as utils;
40use nix::sys::wait::{waitpid, WaitStatus};
41use nix::unistd::{
42 close, fork, pipe as nix_pipe, read as nix_read, write as nix_write, ForkResult,
43};
44use serde::{de::DeserializeOwned, Deserialize, Serialize};
45use std::convert::TryInto;
46use std::io::{Read, Write};
47use std::os::unix::io::RawFd;
48use std::sync::{Arc, RwLock};
49use utils::ResidentArtifacts;
Alice Wang4d3059a2023-02-15 10:24:33 +0000[diff] [blame]50pub use utils::UpdatableDiceArtifacts;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]51
52/// PipeReader is a simple wrapper around raw pipe file descriptors.
53/// It takes ownership of the file descriptor and closes it on drop. It provides `read_all`, which
54/// reads from the pipe into an expending vector, until no more data can be read.
55struct PipeReader(RawFd);
56
57impl Read for PipeReader {
58 fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
59 let bytes = nix_read(self.0, buf)?;
60 Ok(bytes)
61 }
62}
63
64impl Drop for PipeReader {
65 fn drop(&mut self) {
66 close(self.0).expect("Failed to close reader pipe fd.");
67 }
68}
69
70/// PipeWriter is a simple wrapper around raw pipe file descriptors.
71/// It takes ownership of the file descriptor and closes it on drop. It provides `write`, which
72/// writes the given buffer into the pipe, returning the number of bytes written.
73struct PipeWriter(RawFd);
74
75impl Write for PipeWriter {
76 fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
77 let written = nix_write(self.0, buf)?;
78 Ok(written)
79 }
80
81 fn flush(&mut self) -> std::io::Result<()> {
82 // Flush is a NO-OP.
83 Ok(())
84 }
85}
86
87impl Drop for PipeWriter {
88 fn drop(&mut self) {
89 close(self.0).expect("Failed to close writer pipe fd.");
90 }
91}
92
93fn pipe() -> Result<(PipeReader, PipeWriter), nix::Error> {
94 let (read_fd, write_fd) = nix_pipe()?;
95 Ok((PipeReader(read_fd), PipeWriter(write_fd)))
96}
97
98#[derive(Debug, Clone, Serialize, Deserialize, Eq, PartialEq, thiserror::Error)]
99enum RunForkedError {
100 #[error("RunForkedError::String({0:?})")]
101 String(String),
102}
103
104/// Run the given closure in a new process.
105/// Safety: The function runs code that is not async-signal-safe in the child after forking.
106/// This means, that this function must not be called by a multi threaded process.
107fn run_forked<F, R>(f: F) -> Result<R>
108where
109 R: Serialize + DeserializeOwned,
110 F: FnOnce() -> Result<R>,
111{
112 let (reader, writer) = pipe().expect("Failed to create pipe.");
113
114 match unsafe { fork() } {
115 Ok(ForkResult::Parent { child, .. }) => {
116 drop(writer);
117 let status = waitpid(child, None).expect("Failed while waiting for child.");
118 if let WaitStatus::Exited(_, 0) = status {
119 // Child exited successfully.
120 // Read the result from the pipe.
121 // Deserialize the result and return it.
122 let result: Result<R, RunForkedError> =
123 serde_cbor::from_reader(reader).expect("Failed to deserialize result.");
124
125 result.context("In run_forked:")
126 } else {
127 panic!("Child did not exit as expected {:?}", status);
128 }
129 }
130 Ok(ForkResult::Child) => {
131 // Run the closure.
132 let result = f()
133 .map_err(|err| RunForkedError::String(format! {"Nested anyhow error {:?}", err}));
134
135 // Serialize the result of the closure.
136 serde_cbor::to_writer(writer, &result).expect("Result serialization failed");
137
138 // Set exit status to `0`.
139 std::process::exit(0);
140 }
141 Err(errno) => {
142 panic!("Failed to fork: {:?}", errno);
143 }
144 }
145}
146
147/// A DiceHal backend implementation.
148/// All functions, except `demote`, derive effective dice artifacts starting from
149/// this node and iterating through `input_values` in ascending order.
150pub trait DiceHalImpl {
151 /// Signs the message using the effective dice artifacts and Ed25519Pure.
152 fn sign(&self, input_values: &[BinderInputValues], message: &[u8]) -> Result<Signature>;
153 /// Returns the effective attestation chain.
154 fn get_attestation_chain(&self, input_values: &[BinderInputValues]) -> Result<Bcc>;
155 /// Returns the effective dice artifacts.
156 fn derive(&self, input_values: &[BinderInputValues]) -> Result<BccHandover>;
157 /// This demotes the implementation itself. I.e. a resident node would replace its resident
158 /// artifacts with the effective artifacts derived using `input_values`. A proxy node would
159 /// simply call `demote` on its parent node. This is not reversible and changes
160 /// the effective dice artifacts of all clients.
161 fn demote(&self, input_values: &[BinderInputValues]) -> Result<()>;
162}
163
164/// The ResidentHal implements a IDiceDevice backend with memory resident DICE secrets.
165pub struct ResidentHal<T: UpdatableDiceArtifacts + Serialize + DeserializeOwned + Clone + Send> {
166 artifacts: RwLock<T>,
167}
168
169impl<T: UpdatableDiceArtifacts + Serialize + DeserializeOwned + Clone + Send> ResidentHal<T> {
170 /// Creates a new Resident node with the given dice secrets and certificate chain.
171 /// ## Safety
172 /// It is not safe to use implementations of ResidentHal in multi threaded environments.
173 /// If using this library to implement a HAL service make sure not to start a thread pool.
174 pub unsafe fn new(artifacts: T) -> Result<Self> {
175 Ok(ResidentHal { artifacts: RwLock::new(artifacts) })
176 }
177
178 fn with_effective_artifacts<R, F>(&self, input_values: &[BinderInputValues], f: F) -> Result<R>
179 where
180 R: Serialize + DeserializeOwned,
181 F: FnOnce(ResidentArtifacts) -> Result<R>,
182 {
183 let artifacts = self.artifacts.read().unwrap().clone();
184
185 // Safety: run_forked must not be be called by a multi threaded process.
186 // This requirement is propagated to the public interface of this module through
187 // `ResidentHal::new`
188 run_forked(move || {
189 let artifacts = artifacts.with_artifacts(|a| ResidentArtifacts::new_from(a))?;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]190 let artifacts = artifacts
Alice Wang93e6e372023-02-02 14:36:17 +0000[diff] [blame]191 .execute_steps(input_values)
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]192 .context("In ResidentHal::get_effective_artifacts:")?;
193 f(artifacts)
194 })
195 }
196}
197
198impl<T: UpdatableDiceArtifacts + Serialize + DeserializeOwned + Clone + Send> DiceHalImpl
199 for ResidentHal<T>
200{
201 fn sign(&self, input_values: &[BinderInputValues], message: &[u8]) -> Result<Signature> {
202 let signature: Vec<u8> = self
203 .with_effective_artifacts(input_values, |artifacts| {
204 let (cdi_attest, _, _) = artifacts.into_tuple();
Alice Wang7cc59562023-02-08 13:17:10 +0000[diff] [blame]205 let seed = dice::derive_cdi_private_key_seed(
206 cdi_attest[..].try_into().with_context(|| {
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]207 format!(
208 "In ResidentHal::sign: Failed to convert cdi_attest (length: {}).",
209 cdi_attest.len()
210 )
Alice Wang7cc59562023-02-08 13:17:10 +0000[diff] [blame]211 })?,
212 )
213 .context("In ResidentHal::sign: Failed to derive seed from cdi_attest.")?;
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame^]214 let (_public_key, private_key) = dice::keypair_from_seed(seed.as_array())
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]215 .context("In ResidentHal::sign: Failed to derive keypair from seed.")?;
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame^]216 let signature = dice::sign(message, private_key.as_array())
217 .context("In ResidentHal::sign: Failed to sign.")?;
Alice Wang8722d9e2023-02-13 14:56:56 +0000[diff] [blame]218 Ok(signature.to_vec())
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]219 })
220 .context("In ResidentHal::sign:")?;
221 Ok(Signature { data: signature })
222 }
223
224 fn get_attestation_chain(&self, input_values: &[BinderInputValues]) -> Result<Bcc> {
225 let bcc = self
226 .with_effective_artifacts(input_values, |artifacts| {
227 let (_, _, bcc) = artifacts.into_tuple();
228 Ok(bcc)
229 })
230 .context("In ResidentHal::get_attestation_chain: Failed to get effective_artifacts.")?;
231
232 Ok(Bcc { data: bcc })
233 }
234
235 fn derive(&self, input_values: &[BinderInputValues]) -> Result<BccHandover> {
236 let (cdi_attest, cdi_seal, bcc): (Vec<u8>, Vec<u8>, Vec<u8>) = self
237 .with_effective_artifacts(input_values, |artifacts| {
238 let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
239 Ok((cdi_attest[..].to_vec(), cdi_seal[..].to_vec(), bcc))
240 })?;
241
242 utils::make_bcc_handover(
243 &cdi_attest
244 .as_slice()
245 .try_into()
246 .context("In ResidentHal::derive: Trying to convert cdi_attest to sized array.")?,
247 &cdi_seal
248 .as_slice()
249 .try_into()
250 .context("In ResidentHal::derive: Trying to convert cdi_seal to sized array.")?,
251 &bcc,
252 )
253 .context("In ResidentHal::derive: Trying to construct BccHandover.")
254 }
255
256 fn demote(&self, input_values: &[BinderInputValues]) -> Result<()> {
257 let mut artifacts = self.artifacts.write().unwrap();
258
259 let artifacts_clone = (*artifacts).clone();
260
261 // Safety: run_forked may not be called from a multi threaded process.
262 // This requirement is propagated to the public interface of this module through
263 // `ResidentHal::new`
264 *artifacts = run_forked(|| {
265 let new_artifacts =
266 artifacts_clone.with_artifacts(|a| ResidentArtifacts::new_from(a))?;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]267 let new_artifacts = new_artifacts
Alice Wang93e6e372023-02-02 14:36:17 +0000[diff] [blame]268 .execute_steps(input_values)
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]269 .context("In ResidentHal::get_effective_artifacts:")?;
270 artifacts_clone.update(&new_artifacts)
271 })?;
272
273 Ok(())
274 }
275}
276
277/// Implements android.hardware.security.dice.IDiceDevice. Forwards public API calls
278/// to the given DiceHalImpl backend.
279pub struct DiceDevice {
280 hal_impl: Arc<dyn DiceHalImpl + Sync + Send>,
281}
282
283impl DiceDevice {
284 /// Constructs an instance of DiceDevice, wraps it with a BnDiceDevice object and
285 /// returns a strong pointer to the binder. The result can be used to register
286 /// the service with service manager.
287 pub fn new_as_binder(
288 hal_impl: Arc<dyn DiceHalImpl + Sync + Send>,
289 ) -> Result<Strong<dyn IDiceDevice>> {
290 let result = BnDiceDevice::new_binder(DiceDevice { hal_impl }, BinderFeatures::default());
291 Ok(result)
292 }
293}
294
295impl binder::Interface for DiceDevice {}
296
297impl IDiceDevice for DiceDevice {
298 fn sign(&self, input_values: &[BinderInputValues], message: &[u8]) -> BinderResult<Signature> {
299 map_or_log_err(self.hal_impl.sign(input_values, message), Ok)
300 }
301 fn getAttestationChain(&self, input_values: &[BinderInputValues]) -> BinderResult<Bcc> {
302 map_or_log_err(self.hal_impl.get_attestation_chain(input_values), Ok)
303 }
304 fn derive(&self, input_values: &[BinderInputValues]) -> BinderResult<BccHandover> {
305 map_or_log_err(self.hal_impl.derive(input_values), Ok)
306 }
307 fn demote(&self, input_values: &[BinderInputValues]) -> BinderResult<()> {
308 map_or_log_err(self.hal_impl.demote(input_values), Ok)
309 }
310}
311
312#[cfg(test)]
313mod test {
314 use super::*;
315 use android_hardware_security_dice::aidl::android::hardware::security::dice::{
316 BccHandover::BccHandover, Config::Config as BinderConfig,
317 InputValues::InputValues as BinderInputValues, Mode::Mode as BinderMode,
318 };
Alice Wang4d3059a2023-02-15 10:24:33 +0000[diff] [blame]319 use anyhow::{anyhow, Context, Result};
Alice Wangf59662d2023-02-10 16:07:56 +0000[diff] [blame^]320 use diced_open_dice as dice;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]321 use diced_sample_inputs;
322 use diced_utils as utils;
Alice Wang9c40eca2023-02-03 13:10:24 +0000[diff] [blame]323 use std::ffi::CStr;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]324
325 #[derive(Debug, Serialize, Deserialize, Clone)]
326 struct InsecureSerializableArtifacts {
327 cdi_attest: [u8; dice::CDI_SIZE],
328 cdi_seal: [u8; dice::CDI_SIZE],
329 bcc: Vec<u8>,
330 }
331
Alice Wangf4bd1c62023-02-08 08:38:44 +0000[diff] [blame]332 impl From<dice::OwnedDiceArtifacts> for InsecureSerializableArtifacts {
333 fn from(dice_artifacts: dice::OwnedDiceArtifacts) -> Self {
Alice Wang4d3059a2023-02-15 10:24:33 +0000[diff] [blame]334 let mut cdi_attest = [0u8; dice::CDI_SIZE];
335 cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());
336 let mut cdi_seal = [0u8; dice::CDI_SIZE];
337 cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());
338 Self { cdi_attest, cdi_seal, bcc: dice_artifacts.bcc().expect("bcc is none").to_vec() }
Alice Wangf4bd1c62023-02-08 08:38:44 +0000[diff] [blame]339 }
340 }
341
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]342 impl DiceArtifacts for InsecureSerializableArtifacts {
343 fn cdi_attest(&self) -> &[u8; dice::CDI_SIZE] {
344 &self.cdi_attest
345 }
346 fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
347 &self.cdi_seal
348 }
Alice Wang4d3059a2023-02-15 10:24:33 +0000[diff] [blame]349 fn bcc(&self) -> Option<&[u8]> {
350 Some(&self.bcc)
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]351 }
352 }
353
354 impl UpdatableDiceArtifacts for InsecureSerializableArtifacts {
355 fn with_artifacts<F, T>(&self, f: F) -> Result<T>
356 where
357 F: FnOnce(&dyn DiceArtifacts) -> Result<T>,
358 {
359 f(self)
360 }
361 fn update(self, new_artifacts: &impl DiceArtifacts) -> Result<Self> {
362 Ok(Self {
363 cdi_attest: *new_artifacts.cdi_attest(),
364 cdi_seal: *new_artifacts.cdi_seal(),
Alice Wang4d3059a2023-02-15 10:24:33 +0000[diff] [blame]365 bcc: new_artifacts.bcc().ok_or_else(|| anyhow!("bcc is none"))?.to_vec(),
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]366 })
367 }
368 }
369
370 fn make_input_values(
371 code: &str,
Alice Wang9c40eca2023-02-03 13:10:24 +0000[diff] [blame]372 config_name: &CStr,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]373 authority: &str,
374 ) -> Result<BinderInputValues> {
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]375 Ok(BinderInputValues {
Alice Wang24954b42023-02-06 10:03:45 +0000[diff] [blame]376 codeHash: dice::hash(code.as_bytes())
377 .context("In make_input_values: code hash failed.")?,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]378 config: BinderConfig {
Alice Wang9c40eca2023-02-03 13:10:24 +0000[diff] [blame]379 desc: dice::retry_bcc_format_config_descriptor(Some(config_name), None, true)
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]380 .context("In make_input_values: Failed to format config descriptor.")?,
381 },
Alice Wang24954b42023-02-06 10:03:45 +0000[diff] [blame]382 authorityHash: dice::hash(authority.as_bytes())
383 .context("In make_input_values: authority hash failed.")?,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]384 authorityDescriptor: None,
385 mode: BinderMode::NORMAL,
Janis Danisevskisd9513f42021-12-16 17:15:13 -0800[diff] [blame]386 hidden: [0; dice::HIDDEN_SIZE],
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]387 })
388 }
389
390 /// Test the resident artifact batched derivation in process.
391 #[test]
392 fn derive_with_resident_artifacts() -> Result<()> {
Alice Wangf4bd1c62023-02-08 08:38:44 +0000[diff] [blame]393 let artifacts: ResidentArtifacts =
394 diced_sample_inputs::make_sample_bcc_and_cdis()?.try_into()?;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]395
396 let input_values = &[
Alice Wang9c40eca2023-02-03 13:10:24 +0000[diff] [blame]397 make_input_values(
398 "component 1 code",
399 CStr::from_bytes_with_nul(b"component 1\0").unwrap(),
400 "component 1 authority",
401 )?,
402 make_input_values(
403 "component 2 code",
404 CStr::from_bytes_with_nul(b"component 2\0").unwrap(),
405 "component 2 authority",
406 )?,
407 make_input_values(
408 "component 3 code",
409 CStr::from_bytes_with_nul(b"component 3\0").unwrap(),
410 "component 3 authority",
411 )?,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]412 ];
Alice Wang93e6e372023-02-02 14:36:17 +0000[diff] [blame]413 let new_artifacts = artifacts.execute_steps(input_values)?;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]414
415 let result = utils::make_bcc_handover(
416 new_artifacts.cdi_attest(),
417 new_artifacts.cdi_seal(),
Alice Wang4d3059a2023-02-15 10:24:33 +0000[diff] [blame]418 new_artifacts.bcc().unwrap(),
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]419 )?;
420
421 assert_eq!(result, make_derive_test_vector());
422 Ok(())
423 }
424
425 /// Test the ResidentHal hal implementation which performs the derivation in a separate
426 /// process and returns the result through a pipe. This test compares the result against
427 /// the same test vector as the in process test above.
428 #[test]
429 fn derive_with_insecure_artifacts() -> Result<()> {
Alice Wangf4bd1c62023-02-08 08:38:44 +0000[diff] [blame]430 let dice_artifacts = diced_sample_inputs::make_sample_bcc_and_cdis()?;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]431
432 // Safety: ResidentHal can only be used in single threaded environments.
433 // On-device Rust tests run each test in a separate process.
Alice Wangf4bd1c62023-02-08 08:38:44 +0000[diff] [blame]434 let hal_impl =
435 unsafe { ResidentHal::new(InsecureSerializableArtifacts::from(dice_artifacts)) }
436 .expect("Failed to create ResidentHal.");
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]437
438 let bcc_handover = hal_impl
439 .derive(&[
Alice Wang9c40eca2023-02-03 13:10:24 +0000[diff] [blame]440 make_input_values(
441 "component 1 code",
442 CStr::from_bytes_with_nul(b"component 1\0").unwrap(),
443 "component 1 authority",
444 )?,
445 make_input_values(
446 "component 2 code",
447 CStr::from_bytes_with_nul(b"component 2\0").unwrap(),
448 "component 2 authority",
449 )?,
450 make_input_values(
451 "component 3 code",
452 CStr::from_bytes_with_nul(b"component 3\0").unwrap(),
453 "component 3 authority",
454 )?,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]455 ])
456 .expect("Failed to derive artifacts.");
457
458 assert_eq!(bcc_handover, make_derive_test_vector());
459 Ok(())
460 }
461
462 /// Demoting the implementation two steps and then performing one step of child derivation
463 /// must yield the same outcome as three derivations with the same input values.
464 #[test]
465 fn demote() -> Result<()> {
Alice Wangf4bd1c62023-02-08 08:38:44 +0000[diff] [blame]466 let dice_artifacts = diced_sample_inputs::make_sample_bcc_and_cdis()?;
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]467
468 // Safety: ResidentHal can only be used in single threaded environments.
469 // On-device Rust tests run each test in a separate process.
Alice Wangf4bd1c62023-02-08 08:38:44 +0000[diff] [blame]470 let hal_impl =
471 unsafe { ResidentHal::new(InsecureSerializableArtifacts::from(dice_artifacts)) }
472 .expect("Failed to create ResidentHal.");
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]473
474 hal_impl
475 .demote(&[
Alice Wang9c40eca2023-02-03 13:10:24 +0000[diff] [blame]476 make_input_values(
477 "component 1 code",
478 CStr::from_bytes_with_nul(b"component 1\0").unwrap(),
479 "component 1 authority",
480 )?,
481 make_input_values(
482 "component 2 code",
483 CStr::from_bytes_with_nul(b"component 2\0").unwrap(),
484 "component 2 authority",
485 )?,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]486 ])
487 .expect("Failed to demote implementation.");
488
489 let bcc_handover = hal_impl
490 .derive(&[make_input_values(
491 "component 3 code",
Alice Wang9c40eca2023-02-03 13:10:24 +0000[diff] [blame]492 CStr::from_bytes_with_nul(b"component 3\0").unwrap(),
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]493 "component 3 authority",
494 )?])
495 .expect("Failed to derive artifacts.");
496
497 assert_eq!(bcc_handover, make_derive_test_vector());
498 Ok(())
499 }
500
501 fn make_derive_test_vector() -> BccHandover {
502 utils::make_bcc_handover(
503 &[
504 // cdi_attest
505 0x8f, 0xdf, 0x93, 0x67, 0xd7, 0x0e, 0xf8, 0xb8, 0xd2, 0x9c, 0x30, 0xeb, 0x4e, 0x9b,
506 0x71, 0x5f, 0x9a, 0x5b, 0x67, 0xa6, 0x29, 0xe0, 0x00, 0x9b, 0x4d, 0xe6, 0x95, 0xcf,
507 0xf9, 0xed, 0x5e, 0x9b,
508 ],
509 &[
510 // cdi_seal
511 0x15, 0x3e, 0xd6, 0x30, 0x5a, 0x8d, 0x4b, 0x6f, 0x07, 0x3f, 0x5d, 0x89, 0xc5, 0x6e,
512 0x30, 0xba, 0x05, 0x56, 0xfc, 0x66, 0xf4, 0xae, 0xce, 0x7f, 0x81, 0xb9, 0xc5, 0x21,
513 0x9b, 0x49, 0x3d, 0xe1,
514 ],
515 &[
516 // bcc
Alan Stokes7cdcf992022-05-24 07:42:24 +0000[diff] [blame]517 0x87, 0xa5, 0x01, 0x01, 0x03, 0x27, 0x04, 0x81, 0x02, 0x20, 0x06, 0x21, 0x58, 0x20,
518 0x3e, 0x85, 0xe5, 0x72, 0x75, 0x55, 0xe5, 0x1e, 0xe7, 0xf3, 0x35, 0x94, 0x8e, 0xbb,
519 0xbd, 0x74, 0x1e, 0x1d, 0xca, 0x49, 0x9c, 0x97, 0x39, 0x77, 0x06, 0xd3, 0xc8, 0x6e,
520 0x8b, 0xd7, 0x33, 0xf9, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x8a, 0xa9,
521 0x01, 0x78, 0x28, 0x34, 0x32, 0x64, 0x38, 0x38, 0x36, 0x34, 0x66, 0x39, 0x37, 0x62,
522 0x36, 0x35, 0x34, 0x37, 0x61, 0x35, 0x30, 0x63, 0x31, 0x65, 0x30, 0x61, 0x37, 0x34,
523 0x39, 0x66, 0x38, 0x65, 0x66, 0x38, 0x62, 0x38, 0x31, 0x65, 0x63, 0x36, 0x32, 0x61,
524 0x66, 0x02, 0x78, 0x28, 0x31, 0x66, 0x36, 0x39, 0x36, 0x66, 0x30, 0x37, 0x32, 0x35,
525 0x32, 0x66, 0x32, 0x39, 0x65, 0x39, 0x33, 0x66, 0x65, 0x34, 0x64, 0x65, 0x31, 0x39,
526 0x65, 0x65, 0x33, 0x32, 0x63, 0x64, 0x38, 0x31, 0x64, 0x63, 0x34, 0x30, 0x34, 0x65,
527 0x37, 0x36, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0x16, 0x48, 0xf2, 0x55, 0x53,
528 0x23, 0xdd, 0x15, 0x2e, 0x83, 0x38, 0xc3, 0x64, 0x38, 0x63, 0x26, 0x0f, 0xcf, 0x5b,
529 0xd1, 0x3a, 0xd3, 0x40, 0x3e, 0x23, 0xf8, 0x34, 0x4c, 0x6d, 0xa2, 0xbe, 0x25, 0x1c,
530 0xb0, 0x29, 0xe8, 0xc3, 0xfb, 0xb8, 0x80, 0xdc, 0xb1, 0xd2, 0xb3, 0x91, 0x4d, 0xd3,
531 0xfb, 0x01, 0x0f, 0xe4, 0xe9, 0x46, 0xa2, 0xc0, 0x26, 0x57, 0x5a, 0xba, 0x30, 0xf7,
532 0x15, 0x98, 0x14, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x56, 0xa3, 0x3a, 0x00, 0x01, 0x11,
533 0x71, 0x63, 0x41, 0x42, 0x4c, 0x3a, 0x00, 0x01, 0x11, 0x72, 0x01, 0x3a, 0x00, 0x01,
534 0x11, 0x73, 0xf6, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x40, 0x47, 0xae, 0x42, 0x27,
535 0x4c, 0xcb, 0x65, 0x4d, 0xee, 0x74, 0x2d, 0x05, 0x78, 0x2a, 0x08, 0x2a, 0xa5, 0xf0,
536 0xcf, 0xea, 0x3e, 0x60, 0xee, 0x97, 0x11, 0x4b, 0x5b, 0xe6, 0x05, 0x0c, 0xe8, 0x90,
537 0xf5, 0x22, 0xc4, 0xc6, 0x67, 0x7a, 0x22, 0x27, 0x17, 0xb3, 0x79, 0xcc, 0x37, 0x64,
538 0x5e, 0x19, 0x4f, 0x96, 0x37, 0x67, 0x3c, 0xd0, 0xc5, 0xed, 0x0f, 0xdd, 0xe7, 0x2e,
539 0x4f, 0x70, 0x97, 0x30, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x40, 0xf9, 0x00, 0x9d,
540 0xc2, 0x59, 0x09, 0xe0, 0xb6, 0x98, 0xbd, 0xe3, 0x97, 0x4a, 0xcb, 0x3c, 0xe7, 0x6b,
541 0x24, 0xc3, 0xe4, 0x98, 0xdd, 0xa9, 0x6a, 0x41, 0x59, 0x15, 0xb1, 0x23, 0xe6, 0xc8,
542 0xdf, 0xfb, 0x52, 0xb4, 0x52, 0xc1, 0xb9, 0x61, 0xdd, 0xbc, 0x5b, 0x37, 0x0e, 0x12,
543 0x12, 0xb2, 0xfd, 0xc1, 0x09, 0xb0, 0xcf, 0x33, 0x81, 0x4c, 0xc6, 0x29, 0x1b, 0x99,
544 0xea, 0xae, 0xfd, 0xaa, 0x0d, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]545 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01, 0x01, 0x03, 0x27, 0x04, 0x81, 0x02, 0x20,
Alan Stokes7cdcf992022-05-24 07:42:24 +0000[diff] [blame]546 0x06, 0x21, 0x58, 0x20, 0xb1, 0x02, 0xcc, 0x2c, 0xb2, 0x6a, 0x3b, 0xe9, 0xc1, 0xd3,
547 0x95, 0x10, 0xa0, 0xe1, 0xff, 0x51, 0xde, 0x57, 0xd5, 0x65, 0x28, 0xfd, 0x7f, 0xeb,
548 0xd4, 0xca, 0x15, 0xf3, 0xca, 0xdf, 0x37, 0x88, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41,
549 0x20, 0x58, 0x40, 0x58, 0xd8, 0x03, 0x24, 0x53, 0x60, 0x57, 0xa9, 0x09, 0xfa, 0xab,
550 0xdc, 0x57, 0x1e, 0xf0, 0xe5, 0x1e, 0x51, 0x6f, 0x9e, 0xa3, 0x42, 0xe6, 0x6a, 0x8c,
551 0xaa, 0xad, 0x08, 0x48, 0xde, 0x7f, 0x4f, 0x6e, 0x2f, 0x7f, 0x39, 0x6c, 0xa1, 0xf8,
552 0x42, 0x71, 0xfe, 0x17, 0x3d, 0xca, 0x31, 0x83, 0x92, 0xed, 0xbb, 0x40, 0xb8, 0x10,
553 0xe0, 0xf2, 0x5a, 0x99, 0x53, 0x38, 0x46, 0x33, 0x97, 0x78, 0x05, 0x84, 0x43, 0xa1,
554 0x01, 0x27, 0xa0, 0x59, 0x01, 0x8a, 0xa9, 0x01, 0x78, 0x28, 0x31, 0x66, 0x36, 0x39,
555 0x36, 0x66, 0x30, 0x37, 0x32, 0x35, 0x32, 0x66, 0x32, 0x39, 0x65, 0x39, 0x33, 0x66,
556 0x65, 0x34, 0x64, 0x65, 0x31, 0x39, 0x65, 0x65, 0x33, 0x32, 0x63, 0x64, 0x38, 0x31,
557 0x64, 0x63, 0x34, 0x30, 0x34, 0x65, 0x37, 0x36, 0x02, 0x78, 0x28, 0x32, 0x35, 0x39,
558 0x34, 0x38, 0x39, 0x65, 0x36, 0x39, 0x37, 0x34, 0x38, 0x37, 0x30, 0x35, 0x64, 0x65,
559 0x33, 0x65, 0x32, 0x66, 0x34, 0x34, 0x32, 0x36, 0x37, 0x65, 0x61, 0x34, 0x39, 0x33,
560 0x38, 0x66, 0x66, 0x36, 0x61, 0x35, 0x37, 0x32, 0x35, 0x3a, 0x00, 0x47, 0x44, 0x50,
561 0x58, 0x40, 0xa4, 0x0c, 0xcb, 0xc1, 0xbf, 0xfa, 0xcc, 0xfd, 0xeb, 0xf4, 0xfc, 0x43,
562 0x83, 0x7f, 0x46, 0x8d, 0xd8, 0xd8, 0x14, 0xc1, 0x96, 0x14, 0x1f, 0x6e, 0xb3, 0xa0,
563 0xd9, 0x56, 0xb3, 0xbf, 0x2f, 0xfa, 0x88, 0x70, 0x11, 0x07, 0x39, 0xa4, 0xd2, 0xa9,
564 0x6b, 0x18, 0x28, 0xe8, 0x29, 0x20, 0x49, 0x0f, 0xbb, 0x8d, 0x08, 0x8c, 0xc6, 0x54,
565 0xe9, 0x71, 0xd2, 0x7e, 0xa4, 0xfe, 0x58, 0x7f, 0xd3, 0xc7, 0x3a, 0x00, 0x47, 0x44,
566 0x53, 0x56, 0xa3, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x63, 0x41, 0x56, 0x42, 0x3a, 0x00,
567 0x01, 0x11, 0x72, 0x01, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00, 0x47, 0x44,
568 0x52, 0x58, 0x40, 0x93, 0x17, 0xe1, 0x11, 0x27, 0x59, 0xd0, 0xef, 0x75, 0x0b, 0x2b,
569 0x1c, 0x0f, 0x5f, 0x52, 0xc3, 0x29, 0x23, 0xb5, 0x2a, 0xe6, 0x12, 0x72, 0x6f, 0x39,
570 0x86, 0x65, 0x2d, 0xf2, 0xe4, 0xe7, 0xd0, 0xaf, 0x0e, 0xa7, 0x99, 0x16, 0x89, 0x97,
571 0x21, 0xf7, 0xdc, 0x89, 0xdc, 0xde, 0xbb, 0x94, 0x88, 0x1f, 0xda, 0xe2, 0xf3, 0xe0,
572 0x54, 0xf9, 0x0e, 0x29, 0xb1, 0xbd, 0xe1, 0x0c, 0x0b, 0xd7, 0xf6, 0x3a, 0x00, 0x47,
573 0x44, 0x54, 0x58, 0x40, 0xb2, 0x69, 0x05, 0x48, 0x56, 0xb5, 0xfa, 0x55, 0x6f, 0xac,
574 0x56, 0xd9, 0x02, 0x35, 0x2b, 0xaa, 0x4c, 0xba, 0x28, 0xdd, 0x82, 0x3a, 0x86, 0xf5,
575 0xd4, 0xc2, 0xf1, 0xf9, 0x35, 0x7d, 0xe4, 0x43, 0x13, 0xbf, 0xfe, 0xd3, 0x36, 0xd8,
576 0x1c, 0x12, 0x78, 0x5c, 0x9c, 0x3e, 0xf6, 0x66, 0xef, 0xab, 0x3d, 0x0f, 0x89, 0xa4,
577 0x6f, 0xc9, 0x72, 0xee, 0x73, 0x43, 0x02, 0x8a, 0xef, 0xbc, 0x05, 0x98, 0x3a, 0x00,
578 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01,
579 0x01, 0x03, 0x27, 0x04, 0x81, 0x02, 0x20, 0x06, 0x21, 0x58, 0x20, 0x96, 0x6d, 0x96,
580 0x42, 0xda, 0x64, 0x51, 0xad, 0xfa, 0x00, 0xbc, 0xbc, 0x95, 0x8a, 0xb0, 0xb9, 0x76,
581 0x01, 0xe6, 0xbd, 0xc0, 0x26, 0x79, 0x26, 0xfc, 0x0f, 0x1d, 0x87, 0x65, 0xf1, 0xf3,
582 0x99, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x10, 0x7f, 0x77, 0xad,
583 0x70, 0xbd, 0x52, 0x81, 0x28, 0x8d, 0x24, 0x81, 0xb4, 0x3f, 0x21, 0x68, 0x9f, 0xc3,
584 0x80, 0x68, 0x86, 0x55, 0xfb, 0x2e, 0x6d, 0x96, 0xe1, 0xe1, 0xb7, 0x28, 0x8d, 0x63,
585 0x85, 0xba, 0x2a, 0x01, 0x33, 0x87, 0x60, 0x63, 0xbb, 0x16, 0x3f, 0x2f, 0x3d, 0xf4,
586 0x2d, 0x48, 0x5b, 0x87, 0xed, 0xda, 0x34, 0xeb, 0x9c, 0x4d, 0x14, 0xac, 0x65, 0xf4,
587 0xfa, 0xef, 0x45, 0x0b, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x8f, 0xa9,
588 0x01, 0x78, 0x28, 0x32, 0x35, 0x39, 0x34, 0x38, 0x39, 0x65, 0x36, 0x39, 0x37, 0x34,
589 0x38, 0x37, 0x30, 0x35, 0x64, 0x65, 0x33, 0x65, 0x32, 0x66, 0x34, 0x34, 0x32, 0x36,
590 0x37, 0x65, 0x61, 0x34, 0x39, 0x33, 0x38, 0x66, 0x66, 0x36, 0x61, 0x35, 0x37, 0x32,
591 0x35, 0x02, 0x78, 0x28, 0x35, 0x64, 0x34, 0x65, 0x64, 0x37, 0x66, 0x34, 0x31, 0x37,
592 0x61, 0x39, 0x35, 0x34, 0x61, 0x31, 0x38, 0x31, 0x34, 0x30, 0x37, 0x62, 0x35, 0x38,
593 0x38, 0x35, 0x61, 0x66, 0x64, 0x37, 0x32, 0x61, 0x35, 0x62, 0x66, 0x34, 0x30, 0x64,
594 0x61, 0x36, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
595 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
597 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
598 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
599 0x00, 0x00, 0x00, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x58, 0x1a, 0xa3, 0x3a, 0x00, 0x01,
600 0x11, 0x71, 0x67, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x3a, 0x00, 0x01, 0x11,
601 0x72, 0x0c, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58,
602 0x40, 0x26, 0x1a, 0xbd, 0x26, 0xd8, 0x37, 0x8f, 0x4a, 0xf2, 0x9e, 0x49, 0x4d, 0x93,
603 0x23, 0xc4, 0x6e, 0x02, 0xda, 0xe0, 0x00, 0x02, 0xe7, 0xed, 0x29, 0xdf, 0x2b, 0xb3,
604 0x69, 0xf3, 0x55, 0x0e, 0x4c, 0x22, 0xdc, 0xcf, 0xf5, 0x92, 0xc9, 0xfa, 0x78, 0x98,
605 0xf1, 0x0e, 0x55, 0x5f, 0xf4, 0x45, 0xed, 0xc0, 0x0a, 0x72, 0x2a, 0x7a, 0x3a, 0xd2,
606 0xb1, 0xf7, 0x76, 0xfe, 0x2a, 0x6b, 0x7b, 0x2a, 0x53, 0x3a, 0x00, 0x47, 0x44, 0x54,
607 0x58, 0x40, 0x04, 0x25, 0x5d, 0x60, 0x5f, 0x5c, 0x45, 0x0d, 0xf2, 0x9a, 0x6e, 0x99,
608 0x30, 0x03, 0xb8, 0xd6, 0xe1, 0x99, 0x71, 0x1b, 0xf8, 0x44, 0xfa, 0xb5, 0x31, 0x79,
609 0x1c, 0x37, 0x68, 0x4e, 0x1d, 0xc0, 0x24, 0x74, 0x68, 0xf8, 0x80, 0x20, 0x3e, 0x44,
610 0xb1, 0x43, 0xd2, 0x9c, 0xfc, 0x12, 0x9e, 0x77, 0x0a, 0xde, 0x29, 0x24, 0xff, 0x2e,
611 0xfa, 0xc7, 0x10, 0xd5, 0x73, 0xd4, 0xc6, 0xdf, 0x62, 0x9f, 0x3a, 0x00, 0x47, 0x44,
612 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01, 0x01, 0x03,
613 0x27, 0x04, 0x81, 0x02, 0x20, 0x06, 0x21, 0x58, 0x20, 0xdb, 0xe7, 0x5b, 0x3f, 0xa3,
614 0x42, 0xb0, 0x9c, 0xf8, 0x40, 0x8c, 0xb0, 0x9c, 0xf0, 0x0a, 0xaf, 0xdf, 0x6f, 0xe5,
615 0x09, 0x21, 0x11, 0x92, 0xe1, 0xf8, 0xc5, 0x09, 0x02, 0x3d, 0x1f, 0xb7, 0xc5, 0x3a,
616 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0xc4, 0xc1, 0xd7, 0x1c, 0x2d, 0x26,
617 0x89, 0x22, 0xcf, 0xa6, 0x99, 0x77, 0x30, 0x84, 0x86, 0x27, 0x59, 0x8f, 0xd8, 0x08,
618 0x75, 0xe0, 0xb2, 0xef, 0xf9, 0xfa, 0xa5, 0x40, 0x8c, 0xd3, 0xeb, 0xbb, 0xda, 0xf2,
619 0xc8, 0xae, 0x41, 0x22, 0x50, 0x9c, 0xe8, 0xb2, 0x9c, 0x9b, 0x3f, 0x8a, 0x78, 0x76,
620 0xab, 0xd0, 0xbe, 0xfc, 0xe4, 0x79, 0xcb, 0x1b, 0x2b, 0xaa, 0x4d, 0xdd, 0x15, 0x61,
621 0x42, 0x06, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x8d, 0xa9, 0x01, 0x78,
622 0x28, 0x35, 0x64, 0x34, 0x65, 0x64, 0x37, 0x66, 0x34, 0x31, 0x37, 0x61, 0x39, 0x35,
623 0x34, 0x61, 0x31, 0x38, 0x31, 0x34, 0x30, 0x37, 0x62, 0x35, 0x38, 0x38, 0x35, 0x61,
624 0x66, 0x64, 0x37, 0x32, 0x61, 0x35, 0x62, 0x66, 0x34, 0x30, 0x64, 0x61, 0x36, 0x02,
625 0x78, 0x28, 0x36, 0x39, 0x62, 0x31, 0x37, 0x36, 0x37, 0x35, 0x38, 0x61, 0x36, 0x66,
626 0x34, 0x34, 0x62, 0x35, 0x65, 0x38, 0x39, 0x39, 0x63, 0x64, 0x65, 0x33, 0x63, 0x66,
627 0x34, 0x35, 0x31, 0x39, 0x61, 0x39, 0x33, 0x35, 0x62, 0x63, 0x39, 0x66, 0x65, 0x34,
628 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0x31, 0x0d, 0x31, 0xfa, 0x78, 0x58, 0x33,
629 0xf2, 0xf8, 0x58, 0x6b, 0xe9, 0x68, 0x32, 0x44, 0xd0, 0xfc, 0x2d, 0xe1, 0xfc, 0xe1,
630 0xc2, 0x4e, 0x2b, 0xa8, 0x2c, 0xa1, 0xc1, 0x48, 0xc6, 0xaa, 0x91, 0x89, 0x4f, 0xb7,
631 0x9c, 0x40, 0x74, 0x21, 0x36, 0x31, 0x45, 0x09, 0xdf, 0x0c, 0xb4, 0xf9, 0x9a, 0x59,
632 0xae, 0x4f, 0x21, 0x10, 0xc1, 0x38, 0xa8, 0xa2, 0xbe, 0xc6, 0x36, 0xf0, 0x56, 0x58,
633 0xdb, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x58, 0x18, 0xa2, 0x3a, 0x00, 0x01, 0x11, 0x71,
634 0x6b, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x20, 0x31, 0x3a, 0x00,
635 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x40, 0xce, 0x8a, 0x30,
636 0x4e, 0x31, 0x53, 0xea, 0xdd, 0x2f, 0xbd, 0x15, 0xbc, 0x6b, 0x0f, 0xe7, 0x43, 0x50,
637 0xef, 0x65, 0xec, 0x4e, 0x21, 0x64, 0x6e, 0x41, 0x22, 0xac, 0x87, 0xda, 0xf1, 0xf2,
638 0x80, 0xc6, 0x8a, 0xd8, 0x7b, 0xe8, 0xe2, 0x9b, 0x87, 0x21, 0x5e, 0x26, 0x23, 0x11,
639 0x89, 0x86, 0x57, 0x2d, 0x47, 0x73, 0x3f, 0x47, 0x87, 0xfa, 0x58, 0x5c, 0x78, 0x7b,
640 0xa3, 0xfc, 0x2b, 0x6c, 0xed, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x40, 0xd8, 0x40,
641 0xa0, 0x60, 0x45, 0x28, 0x5d, 0xd4, 0xc1, 0x08, 0x3c, 0xbc, 0x91, 0xf4, 0xa6, 0xa4,
642 0xde, 0xd3, 0x3d, 0xbb, 0x24, 0x46, 0xa3, 0x58, 0x49, 0x57, 0x4d, 0x2e, 0x6d, 0x7a,
643 0x78, 0x4b, 0x9d, 0x28, 0x9a, 0x4e, 0xf1, 0x23, 0x06, 0x35, 0xff, 0x8e, 0x1e, 0xb3,
644 0x02, 0x63, 0x62, 0x9a, 0x50, 0x6d, 0x18, 0x70, 0x8e, 0xe3, 0x2e, 0x29, 0xb4, 0x22,
645 0x71, 0x31, 0x39, 0x65, 0xd5, 0xb5, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a,
646 0x00, 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01, 0x01, 0x03, 0x27, 0x04, 0x81, 0x02,
647 0x20, 0x06, 0x21, 0x58, 0x20, 0x51, 0x3c, 0x4b, 0x56, 0x0b, 0x49, 0x0b, 0xee, 0xc5,
648 0x71, 0xd4, 0xe7, 0xbc, 0x44, 0x27, 0x4f, 0x4e, 0x67, 0xfc, 0x3a, 0xb9, 0x47, 0x8c,
649 0x6f, 0x24, 0x29, 0xf8, 0xb8, 0x2f, 0xa7, 0xb3, 0x4d, 0x3a, 0x00, 0x47, 0x44, 0x58,
650 0x41, 0x20, 0x58, 0x40, 0x4e, 0x6d, 0x0e, 0x2b, 0x1d, 0x44, 0x99, 0xb6, 0x63, 0x07,
651 0x86, 0x1a, 0xce, 0x4b, 0xdc, 0xd1, 0x3a, 0xdc, 0xbf, 0xaa, 0xb3, 0x06, 0xd9, 0xb5,
652 0x5c, 0x75, 0xf0, 0x14, 0x63, 0xa9, 0x1e, 0x7c, 0x56, 0x62, 0x2c, 0xa5, 0xda, 0xc9,
653 0x81, 0xcb, 0x3d, 0x63, 0x32, 0x6b, 0x76, 0x81, 0xd2, 0x93, 0xeb, 0xac, 0xfe, 0x0c,
654 0x87, 0x66, 0x9e, 0x87, 0x82, 0xb4, 0x81, 0x6e, 0x33, 0xf1, 0x08, 0x01, 0x84, 0x43,
655 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x8d, 0xa9, 0x01, 0x78, 0x28, 0x36, 0x39, 0x62,
656 0x31, 0x37, 0x36, 0x37, 0x35, 0x38, 0x61, 0x36, 0x66, 0x34, 0x34, 0x62, 0x35, 0x65,
657 0x38, 0x39, 0x39, 0x63, 0x64, 0x65, 0x33, 0x63, 0x66, 0x34, 0x35, 0x31, 0x39, 0x61,
658 0x39, 0x33, 0x35, 0x62, 0x63, 0x39, 0x66, 0x65, 0x34, 0x02, 0x78, 0x28, 0x32, 0x39,
659 0x65, 0x34, 0x62, 0x61, 0x63, 0x33, 0x30, 0x31, 0x65, 0x66, 0x36, 0x35, 0x61, 0x38,
660 0x31, 0x31, 0x62, 0x39, 0x39, 0x62, 0x30, 0x33, 0x64, 0x65, 0x39, 0x35, 0x34, 0x65,
661 0x61, 0x37, 0x36, 0x61, 0x38, 0x39, 0x31, 0x37, 0x38, 0x35, 0x3a, 0x00, 0x47, 0x44,
662 0x50, 0x58, 0x40, 0xa4, 0x03, 0xe3, 0xde, 0x44, 0x96, 0xed, 0x31, 0x41, 0xa0, 0xba,
663 0x59, 0xee, 0x2b, 0x03, 0x65, 0xcb, 0x63, 0x14, 0x78, 0xbe, 0xad, 0x24, 0x33, 0xb8,
664 0x6b, 0x52, 0xd8, 0xab, 0xd5, 0x79, 0x84, 0x98, 0x6c, 0xc2, 0x66, 0xeb, 0x6c, 0x24,
665 0xa6, 0xfa, 0x32, 0xa8, 0x16, 0xb8, 0x64, 0x37, 0x2b, 0xd4, 0xc0, 0xc4, 0xc2, 0x63,
666 0x25, 0x10, 0xce, 0x47, 0xe3, 0x49, 0xad, 0x41, 0xf5, 0xc8, 0xf6, 0x3a, 0x00, 0x47,
667 0x44, 0x53, 0x58, 0x18, 0xa2, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6b, 0x63, 0x6f, 0x6d,
668 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6,
669 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x40, 0xc7, 0x50, 0x09, 0xd0, 0xe0, 0xdd, 0x80,
670 0x77, 0xae, 0xa7, 0xc8, 0x88, 0x1e, 0x88, 0xd0, 0xc7, 0x0d, 0x7c, 0x49, 0xc5, 0xb5,
671 0x64, 0x32, 0x28, 0x2c, 0x48, 0x94, 0xc0, 0xd6, 0x7d, 0x9c, 0x86, 0xda, 0xf7, 0x98,
672 0xc7, 0xae, 0xa4, 0x0e, 0x61, 0xc8, 0xb0, 0x8b, 0x8a, 0xe4, 0xad, 0xcf, 0xcf, 0x6d,
673 0x60, 0x60, 0x31, 0xdd, 0xa7, 0x24, 0x9b, 0x27, 0x16, 0x31, 0x90, 0x80, 0x70, 0xc3,
674 0xba, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x40, 0xf8, 0x86, 0xc6, 0x94, 0xf9, 0x3f,
675 0x66, 0x3c, 0x43, 0x01, 0x29, 0x27, 0x8d, 0x3c, 0xb2, 0x11, 0xf2, 0x04, 0xb6, 0x67,
676 0x4f, 0x5f, 0x90, 0xcb, 0xc6, 0x73, 0xe6, 0x25, 0x14, 0x63, 0xa7, 0x95, 0x11, 0x0e,
677 0xa0, 0x1d, 0x3f, 0x6a, 0x58, 0x0a, 0x53, 0xaa, 0x68, 0x3b, 0x92, 0x64, 0x2b, 0x2e,
678 0x79, 0x80, 0x70, 0x0e, 0x41, 0xf5, 0xe9, 0x2a, 0x36, 0x0a, 0xa4, 0xe8, 0xb4, 0xe5,
679 0xdd, 0xa6, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57,
680 0x58, 0x2d, 0xa5, 0x01, 0x01, 0x03, 0x27, 0x04, 0x81, 0x02, 0x20, 0x06, 0x21, 0x58,
681 0x20, 0x9e, 0x04, 0x11, 0x24, 0x34, 0xba, 0x40, 0xed, 0x86, 0xe9, 0x48, 0x70, 0x3b,
682 0xe7, 0x76, 0xfa, 0xc5, 0xf6, 0x6d, 0xab, 0x86, 0x12, 0x00, 0xbe, 0xc7, 0x00, 0x69,
683 0x0e, 0x97, 0x97, 0xa6, 0x12, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40,
684 0xb7, 0x31, 0xd5, 0x4c, 0x7d, 0xf5, 0xd7, 0xb8, 0xb4, 0x4f, 0x93, 0x47, 0x2c, 0x3d,
685 0x50, 0xcc, 0xad, 0x28, 0x23, 0x68, 0xcf, 0xc2, 0x90, 0xd7, 0x02, 0x00, 0xd8, 0xf1,
686 0x00, 0x14, 0x03, 0x90, 0x9e, 0x0b, 0x91, 0xa7, 0x22, 0x28, 0xfe, 0x55, 0x42, 0x30,
687 0x93, 0x05, 0x66, 0xcd, 0xce, 0xb8, 0x48, 0x07, 0x56, 0x54, 0x67, 0xa5, 0xd7, 0xe3,
688 0x16, 0xd6, 0x75, 0x7c, 0x94, 0x98, 0x1b, 0x0b, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0,
689 0x59, 0x01, 0x8d, 0xa9, 0x01, 0x78, 0x28, 0x32, 0x39, 0x65, 0x34, 0x62, 0x61, 0x63,
690 0x33, 0x30, 0x31, 0x65, 0x66, 0x36, 0x35, 0x61, 0x38, 0x31, 0x31, 0x62, 0x39, 0x39,
691 0x62, 0x30, 0x33, 0x64, 0x65, 0x39, 0x35, 0x34, 0x65, 0x61, 0x37, 0x36, 0x61, 0x38,
692 0x39, 0x31, 0x37, 0x38, 0x35, 0x02, 0x78, 0x28, 0x31, 0x38, 0x37, 0x36, 0x63, 0x61,
693 0x63, 0x34, 0x32, 0x33, 0x39, 0x35, 0x37, 0x66, 0x33, 0x62, 0x66, 0x62, 0x32, 0x62,
694 0x32, 0x63, 0x39, 0x33, 0x37, 0x64, 0x31, 0x34, 0x62, 0x62, 0x38, 0x30, 0x64, 0x30,
695 0x36, 0x37, 0x33, 0x65, 0x66, 0x66, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x40, 0xf4,
696 0x7d, 0x11, 0x21, 0xc1, 0x19, 0x57, 0x23, 0x08, 0x6e, 0x5f, 0xe4, 0x55, 0xc5, 0x08,
697 0x16, 0x40, 0x5f, 0x2a, 0x6f, 0x04, 0x1e, 0x6f, 0x22, 0xde, 0x53, 0xbd, 0x37, 0xe2,
698 0xfb, 0xb4, 0x0b, 0x65, 0xf4, 0xdc, 0xc9, 0xf4, 0xce, 0x2d, 0x82, 0x2a, 0xbc, 0xaf,
699 0x37, 0x80, 0x0b, 0x7f, 0xff, 0x3a, 0x98, 0x9c, 0xa7, 0x70, 0x4f, 0xbc, 0x59, 0x4f,
700 0x4e, 0xb1, 0x6d, 0xdf, 0x60, 0x39, 0x11, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x58, 0x18,
701 0xa2, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6b, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65,
702 0x6e, 0x74, 0x20, 0x33, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00, 0x47, 0x44,
703 0x52, 0x58, 0x40, 0xa4, 0xd5, 0x6f, 0xc8, 0xd6, 0xc7, 0xe4, 0x22, 0xb4, 0x7a, 0x26,
704 0x49, 0xd5, 0xb4, 0xc1, 0xc6, 0x1b, 0xfa, 0x14, 0x8c, 0x49, 0x72, 0x2f, 0xfe, 0xbc,
705 0xc1, 0xc8, 0xc6, 0x65, 0x62, 0x86, 0xf7, 0xf2, 0x74, 0x45, 0x9b, 0x1a, 0xa0, 0x2b,
706 0xc4, 0x27, 0x13, 0xc5, 0xc3, 0xe5, 0x28, 0xc2, 0x16, 0xcd, 0x90, 0x6d, 0xa0, 0xf7,
707 0x27, 0x04, 0xa8, 0xa2, 0x62, 0xaa, 0x2c, 0x0c, 0x75, 0xd5, 0x9d, 0x3a, 0x00, 0x47,
708 0x44, 0x54, 0x58, 0x40, 0x1d, 0x92, 0x34, 0xfb, 0xfe, 0x74, 0xb7, 0xce, 0x3a, 0x95,
709 0x45, 0xe5, 0x3e, 0x1f, 0x5f, 0x18, 0x53, 0x5f, 0xe1, 0x85, 0xb0, 0x1d, 0xe3, 0x8d,
710 0x53, 0x77, 0xdc, 0x86, 0x32, 0x3d, 0x9b, 0xf9, 0xa5, 0x51, 0x17, 0x51, 0x9a, 0xd8,
711 0xa6, 0x7d, 0x45, 0x98, 0x47, 0xa2, 0x73, 0x54, 0x66, 0x28, 0x66, 0x92, 0x1d, 0x28,
712 0x8a, 0xe7, 0x5d, 0xb8, 0x96, 0x4b, 0x6a, 0x9d, 0xee, 0xc2, 0xe9, 0x20, 0x3a, 0x00,
713 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x2d, 0xa5, 0x01,
714 0x01, 0x03, 0x27, 0x04, 0x81, 0x02, 0x20, 0x06, 0x21, 0x58, 0x20, 0x4d, 0xf5, 0x61,
715 0x1e, 0xa6, 0x64, 0x74, 0x0b, 0x6c, 0x99, 0x8b, 0x6d, 0x34, 0x42, 0x21, 0xdd, 0x82,
716 0x26, 0x13, 0xb4, 0xf0, 0xbc, 0x9a, 0x0b, 0xf6, 0x56, 0xbd, 0x5d, 0xea, 0xd5, 0x07,
717 0x7a, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x40, 0x4d, 0x09, 0x0d,
718 0x80, 0xba, 0x12, 0x94, 0x05, 0xfb, 0x1a, 0x23, 0xa3, 0xcb, 0x28, 0x6f, 0xd7, 0x29,
719 0x95, 0xda, 0x83, 0x07, 0x3c, 0xbe, 0x7c, 0x37, 0xeb, 0x9c, 0xb2, 0x77, 0x10, 0x3f,
720 0x6a, 0x41, 0x80, 0xce, 0x56, 0xb7, 0x55, 0x22, 0x81, 0x77, 0x2d, 0x3c, 0xf8, 0x16,
721 0x38, 0x49, 0xcc, 0x9a, 0xe8, 0x3a, 0x03, 0x33, 0x4c, 0xe6, 0x87, 0x72, 0xf6, 0x5a,
722 0x4a, 0x3f, 0x4e, 0x0a,
Janis Danisevskisaaba4af2021-11-18 14:25:07 -0800[diff] [blame]723 ],
724 )
725 .unwrap()
726 }
727}