Merge "[dice] Adapt dice service and tests to the new DiceArtifacts trait" am: 249640be0a

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2438095 Change-Id: I7e66223b85bca01bbd794da5f3272c01d720c7c8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2026-02-01 22:04:26 +00:00 · 2023-02-17 16:27:04 +00:00
parent 555a0103ff 249640be0a
commit e62da12e4d
5 changed files with 24 additions and 20 deletions
--- a/security/dice/aidl/default/Android.bp
+++ b/security/dice/aidl/default/Android.bp
@@ -14,7 +14,6 @@ rust_binary {
    vendor: true,
    rustlibs: [
        "android.hardware.security.dice-V1-rust",
        "libdiced_open_dice_cbor",
        "libdiced_sample_inputs",
        "libdiced_vendor",
        "libandroid_logger",
--- a/security/dice/aidl/default/service.rs
+++ b/security/dice/aidl/default/service.rs
@@ -14,7 +14,7 @@
 //! Main entry point for the android.hardware.security.dice service.
-use anyhow::Result;
+use anyhow::{anyhow, Result};
 use diced::{
    dice,
    hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts},
@@ -40,8 +40,8 @@ impl DiceArtifacts for InsecureSerializableArtifacts {
    fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
        &self.cdi_seal
    }
-    fn bcc(&self) -> Vec<u8> {
+    fn bcc(&self) -> Option<&[u8]> {
-        self.bcc.clone()
+        Some(&self.bcc)
    }
 }
@@ -56,7 +56,10 @@ impl UpdatableDiceArtifacts for InsecureSerializableArtifacts {
        Ok(Self {
            cdi_attest: *new_artifacts.cdi_attest(),
            cdi_seal: *new_artifacts.cdi_seal(),
-            bcc: new_artifacts.bcc(),
+            bcc: new_artifacts
                .bcc()
                .ok_or_else(|| anyhow!("bcc is none"))?
                .to_vec(),
        })
    }
 }
@@ -77,16 +80,19 @@ fn main() {
    let dice_artifacts =
        make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain.");
-
+    let mut cdi_attest = [0u8; dice::CDI_SIZE];
    cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());
    let mut cdi_seal = [0u8; dice::CDI_SIZE];
    cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());
    let hal_impl = Arc::new(
        unsafe {
            // Safety: ResidentHal cannot be used in multi threaded processes.
            // This service does not start a thread pool. The main thread is the only thread
            // joining the thread pool, thereby keeping the process single threaded.
            ResidentHal::new(InsecureSerializableArtifacts {
-                cdi_attest: dice_artifacts.cdi_values.cdi_attest,
+                cdi_attest,
-                cdi_seal: dice_artifacts.cdi_values.cdi_seal,
+                cdi_seal,
-                bcc: dice_artifacts.bcc[..].to_vec(),
+                bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(),
            })
        }
        .expect("Failed to create ResidentHal implementation."),
--- a/security/dice/aidl/vts/functional/Android.bp
+++ b/security/dice/aidl/vts/functional/Android.bp
@@ -23,7 +23,7 @@ rust_test {
        "android.hardware.security.dice-V1-rust",
        "libanyhow",
        "libbinder_rs",
-        "libdiced_open_dice_cbor",
+        "libdiced_open_dice",
        "libdiced_sample_inputs",
        "libdiced_utils",
        "libkeystore2_vintf_rust",
@@ -46,7 +46,7 @@ rust_test {
        "android.hardware.security.dice-V1-rust",
        "libanyhow",
        "libbinder_rs",
-        "libdiced_open_dice_cbor",
+        "libdiced_open_dice",
        "libdiced_sample_inputs",
        "libdiced_utils",
        "libkeystore2_vintf_rust",
--- a/security/dice/aidl/vts/functional/dice_demote_test.rs
+++ b/security/dice/aidl/vts/functional/dice_demote_test.rs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 use diced_open_dice::DiceArtifacts;
 use diced_sample_inputs;
 use diced_utils;
 use std::convert::TryInto;
@@ -44,11 +45,10 @@ fn demote_test() {
        .unwrap();
        let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
        let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
        let from_former = diced_utils::make_bcc_handover(
-            cdi_attest[..].try_into().unwrap(),
+            artifacts.cdi_attest(),
-            cdi_seal[..].try_into().unwrap(),
+            artifacts.cdi_seal(),
-            &bcc,
+            artifacts.bcc().expect("bcc is none"),
        )
        .unwrap();
        // TODO b/204938506 when we have a parser/verifier, check equivalence rather
--- a/security/dice/aidl/vts/functional/dice_test.rs
+++ b/security/dice/aidl/vts/functional/dice_test.rs
@@ -12,9 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 use diced_open_dice::DiceArtifacts;
 use diced_sample_inputs;
 use diced_utils;
 use std::convert::TryInto;
 mod utils;
 use utils::with_connection;
@@ -44,11 +44,10 @@ fn equivalence_test() {
        .unwrap();
        let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
        let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
        let from_former = diced_utils::make_bcc_handover(
-            cdi_attest[..].try_into().unwrap(),
+            artifacts.cdi_attest(),
-            cdi_seal[..].try_into().unwrap(),
+            artifacts.cdi_seal(),
-            &bcc,
+            artifacts.bcc().expect("bcc is none"),
        )
        .unwrap();
        // TODO b/204938506 when we have a parser/verifier, check equivalence rather