Loading security/dice/aidl/default/Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -14,7 +14,6 @@ rust_binary { vendor: true, rustlibs: [ "android.hardware.security.dice-V1-rust", "libdiced_open_dice_cbor", "libdiced_sample_inputs", "libdiced_vendor", "libandroid_logger", Loading security/dice/aidl/default/service.rs +14 −8 Original line number Diff line number Diff line Loading @@ -14,7 +14,7 @@ //! Main entry point for the android.hardware.security.dice service. use anyhow::Result; use anyhow::{anyhow, Result}; use diced::{ dice, hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts}, Loading @@ -40,8 +40,8 @@ impl DiceArtifacts for InsecureSerializableArtifacts { fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] { &self.cdi_seal } fn bcc(&self) -> Vec<u8> { self.bcc.clone() fn bcc(&self) -> Option<&[u8]> { Some(&self.bcc) } } Loading @@ -56,7 +56,10 @@ impl UpdatableDiceArtifacts for InsecureSerializableArtifacts { Ok(Self { cdi_attest: *new_artifacts.cdi_attest(), cdi_seal: *new_artifacts.cdi_seal(), bcc: new_artifacts.bcc(), bcc: new_artifacts .bcc() .ok_or_else(|| anyhow!("bcc is none"))? .to_vec(), }) } } Loading @@ -77,16 +80,19 @@ fn main() { let dice_artifacts = make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain."); let mut cdi_attest = [0u8; dice::CDI_SIZE]; cdi_attest.copy_from_slice(dice_artifacts.cdi_attest()); let mut cdi_seal = [0u8; dice::CDI_SIZE]; cdi_seal.copy_from_slice(dice_artifacts.cdi_seal()); let hal_impl = Arc::new( unsafe { // Safety: ResidentHal cannot be used in multi threaded processes. // This service does not start a thread pool. The main thread is the only thread // joining the thread pool, thereby keeping the process single threaded. ResidentHal::new(InsecureSerializableArtifacts { cdi_attest: dice_artifacts.cdi_values.cdi_attest, cdi_seal: dice_artifacts.cdi_values.cdi_seal, bcc: dice_artifacts.bcc[..].to_vec(), cdi_attest, cdi_seal, bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(), }) } .expect("Failed to create ResidentHal implementation."), Loading security/dice/aidl/vts/functional/Android.bp +2 −2 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ rust_test { "android.hardware.security.dice-V1-rust", "libanyhow", "libbinder_rs", "libdiced_open_dice_cbor", "libdiced_open_dice", "libdiced_sample_inputs", "libdiced_utils", "libkeystore2_vintf_rust", Loading @@ -46,7 +46,7 @@ rust_test { "android.hardware.security.dice-V1-rust", "libanyhow", "libbinder_rs", "libdiced_open_dice_cbor", "libdiced_open_dice", "libdiced_sample_inputs", "libdiced_utils", "libkeystore2_vintf_rust", Loading security/dice/aidl/vts/functional/dice_demote_test.rs +4 −4 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. use diced_open_dice::DiceArtifacts; use diced_sample_inputs; use diced_utils; use std::convert::TryInto; Loading Loading @@ -44,11 +45,10 @@ fn demote_test() { .unwrap(); let artifacts = artifacts.execute_steps(input_values.iter()).unwrap(); let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple(); let from_former = diced_utils::make_bcc_handover( cdi_attest[..].try_into().unwrap(), cdi_seal[..].try_into().unwrap(), &bcc, artifacts.cdi_attest(), artifacts.cdi_seal(), artifacts.bcc().expect("bcc is none"), ) .unwrap(); // TODO b/204938506 when we have a parser/verifier, check equivalence rather Loading security/dice/aidl/vts/functional/dice_test.rs +4 −5 Original line number Diff line number Diff line Loading @@ -12,9 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. use diced_open_dice::DiceArtifacts; use diced_sample_inputs; use diced_utils; use std::convert::TryInto; mod utils; use utils::with_connection; Loading Loading @@ -44,11 +44,10 @@ fn equivalence_test() { .unwrap(); let artifacts = artifacts.execute_steps(input_values.iter()).unwrap(); let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple(); let from_former = diced_utils::make_bcc_handover( cdi_attest[..].try_into().unwrap(), cdi_seal[..].try_into().unwrap(), &bcc, artifacts.cdi_attest(), artifacts.cdi_seal(), artifacts.bcc().expect("bcc is none"), ) .unwrap(); // TODO b/204938506 when we have a parser/verifier, check equivalence rather Loading Loading
security/dice/aidl/default/Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -14,7 +14,6 @@ rust_binary { vendor: true, rustlibs: [ "android.hardware.security.dice-V1-rust", "libdiced_open_dice_cbor", "libdiced_sample_inputs", "libdiced_vendor", "libandroid_logger", Loading
security/dice/aidl/default/service.rs +14 −8 Original line number Diff line number Diff line Loading @@ -14,7 +14,7 @@ //! Main entry point for the android.hardware.security.dice service. use anyhow::Result; use anyhow::{anyhow, Result}; use diced::{ dice, hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts}, Loading @@ -40,8 +40,8 @@ impl DiceArtifacts for InsecureSerializableArtifacts { fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] { &self.cdi_seal } fn bcc(&self) -> Vec<u8> { self.bcc.clone() fn bcc(&self) -> Option<&[u8]> { Some(&self.bcc) } } Loading @@ -56,7 +56,10 @@ impl UpdatableDiceArtifacts for InsecureSerializableArtifacts { Ok(Self { cdi_attest: *new_artifacts.cdi_attest(), cdi_seal: *new_artifacts.cdi_seal(), bcc: new_artifacts.bcc(), bcc: new_artifacts .bcc() .ok_or_else(|| anyhow!("bcc is none"))? .to_vec(), }) } } Loading @@ -77,16 +80,19 @@ fn main() { let dice_artifacts = make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain."); let mut cdi_attest = [0u8; dice::CDI_SIZE]; cdi_attest.copy_from_slice(dice_artifacts.cdi_attest()); let mut cdi_seal = [0u8; dice::CDI_SIZE]; cdi_seal.copy_from_slice(dice_artifacts.cdi_seal()); let hal_impl = Arc::new( unsafe { // Safety: ResidentHal cannot be used in multi threaded processes. // This service does not start a thread pool. The main thread is the only thread // joining the thread pool, thereby keeping the process single threaded. ResidentHal::new(InsecureSerializableArtifacts { cdi_attest: dice_artifacts.cdi_values.cdi_attest, cdi_seal: dice_artifacts.cdi_values.cdi_seal, bcc: dice_artifacts.bcc[..].to_vec(), cdi_attest, cdi_seal, bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(), }) } .expect("Failed to create ResidentHal implementation."), Loading
security/dice/aidl/vts/functional/Android.bp +2 −2 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ rust_test { "android.hardware.security.dice-V1-rust", "libanyhow", "libbinder_rs", "libdiced_open_dice_cbor", "libdiced_open_dice", "libdiced_sample_inputs", "libdiced_utils", "libkeystore2_vintf_rust", Loading @@ -46,7 +46,7 @@ rust_test { "android.hardware.security.dice-V1-rust", "libanyhow", "libbinder_rs", "libdiced_open_dice_cbor", "libdiced_open_dice", "libdiced_sample_inputs", "libdiced_utils", "libkeystore2_vintf_rust", Loading
security/dice/aidl/vts/functional/dice_demote_test.rs +4 −4 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. use diced_open_dice::DiceArtifacts; use diced_sample_inputs; use diced_utils; use std::convert::TryInto; Loading Loading @@ -44,11 +45,10 @@ fn demote_test() { .unwrap(); let artifacts = artifacts.execute_steps(input_values.iter()).unwrap(); let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple(); let from_former = diced_utils::make_bcc_handover( cdi_attest[..].try_into().unwrap(), cdi_seal[..].try_into().unwrap(), &bcc, artifacts.cdi_attest(), artifacts.cdi_seal(), artifacts.bcc().expect("bcc is none"), ) .unwrap(); // TODO b/204938506 when we have a parser/verifier, check equivalence rather Loading
security/dice/aidl/vts/functional/dice_test.rs +4 −5 Original line number Diff line number Diff line Loading @@ -12,9 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. use diced_open_dice::DiceArtifacts; use diced_sample_inputs; use diced_utils; use std::convert::TryInto; mod utils; use utils::with_connection; Loading Loading @@ -44,11 +44,10 @@ fn equivalence_test() { .unwrap(); let artifacts = artifacts.execute_steps(input_values.iter()).unwrap(); let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple(); let from_former = diced_utils::make_bcc_handover( cdi_attest[..].try_into().unwrap(), cdi_seal[..].try_into().unwrap(), &bcc, artifacts.cdi_attest(), artifacts.cdi_seal(), artifacts.bcc().expect("bcc is none"), ) .unwrap(); // TODO b/204938506 when we have a parser/verifier, check equivalence rather Loading
