Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 16c22a4e authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "[dice] Adapt dice service and tests to the new DiceArtifacts trait" am:... 

Merge "[dice] Adapt dice service and tests to the new DiceArtifacts trait" am: 249640be am: e62da12e am: b866dedb

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2438095



Change-Id: Ie4c4d948f09bc2c14eacb886e7180872a101b5f5
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents d75233ad b866dedb

security/dice/aidl/default/Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -14,7 +14,6 @@ rust_binary { 
    vendor: true,

    rustlibs: [

        "android.hardware.security.dice-V1-rust",

        "libdiced_open_dice_cbor",

        "libdiced_sample_inputs",

        "libdiced_vendor",

        "libandroid_logger",

security/dice/aidl/default/service.rs

+14 −8
Original line number Diff line number Diff line
@@ -14,7 +14,7 @@ 


//! Main entry point for the android.hardware.security.dice service.



use anyhow::Result;

use anyhow::{anyhow, Result};

use diced::{

    dice,

    hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts},
@@ -40,8 +40,8 @@ impl DiceArtifacts for InsecureSerializableArtifacts { 
    fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {

        &self.cdi_seal

    }

    fn bcc(&self) -> Vec<u8> {

        self.bcc.clone()

    fn bcc(&self) -> Option<&[u8]> {

        Some(&self.bcc)

    }

}
@@ -56,7 +56,10 @@ impl UpdatableDiceArtifacts for InsecureSerializableArtifacts { 
        Ok(Self {

            cdi_attest: *new_artifacts.cdi_attest(),

            cdi_seal: *new_artifacts.cdi_seal(),

            bcc: new_artifacts.bcc(),

            bcc: new_artifacts

                .bcc()

                .ok_or_else(|| anyhow!("bcc is none"))?

                .to_vec(),

        })

    }

}
@@ -77,16 +80,19 @@ fn main() { 


    let dice_artifacts =

        make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain.");



    let mut cdi_attest = [0u8; dice::CDI_SIZE];

    cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());

    let mut cdi_seal = [0u8; dice::CDI_SIZE];

    cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());

    let hal_impl = Arc::new(

        unsafe {

            // Safety: ResidentHal cannot be used in multi threaded processes.

            // This service does not start a thread pool. The main thread is the only thread

            // joining the thread pool, thereby keeping the process single threaded.

            ResidentHal::new(InsecureSerializableArtifacts {

                cdi_attest: dice_artifacts.cdi_values.cdi_attest,

                cdi_seal: dice_artifacts.cdi_values.cdi_seal,

                bcc: dice_artifacts.bcc[..].to_vec(),

                cdi_attest,

                cdi_seal,

                bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(),

            })

        }

        .expect("Failed to create ResidentHal implementation."),

security/dice/aidl/vts/functional/Android.bp

+2 −2
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ rust_test { 
        "android.hardware.security.dice-V1-rust",

        "libanyhow",

        "libbinder_rs",

        "libdiced_open_dice_cbor",

        "libdiced_open_dice",

        "libdiced_sample_inputs",

        "libdiced_utils",

        "libkeystore2_vintf_rust",
@@ -46,7 +46,7 @@ rust_test { 
        "android.hardware.security.dice-V1-rust",

        "libanyhow",

        "libbinder_rs",

        "libdiced_open_dice_cbor",

        "libdiced_open_dice",

        "libdiced_sample_inputs",

        "libdiced_utils",

        "libkeystore2_vintf_rust",

security/dice/aidl/vts/functional/dice_demote_test.rs

+4 −4
Original line number Diff line number Diff line
@@ -12,6 +12,7 @@ 
// See the License for the specific language governing permissions and

// limitations under the License.



use diced_open_dice::DiceArtifacts;

use diced_sample_inputs;

use diced_utils;

use std::convert::TryInto;
@@ -44,11 +45,10 @@ fn demote_test() { 
        .unwrap();



        let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();

        let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();

        let from_former = diced_utils::make_bcc_handover(

            cdi_attest[..].try_into().unwrap(),

            cdi_seal[..].try_into().unwrap(),

            &bcc,

            artifacts.cdi_attest(),

            artifacts.cdi_seal(),

            artifacts.bcc().expect("bcc is none"),

        )

        .unwrap();

        // TODO b/204938506 when we have a parser/verifier, check equivalence rather

security/dice/aidl/vts/functional/dice_test.rs

+4 −5
Original line number Diff line number Diff line
@@ -12,9 +12,9 @@ 
// See the License for the specific language governing permissions and

// limitations under the License.



use diced_open_dice::DiceArtifacts;

use diced_sample_inputs;

use diced_utils;

use std::convert::TryInto;



mod utils;

use utils::with_connection;
@@ -44,11 +44,10 @@ fn equivalence_test() { 
        .unwrap();



        let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();

        let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();

        let from_former = diced_utils::make_bcc_handover(

            cdi_attest[..].try_into().unwrap(),

            cdi_seal[..].try_into().unwrap(),

            &bcc,

            artifacts.cdi_attest(),

            artifacts.cdi_seal(),

            artifacts.bcc().expect("bcc is none"),

        )

        .unwrap();

        // TODO b/204938506 when we have a parser/verifier, check equivalence rather