1 // Copyright 2021, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 use android_hardware_security_dice::aidl::android::hardware::security::dice::{
16 Config::Config as BinderConfig, InputValues::InputValues as BinderInputValues,
17 Mode::Mode as BinderMode,
18 };
19 use android_security_dice::aidl::android::security::dice::IDiceMaintenance::IDiceMaintenance;
20 use android_security_dice::aidl::android::security::dice::IDiceNode::IDiceNode;
21 use binder::Strong;
22 use diced_open_dice_cbor as dice;
23 use nix::libc::uid_t;
24 use std::convert::TryInto;
25
26 static DICE_NODE_SERVICE_NAME: &str = "android.security.dice.IDiceNode";
27 static DICE_MAINTENANCE_SERVICE_NAME: &str = "android.security.dice.IDiceMaintenance";
28
get_dice_node() -> Strong<dyn IDiceNode>29 fn get_dice_node() -> Strong<dyn IDiceNode> {
30 binder::get_interface(DICE_NODE_SERVICE_NAME).unwrap()
31 }
32
get_dice_maintenance() -> Strong<dyn IDiceMaintenance>33 fn get_dice_maintenance() -> Strong<dyn IDiceMaintenance> {
34 binder::get_interface(DICE_MAINTENANCE_SERVICE_NAME).unwrap()
35 }
36
37 static TEST_MESSAGE: &[u8] = &[
38 // "My test message!"
39 0x4d, 0x79, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x21,
40 0x0a,
41 ];
42
43 // This test calls derive with an empty argument vector and with a set of three input values.
44 // It then performs the same three derivation steps on the result of the former and compares
45 // the result to the result of the latter.
equivalence_test()46 fn equivalence_test() {
47 let node = get_dice_node();
48 let input_values = diced_sample_inputs::get_input_values_vector();
49 let former = node.derive(&[]).expect("Trying to call derive.");
50 let latter = node.derive(&input_values).expect("Trying to call derive with input values.");
51 let artifacts =
52 diced_utils::ResidentArtifacts::new(&former.cdiAttest, &former.cdiSeal, &former.bcc.data)
53 .unwrap();
54
55 let input_values: Vec<diced_utils::InputValues> =
56 input_values.iter().map(|v| v.into()).collect();
57
58 let artifacts =
59 artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
60 let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
61 let from_former = diced_utils::make_bcc_handover(
62 cdi_attest[..].try_into().unwrap(),
63 cdi_seal[..].try_into().unwrap(),
64 &bcc,
65 )
66 .unwrap();
67 // TODO when we have a parser/verifier, check equivalence rather
68 // than bit by bit equality.
69 assert_eq!(latter, from_former);
70 }
71
sign_and_verify()72 fn sign_and_verify() {
73 let node = get_dice_node();
74 let _signature = node.sign(&[], TEST_MESSAGE).expect("Trying to call sign.");
75
76 let _bcc = node.getAttestationChain(&[]).expect("Trying to call getAttestationChain.");
77 // TODO b/204938506 check the signature with the bcc when the verifier is available.
78 }
79
80 // This test calls derive with an empty argument vector, then demotes the itself using
81 // a set of three input values, and then calls derive with empty argument vector again.
82 // It then performs the same three derivation steps on the result of the former and compares
83 // the result to the result of the latter.
demote_test()84 fn demote_test() {
85 let node = get_dice_node();
86 let input_values = diced_sample_inputs::get_input_values_vector();
87 let former = node.derive(&[]).expect("Trying to call derive.");
88 node.demote(&input_values).expect("Trying to call demote with input values.");
89
90 let latter = node.derive(&[]).expect("Trying to call derive after demote.");
91
92 let artifacts = diced_utils::ResidentArtifacts::new(
93 former.cdiAttest[..].try_into().unwrap(),
94 former.cdiSeal[..].try_into().unwrap(),
95 &former.bcc.data,
96 )
97 .unwrap();
98
99 let input_values: Vec<diced_utils::InputValues> =
100 input_values.iter().map(|v| v.into()).collect();
101
102 let artifacts =
103 artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
104 let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
105 let from_former = diced_utils::make_bcc_handover(
106 cdi_attest[..].try_into().unwrap(),
107 cdi_seal[..].try_into().unwrap(),
108 &bcc,
109 )
110 .unwrap();
111 // TODO b/204938506 when we have a parser/verifier, check equivalence rather
112 // than bit by bit equality.
113 assert_eq!(latter, from_former);
114 }
115
client_input_values(uid: uid_t) -> BinderInputValues116 fn client_input_values(uid: uid_t) -> BinderInputValues {
117 BinderInputValues {
118 codeHash: [0; dice::HASH_SIZE],
119 config: BinderConfig {
120 desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, true)
121 .unwrap(),
122 },
123 authorityHash: [0; dice::HASH_SIZE],
124 authorityDescriptor: None,
125 mode: BinderMode::NORMAL,
126 hidden: [0; dice::HIDDEN_SIZE],
127 }
128 }
129
130 // This test calls derive with an empty argument vector `former` which look like this:
131 // <common root> | <caller>
132 // It then demotes diced using a set of three input values prefixed with the uid based input
133 // values that diced would add to any call. It then calls derive with empty argument vector
134 // again which will add another step using the identity of the caller. If diced was demoted
135 // correctly the chain of `latter` will
136 // look as follows:
137 // <common root> | <caller> | <the three sample inputs> | <caller>
138 //
139 // It then performs the same three derivation steps followed by a set of caller input values
140 // on `former` and compares it to `latter`.
demote_self_test()141 fn demote_self_test() {
142 let maintenance = get_dice_maintenance();
143 let node = get_dice_node();
144 let input_values = diced_sample_inputs::get_input_values_vector();
145 let former = node.derive(&[]).expect("Trying to call derive.");
146
147 let client = client_input_values(nix::unistd::getuid().into());
148
149 let mut demote_vector = vec![client.clone()];
150 demote_vector.append(&mut input_values.clone());
151 maintenance.demoteSelf(&demote_vector).expect("Trying to call demote_self with input values.");
152
153 let latter = node.derive(&[]).expect("Trying to call derive after demote.");
154
155 let artifacts = diced_utils::ResidentArtifacts::new(
156 former.cdiAttest[..].try_into().unwrap(),
157 former.cdiSeal[..].try_into().unwrap(),
158 &former.bcc.data,
159 )
160 .unwrap();
161
162 let client = [client];
163 let input_values: Vec<diced_utils::InputValues> =
164 input_values.iter().chain(client.iter()).map(|v| v.into()).collect();
165
166 let artifacts =
167 artifacts.execute_steps(input_values.iter().map(|v| v as &dyn dice::InputValues)).unwrap();
168 let (cdi_attest, cdi_seal, bcc) = artifacts.into_tuple();
169 let from_former = diced_utils::make_bcc_handover(
170 cdi_attest[..].try_into().unwrap(),
171 cdi_seal[..].try_into().unwrap(),
172 &bcc,
173 )
174 .unwrap();
175 // TODO b/204938506 when we have a parser/verifier, check equivalence rather
176 // than bit by bit equality.
177 assert_eq!(latter, from_former);
178 }
179
180 #[test]
run_serialized_test()181 fn run_serialized_test() {
182 equivalence_test();
183 sign_and_verify();
184 // The demote self test must run before the demote test or the test fails.
185 // And since demotion is not reversible the test can only pass once per boot.
186 demote_self_test();
187 demote_test();
188 }
189